{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/City (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/City (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"geo.city.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.city.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"01222130-3eec-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1769],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE2OTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Half-Open Sessions - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Half-Open Sessions - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"9a0afa29-129e-4cd1-8b00-1377cc01502e\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"TCP\\\" AND tcp.flags.bits: 2 AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Half-Open Sessions\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"01b180e0-c484-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1770],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDAsMl0="}
{"attributes":{"fieldAttrs":"{\"index\":{\"count\":2},\"flow.client.ip.addr\":{\"count\":1},\"flow.export.host.name\":{\"count\":3},\"flow.in.netif.name\":{\"count\":4},\"flow.out.netif.name\":{\"count\":4},\"flow.server.ip.addr\":{\"count\":1},\"vlan.c_tag.dei.state\":{\"count\":2},\"vlan.c_tag.id\":{\"count\":1},\"vlan.c_tag.pcp.name\":{\"count\":1},\"l4.proto.name\":{\"count\":1},\"netif.descr\":{\"count\":1},\"netif.packets.discard.in\":{\"count\":1},\"sflow.sample_type.name\":{\"count\":2},\"flow.in.netif.index\":{\"count\":1},\"flow.out.netif.index\":{\"count\":2},\"flow.dst.ip.addr\":{\"count\":18},\"flow.isServer\":{\"count\":1},\"flow.src.ip.addr\":{\"count\":51},\"tcp.flags.bits\":{\"count\":1},\"flow.community.id\":{\"count\":2},\"flow.meter.bytes_drop\":{\"count\":1}}","fieldFormatMap":"{\"bgp.next_hop.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"cace.local.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"cace.remote.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"calix.netif.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.netif.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.ibont.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.ibont.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.internet.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.internet.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.pon.bytes.assured.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.pon.bytes.excess.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.pon.bytes.fixed.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.soho.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.soho.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.ethernet.payload.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.ethernet.payload.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes_green\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes_yellow\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.fec.bytes.corrected.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.fec.bytes.corrected.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_green\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_red\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_red_discard\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_yellow\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.bytes_read\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.bytes_write\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.decrypt.bytes_read\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.decrypt.bytes_write\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.encrypt.bytes_read\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.encrypt.bytes_write\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs0.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs1.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs2.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs3.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs5.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs6.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs7.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.l4r.server.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"cisco.pbhk.mapped.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"cisco.sc.attack.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"cisco.sc.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.sess.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.sess.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sdwan.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.waas.bytes.optimised\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.waas.bytes.orig\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*/field/flow.in.bytes\",\"basePath\":\"\"}}},\"flow.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.client.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.client.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.client.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.client.nat.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.dst.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.dst.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.dst.nat.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst.nat.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.export.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.export.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.in.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*/field/flow.in.bytes\",\"basePath\":\"\"}}},\"flow.in.bytes_retrans\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.bytes_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.bytes_total_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes_total_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.bytes_ignore\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.flow_select.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.l2.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.l2.bytes_ignore\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_mcast\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_mcast_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_retrans\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes_mcast\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes_mcast_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/monitoring\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"flow.server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.server.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.server.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.server.l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.server.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.server.nat.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.src.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.src.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.src.nat.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.9.17:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src.nat.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.treatment.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.treatment.bytes_drop_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l2.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l2.bytes_drop_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"masaryk.tunnel.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"masaryk.tunnel.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"mem.avail.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.buffers.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.cached.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.commit.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.free.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.total.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.used.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.util.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.util.bytes_max\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"msexch.total_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.bytes.in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.bytes.out\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.bytes.in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.1024_1518_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.128_255_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.1519_2047_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.2048_4095_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.256_511_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.4096_9216_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.512_1023_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.65_127_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.9217_16383_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.to_64_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netscaler.ica.clientside.bytes_in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"ntop.entropy.client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"ntop.entropy.server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"ntop.sip.rtp.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"ntop.sip.rtp.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"ntop.untunnel.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"ntop.untunnel.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"pim.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"redsocks.dst.orig.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"redsocks.src.orig.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"riverbed.cfe.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"riverbed.outer.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"riverbed.sfe.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"sonicwall.db.proc.mem.commit.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"tcp.bytes_retrans\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"tunnel.client.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"tunnel.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"tunnel.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"tunnel.server.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"tunnel.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"wifi.afd.bytes_accept\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"wifi.afd.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"sonicwall.svc.port_begin\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/dashboards\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"sonicwall.svc.port_end\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/dashboards\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.server.k8s.svc.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/dashboards\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"flow.dst.k8s.svc.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/dashboards\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"ericsson.nat.external.port.end\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/dashboards\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}},\"ericsson.nat.external.port.start\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://es710.dev.elastiflow.com\",\"pathname\":\"/s/codex-light/app/dashboards\",\"basePath\":\"/s/codex-light\"},\"pattern\":\"0\"}}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"elastiflow-flow-codex-*","typeMeta":"{}"},"coreMigrationVersion":"8.2.0","id":"elastiflow-flow-codex-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1675807560837,1771],"type":"index-pattern","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): VLANs Ingress and Egress (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs Ingress and Egress (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress VLAN\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.out.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"01b37df0-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,1773],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [**Src/Dst**](#/dashboard/62eebb80-a01a-11ed-8918-ff88f1042f36) | [AS](#/dashboard/6d28fcf0-a01a-11ed-8918-ff88f1042f36)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"022b2810-a01a-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1774],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Flags (records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (records) - tag cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.flags.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}}}"},"coreMigrationVersion":"8.2.0","id":"0262fbf0-3df7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,1776],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"028aac60-c490-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1779],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Flow Exporters (records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exporter\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"02ed6c40-3d34-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,1781],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Layer-4 Protocol Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Layer-4 Protocol Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"l4.proto.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Layer-4 Protocols\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"051bf440-3e61-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1782],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"tcp.flags.bits\":[63,127,255]}}]},\"meta\":{\"alias\":\"TCP X-Mas Flags\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"tcp.flags.bits\\\":[63,127,255]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP X-Mas Flags - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP X-Mas Flags - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":3,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"058ea560-c413-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1785],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND NOT flow.dst.ip.addr: 255.255.255.255 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"05a49fb0-9b95-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1786],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Options (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): TCP Options (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.options.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Option\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"0625de60-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810148016,11498],"type":"visualization","updated_at":"2023-02-07T22:49:08.016Z","version":"WzQzNDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flow Records","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [**Flow Records**](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"06d52ff0-3d43-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1789],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/VLAN (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/VLAN (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"fcb8f380-6d76-11eb-bbbf-d3d457f1cd90\",\"type\":\"math\",\"variables\":[{\"id\":\"00fa94d0-6d77-11eb-bbbf-d3d457f1cd90\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"0b4d1930-6d77-11eb-bbbf-d3d457f1cd90\",\"type\":\"math\",\"variables\":[{\"id\":\"0e36cba0-6d77-11eb-bbbf-d3d457f1cd90\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top VLANs\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"vlan.tag.id\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"vlan.tag.id: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"07262240-3f08-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1790],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [**Threats**](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1791],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (DDoS TCP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (DDoS TCP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [**DDoS TCP**](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d3f5df40-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1792],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Logo","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Logo\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[![ElastiFlow](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAAAgCAYAAADKbvy8AAAFXWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS41LjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgogICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iCiAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyIKICAgIHhtbG5zOnBob3Rvc2hvcD0iaHR0cDovL25zLmFkb2JlLmNvbS9waG90b3Nob3AvMS4wLyIKICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIgogICAgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIKICAgZXhpZjpQaXhlbFhEaW1lbnNpb249IjExMiIKICAgZXhpZjpQaXhlbFlEaW1lbnNpb249IjMyIgogICBleGlmOkNvbG9yU3BhY2U9IjEiCiAgIHRpZmY6SW1hZ2VXaWR0aD0iMTEyIgogICB0aWZmOkltYWdlTGVuZ3RoPSIzMiIKICAgdGlmZjpSZXNvbHV0aW9uVW5pdD0iMiIKICAgdGlmZjpYUmVzb2x1dGlvbj0iNzIuMCIKICAgdGlmZjpZUmVzb2x1dGlvbj0iNzIuMCIKICAgcGhvdG9zaG9wOkNvbG9yTW9kZT0iMyIKICAgcGhvdG9zaG9wOklDQ1Byb2ZpbGU9InNSR0IgSUVDNjE5NjYtMi4xIgogICB4bXA6TW9kaWZ5RGF0ZT0iMjAyMC0xMS0yOVQwOTo1NzoyNiswMTowMCIKICAgeG1wOk1ldGFkYXRhRGF0ZT0iMjAyMC0xMS0yOVQwOTo1NzoyNiswMTowMCI+CiAgIDxkYzp0aXRsZT4KICAgIDxyZGY6QWx0PgogICAgIDxyZGY6bGkgeG1sOmxhbmc9IngtZGVmYXVsdCI+bG9nby1raWJhbmE8L3JkZjpsaT4KICAgIDwvcmRmOkFsdD4KICAgPC9kYzp0aXRsZT4KICAgPHhtcE1NOkhpc3Rvcnk+CiAgICA8cmRmOlNlcT4KICAgICA8cmRmOmxpCiAgICAgIHN0RXZ0OmFjdGlvbj0icHJvZHVjZWQiCiAgICAgIHN0RXZ0OnNvZnR3YXJlQWdlbnQ9IkFmZmluaXR5IERlc2lnbmVyIChOb3YgIDYgMjAyMCkiCiAgICAgIHN0RXZ0OndoZW49IjIwMjAtMTEtMjlUMDk6NTc6MjYrMDE6MDAiLz4KICAgIDwvcmRmOlNlcT4KICAgPC94bXBNTTpIaXN0b3J5PgogIDwvcmRmOkRlc2NyaXB0aW9uPgogPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KPD94cGFja2V0IGVuZD0iciI/PnTRx9oAAAGCaUNDUHNSR0IgSUVDNjE5NjYtMi4xAAAokXWRzytEURTHPzPIZEaEhQU1aVgNDWpio8wk1KRpjDLYzLz5pebH672RZKtspyix8WvBX8BWWStFpGRlYU1smJ7zZtRI5tzOPZ/7vfec7j0XrOGMktXrPZDNFbTQpM85H1lwNj5jpxsbXtqiiq6OB4MBatrHHRYz3vSbtWqf+9fs8YSugMUmPKaoWkF4SjiwWlBN3hbuUNLRuPCpsFuTCwrfmnqswi8mpyr8ZbIWDvnB2irsTP3i2C9W0lpWWF6OK5tZUX7uY77EkcjNzUrsEe9CJ8QkPpxMM4FfejLIqMxe+hliQFbUyPeU82fIS64is8oaGsukSFPALeqKVE9ITIqekJFhzez/377qyeGhSnWHDxqeDOOtFxq3oFQ0jM9DwygdQd0jXOSq+fkDGHkXvVjVXPvQsgFnl1UttgPnm9D5oEa1aFmqE7cmk/B6As0RaL+GpsVKz372Ob6H8Lp81RXs7kGfnG9Z+gZ7umfvslRXWQAAAAlwSFlzAAALEwAACxMBAJqcGAAABntJREFUaIHtmmmMFVUWx381isYtRGRajRqIQ8gkJqMx4/7Ujk6gERxMHDWj4IIbYhT9ov+JGo3K5IAicRnHcVdmFJfGdiHu4ZnQ4tYIxI1WkZYoPXSDadAWl+6eD+cWXbx57/XyXrUk1j+p1LvnnnvrVJ17z3ZfVLukp4d08M98LpqR0twZAn6T0rw/ALNSmjtDAmkp8O58LvoqpbkzJJCGAjsBS2HeDEWQhgJvz+ei9SnMm6EIqq3ATcCtVZ4zQxnsWKZvHLBmgPN15nPRxsGLk2GgKKfANflc9OmQSZJhUEgrCs0wRCi3A1OFmY0DDijRvVrS4sB3OoCkJ4dQtvOBVkmLQnsP4PQS7JskPWVmNcDJwHJJTUMk6i+nQOBKoK5E31PA4vB7NhABVVegmU0A1hf54PcDjcCi0K4JtGJYjcs7JvD8HfhVKDDGkXj0mkRhOy0sCtfJBfSLgNYi/C8AVxXQfkxBrn6jnAKH1y7pGdGPOTryuairAhmaJX1TwfiqQ9J9Jbo2Sfp4SIXpA+UU+G4/xjcDB1VJln7DzP4E/BXfvaOBT4HbJD2a4NkVuAyYCPwBeB94BbgtjLkRN82HmtkTwEZJl4SxjcAHki6ukrxnANODHFuAZcAsSW+F/t2DbJ9ImpYYNxy3ECslzUjQ9wr0dyuNQq/P56KfK5xjQDCzHYC78Dz1PeBhYCTwiJn9JcF6B17Si4D5wG7A1cAewDBgn8C3M/BbIGltDqdKC9PM5gMLgByQBz4DJgGNZnYlgKRvgW5gqpntmRh+EnAMcEFQZowJwBHA6kp84AdUJ7BoMrPuRPtpSSrFLKnLzOqAtZK6AMzsATxwmA48HVhrge+B8ZI6A9++ktqBdjObCGwGlkoq9IGlkDOzwne+UFJHMWYzmwZMAZ4FZkj6OtAPAh4H5pjZG5KWAQtxZdWFPoBTgPV4EDUBXwjQ67MXVrIDr8vnou6+2frEx/hiiK8+TzEkrQmKHGFmfwQOxAOfMQm2Z4BdgHnB5CBpXYWyjgSOKriGleG/EA9ypsXKC3J8CFyOu7Cpgbww3CcCmNlOuNL+jVfEJgf6MGA80CSpZbA7sAlfVdXAlIEGMWZ2JjAH2C+QfsA/ZGeC7RZgLB5Rnm1m9wA3lNot/USDpLP6KWMEHIr70mLlxbeAHuAQ8EVpZsuAuuAmTsDNfQNecDkvKO9YYDhB4YPdgdfmc1FaJ/llEXK3/wAf4kHMSNy/bUjySVovaTL+IV4HrgBWhI+QRJSGnJJ6gDbc/BXDyPDs5MlNPbAXvrNPAf6L56P1uNJqcf8Z85ZV4GFhsmLXywN8n0qxc+L3ueF+nqS3JW0AjscDkf+DpMWSJgG3A6OAOND5HvgO+F2KsuaB/c1sUhG+88O9MUGrD/eJuJ97VlI38Cael/459H0kaRWUTyM6huhk4XAz21xA645DbOBr4OgQijfQu9Ommtk8YE/87xtb4sHBfD2Hm6nngbX4igf4ErYGQ43AuDDPE8A74YMNBrGPqzOzRyWtBP6G75jHQqB1N77QLsVLcyuBe+IJJK0ys4+Ac4B9cT+OpG4zawBODfSb4jHbQzH7JXwVJq98oj9Oqhfg+ZvhCjFcmevC9UZizO64T7wZWAFsBM4CnpOUXPHTgc9x87oU9zmDgqQ1wGt4+vFgoK3FA5GvwjOaw/udGeSdLKmwkrMQV1IHbvpj1Ad6zAP8sqW0m+hVTiG2VnYkPWxmr+J51DpJm8xsNHAc7itWAC+G38PDmM34Ttgb94E1wAuSPk8+RNIXwBgzG4u7jDgIOg1XeoxWfPV/2cc7jccDl70Tz1hqZofgZv5g3FI0SXqzxBz/wIsObZJ+StDzQYYuSctjYlTmb4Vjs/PA7R/bgwnNUAHKmdDRtUu2bs4N+NaP866f87noCxp6RgE7BVorLW0RveZjCzNr1lZb4AzbotwOfAV3uqtwxd0a2s3ANTT0/B4PAJqB5XguNj/Bc0F6YmeI0Z8gZgHwLb0K+RGv5N8C7BBod9HSNgrPU8ADgLlVlDNDCfSlwC7geuAGemt+/8q3MwKP1MBrkLPZtrA9h5k1Q3Uo+6tGXwp8KPBMCe1OPGl+gN4S1Fxa2g4GTgztVuDOKsuZoQTKKfAnPFebS6+vvCPfzoGEijnQDsxj29LaLGbWJIvKGVJEOQU+jtc9Tw3tDvwEoD7BM5uWtjihBmgB7q22kBlK43/m1ycy1u1O3AAAAABJRU5ErkJggg==)](https://www.elastiflow.com)\"}}"},"coreMigrationVersion":"8.2.0","id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1793],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Threats (DDoS TCP) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (DDoS TCP) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"7f67f8d0-c479-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"}],"sort":[1675807560837,1795],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Half-Open Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Half-Open Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":50000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"fd1fa846-8ea3-48e8-b5bd-a995b4bdd350\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"TCP\\\" AND tcp.flags.bits: 2 AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Half-Open Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"100dff50-c485-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1796],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP X-Mas Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP X-Mas Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"d3b61377-c8a5-414e-8c73-5622b924b95c\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"tcp.flags.bits: 63 OR tcp.flags.bits: 127 OR tcp.flags.bits: 255\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"X-Mas Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"216d4fc0-c481-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1797],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP null Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP null Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"2fcc5f79-87cf-4931-8b71-809a92a83845\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"TCP\\\" AND tcp.flags.bits: 0\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"null Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"15622970-c482-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1798],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP URG Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP URG Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"8be5ea40-d56b-4049-b217-4c7aaa6b0e53\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"tcp.flags.tags: \\\"URG\\\" \",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Urgent Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"f5946090-c481-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1799],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":6,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"8acef510-c466-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1802],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":6,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"a89d1d60-c466-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1805],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"tcp.flags.tags\":\"URG\"}}]},\"meta\":{\"alias\":\"TCP URG Flag\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"tcp.flags.tags\\\":\\\"URG\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP URG Flag - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP URG Flag - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":3,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"627f5ee0-c413-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1808],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"tcp.flags.bits\":0}}]},\"meta\":{\"alias\":\"TCP null Flags\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":0}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP null Flags - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP null Flags - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":3,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c7001200-c46e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1811],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MjQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f440d860-64fa-4879-b980-0353a1f26eba\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"34695e7c-2cf5-4115-a2c7-11029b7fbc98\"},\"panelIndex\":\"34695e7c-2cf5-4115-a2c7-11029b7fbc98\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_34695e7c-2cf5-4115-a2c7-11029b7fbc98\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"8da8ea54-feda-4cc3-9eda-d1367cd6f6e4\"},\"panelIndex\":\"8da8ea54-feda-4cc3-9eda-d1367cd6f6e4\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_8da8ea54-feda-4cc3-9eda-d1367cd6f6e4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"62410829-53ae-49d4-bec5-8d4b2a4d31d2\"},\"panelIndex\":\"62410829-53ae-49d4-bec5-8d4b2a4d31d2\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_62410829-53ae-49d4-bec5-8d4b2a4d31d2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c209ff24-1623-459f-941c-aa65fad90df8\"},\"panelIndex\":\"c209ff24-1623-459f-941c-aa65fad90df8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c209ff24-1623-459f-941c-aa65fad90df8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"a35b5294-ff2a-4178-85ce-7466834825db\"},\"panelIndex\":\"a35b5294-ff2a-4178-85ce-7466834825db\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a35b5294-ff2a-4178-85ce-7466834825db\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"ab6f62f9-7b7d-4d77-bdad-b8d1e52a4d75\"},\"panelIndex\":\"ab6f62f9-7b7d-4d77-bdad-b8d1e52a4d75\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ab6f62f9-7b7d-4d77-bdad-b8d1e52a4d75\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"cc785bfa-34dc-415d-aa45-cbfc3d0c54d4\"},\"panelIndex\":\"cc785bfa-34dc-415d-aa45-cbfc3d0c54d4\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cc785bfa-34dc-415d-aa45-cbfc3d0c54d4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":26,\"h\":19,\"i\":\"fb78b64b-76e2-4751-a0a2-689d04c3acc9\"},\"panelIndex\":\"fb78b64b-76e2-4751-a0a2-689d04c3acc9\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Half-Open Sessions\",\"panelRefName\":\"panel_fb78b64b-76e2-4751-a0a2-689d04c3acc9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":9,\"w\":22,\"h\":19,\"i\":\"3b0f59b3-ae59-4981-91f3-2e1e1dc5b7b8\"},\"panelIndex\":\"3b0f59b3-ae59-4981-91f3-2e1e1dc5b7b8\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Half-Open Sources\",\"panelRefName\":\"panel_3b0f59b3-ae59-4981-91f3-2e1e1dc5b7b8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":16,\"h\":14,\"i\":\"803dddd3-e6a3-4a8b-b695-4949f75dece5\"},\"panelIndex\":\"803dddd3-e6a3-4a8b-b695-4949f75dece5\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"X-Mas Flags\",\"panelRefName\":\"panel_803dddd3-e6a3-4a8b-b695-4949f75dece5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":28,\"w\":16,\"h\":14,\"i\":\"c6832185-bb97-4c09-9034-13da30894a81\"},\"panelIndex\":\"c6832185-bb97-4c09-9034-13da30894a81\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"URG Flag\",\"panelRefName\":\"panel_c6832185-bb97-4c09-9034-13da30894a81\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":28,\"w\":16,\"h\":14,\"i\":\"03a929fc-eb04-40ea-81c4-d763584f20df\"},\"panelIndex\":\"03a929fc-eb04-40ea-81c4-d763584f20df\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"null Flags\",\"panelRefName\":\"panel_03a929fc-eb04-40ea-81c4-d763584f20df\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (DDoS TCP)","version":1},"coreMigrationVersion":"8.2.0","id":"0774f5d0-c348-11ec-aaf3-5b4644130c7f","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"f440d860-64fa-4879-b980-0353a1f26eba:panel_f440d860-64fa-4879-b980-0353a1f26eba","type":"visualization"},{"id":"d3f5df40-c495-11ec-a49f-6168cd647191","name":"34695e7c-2cf5-4115-a2c7-11029b7fbc98:panel_34695e7c-2cf5-4115-a2c7-11029b7fbc98","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"ad125fa1-132d-46b3-8cfa-48520ea3c83a:panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a","type":"visualization"},{"id":"7f67f8d0-c479-11ec-a49f-6168cd647191","name":"8da8ea54-feda-4cc3-9eda-d1367cd6f6e4:panel_8da8ea54-feda-4cc3-9eda-d1367cd6f6e4","type":"visualization"},{"id":"01b180e0-c484-11ec-a49f-6168cd647191","name":"62410829-53ae-49d4-bec5-8d4b2a4d31d2:panel_62410829-53ae-49d4-bec5-8d4b2a4d31d2","type":"visualization"},{"id":"100dff50-c485-11ec-a49f-6168cd647191","name":"c209ff24-1623-459f-941c-aa65fad90df8:panel_c209ff24-1623-459f-941c-aa65fad90df8","type":"visualization"},{"id":"216d4fc0-c481-11ec-a49f-6168cd647191","name":"a35b5294-ff2a-4178-85ce-7466834825db:panel_a35b5294-ff2a-4178-85ce-7466834825db","type":"visualization"},{"id":"15622970-c482-11ec-a49f-6168cd647191","name":"ab6f62f9-7b7d-4d77-bdad-b8d1e52a4d75:panel_ab6f62f9-7b7d-4d77-bdad-b8d1e52a4d75","type":"visualization"},{"id":"f5946090-c481-11ec-a49f-6168cd647191","name":"cc785bfa-34dc-415d-aa45-cbfc3d0c54d4:panel_cc785bfa-34dc-415d-aa45-cbfc3d0c54d4","type":"visualization"},{"id":"8acef510-c466-11ec-a49f-6168cd647191","name":"fb78b64b-76e2-4751-a0a2-689d04c3acc9:panel_fb78b64b-76e2-4751-a0a2-689d04c3acc9","type":"visualization"},{"id":"a89d1d60-c466-11ec-a49f-6168cd647191","name":"3b0f59b3-ae59-4981-91f3-2e1e1dc5b7b8:panel_3b0f59b3-ae59-4981-91f3-2e1e1dc5b7b8","type":"visualization"},{"id":"058ea560-c413-11ec-a49f-6168cd647191","name":"803dddd3-e6a3-4a8b-b695-4949f75dece5:panel_803dddd3-e6a3-4a8b-b695-4949f75dece5","type":"visualization"},{"id":"627f5ee0-c413-11ec-a49f-6168cd647191","name":"c6832185-bb97-4c09-9034-13da30894a81:panel_c6832185-bb97-4c09-9034-13da30894a81","type":"visualization"},{"id":"c7001200-c46e-11ec-a49f-6168cd647191","name":"03a929fc-eb04-40ea-81c4-d763584f20df:panel_03a929fc-eb04-40ea-81c4-d763584f20df","type":"visualization"}],"sort":[1675807560837,1826],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (Brute Force)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (Brute Force)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [**Brute Force**](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"08535420-c496-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1827],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"853a7a30-6d77-11eb-9ef1-eff5674a4cc1\",\"type\":\"math\",\"variables\":[{\"id\":\"89871800-6d77-11eb-9ef1-eff5674a4cc1\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"964a0020-6d77-11eb-9ef1-eff5674a4cc1\",\"type\":\"math\",\"variables\":[{\"id\":\"98547620-6d77-11eb-9ef1-eff5674a4cc1\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Servers\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"086359d0-3edf-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1828],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Client Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"087e6750-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675807560837,1834],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Response\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1645\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.src.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): RADIUS AUTH Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Responses\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"08f1070a-4c98-4703-a0ce-28e2ceaea0b8","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675808813077,10008],"type":"visualization","updated_at":"2023-02-07T22:26:53.077Z","version":"WzI5MTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [**Flows**](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"98538b80-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1840],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/167989f0-3d3f-11eb-bc2c-c5758316d788) | [AS](#/dashboard/264f5760-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"f6181a50-3d43-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1841],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.host.name\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.host.name\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032196248\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"944a8560-3d4d-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675807560837,1847],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Clients (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"0d2b3b30-3e68-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809225637,10489],"type":"visualization","updated_at":"2023-02-07T22:33:45.637Z","version":"WzMzNzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client/server) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client/server) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.client.host.name\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.server.host.name\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"214ff7c0-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1850],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3MzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Servers (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"a7db3740-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809203080,10492],"type":"visualization","updated_at":"2023-02-07T22:33:23.080Z","version":"WzMzNTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Clients (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"1a875610-3e68-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809236713,10527],"type":"visualization","updated_at":"2023-02-07T22:33:56.713Z","version":"WzMzOTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Servers (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"b54004b0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809191961,10456],"type":"visualization","updated_at":"2023-02-07T22:33:11.961Z","version":"WzMzMzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Clients (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"29666770-3e68-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809250151,10563],"type":"visualization","updated_at":"2023-02-07T22:34:10.151Z","version":"WzM0MTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Servers (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"21b512f0-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809176377,10428],"type":"visualization","updated_at":"2023-02-07T22:32:56.377Z","version":"WzMzMDUsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"b72ce2d1-bcec-42ca-b068-451d3b5a9d62\"},\"panelIndex\":\"b72ce2d1-bcec-42ca-b068-451d3b5a9d62\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b72ce2d1-bcec-42ca-b068-451d3b5a9d62\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"a2f9ff30-3efb-4191-b82a-5e6739a02b93\"},\"panelIndex\":\"a2f9ff30-3efb-4191-b82a-5e6739a02b93\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a2f9ff30-3efb-4191-b82a-5e6739a02b93\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"9b1de842-8921-445e-83d6-709f815083aa\"},\"panelIndex\":\"9b1de842-8921-445e-83d6-709f815083aa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9b1de842-8921-445e-83d6-709f815083aa\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"3c9f3c98-bb84-4a41-b8e3-44d993f9117e\"},\"panelIndex\":\"3c9f3c98-bb84-4a41-b8e3-44d993f9117e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3c9f3c98-bb84-4a41-b8e3-44d993f9117e\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"385518e4-5344-43a2-9508-917e7f7ed645\"},\"panelIndex\":\"385518e4-5344-43a2-9508-917e7f7ed645\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Clients (bytes)\",\"panelRefName\":\"panel_385518e4-5344-43a2-9508-917e7f7ed645\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"3ede7a4b-d3a6-42f9-a12f-abe617cdd1f3\"},\"panelIndex\":\"3ede7a4b-d3a6-42f9-a12f-abe617cdd1f3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3ede7a4b-d3a6-42f9-a12f-abe617cdd1f3\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"acc535a1-7895-4fe1-adde-fb142765043a\"},\"panelIndex\":\"acc535a1-7895-4fe1-adde-fb142765043a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Servers (bytes)\",\"panelRefName\":\"panel_acc535a1-7895-4fe1-adde-fb142765043a\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"fefca9db-081e-42b4-b9e6-839f863a4109\"},\"panelIndex\":\"fefca9db-081e-42b4-b9e6-839f863a4109\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Clients (packets)\",\"panelRefName\":\"panel_fefca9db-081e-42b4-b9e6-839f863a4109\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"b90e0320-9b08-410f-9e7c-d48bd25b3c92\"},\"panelIndex\":\"b90e0320-9b08-410f-9e7c-d48bd25b3c92\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Servers (packets)\",\"panelRefName\":\"panel_b90e0320-9b08-410f-9e7c-d48bd25b3c92\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"8022fdaf-1f2b-4ebd-80eb-3a28c1cd753a\"},\"panelIndex\":\"8022fdaf-1f2b-4ebd-80eb-3a28c1cd753a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_8022fdaf-1f2b-4ebd-80eb-3a28c1cd753a\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"8e84274d-9487-4eae-8dab-7d52da7027e4\"},\"panelIndex\":\"8e84274d-9487-4eae-8dab-7d52da7027e4\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_8e84274d-9487-4eae-8dab-7d52da7027e4\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flows (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"090f3e40-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"98538b80-3d42-11eb-bc2c-c5758316d788","name":"b72ce2d1-bcec-42ca-b068-451d3b5a9d62:panel_b72ce2d1-bcec-42ca-b068-451d3b5a9d62","type":"visualization"},{"id":"f6181a50-3d43-11eb-bc2c-c5758316d788","name":"a2f9ff30-3efb-4191-b82a-5e6739a02b93:panel_a2f9ff30-3efb-4191-b82a-5e6739a02b93","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"9b1de842-8921-445e-83d6-709f815083aa:panel_9b1de842-8921-445e-83d6-709f815083aa","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"3c9f3c98-bb84-4a41-b8e3-44d993f9117e:panel_3c9f3c98-bb84-4a41-b8e3-44d993f9117e","type":"visualization"},{"id":"0d2b3b30-3e68-11eb-bc2c-c5758316d788","name":"385518e4-5344-43a2-9508-917e7f7ed645:panel_385518e4-5344-43a2-9508-917e7f7ed645","type":"visualization"},{"id":"214ff7c0-3e65-11eb-bc2c-c5758316d788","name":"3ede7a4b-d3a6-42f9-a12f-abe617cdd1f3:panel_3ede7a4b-d3a6-42f9-a12f-abe617cdd1f3","type":"visualization"},{"id":"a7db3740-3e66-11eb-bc2c-c5758316d788","name":"acc535a1-7895-4fe1-adde-fb142765043a:panel_acc535a1-7895-4fe1-adde-fb142765043a","type":"visualization"},{"id":"1a875610-3e68-11eb-bc2c-c5758316d788","name":"fefca9db-081e-42b4-b9e6-839f863a4109:panel_fefca9db-081e-42b4-b9e6-839f863a4109","type":"visualization"},{"id":"b54004b0-3e66-11eb-bc2c-c5758316d788","name":"b90e0320-9b08-410f-9e7c-d48bd25b3c92:panel_b90e0320-9b08-410f-9e7c-d48bd25b3c92","type":"visualization"},{"id":"29666770-3e68-11eb-bc2c-c5758316d788","name":"8022fdaf-1f2b-4ebd-80eb-3a28c1cd753a:panel_8022fdaf-1f2b-4ebd-80eb-3a28c1cd753a","type":"visualization"},{"id":"21b512f0-3d38-11eb-bc2c-c5758316d788","name":"8e84274d-9487-4eae-8dab-7d52da7027e4:panel_8e84274d-9487-4eae-8dab-7d52da7027e4","type":"visualization"}],"sort":[1675807560837,1872],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Autonomous Systems (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"09832fe0-3e6a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809378591,10748],"type":"visualization","updated_at":"2023-02-07T22:36:18.591Z","version":"WzM2MDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Cities (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Client Cities (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"0a621e90-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809649564,10981],"type":"visualization","updated_at":"2023-02-07T22:40:49.564Z","version":"WzM4MzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [**Core Services**](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1877],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (LDAP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (LDAP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[**LDAP**](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"fe628c00-c31a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1878],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): LDAP Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.dst.l4.port.id: 389 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"f320aefc-2851-428e-93c5-e5501e8baf3b","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1879],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): LDAP Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 389 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"1a57842f-1d61-4337-a14f-ebde886bb94d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1880],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): LDAP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 389\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 389\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"a7c8aac9-0b2c-4b87-ae40-408051a0585c","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1881],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): LDAP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"7ee8c1df-41d7-4f17-9b7c-dd4de86154e5","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675808844008,10088],"type":"visualization","updated_at":"2023-02-07T22:27:24.008Z","version":"WzI5OTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): LDAP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"f0aa7b9d-75d3-4299-8f19-abd117b6c488","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675808855519,10135],"type":"visualization","updated_at":"2023-02-07T22:27:35.519Z","version":"WzMwMTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"ce61d9bc-7471-4bad-9641-dceae4b0b6fd","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,1896],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7442c75e-2101-48a3-bd4e-4c41ccc3c1b7","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,1901],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c9b65544-2c6c-4512-8f08-156296fb7357","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,1906],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"2760de38-aae3-40cd-bf60-f00dbbe431c4","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,1911],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"LDAP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":389}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":389}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":389}},{\"match_phrase\":{\"flow.dst.l4.port.id\":389}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"1a134792-e198-41f1-8636-0951002b7895","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,1916],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NTQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_503ee9c8-3371-4430-9997-5a2f772238ba\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"e82bdc5b-be64-44e6-a350-da1952432e7e\"},\"panelIndex\":\"e82bdc5b-be64-44e6-a350-da1952432e7e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e82bdc5b-be64-44e6-a350-da1952432e7e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e57c863c-11e8-43d8-a2b8-20a63217371e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"6f81c896-26c1-4d45-93d8-b58ca6e02ead\"},\"panelIndex\":\"6f81c896-26c1-4d45-93d8-b58ca6e02ead\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6f81c896-26c1-4d45-93d8-b58ca6e02ead\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"04f09116-ac3c-481e-99d9-c90778497de3\"},\"panelIndex\":\"04f09116-ac3c-481e-99d9-c90778497de3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_04f09116-ac3c-481e-99d9-c90778497de3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"af0379f3-6f77-4d03-b9fc-c33a179eeef8\"},\"panelIndex\":\"af0379f3-6f77-4d03-b9fc-c33a179eeef8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_af0379f3-6f77-4d03-b9fc-c33a179eeef8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"f49fb158-4b0e-4d72-b577-baa00d521d6f\"},\"panelIndex\":\"f49fb158-4b0e-4d72-b577-baa00d521d6f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f49fb158-4b0e-4d72-b577-baa00d521d6f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"80fbd6e4-db34-47b1-bd44-5429e450b2b4\"},\"panelIndex\":\"80fbd6e4-db34-47b1-bd44-5429e450b2b4\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_80fbd6e4-db34-47b1-bd44-5429e450b2b4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"e79913fc-b30c-4251-bfaa-8b3b3e5dc414\"},\"panelIndex\":\"e79913fc-b30c-4251-bfaa-8b3b3e5dc414\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e79913fc-b30c-4251-bfaa-8b3b3e5dc414\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"b2113458-90c6-412c-8bcb-0e33a7ea29be\"},\"panelIndex\":\"b2113458-90c6-412c-8bcb-0e33a7ea29be\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b2113458-90c6-412c-8bcb-0e33a7ea29be\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"e880b91d-6b5d-46a7-a29e-9c72f6d84584\"},\"panelIndex\":\"e880b91d-6b5d-46a7-a29e-9c72f6d84584\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e880b91d-6b5d-46a7-a29e-9c72f6d84584\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"b1db5d73-7573-4682-8705-59862d2b4509\"},\"panelIndex\":\"b1db5d73-7573-4682-8705-59862d2b4509\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b1db5d73-7573-4682-8705-59862d2b4509\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"ad7239c3-aaaf-4995-82ba-59a7a1d3bef7\"},\"panelIndex\":\"ad7239c3-aaaf-4995-82ba-59a7a1d3bef7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ad7239c3-aaaf-4995-82ba-59a7a1d3bef7\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (LDAP)","version":1},"coreMigrationVersion":"8.2.0","id":"0ae30960-c31a-11ec-aaf3-5b4644130c7f","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"503ee9c8-3371-4430-9997-5a2f772238ba:panel_503ee9c8-3371-4430-9997-5a2f772238ba","type":"visualization"},{"id":"fe628c00-c31a-11ec-aaf3-5b4644130c7f","name":"e82bdc5b-be64-44e6-a350-da1952432e7e:panel_e82bdc5b-be64-44e6-a350-da1952432e7e","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"e57c863c-11e8-43d8-a2b8-20a63217371e:panel_e57c863c-11e8-43d8-a2b8-20a63217371e","type":"visualization"},{"id":"f320aefc-2851-428e-93c5-e5501e8baf3b","name":"6f81c896-26c1-4d45-93d8-b58ca6e02ead:panel_6f81c896-26c1-4d45-93d8-b58ca6e02ead","type":"visualization"},{"id":"1a57842f-1d61-4337-a14f-ebde886bb94d","name":"04f09116-ac3c-481e-99d9-c90778497de3:panel_04f09116-ac3c-481e-99d9-c90778497de3","type":"visualization"},{"id":"a7c8aac9-0b2c-4b87-ae40-408051a0585c","name":"af0379f3-6f77-4d03-b9fc-c33a179eeef8:panel_af0379f3-6f77-4d03-b9fc-c33a179eeef8","type":"visualization"},{"id":"7ee8c1df-41d7-4f17-9b7c-dd4de86154e5","name":"f49fb158-4b0e-4d72-b577-baa00d521d6f:panel_f49fb158-4b0e-4d72-b577-baa00d521d6f","type":"visualization"},{"id":"f0aa7b9d-75d3-4299-8f19-abd117b6c488","name":"80fbd6e4-db34-47b1-bd44-5429e450b2b4:panel_80fbd6e4-db34-47b1-bd44-5429e450b2b4","type":"visualization"},{"id":"ce61d9bc-7471-4bad-9641-dceae4b0b6fd","name":"e79913fc-b30c-4251-bfaa-8b3b3e5dc414:panel_e79913fc-b30c-4251-bfaa-8b3b3e5dc414","type":"visualization"},{"id":"7442c75e-2101-48a3-bd4e-4c41ccc3c1b7","name":"b2113458-90c6-412c-8bcb-0e33a7ea29be:panel_b2113458-90c6-412c-8bcb-0e33a7ea29be","type":"visualization"},{"id":"c9b65544-2c6c-4512-8f08-156296fb7357","name":"e880b91d-6b5d-46a7-a29e-9c72f6d84584:panel_e880b91d-6b5d-46a7-a29e-9c72f6d84584","type":"visualization"},{"id":"2760de38-aae3-40cd-bf60-f00dbbe431c4","name":"b1db5d73-7573-4682-8705-59862d2b4509:panel_b1db5d73-7573-4682-8705-59862d2b4509","type":"visualization"},{"id":"1a134792-e198-41f1-8636-0951002b7895","name":"ad7239c3-aaaf-4995-82ba-59a7a1d3bef7:panel_ad7239c3-aaaf-4995-82ba-59a7a1d3bef7","type":"visualization"}],"sort":[1675807560837,1930],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [**Graph**](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"0aedc830-a01b-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1931],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"0b02ed40-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1932],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"0b0bf070-c412-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1935],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Clients (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"0b230740-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810368586,11990],"type":"visualization","updated_at":"2023-02-07T22:52:48.586Z","version":"WzQ4NjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"0b3a81e0-c40f-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1940],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"0b5fe960-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1943],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (conversations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (conversations)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [Services](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [Apps](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [**Conversations**](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"0c217890-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1944],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Destinations from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Destinations from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"3b2cdfd4-3980-4704-a8ec-3ea923d70557\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"l4.proto.name: (\\\"ICMP\\\" OR \\\"IPv6-ICMP\\\") AND (flow.src.as.org: \\\"PRIVATE\\\" AND flow.dst.as.org: \\\"PRIVATE\\\")\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Destinations (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.dst.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"0ca342c0-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1945],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":1812}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":1812}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":1645}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":1645}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":1812}},{\"match_phrase\":{\"flow.dst.l4.port.id\":1812}},{\"match_phrase\":{\"flow.src.l4.port.id\":1645}},{\"match_phrase\":{\"flow.dst.l4.port.id\":1645}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"0ce9bc39-bc69-4e87-b053-3a16588447a6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,1950],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"0d6d69c0-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,1952],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"0d798530-c33a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1955],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/167989f0-3d3f-11eb-bc2c-c5758316d788) | [AS](#/dashboard/264f5760-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"0e564f60-3d44-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1956],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Exporters - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868774014\",\"fieldName\":\"flow.export.version.name\",\"parent\":\"\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"0f371ce0-3ecd-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"}],"sort":[1675807560837,1959],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"0fbdeb60-c344-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1962],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Observed Traffic (flow records/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (flow records/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"27c24400-3ece-11eb-a018-83ddf1ffaeb4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"2b538110-3ece-11eb-a018-83ddf1ffaeb4\",\"name\":\"count\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"505adfd0-3ece-11eb-a018-83ddf1ffaeb4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"59807cf0-3ece-11eb-a018-83ddf1ffaeb4\",\"name\":\"count\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Exporters\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.export.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"11e668f0-3ece-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1963],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Src/Dst](#/dashboard/62eebb80-a01a-11ed-8918-ff88f1042f36) | [AS](#/dashboard/6d28fcf0-a01a-11ed-8918-ff88f1042f36)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"121a9800-a01a-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1964],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details (attributes)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (attributes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Attributes**](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Types](#/dashboard/7dfba590-3d3f-11eb-bc2c-c5758316d788) | [Locality](#/dashboard/980f36e0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"12658420-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1965],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Src/Dst Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.src.as.label\",\"parent\":\"\",\"label\":\"Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.dst.as.label\",\"parent\":\"\",\"label\":\"Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032550621\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"13ac7020-3d53-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675807560837,1971],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (src/dst) - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src/dst) - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.src.host.name\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.dst.host.name\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 18,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.5,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"14314730-a013-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1972],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":230}}"},"coreMigrationVersion":"8.2.0","id":"145281b0-3d33-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675808577534,9633],"type":"visualization","updated_at":"2023-02-07T22:22:57.534Z","version":"WzI1NzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"16000b60-c467-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,1977],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Src/Dst - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.src.host.name\",\"parent\":\"\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.dst.host.name\",\"parent\":\"\",\"label\":\"Destination\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.dst.l4.port.name\",\"parent\":\"\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032296511\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"255234e0-3d4e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675807560837,1983],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Sources (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"b3ab0570-3e69-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809278387,10588],"type":"visualization","updated_at":"2023-02-07T22:34:38.387Z","version":"WzM0NjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (src/dst) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src/dst) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src.host.name\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst.host.name\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source\\\", \\\"Destination\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"3af95590-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,1986],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3NzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destinations (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"56a96df0-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809312224,10650],"type":"visualization","updated_at":"2023-02-07T22:35:12.224Z","version":"WzM1MjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Sources (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"c1358350-3e69-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809288405,10617],"type":"visualization","updated_at":"2023-02-07T22:34:48.405Z","version":"WzM0ODMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destinations (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"678fc100-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809324799,10672],"type":"visualization","updated_at":"2023-02-07T22:35:24.799Z","version":"WzM1NDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Sources (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"cdb91880-3e69-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809299491,10646],"type":"visualization","updated_at":"2023-02-07T22:34:59.491Z","version":"WzM1MDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destinations (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"48e78f10-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809336709,10708],"type":"visualization","updated_at":"2023-02-07T22:35:36.709Z","version":"WzM1NzAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"e9392543-7a3b-4410-82e0-acdc8796055c\"},\"panelIndex\":\"e9392543-7a3b-4410-82e0-acdc8796055c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e9392543-7a3b-4410-82e0-acdc8796055c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"45ab167a-8b6c-4284-87bc-bb63194ab67b\"},\"panelIndex\":\"45ab167a-8b6c-4284-87bc-bb63194ab67b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_45ab167a-8b6c-4284-87bc-bb63194ab67b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"61821225-4249-4b8a-83b5-b12282d65350\"},\"panelIndex\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_61821225-4249-4b8a-83b5-b12282d65350\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"fbe3da65-1654-4f77-b694-d792de20ffc6\"},\"panelIndex\":\"fbe3da65-1654-4f77-b694-d792de20ffc6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fbe3da65-1654-4f77-b694-d792de20ffc6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"66417ae6-f45c-4acd-98bb-8594ae027283\"},\"panelIndex\":\"66417ae6-f45c-4acd-98bb-8594ae027283\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Sources (bytes)\",\"panelRefName\":\"panel_66417ae6-f45c-4acd-98bb-8594ae027283\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"f77ebdbf-f37e-4728-9c89-06b114de6943\"},\"panelIndex\":\"f77ebdbf-f37e-4728-9c89-06b114de6943\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f77ebdbf-f37e-4728-9c89-06b114de6943\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"33b1452c-f126-40a1-8ba3-17e940753651\"},\"panelIndex\":\"33b1452c-f126-40a1-8ba3-17e940753651\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destinations (bytes)\",\"panelRefName\":\"panel_33b1452c-f126-40a1-8ba3-17e940753651\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"750f0f17-498c-40a1-96db-cd38d48ceef4\"},\"panelIndex\":\"750f0f17-498c-40a1-96db-cd38d48ceef4\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Sources (packets)\",\"panelRefName\":\"panel_750f0f17-498c-40a1-96db-cd38d48ceef4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"4cc272c3-959d-4e54-b821-0728ec7498fd\"},\"panelIndex\":\"4cc272c3-959d-4e54-b821-0728ec7498fd\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destinations (packets)\",\"panelRefName\":\"panel_4cc272c3-959d-4e54-b821-0728ec7498fd\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"47feea3b-9d9b-44b4-870e-90c72894cd9e\"},\"panelIndex\":\"47feea3b-9d9b-44b4-870e-90c72894cd9e\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Sources (flow records)\",\"panelRefName\":\"panel_47feea3b-9d9b-44b4-870e-90c72894cd9e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"6be81876-ec1a-4d3f-8754-beb1dd24cc84\"},\"panelIndex\":\"6be81876-ec1a-4d3f-8754-beb1dd24cc84\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destinations (flow records)\",\"panelRefName\":\"panel_6be81876-ec1a-4d3f-8754-beb1dd24cc84\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flows (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"167989f0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"98538b80-3d42-11eb-bc2c-c5758316d788","name":"e9392543-7a3b-4410-82e0-acdc8796055c:panel_e9392543-7a3b-4410-82e0-acdc8796055c","type":"visualization"},{"id":"0e564f60-3d44-11eb-bc2c-c5758316d788","name":"45ab167a-8b6c-4284-87bc-bb63194ab67b:panel_45ab167a-8b6c-4284-87bc-bb63194ab67b","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"61821225-4249-4b8a-83b5-b12282d65350:panel_61821225-4249-4b8a-83b5-b12282d65350","type":"visualization"},{"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","name":"fbe3da65-1654-4f77-b694-d792de20ffc6:panel_fbe3da65-1654-4f77-b694-d792de20ffc6","type":"visualization"},{"id":"b3ab0570-3e69-11eb-bc2c-c5758316d788","name":"66417ae6-f45c-4acd-98bb-8594ae027283:panel_66417ae6-f45c-4acd-98bb-8594ae027283","type":"visualization"},{"id":"3af95590-3e65-11eb-bc2c-c5758316d788","name":"f77ebdbf-f37e-4728-9c89-06b114de6943:panel_f77ebdbf-f37e-4728-9c89-06b114de6943","type":"visualization"},{"id":"56a96df0-3e67-11eb-bc2c-c5758316d788","name":"33b1452c-f126-40a1-8ba3-17e940753651:panel_33b1452c-f126-40a1-8ba3-17e940753651","type":"visualization"},{"id":"c1358350-3e69-11eb-bc2c-c5758316d788","name":"750f0f17-498c-40a1-96db-cd38d48ceef4:panel_750f0f17-498c-40a1-96db-cd38d48ceef4","type":"visualization"},{"id":"678fc100-3e67-11eb-bc2c-c5758316d788","name":"4cc272c3-959d-4e54-b821-0728ec7498fd:panel_4cc272c3-959d-4e54-b821-0728ec7498fd","type":"visualization"},{"id":"cdb91880-3e69-11eb-bc2c-c5758316d788","name":"47feea3b-9d9b-44b4-870e-90c72894cd9e:panel_47feea3b-9d9b-44b4-870e-90c72894cd9e","type":"visualization"},{"id":"48e78f10-3d38-11eb-bc2c-c5758316d788","name":"6be81876-ec1a-4d3f-8754-beb1dd24cc84:panel_6be81876-ec1a-4d3f-8754-beb1dd24cc84","type":"visualization"}],"sort":[1675807560837,2008],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3ODUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Layer-4 Protocols - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Layer-4 Protocols - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"l4.proto.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Layer-4 Protocols\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"17487960-3e55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2010],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3ODYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations and Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"17a15400-3d32-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2012],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3ODcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23]}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23]}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"17e07110-c49c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2015],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3ODgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Server Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"17e74fd0-3eb5-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809714959,11035],"type":"visualization","updated_at":"2023-02-07T22:41:54.959Z","version":"WzM4ODgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"client requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 123 AND NOT flow.src.l4.port.id: 123\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"server responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 123 AND NOT flow.dst.l4.port.id: 123\",\"language\":\"kuery\"}},{\"id\":\"70eeb7b0-9d75-11ec-b325-891fbbc52d93\",\"color\":\"rgba(97,221,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"70eedec0-9d75-11ec-b325-891fbbc52d93\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"symmetric messages\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 123 AND flow.dst.l4.port.id: 123\",\"language\":\"kuery\"}},{\"id\":\"b588f930-9d75-11ec-b325-891fbbc52d93\",\"color\":\"rgba(243,163,66,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"b588f931-9d75-11ec-b325-891fbbc52d93\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcasts\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 123 AND flow.dst.ip.addr: \\\"224.0.1.1\\\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"17f41790-9d75-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2018],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3OTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (talkers)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (talkers)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Talkers**](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [Services](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [Apps](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [Conversations](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"18500ff0-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2019],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3OTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Client Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (NOT flow.src.l4.port.id: 123) AND flow.dst.l4.port.id: 123 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"18a453c0-9d80-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2020],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3OTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client AS/server AS) - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client AS/server AS) - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.client.as.label\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.server.as.label\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 18,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.5,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"18f1cdc0-a019-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2021],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3OTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Client Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"19505290-9d7d-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675807560837,2027],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3OTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Autonomous Systems (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"1a08c550-3e6a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809389056,10776],"type":"visualization","updated_at":"2023-02-07T22:36:29.056Z","version":"WzM2MzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Remote Desktop Sessions from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"8e3dea04-e627-4f10-be88-9efe331a55da\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (1494 OR 3389 OR 5900 OR 5901 OR 5902 OR 5903 OR 5904) AND flow.src.as.org: \\\"PRIVATE\\\" AND flow.dst.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Remote Desktop Sessions (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1a219c90-c49e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2030],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3OTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Type - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Type - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868774014\",\"fieldName\":\"flow.export.version.name\",\"parent\":\"\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"1a9e1fe0-3f0c-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2033],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3OTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): VLANs Ingress and Egress (records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs Ingress and Egress (records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress VLAN\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.out.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"1bd16f80-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2035],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3OTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"e7c66180-c4b7-11ec-ad5c-5304474b164c\",\"color\":\"rgba(163,144,185,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"e7c66181-c4b7-11ec-ad5c-5304474b164c\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcast\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND flow.dst.ip.addr: 255.255.255.255\",\"language\":\"kuery\"}},{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND NOT flow.dst.ip.addr: 255.255.255.255\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 68\",\"language\":\"kuery\"}},{\"id\":\"f55a00b0-c302-11ec-ad58-dde6b04c7677\",\"color\":\"rgba(138,182,223,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"f55a00b1-c302-11ec-ad58-dde6b04c7677\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"relayed\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 67\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"1d489090-9b95-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2036],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE3OTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Overview\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Overview**](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"1db06be0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2037],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Record Count (Threats) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (Threats) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"sec.threat.name: * and (flow.community.id : * or flow.conversation.id : *) \",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1dd52c20-75cc-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2038],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): UDP Amplification Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"44f817b0-b48a-4e95-ad21-8c4da31b0e30\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND flow.src.l4.port.id: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"UDP Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1e22fb30-c48b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2039],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Service Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Service Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Services\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2040],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Remote Desktop Sessions from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"f0d55734-b0b4-4cc3-97f7-af3d233a912f\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (1494 OR 3389 OR 5900 OR 5901 OR 5902 OR 5903 OR 5904) AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Remote Desktop Sessions (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1f207360-c49e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2041],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): UDP Amplification Bytes - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Bytes - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"5a059058-09a3-485f-ab19-2420c030e165\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND flow.src.l4.port.id: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"UDP Bytes\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1f4a6ec0-c48c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2042],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Private) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"1ff8f860-c346-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2045],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Layer-4 Protocol (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Layer-4 Protocol (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"l4.proto.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"l4.proto.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"20164b90-3eef-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2046],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Source Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Sources\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"21799210-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2047],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/City (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/City (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"e3c70960-6d77-11eb-95de-e16b5bff1348\",\"type\":\"math\",\"variables\":[{\"id\":\"e595fd00-6d77-11eb-95de-e16b5bff1348\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ec8950d0-6d77-11eb-95de-e16b5bff1348\",\"type\":\"math\",\"variables\":[{\"id\":\"ee7edf40-6d77-11eb-95de-e16b5bff1348\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"geo.city.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.city.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"22378540-3eec-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2048],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details (types)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (types)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Attributes](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [**Types**](#/dashboard/7dfba590-3d3f-11eb-bc2c-c5758316d788) | [Locality](#/dashboard/980f36e0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"228552e0-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2049],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"22e479c0-c3ad-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2052],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (services)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (services)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [**Services**](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [Apps](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [Conversations](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"230d6410-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2053],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Flow Locality (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Flow Locality (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.locality\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"23d52c70-3d3b-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810424664,12228],"type":"visualization","updated_at":"2023-02-07T22:53:44.664Z","version":"WzUwNjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"cdedc990-6d7b-11eb-91f7-1d54a1e3a999\",\"type\":\"math\",\"variables\":[{\"id\":\"cfa627f0-6d7b-11eb-91f7-1d54a1e3a999\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"d4d97c40-6d7b-11eb-91f7-1d54a1e3a999\",\"type\":\"math\",\"variables\":[{\"id\":\"d6d461e0-6d7b-11eb-91f7-1d54a1e3a999\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"254d4600-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2056],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows (AS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (AS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/167989f0-3d3f-11eb-bc2c-c5758316d788) | [**AS**](#/dashboard/264f5760-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"e5f9ce00-3d4a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2057],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.as.label\",\"parent\":\"\",\"label\":\"Client AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.as.label\",\"parent\":\"\",\"label\":\"Server AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032399767\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"75c9b970-3d4e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2063],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (src AS/dst AS) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src AS/dst AS) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src.as.label\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst.as.label\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Src AS\\\", \\\"Dst AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"b1e47310-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2064],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"8c9c9e00-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809419805,10814],"type":"visualization","updated_at":"2023-02-07T22:36:59.805Z","version":"WzM2NzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"7fdc26e0-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809434953,10843],"type":"visualization","updated_at":"2023-02-07T22:37:14.953Z","version":"WzM2OTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Autonomous Systems (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"297bb240-3e6a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809399828,10779],"type":"visualization","updated_at":"2023-02-07T22:36:39.828Z","version":"WzM2NTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"9dc5ed80-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809447361,10846],"type":"visualization","updated_at":"2023-02-07T22:37:27.361Z","version":"WzM3MTQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"78fdede8-86bb-411f-b572-b749c8fdec4d\"},\"panelIndex\":\"78fdede8-86bb-411f-b572-b749c8fdec4d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_78fdede8-86bb-411f-b572-b749c8fdec4d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"c6325cd9-9d8b-4441-be28-ccec44610042\"},\"panelIndex\":\"c6325cd9-9d8b-4441-be28-ccec44610042\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c6325cd9-9d8b-4441-be28-ccec44610042\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\"},\"panelIndex\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7bece6c9-d4e9-48d4-a77e-e720d0d397af\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"6f3a90f6-8f46-4011-a474-49796f2827c8\"},\"panelIndex\":\"6f3a90f6-8f46-4011-a474-49796f2827c8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6f3a90f6-8f46-4011-a474-49796f2827c8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"35be6656-588c-4913-acd2-482052d58871\"},\"panelIndex\":\"35be6656-588c-4913-acd2-482052d58871\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (bytes)\",\"panelRefName\":\"panel_35be6656-588c-4913-acd2-482052d58871\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"ea2649ad-9daf-4e3a-9458-4aac54f1685e\"},\"panelIndex\":\"ea2649ad-9daf-4e3a-9458-4aac54f1685e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ea2649ad-9daf-4e3a-9458-4aac54f1685e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"d2a25f58-f098-4795-8bcf-91fa77a0675a\"},\"panelIndex\":\"d2a25f58-f098-4795-8bcf-91fa77a0675a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (bytes)\",\"panelRefName\":\"panel_d2a25f58-f098-4795-8bcf-91fa77a0675a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"332fa0e5-4c4f-46c6-9374-d24f596067ce\"},\"panelIndex\":\"332fa0e5-4c4f-46c6-9374-d24f596067ce\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (packets)\",\"panelRefName\":\"panel_332fa0e5-4c4f-46c6-9374-d24f596067ce\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"1ba6796a-2f98-47df-b7f8-89308072904e\"},\"panelIndex\":\"1ba6796a-2f98-47df-b7f8-89308072904e\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (packets)\",\"panelRefName\":\"panel_1ba6796a-2f98-47df-b7f8-89308072904e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"580c0d21-60e5-45a3-b527-aa67d162c5e8\"},\"panelIndex\":\"580c0d21-60e5-45a3-b527-aa67d162c5e8\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (flow records)\",\"panelRefName\":\"panel_580c0d21-60e5-45a3-b527-aa67d162c5e8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"53df5d67-fa1f-4d49-ab8a-05b4fd2f2df2\"},\"panelIndex\":\"53df5d67-fa1f-4d49-ab8a-05b4fd2f2df2\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (flow records)\",\"panelRefName\":\"panel_53df5d67-fa1f-4d49-ab8a-05b4fd2f2df2\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flows (AS)","version":1},"coreMigrationVersion":"8.2.0","id":"264f5760-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"98538b80-3d42-11eb-bc2c-c5758316d788","name":"78fdede8-86bb-411f-b572-b749c8fdec4d:panel_78fdede8-86bb-411f-b572-b749c8fdec4d","type":"visualization"},{"id":"e5f9ce00-3d4a-11eb-bc2c-c5758316d788","name":"c6325cd9-9d8b-4441-be28-ccec44610042:panel_c6325cd9-9d8b-4441-be28-ccec44610042","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"7bece6c9-d4e9-48d4-a77e-e720d0d397af:panel_7bece6c9-d4e9-48d4-a77e-e720d0d397af","type":"visualization"},{"id":"75c9b970-3d4e-11eb-bc2c-c5758316d788","name":"6f3a90f6-8f46-4011-a474-49796f2827c8:panel_6f3a90f6-8f46-4011-a474-49796f2827c8","type":"visualization"},{"id":"09832fe0-3e6a-11eb-bc2c-c5758316d788","name":"35be6656-588c-4913-acd2-482052d58871:panel_35be6656-588c-4913-acd2-482052d58871","type":"visualization"},{"id":"b1e47310-3e65-11eb-bc2c-c5758316d788","name":"ea2649ad-9daf-4e3a-9458-4aac54f1685e:panel_ea2649ad-9daf-4e3a-9458-4aac54f1685e","type":"visualization"},{"id":"8c9c9e00-3e67-11eb-bc2c-c5758316d788","name":"d2a25f58-f098-4795-8bcf-91fa77a0675a:panel_d2a25f58-f098-4795-8bcf-91fa77a0675a","type":"visualization"},{"id":"1a08c550-3e6a-11eb-bc2c-c5758316d788","name":"332fa0e5-4c4f-46c6-9374-d24f596067ce:panel_332fa0e5-4c4f-46c6-9374-d24f596067ce","type":"visualization"},{"id":"7fdc26e0-3e67-11eb-bc2c-c5758316d788","name":"1ba6796a-2f98-47df-b7f8-89308072904e:panel_1ba6796a-2f98-47df-b7f8-89308072904e","type":"visualization"},{"id":"297bb240-3e6a-11eb-bc2c-c5758316d788","name":"580c0d21-60e5-45a3-b527-aa67d162c5e8:panel_580c0d21-60e5-45a3-b527-aa67d162c5e8","type":"visualization"},{"id":"9dc5ed80-3e67-11eb-bc2c-c5758316d788","name":"53df5d67-fa1f-4d49-ab8a-05b4fd2f2df2:panel_53df5d67-fa1f-4d49-ab8a-05b4fd2f2df2","type":"visualization"}],"sort":[1675807560837,2084],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Countries (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Client Countries (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"27474670-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809637524,10965],"type":"visualization","updated_at":"2023-02-07T22:40:37.524Z","version":"WzM4MDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/DSCP (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/DSCP (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"ip.dscp.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.dscp.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"276702d0-3f09-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2087],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"27e80060-c33d-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2090],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"2855dd20-c3dc-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2093],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Ingress/Egress Interfaces - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress/Egress Interfaces - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.in.netif.type.name\",\"parent\":\"1607868729183\",\"label\":\"Interface Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.in.netif.name\",\"parent\":\"1607868729183\",\"label\":\"Ingress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.out.netif.name\",\"parent\":\"1607868729183\",\"label\":\"Egress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"292d9620-3d55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2098],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Maximum Throughput (bits/s) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Maximum Throughput (bits/s) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"},{\"sigma\":\"\",\"id\":\"568d8d10-3e5d-11eb-83e8-ef8dac1c189d\",\"type\":\"max_bucket\",\"field\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Max. Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"\",\"index_pattern\":\"\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"49b0db60-3e5d-11eb-83e8-ef8dac1c189d\"}],\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"2b75a3f0-3e5e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2099],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"2ce28b50-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2101],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"2d654c00-c3ab-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2104],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"2dc24fc0-c411-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2107],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Applications (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Applications (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Applications\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"app.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"2f03c500-3e64-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2108],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Countries (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Countries (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"2f596f60-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809828016,11087],"type":"visualization","updated_at":"2023-02-07T22:43:48.016Z","version":"WzM5NDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (apps)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (apps)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [Services](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [**Apps**](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [Conversations](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"2f8a90a0-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2111],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Application Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Application Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"app.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Applications\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"2f9ed3e0-3e61-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2112],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DSCP Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DSCP Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"ip.dscp.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"DSCP Values\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"302d17a0-3f05-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2113],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Conversation Count (Threats) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Count (Threats) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Conversations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"sec.threat.name: *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"307cb730-75cc-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2114],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Remote Desktop Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Remote Desktop Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"31b8a710-c49c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2117],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (DHCP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (DHCP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [**DHCP**](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"31c96f80-9b95-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2118],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4MzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"31e9d630-c40d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2121],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Requests by Name Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Name Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"32e2fba0-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2126],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Destination Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.dst.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Destinations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"343cbb70-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2127],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"37087910-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675807560837,2133],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Ingress Interface (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Ingress Interface (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.in.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.in.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"37725340-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2134],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"37fc5a00-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2136],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Server Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"389a61f0-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675807560837,2142],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server/Service/Application - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server/Service/Application - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.host.name\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.host.name\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"app.name\",\"parent\":\"\",\"label\":\"Applications\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"39259170-3edd-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2148],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"3af45cf0-c3db-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2151],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [**Geo IP**](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"a89c6610-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2152],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"6d1088d0-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2153],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NTAsMl0="}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map\"},\"id\":\"36f304c8-7567-4e02-ad3c-c1e0bf98796d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_PEW_PEW\",\"id\":\"943e8202-37b6-4728-9452-ce66818165c0\",\"sourceGeoField\":\"flow.client.geo.loc.coord\",\"destGeoField\":\"flow.server.geo.loc.coord\",\"metrics\":[{\"type\":\"count\",\"label\":\"Flows\"},{\"type\":\"sum\",\"field\":\"flow.bytes\",\"label\":\"Bytes\"},{\"type\":\"sum\",\"field\":\"flow.packets\",\"label\":\"Packets\"}],\"applyGlobalTime\":true,\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":2,\"maxSize\":12,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"23a45da9-8798-44a7-b4ad-ad212237d875\",\"label\":\"Flows\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"geoField\":\"flow.server.geo.loc.coord\",\"filterByMapBounds\":true,\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"flow.server.host.name\",\"topHitsSize\":100,\"id\":\"dcdfa084-a17e-43a3-b9dd-f33d7d0024ab\",\"type\":\"ES_SEARCH\",\"tooltipProperties\":[\"flow.server.host.name\",\"flow.server.ip.addr\",\"flow.server.as.label\",\"flow.bytes\",\"flow.packets\"],\"sortField\":\"flow.bytes\",\"sortOrder\":\"desc\",\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"id\":\"e30396d0-8d8e-460b-98cb-3c93850562b5\",\"label\":\"Servers\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"square\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Green to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"flow.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Green to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"flow.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"flow.bytes\",\"name\":\"flow.bytes\",\"origin\":\"source\",\"type\":\"number\",\"supportsAutoDomain\":true},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"flow.client.geo.loc.coord:* and flow.server.geo.loc.coord:*\",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"geoField\":\"flow.client.geo.loc.coord\",\"filterByMapBounds\":true,\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"flow.client.host.name\",\"topHitsSize\":100,\"id\":\"2b9038c4-eb17-4442-b2c6-179ccb55b2e2\",\"type\":\"ES_SEARCH\",\"tooltipProperties\":[\"flow.client.host.name\",\"flow.client.ip.addr\",\"flow.client.as.label\",\"flow.bytes\",\"flow.packets\"],\"sortField\":\"flow.bytes\",\"sortOrder\":\"desc\",\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"id\":\"afc4b6c5-4f90-40d5-b52c-74bd2c86ee92\",\"label\":\"Clients\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"flow.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"flow.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"flow.bytes\",\"name\":\"flow.bytes\",\"origin\":\"source\",\"type\":\"number\",\"supportsAutoDomain\":true},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"flow.client.geo.loc.coord:* and flow.server.geo.loc.coord:*\",\"language\":\"kuery\"}}]","mapStateJSON":"{\"zoom\":1.64,\"center\":{\"lon\":12.69507,\"lat\":17.00548},\"timeFilters\":{\"from\":\"now-1h/m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"ElastiFlow (flow): Client/Server Flows (light)","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"8.2.0","id":"9676c5c0-7a0a-11eb-9710-a5871ed24dc2","migrationVersion":{"map":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"layer_2_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"layer_3_source_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2157],"type":"map","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Server Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"fa5c23f0-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809679340,11008],"type":"visualization","updated_at":"2023-02-07T22:41:19.340Z","version":"WzM4NjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Time Zones (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Client Time Zones (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"48e47820-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809664149,11005],"type":"visualization","updated_at":"2023-02-07T22:41:04.149Z","version":"WzM4NTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Time Zones (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Server Time Zones (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"d58dfda0-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809731560,11068],"type":"visualization","updated_at":"2023-02-07T22:42:11.560Z","version":"WzM5MTAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\",\"w\":28,\"x\":0,\"y\":0},\"panelIndex\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"286c7826-03c1-4a33-8dae-1740006f6491\",\"w\":15,\"x\":28,\"y\":0},\"panelIndex\":\"286c7826-03c1-4a33-8dae-1740006f6491\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_286c7826-03c1-4a33-8dae-1740006f6491\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"48b01687-fddc-4f99-8195-04d77db8dd66\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"48b01687-fddc-4f99-8195-04d77db8dd66\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_48b01687-fddc-4f99-8195-04d77db8dd66\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"d35f1697-1274-4159-bdab-83159a87a41c\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"d35f1697-1274-4159-bdab-83159a87a41c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d35f1697-1274-4159-bdab-83159a87a41c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"d8430fa3-ca28-455e-a276-930a60d6839f\",\"w\":11,\"x\":0,\"y\":9},\"panelIndex\":\"d8430fa3-ca28-455e-a276-930a60d6839f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client Countries (flow records)\",\"panelRefName\":\"panel_d8430fa3-ca28-455e-a276-930a60d6839f\"},{\"version\":\"7.10.0\",\"type\":\"map\",\"gridData\":{\"h\":33,\"i\":\"3067bd2c-c619-4a18-89b4-5db787c6990c\",\"w\":26,\"x\":11,\"y\":9},\"panelIndex\":\"3067bd2c-c619-4a18-89b4-5db787c6990c\",\"embeddableConfig\":{\"hiddenLayers\":[],\"hidePanelTitles\":true,\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":23.45479,\"lon\":14.41315,\"zoom\":1.11},\"openTOCDetails\":[],\"enhancements\":{}},\"panelRefName\":\"panel_3067bd2c-c619-4a18-89b4-5db787c6990c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"46146688-467d-42a2-ae53-5ae2b2061389\",\"w\":11,\"x\":37,\"y\":9},\"panelIndex\":\"46146688-467d-42a2-ae53-5ae2b2061389\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server Countries (flow records)\",\"panelRefName\":\"panel_46146688-467d-42a2-ae53-5ae2b2061389\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\",\"w\":11,\"x\":0,\"y\":20},\"panelIndex\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client Cities (flow records)\",\"panelRefName\":\"panel_70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"92329eb4-2cad-48df-b21b-656f53c9377a\",\"w\":11,\"x\":37,\"y\":20},\"panelIndex\":\"92329eb4-2cad-48df-b21b-656f53c9377a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server Cities (flow records)\",\"panelRefName\":\"panel_92329eb4-2cad-48df-b21b-656f53c9377a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\",\"w\":11,\"x\":0,\"y\":31},\"panelIndex\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client Time Zones (flow records)\",\"panelRefName\":\"panel_59db0235-9c7f-416b-81be-d78ea0fb29f7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\",\"w\":11,\"x\":37,\"y\":31},\"panelIndex\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server Time Zones (flow records)\",\"panelRefName\":\"panel_b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\"}]","timeRestore":false,"title":"ElastiFlow (flow): Geo Location (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"3b3adf00-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8:panel_5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8","type":"visualization"},{"id":"6d1088d0-3d45-11eb-bc2c-c5758316d788","name":"286c7826-03c1-4a33-8dae-1740006f6491:panel_286c7826-03c1-4a33-8dae-1740006f6491","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"48b01687-fddc-4f99-8195-04d77db8dd66:panel_48b01687-fddc-4f99-8195-04d77db8dd66","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"d35f1697-1274-4159-bdab-83159a87a41c:panel_d35f1697-1274-4159-bdab-83159a87a41c","type":"visualization"},{"id":"27474670-3eb4-11eb-bc2c-c5758316d788","name":"d8430fa3-ca28-455e-a276-930a60d6839f:panel_d8430fa3-ca28-455e-a276-930a60d6839f","type":"visualization"},{"id":"9676c5c0-7a0a-11eb-9710-a5871ed24dc2","name":"3067bd2c-c619-4a18-89b4-5db787c6990c:panel_3067bd2c-c619-4a18-89b4-5db787c6990c","type":"map"},{"id":"fa5c23f0-3eb4-11eb-bc2c-c5758316d788","name":"46146688-467d-42a2-ae53-5ae2b2061389:panel_46146688-467d-42a2-ae53-5ae2b2061389","type":"visualization"},{"id":"0a621e90-3eb4-11eb-bc2c-c5758316d788","name":"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2:panel_70eb9e12-1c7c-48dc-822b-477c7cb8ebb2","type":"visualization"},{"id":"17e74fd0-3eb5-11eb-bc2c-c5758316d788","name":"92329eb4-2cad-48df-b21b-656f53c9377a:panel_92329eb4-2cad-48df-b21b-656f53c9377a","type":"visualization"},{"id":"48e47820-3eb4-11eb-bc2c-c5758316d788","name":"59db0235-9c7f-416b-81be-d78ea0fb29f7:panel_59db0235-9c7f-416b-81be-d78ea0fb29f7","type":"visualization"},{"id":"d58dfda0-3eb4-11eb-bc2c-c5758316d788","name":"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f:panel_b00704ca-ba57-4d3b-b8c6-ec01a6782d8f","type":"visualization"}],"sort":[1675807560837,2175],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): VLAN Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"vlan.tag.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"VLANs\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"3b7bf600-3f08-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2176],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - AS-Path Hops","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - AS-Path Hops\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Return to Flows](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [**Hops**](#/dashboard/5ea16380-a0a0-11ed-8918-ff88f1042f36) | [Flows](#/dashboard/70c0abc0-a0a0-11ed-8918-ff88f1042f36) | [Endpoints](#/dashboard/7d987b70-a0a0-11ed-8918-ff88f1042f36)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"3d100e20-a09f-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2177],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DNS\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":53}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":53}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":53}},{\"match_phrase\":{\"flow.dst.l4.port.id\":53}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"3d134760-c301-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2182],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"3d44ba40-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2184],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"3dae9bf0-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2186],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"3fea94f0-c39e-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2189],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"4085de60-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2192],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Server Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"40ef7330-9d7d-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675807560837,2198],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/DSCP (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/DSCP (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"fc047e50-6d7b-11eb-b6ff-0b85dcc4bf4a\",\"type\":\"math\",\"variables\":[{\"id\":\"fe2c8e70-6d7b-11eb-b6ff-0b85dcc4bf4a\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"042380e0-6d7c-11eb-b6ff-0b85dcc4bf4a\",\"type\":\"math\",\"variables\":[{\"id\":\"06000910-6d7c-11eb-b6ff-0b85dcc4bf4a\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top DSCPs\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"ip.dscp.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.dscp.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"411346d0-3f09-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2199],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): IP Reputations (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"sec.threat.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top IP Reputations\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"44e46180-750b-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2201],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"88641430-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2202],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NjYsMl0="}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map\"},\"id\":\"36f304c8-7567-4e02-ad3c-c1e0bf98796d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_PEW_PEW\",\"id\":\"58569761-3dd0-4bae-80ac-a2224506bc0f\",\"sourceGeoField\":\"flow.src.geo.loc.coord\",\"destGeoField\":\"flow.dst.geo.loc.coord\",\"metrics\":[{\"type\":\"count\",\"label\":\"Flows\"},{\"type\":\"sum\",\"field\":\"flow.bytes\",\"label\":\"Bytes\"},{\"type\":\"sum\",\"field\":\"flow.packets\",\"label\":\"Packets\"}],\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":2,\"maxSize\":12,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"cbf128e1-f963-48dc-975d-6e1428ffda82\",\"label\":\"Flows\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"geoField\":\"flow.dst.geo.loc.coord\",\"filterByMapBounds\":true,\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"flow.dst.host.name\",\"topHitsSize\":100,\"id\":\"3cd55c73-51d6-4656-8d78-50a286a570a6\",\"type\":\"ES_SEARCH\",\"tooltipProperties\":[\"flow.dst.host.name\",\"flow.dst.ip.addr\",\"flow.dst.as.label\",\"flow.bytes\",\"flow.packets\"],\"sortField\":\"flow.bytes\",\"sortOrder\":\"desc\",\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"id\":\"a4b2289f-28d5-4d02-9eaf-a6564949a6d4\",\"label\":\"Destinations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"square\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Green to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"flow.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Green to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"flow.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"flow.bytes\",\"name\":\"flow.bytes\",\"origin\":\"source\",\"type\":\"number\",\"supportsAutoDomain\":true},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"flow.src.geo.loc.coord:* and flow.dst.geo.loc.coord:*\",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"geoField\":\"flow.src.geo.loc.coord\",\"filterByMapBounds\":true,\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"flow.src.host.name\",\"topHitsSize\":100,\"id\":\"6054203c-80a5-458d-9bae-8c4ce0dd6429\",\"type\":\"ES_SEARCH\",\"tooltipProperties\":[\"flow.src.host.name\",\"flow.src.ip.addr\",\"flow.src.as.label\",\"flow.bytes\",\"flow.packets\"],\"sortField\":\"flow.bytes\",\"sortOrder\":\"desc\",\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"id\":\"57a17344-94de-4023-95e2-b5417d9ca8d3\",\"label\":\"Sources\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"flow.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"flow.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"flow.bytes\",\"name\":\"flow.bytes\",\"origin\":\"source\",\"type\":\"number\",\"supportsAutoDomain\":true},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"flow.src.geo.loc.coord:* and flow.dst.geo.loc.coord:*\",\"language\":\"kuery\"}}]","mapStateJSON":"{\"zoom\":1.64,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-1h/m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"ElastiFlow (flow): Source/Destination Flows (light)","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"8.2.0","id":"9f574390-7a0a-11eb-9710-a5871ed24dc2","migrationVersion":{"map":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"layer_2_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"layer_3_source_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2206],"type":"map","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"88fd95f0-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809869462,11148],"type":"visualization","updated_at":"2023-02-07T22:44:29.462Z","version":"WzQwMDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Cities (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Cities (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"5b2522b0-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809840609,11119],"type":"visualization","updated_at":"2023-02-07T22:44:00.609Z","version":"WzM5NjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"ad428f10-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809882947,11178],"type":"visualization","updated_at":"2023-02-07T22:44:42.947Z","version":"WzQwMjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Time Zones (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Time Zones (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"47057690-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809855415,11145],"type":"visualization","updated_at":"2023-02-07T22:44:15.415Z","version":"WzM5ODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Time Zones (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Time Zones (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"c15fa320-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675809895282,11201],"type":"visualization","updated_at":"2023-02-07T22:44:55.282Z","version":"WzQwNDIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"c58defff-725c-4475-b0eb-f18996211d0d\",\"w\":28,\"x\":0,\"y\":0},\"panelIndex\":\"c58defff-725c-4475-b0eb-f18996211d0d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c58defff-725c-4475-b0eb-f18996211d0d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6271ec50-2696-46b6-a1a5-cefc81e72bcb\",\"w\":15,\"x\":28,\"y\":0},\"panelIndex\":\"6271ec50-2696-46b6-a1a5-cefc81e72bcb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6271ec50-2696-46b6-a1a5-cefc81e72bcb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"b05807cd-0371-44d4-a85b-b05813f10374\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"b05807cd-0371-44d4-a85b-b05813f10374\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b05807cd-0371-44d4-a85b-b05813f10374\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"7f8fb931-9547-405f-8742-562046c6f57f\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"7f8fb931-9547-405f-8742-562046c6f57f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7f8fb931-9547-405f-8742-562046c6f57f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"9fd90c38-8625-4bfe-aae6-7eec9c26b251\",\"w\":11,\"x\":0,\"y\":9},\"panelIndex\":\"9fd90c38-8625-4bfe-aae6-7eec9c26b251\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source Countries (flow records)\",\"panelRefName\":\"panel_9fd90c38-8625-4bfe-aae6-7eec9c26b251\"},{\"version\":\"7.10.0\",\"type\":\"map\",\"gridData\":{\"h\":33,\"i\":\"26196b6f-bdd8-4493-9a22-71160fdef1e1\",\"w\":26,\"x\":11,\"y\":9},\"panelIndex\":\"26196b6f-bdd8-4493-9a22-71160fdef1e1\",\"embeddableConfig\":{\"hiddenLayers\":[],\"hidePanelTitles\":true,\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":23.45479,\"lon\":14.41315,\"zoom\":1.11},\"openTOCDetails\":[],\"enhancements\":{}},\"panelRefName\":\"panel_26196b6f-bdd8-4493-9a22-71160fdef1e1\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"477c6d12-02ef-4115-b338-0454117d7009\",\"w\":11,\"x\":37,\"y\":9},\"panelIndex\":\"477c6d12-02ef-4115-b338-0454117d7009\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination Countries (flow records)\",\"panelRefName\":\"panel_477c6d12-02ef-4115-b338-0454117d7009\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"9d62a839-db28-4d47-8ab5-2924452c4724\",\"w\":11,\"x\":0,\"y\":20},\"panelIndex\":\"9d62a839-db28-4d47-8ab5-2924452c4724\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source Cities (flow records)\",\"panelRefName\":\"panel_9d62a839-db28-4d47-8ab5-2924452c4724\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"f533a7f5-e6d9-4224-b437-7524cb18fca3\",\"w\":11,\"x\":37,\"y\":20},\"panelIndex\":\"f533a7f5-e6d9-4224-b437-7524cb18fca3\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination Cities (flow records)\",\"panelRefName\":\"panel_f533a7f5-e6d9-4224-b437-7524cb18fca3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b89f4400-04b8-4781-8b50-4c07830b24c6\",\"w\":11,\"x\":0,\"y\":31},\"panelIndex\":\"b89f4400-04b8-4781-8b50-4c07830b24c6\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source Time Zones (flow records)\",\"panelRefName\":\"panel_b89f4400-04b8-4781-8b50-4c07830b24c6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"0642d565-72f8-4f3e-a82d-bbc300c90270\",\"w\":11,\"x\":37,\"y\":31},\"panelIndex\":\"0642d565-72f8-4f3e-a82d-bbc300c90270\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination Time Zones (flow records)\",\"panelRefName\":\"panel_0642d565-72f8-4f3e-a82d-bbc300c90270\"}]","timeRestore":false,"title":"ElastiFlow (flow): Geo Location (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"460b45f0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"c58defff-725c-4475-b0eb-f18996211d0d:panel_c58defff-725c-4475-b0eb-f18996211d0d","type":"visualization"},{"id":"88641430-3d45-11eb-bc2c-c5758316d788","name":"6271ec50-2696-46b6-a1a5-cefc81e72bcb:panel_6271ec50-2696-46b6-a1a5-cefc81e72bcb","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"b05807cd-0371-44d4-a85b-b05813f10374:panel_b05807cd-0371-44d4-a85b-b05813f10374","type":"visualization"},{"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","name":"7f8fb931-9547-405f-8742-562046c6f57f:panel_7f8fb931-9547-405f-8742-562046c6f57f","type":"visualization"},{"id":"2f596f60-3ec2-11eb-bc2c-c5758316d788","name":"9fd90c38-8625-4bfe-aae6-7eec9c26b251:panel_9fd90c38-8625-4bfe-aae6-7eec9c26b251","type":"visualization"},{"id":"9f574390-7a0a-11eb-9710-a5871ed24dc2","name":"26196b6f-bdd8-4493-9a22-71160fdef1e1:panel_26196b6f-bdd8-4493-9a22-71160fdef1e1","type":"map"},{"id":"88fd95f0-3ec2-11eb-bc2c-c5758316d788","name":"477c6d12-02ef-4115-b338-0454117d7009:panel_477c6d12-02ef-4115-b338-0454117d7009","type":"visualization"},{"id":"5b2522b0-3ec2-11eb-bc2c-c5758316d788","name":"9d62a839-db28-4d47-8ab5-2924452c4724:panel_9d62a839-db28-4d47-8ab5-2924452c4724","type":"visualization"},{"id":"ad428f10-3ec2-11eb-bc2c-c5758316d788","name":"f533a7f5-e6d9-4224-b437-7524cb18fca3:panel_f533a7f5-e6d9-4224-b437-7524cb18fca3","type":"visualization"},{"id":"47057690-3ec2-11eb-bc2c-c5758316d788","name":"b89f4400-04b8-4781-8b50-4c07830b24c6:panel_b89f4400-04b8-4781-8b50-4c07830b24c6","type":"visualization"},{"id":"c15fa320-3ec2-11eb-bc2c-c5758316d788","name":"0642d565-72f8-4f3e-a82d-bbc300c90270:panel_0642d565-72f8-4f3e-a82d-bbc300c90270","type":"visualization"}],"sort":[1675807560837,2228],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"467aed30-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810389445,12106],"type":"visualization","updated_at":"2023-02-07T22:53:09.445Z","version":"WzQ5MzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Layer-4 Protocol (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Layer-4 Protocol (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"1f8c9010-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"type\":\"math\",\"variables\":[{\"id\":\"215f7b50-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"266fde50-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"type\":\"math\",\"variables\":[{\"id\":\"29889000-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Layer-4 Protocols\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"l4.proto.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"l4.proto.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"49d0f930-3eef-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2231],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers and Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Servers and Clients (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":true,\"legendDisplay\":\"show\",\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":230}}"},"coreMigrationVersion":"8.2.0","id":"a5d7def0-3d2e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675808550110,9610],"type":"visualization","updated_at":"2023-02-07T22:22:30.110Z","version":"WzI1NTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Services (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":230}}"},"coreMigrationVersion":"8.2.0","id":"dd32df90-3d32-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675808532144,9606],"type":"visualization","updated_at":"2023-02-07T22:22:12.144Z","version":"WzI1MzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Threats (records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (records) - tag cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"sec.threat.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":12,\"maxFontSize\":32,\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}}}"},"coreMigrationVersion":"8.2.0","id":"99c9add0-6d73-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2237],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4NzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): IP Versions and Protocols (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): IP Versions and Protocols (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"ip.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"l4.proto.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":true,\"legendDisplay\":\"show\",\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":230}}"},"coreMigrationVersion":"8.2.0","id":"f618c320-3d2e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675808514325,9578],"type":"visualization","updated_at":"2023-02-07T22:21:54.325Z","version":"WzI1MjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: BLANK","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: BLANK\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"\"}}"},"coreMigrationVersion":"8.2.0","id":"676103d0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2240],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"d5e06153-1b9c-45db-87e7-31ee8930ba55\"},\"panelIndex\":\"d5e06153-1b9c-45db-87e7-31ee8930ba55\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d5e06153-1b9c-45db-87e7-31ee8930ba55\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e57c863c-11e8-43d8-a2b8-20a63217371e\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"99194307-37ba-48b7-82e9-a31b9c396610\"},\"panelIndex\":\"99194307-37ba-48b7-82e9-a31b9c396610\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_99194307-37ba-48b7-82e9-a31b9c396610\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":16,\"i\":\"0c0401c3-8cf7-4ddf-a598-710489ea06f5\"},\"panelIndex\":\"0c0401c3-8cf7-4ddf-a598-710489ea06f5\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Servers and Clients (bytes)\",\"panelRefName\":\"panel_0c0401c3-8cf7-4ddf-a598-710489ea06f5\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":16,\"h\":16,\"i\":\"065164eb-2e9f-4bc9-9108-de49eec5b788\"},\"panelIndex\":\"065164eb-2e9f-4bc9-9108-de49eec5b788\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Services (bytes)\",\"panelRefName\":\"panel_065164eb-2e9f-4bc9-9108-de49eec5b788\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":9,\"w\":16,\"h\":10,\"i\":\"59aa493e-b902-4055-b736-047a382df472\"},\"panelIndex\":\"59aa493e-b902-4055-b736-047a382df472\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_59aa493e-b902-4055-b736-047a382df472\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":19,\"w\":16,\"h\":22,\"i\":\"4fb75a57-5569-4c4f-9fbf-15ba651dc98b\"},\"panelIndex\":\"4fb75a57-5569-4c4f-9fbf-15ba651dc98b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4fb75a57-5569-4c4f-9fbf-15ba651dc98b\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":16,\"h\":16,\"i\":\"8f52881b-8b3f-4357-a1d4-9af0de96d23f\"},\"panelIndex\":\"8f52881b-8b3f-4357-a1d4-9af0de96d23f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Autonomous Systems (bytes)\",\"panelRefName\":\"panel_8f52881b-8b3f-4357-a1d4-9af0de96d23f\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":25,\"w\":16,\"h\":16,\"i\":\"83bd57d5-df16-4718-b481-d0bee94cc606\"},\"panelIndex\":\"83bd57d5-df16-4718-b481-d0bee94cc606\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"IP Versions and Protocols (bytes)\",\"panelRefName\":\"panel_83bd57d5-df16-4718-b481-d0bee94cc606\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":41,\"w\":48,\"h\":1,\"i\":\"24057ec4-107c-42eb-92cd-c2cd6a3d3cda\"},\"panelIndex\":\"24057ec4-107c-42eb-92cd-c2cd6a3d3cda\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_24057ec4-107c-42eb-92cd-c2cd6a3d3cda\"}]","timeRestore":false,"title":"ElastiFlow (flow): Overview","version":1},"coreMigrationVersion":"8.2.0","id":"4a608bc0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"1db06be0-3d3e-11eb-bc2c-c5758316d788","name":"d5e06153-1b9c-45db-87e7-31ee8930ba55:panel_d5e06153-1b9c-45db-87e7-31ee8930ba55","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"e57c863c-11e8-43d8-a2b8-20a63217371e:panel_e57c863c-11e8-43d8-a2b8-20a63217371e","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"99194307-37ba-48b7-82e9-a31b9c396610:panel_99194307-37ba-48b7-82e9-a31b9c396610","type":"visualization"},{"id":"a5d7def0-3d2e-11eb-bc2c-c5758316d788","name":"0c0401c3-8cf7-4ddf-a598-710489ea06f5:panel_0c0401c3-8cf7-4ddf-a598-710489ea06f5","type":"visualization"},{"id":"dd32df90-3d32-11eb-bc2c-c5758316d788","name":"065164eb-2e9f-4bc9-9108-de49eec5b788:panel_065164eb-2e9f-4bc9-9108-de49eec5b788","type":"visualization"},{"id":"0262fbf0-3df7-11eb-bc2c-c5758316d788","name":"59aa493e-b902-4055-b736-047a382df472:panel_59aa493e-b902-4055-b736-047a382df472","type":"visualization"},{"id":"99c9add0-6d73-11eb-8c14-238bcf08bfa6","name":"4fb75a57-5569-4c4f-9fbf-15ba651dc98b:panel_4fb75a57-5569-4c4f-9fbf-15ba651dc98b","type":"visualization"},{"id":"145281b0-3d33-11eb-bc2c-c5758316d788","name":"8f52881b-8b3f-4357-a1d4-9af0de96d23f:panel_8f52881b-8b3f-4357-a1d4-9af0de96d23f","type":"visualization"},{"id":"f618c320-3d2e-11eb-bc2c-c5758316d788","name":"83bd57d5-df16-4718-b481-d0bee94cc606:panel_83bd57d5-df16-4718-b481-d0bee94cc606","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"24057ec4-107c-42eb-92cd-c2cd6a3d3cda:panel_24057ec4-107c-42eb-92cd-c2cd6a3d3cda","type":"visualization"}],"sort":[1675807560837,2251],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Record Count (src/dst) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (src/dst) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"flow.src.ip.addr: * and flow.dst.ip.addr: *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4a68d6d0-9d97-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2252],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination and Source ASs (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source ASs (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"4abbcc20-3d33-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2254],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Services - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Services - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Services\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"4ba1a880-3e55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2256],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Locality, Application - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Locality, Application - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"app.name\",\"parent\":\"\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"4ea0e4d0-3d4f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2260],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Source AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Source AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.src.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.src.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4ec656c0-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2261],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Ingress Interface (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Ingress Interface (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"3ca54b10-6d7c-11eb-86ec-a78f37e7c6b2\",\"type\":\"math\",\"variables\":[{\"id\":\"3e52fb10-6d7c-11eb-86ec-a78f37e7c6b2\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"42e1f910-6d7c-11eb-86ec-a78f37e7c6b2\",\"type\":\"math\",\"variables\":[{\"id\":\"4496adf0-6d7c-11eb-86ec-a78f37e7c6b2\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.in.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.in.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4efdda20-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2262],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"4f3896f0-c3ad-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2265],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"530885f0-c345-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2268],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4ODksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Accessed Ports from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Accessed Ports from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"bc8c51b7-1615-49fa-8f9a-a08e5e40c4ac\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"NOT flow.client.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Accessed Ports (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"53adda40-c490-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2269],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Responses by Name Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Name Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"5585dd80-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2274],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Autonomous Systems","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Autonomous Systems\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [**AS Traffic**](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"c26cacd0-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2275],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Autonomous Systems (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - Autonomous Systems (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/578a7da0-3d3f-11eb-bc2c-c5758316d788) | [AS-Path Hops](#/dashboard/5ea16380-a0a0-11ed-8918-ff88f1042f36)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"d0899f50-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2276],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Destination AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Destination AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.dst.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.dst.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"78dbce90-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2277],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Source AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Source AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"638bca10-6d7c-11eb-b539-590ecf656744\",\"type\":\"math\",\"variables\":[{\"id\":\"65b36500-6d7c-11eb-b539-590ecf656744\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"6a588310-6d7c-11eb-b539-590ecf656744\",\"type\":\"math\",\"variables\":[{\"id\":\"6bfb0f80-6d7c-11eb-b539-590ecf656744\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.src.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.src.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"5f20e490-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2278],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Destination AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Destination AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"797d01e0-6d7c-11eb-bafe-551bc756954c\",\"type\":\"math\",\"variables\":[{\"id\":\"7b6067e0-6d7c-11eb-bafe-551bc756954c\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"823e5ef0-6d7c-11eb-bafe-551bc756954c\",\"type\":\"math\",\"variables\":[{\"id\":\"83e9ec10-6d7c-11eb-bafe-551bc756954c\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.dst.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.dst.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8f378800-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2279],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTYsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"137cd6ae-7b43-4d27-826b-984bdf8d5448\"},\"panelIndex\":\"137cd6ae-7b43-4d27-826b-984bdf8d5448\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_137cd6ae-7b43-4d27-826b-984bdf8d5448\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"8dc4830d-701b-4345-a91e-2224c5a49758\"},\"panelIndex\":\"8dc4830d-701b-4345-a91e-2224c5a49758\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_8dc4830d-701b-4345-a91e-2224c5a49758\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"024dab52-eb07-40c7-be57-70cd7caaf8d9\"},\"panelIndex\":\"024dab52-eb07-40c7-be57-70cd7caaf8d9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_024dab52-eb07-40c7-be57-70cd7caaf8d9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"088f7fce-da74-4f9a-a05b-7f9548450f7a\"},\"panelIndex\":\"088f7fce-da74-4f9a-a05b-7f9548450f7a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_088f7fce-da74-4f9a-a05b-7f9548450f7a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"3a665f00-530b-442d-898e-61ee558cf725\"},\"panelIndex\":\"3a665f00-530b-442d-898e-61ee558cf725\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (bits/s)\",\"panelRefName\":\"panel_3a665f00-530b-442d-898e-61ee558cf725\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"142f32f1-54ee-4185-a8b7-a79e16898cc7\"},\"panelIndex\":\"142f32f1-54ee-4185-a8b7-a79e16898cc7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (bits/s)\",\"panelRefName\":\"panel_142f32f1-54ee-4185-a8b7-a79e16898cc7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"76b08b63-9d7f-4fca-a485-3aebf363ded7\"},\"panelIndex\":\"76b08b63-9d7f-4fca-a485-3aebf363ded7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (pkts/s)\",\"panelRefName\":\"panel_76b08b63-9d7f-4fca-a485-3aebf363ded7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"7c173f95-2904-4398-a01f-2de9aa33206c\"},\"panelIndex\":\"7c173f95-2904-4398-a01f-2de9aa33206c\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (pkts/s)\",\"panelRefName\":\"panel_7c173f95-2904-4398-a01f-2de9aa33206c\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS Traffic (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"578a7da0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c26cacd0-3d42-11eb-bc2c-c5758316d788","name":"137cd6ae-7b43-4d27-826b-984bdf8d5448:panel_137cd6ae-7b43-4d27-826b-984bdf8d5448","type":"visualization"},{"id":"d0899f50-3d45-11eb-bc2c-c5758316d788","name":"8dc4830d-701b-4345-a91e-2224c5a49758:panel_8dc4830d-701b-4345-a91e-2224c5a49758","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"024dab52-eb07-40c7-be57-70cd7caaf8d9:panel_024dab52-eb07-40c7-be57-70cd7caaf8d9","type":"visualization"},{"id":"13ac7020-3d53-11eb-bc2c-c5758316d788","name":"088f7fce-da74-4f9a-a05b-7f9548450f7a:panel_088f7fce-da74-4f9a-a05b-7f9548450f7a","type":"visualization"},{"id":"4ec656c0-3ec6-11eb-bc2c-c5758316d788","name":"3a665f00-530b-442d-898e-61ee558cf725:panel_3a665f00-530b-442d-898e-61ee558cf725","type":"visualization"},{"id":"78dbce90-3ec6-11eb-bc2c-c5758316d788","name":"142f32f1-54ee-4185-a8b7-a79e16898cc7:panel_142f32f1-54ee-4185-a8b7-a79e16898cc7","type":"visualization"},{"id":"5f20e490-3ec6-11eb-bc2c-c5758316d788","name":"76b08b63-9d7f-4fca-a485-3aebf363ded7:panel_76b08b63-9d7f-4fca-a485-3aebf363ded7","type":"visualization"},{"id":"8f378800-3ec6-11eb-bc2c-c5758316d788","name":"7c173f95-2904-4398-a01f-2de9aa33206c:panel_7c173f95-2904-4398-a01f-2de9aa33206c","type":"visualization"}],"sort":[1675807560837,2288],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server (graph) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server (graph) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.host.name\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.host.name\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675028333285\",\"fieldName\":\"l4.proto.name\",\"parent\":\"\",\"label\":\"Layer-4 Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1619032196248\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675028472647\",\"fieldName\":\"sec.threat.name\",\"parent\":\"\",\"label\":\"Threat\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"c369ded0-a01b-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_6_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2296],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client/server) - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client/server) - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.client.host.name\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.server.host.name\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 18,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.5,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"770ad640-e887-11eb-a805-6d8ef1677f8a","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2297],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE4OTksMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"terms\":{\"flow.src.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}},{\"terms\":{\"flow.dst.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}}],\"minimum_should_match\":1}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":true,\"alias\":\"non-unicast IPs\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.src.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}},{\\\"terms\\\":{\\\"flow.dst.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f99f3f51-6ebc-4136-8e4a-42e07593ba73\"},\"panelIndex\":\"f99f3f51-6ebc-4136-8e4a-42e07593ba73\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f99f3f51-6ebc-4136-8e4a-42e07593ba73\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f33b4450-0aea-405f-aba3-02f235d06b80\"},\"panelIndex\":\"f33b4450-0aea-405f-aba3-02f235d06b80\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f33b4450-0aea-405f-aba3-02f235d06b80\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"9b1de842-8921-445e-83d6-709f815083aa\"},\"panelIndex\":\"9b1de842-8921-445e-83d6-709f815083aa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9b1de842-8921-445e-83d6-709f815083aa\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"3281024a-9150-450d-ad8b-4bd2cbef0668\"},\"panelIndex\":\"3281024a-9150-450d-ad8b-4bd2cbef0668\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3281024a-9150-450d-ad8b-4bd2cbef0668\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"cc23f17e-f319-42e9-bbd6-13f5bb4983f9\"},\"panelIndex\":\"cc23f17e-f319-42e9-bbd6-13f5bb4983f9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cc23f17e-f319-42e9-bbd6-13f5bb4983f9\"}]","timeRestore":false,"title":"ElastiFlow (flow): Graph (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"589bc1f0-a01a-11ed-8918-ff88f1042f36","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"0aedc830-a01b-11ed-8918-ff88f1042f36","name":"f99f3f51-6ebc-4136-8e4a-42e07593ba73:panel_f99f3f51-6ebc-4136-8e4a-42e07593ba73","type":"visualization"},{"id":"121a9800-a01a-11ed-8918-ff88f1042f36","name":"f33b4450-0aea-405f-aba3-02f235d06b80:panel_f33b4450-0aea-405f-aba3-02f235d06b80","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"9b1de842-8921-445e-83d6-709f815083aa:panel_9b1de842-8921-445e-83d6-709f815083aa","type":"visualization"},{"id":"c369ded0-a01b-11ed-8918-ff88f1042f36","name":"3281024a-9150-450d-ad8b-4bd2cbef0668:panel_3281024a-9150-450d-ad8b-4bd2cbef0668","type":"visualization"},{"id":"770ad640-e887-11eb-a805-6d8ef1677f8a","name":"cc23f17e-f319-42e9-bbd6-13f5bb4983f9:panel_cc23f17e-f319-42e9-bbd6-13f5bb4983f9","type":"visualization"}],"sort":[1675807560837,2304],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [**Top-N**](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2305],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.ip.addr\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.ip.addr\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"5a7588c0-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"sort":[1675807560837,2312],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Services (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Services (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Services\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2313],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"5c6bd160-c48f-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2316],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Exporters (traffic)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters (traffic)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Traffic**](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Metrics](#/dashboard/ac3e8880-3d41-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"5d7289b0-3d44-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2317],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): City Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: City Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"geo.city.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Cities\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"5e68ef90-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2318],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Layer-4 Protocol (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Layer-4 Protocol (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"l4.proto.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"5e7b8030-3eef-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810169192,11606],"type":"visualization","updated_at":"2023-02-07T22:49:29.192Z","version":"WzQ0NTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path Hops - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path Hops - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-path-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"hop.src.as.label\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"hop.dst.as.label\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 24,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.7,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"9e3d4690-a0a4-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2321],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MDgsMl0="}
{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"flow.bytes\":{\"id\":\"bytes\",\"params\":{\"pattern\":\"0,0.[00]b\"}},\"flow.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"flow.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"elastiflow-path-codex-*","typeMeta":"{}"},"coreMigrationVersion":"8.2.0","id":"elastiflow-path-codex-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1675807560837,2322],"type":"index-pattern","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1675163780141\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1675163909739\",\"fieldName\":\"l4.proto.name\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1675163985360\",\"fieldName\":\"hop.src.as.label\",\"parent\":\"\",\"label\":\"Hop Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675164139595\",\"fieldName\":\"hop.dst.as.label\",\"parent\":\"\",\"label\":\"Hop Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1675164222515\",\"fieldName\":\"flow.src.as.label\",\"parent\":\"\",\"label\":\"Flow Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1675164336411\",\"fieldName\":\"flow.dst.as.label\",\"parent\":\"\",\"label\":\"Flow Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675164415620\",\"fieldName\":\"flow.src.host.name\",\"parent\":\"\",\"label\":\"Endpoint Source IP/Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":2000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"id\":\"1675164457596\",\"fieldName\":\"flow.dst.host.name\",\"parent\":\"\",\"label\":\"Endpoint Destination IP/Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":2000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"81ef6880-a15b-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-path-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_6_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_7_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2331],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MTAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"1a4d2376-050a-4111-bc9b-0f2d119c72d1\"},\"panelIndex\":\"1a4d2376-050a-4111-bc9b-0f2d119c72d1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1a4d2376-050a-4111-bc9b-0f2d119c72d1\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"9b1de842-8921-445e-83d6-709f815083aa\"},\"panelIndex\":\"9b1de842-8921-445e-83d6-709f815083aa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9b1de842-8921-445e-83d6-709f815083aa\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"ead56b9b-4fb1-4df8-a73c-92c2f3e7023f\"},\"panelIndex\":\"ead56b9b-4fb1-4df8-a73c-92c2f3e7023f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ead56b9b-4fb1-4df8-a73c-92c2f3e7023f\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"e7b444cd-79dd-4714-a04c-bdc8a11f927e\"},\"panelIndex\":\"e7b444cd-79dd-4714-a04c-bdc8a11f927e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e7b444cd-79dd-4714-a04c-bdc8a11f927e\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS-Path Graph (hops)","version":1},"coreMigrationVersion":"8.2.0","id":"5ea16380-a0a0-11ed-8918-ff88f1042f36","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"3d100e20-a09f-11ed-8918-ff88f1042f36","name":"1a4d2376-050a-4111-bc9b-0f2d119c72d1:panel_1a4d2376-050a-4111-bc9b-0f2d119c72d1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"9b1de842-8921-445e-83d6-709f815083aa:panel_9b1de842-8921-445e-83d6-709f815083aa","type":"visualization"},{"id":"9e3d4690-a0a4-11ed-8918-ff88f1042f36","name":"ead56b9b-4fb1-4df8-a73c-92c2f3e7023f:panel_ead56b9b-4fb1-4df8-a73c-92c2f3e7023f","type":"visualization"},{"id":"81ef6880-a15b-11ed-8918-ff88f1042f36","name":"e7b444cd-79dd-4714-a04c-bdc8a11f927e:panel_e7b444cd-79dd-4714-a04c-bdc8a11f927e","type":"visualization"}],"sort":[1675807560837,2336],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Flag Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flag Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"tcp.flags.tags\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"TCP Flags\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"5f3b6940-3ef9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2337],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Autonomous Systems (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - Autonomous Systems (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/578a7da0-3d3f-11eb-bc2c-c5758316d788) | [AS-Path Hops](#/dashboard/5ea16380-a0a0-11ed-8918-ff88f1042f36)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"b88b3260-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2338],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.client.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"ba9c2700-3ec4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2339],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"8e4486c0-6d7c-11eb-8df7-e98b704d5431\",\"type\":\"math\",\"variables\":[{\"id\":\"90a7f230-6d7c-11eb-8df7-e98b704d5431\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"9a0fef80-6d7c-11eb-8df7-e98b704d5431\",\"type\":\"math\",\"variables\":[{\"id\":\"9c8b28b0-6d7c-11eb-8df7-e98b704d5431\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.client.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"a6596d10-3ec5-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2340],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MTUsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"710b9b72-988a-4deb-91e2-27ca58c67231\"},\"panelIndex\":\"710b9b72-988a-4deb-91e2-27ca58c67231\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_710b9b72-988a-4deb-91e2-27ca58c67231\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"795832d4-77ce-4ff3-b85a-874b6516d2e5\"},\"panelIndex\":\"795832d4-77ce-4ff3-b85a-874b6516d2e5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_795832d4-77ce-4ff3-b85a-874b6516d2e5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"71869a5c-4909-4bb6-93f1-50f6363a92ea\"},\"panelIndex\":\"71869a5c-4909-4bb6-93f1-50f6363a92ea\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_71869a5c-4909-4bb6-93f1-50f6363a92ea\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"45481350-067e-4bc7-a0db-240ad6c516f2\"},\"panelIndex\":\"45481350-067e-4bc7-a0db-240ad6c516f2\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_45481350-067e-4bc7-a0db-240ad6c516f2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"0e1ff95c-9558-40a8-832c-252775d3ab66\"},\"panelIndex\":\"0e1ff95c-9558-40a8-832c-252775d3ab66\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client AS (bits/s)\",\"panelRefName\":\"panel_0e1ff95c-9558-40a8-832c-252775d3ab66\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"a1830171-dbb4-4f16-8b23-e696deb9ad33\"},\"panelIndex\":\"a1830171-dbb4-4f16-8b23-e696deb9ad33\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server AS (bits/s)\",\"panelRefName\":\"panel_a1830171-dbb4-4f16-8b23-e696deb9ad33\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"f3d55c3c-d3c8-4547-a73d-ab00daabc4b7\"},\"panelIndex\":\"f3d55c3c-d3c8-4547-a73d-ab00daabc4b7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client AS (pkts/s)\",\"panelRefName\":\"panel_f3d55c3c-d3c8-4547-a73d-ab00daabc4b7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"e49ac83e-d47c-4cdd-b5c7-93fb11802cb0\"},\"panelIndex\":\"e49ac83e-d47c-4cdd-b5c7-93fb11802cb0\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server AS (pkts/s)\",\"panelRefName\":\"panel_e49ac83e-d47c-4cdd-b5c7-93fb11802cb0\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS Traffic (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"5f59d990-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c26cacd0-3d42-11eb-bc2c-c5758316d788","name":"710b9b72-988a-4deb-91e2-27ca58c67231:panel_710b9b72-988a-4deb-91e2-27ca58c67231","type":"visualization"},{"id":"b88b3260-3d45-11eb-bc2c-c5758316d788","name":"795832d4-77ce-4ff3-b85a-874b6516d2e5:panel_795832d4-77ce-4ff3-b85a-874b6516d2e5","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"71869a5c-4909-4bb6-93f1-50f6363a92ea:panel_71869a5c-4909-4bb6-93f1-50f6363a92ea","type":"visualization"},{"id":"75c9b970-3d4e-11eb-bc2c-c5758316d788","name":"45481350-067e-4bc7-a0db-240ad6c516f2:panel_45481350-067e-4bc7-a0db-240ad6c516f2","type":"visualization"},{"id":"ba9c2700-3ec4-11eb-bc2c-c5758316d788","name":"0e1ff95c-9558-40a8-832c-252775d3ab66:panel_0e1ff95c-9558-40a8-832c-252775d3ab66","type":"visualization"},{"id":"0b02ed40-3ec6-11eb-bc2c-c5758316d788","name":"a1830171-dbb4-4f16-8b23-e696deb9ad33:panel_a1830171-dbb4-4f16-8b23-e696deb9ad33","type":"visualization"},{"id":"a6596d10-3ec5-11eb-bc2c-c5758316d788","name":"f3d55c3c-d3c8-4547-a73d-ab00daabc4b7:panel_f3d55c3c-d3c8-4547-a73d-ab00daabc4b7","type":"visualization"},{"id":"254d4600-3ec6-11eb-bc2c-c5758316d788","name":"e49ac83e-d47c-4cdd-b5c7-93fb11802cb0:panel_e49ac83e-d47c-4cdd-b5c7-93fb11802cb0","type":"visualization"}],"sort":[1675807560837,2349],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Threats (DDoS Flood) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (DDoS Flood) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"5fc57d50-c487-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2351],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"60986660-3ee7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810413505,12162],"type":"visualization","updated_at":"2023-02-07T22:53:33.505Z","version":"WzUwMjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Server Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"sigma\":\"\",\"id\":\"5a51ba40-9b2a-11ec-8947-5dbcd3cabfb0\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (NOT flow.dst.l4.port.id: 123) AND flow.src.l4.port.id: 123 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"6175d650-9d80-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2354],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (DNS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (DNS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**DNS**](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"7e85d890-9b2c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2355],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DNS Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.dst.l4.port.id: 53 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"ca205110-9b2a-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2356],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DNS Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 53 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"e79c88d0-9b2a-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2357],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DNS Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 53\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 53\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"dbe6ab40-9b27-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2358],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Requests by Name Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DNS Requests by Name Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"80ca51b0-9b29-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675808691273,9813],"type":"visualization","updated_at":"2023-02-07T22:24:51.273Z","version":"WzI3NTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Responses by Name Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DNS Responses by Name Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"ab2732c0-9b29-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675808708361,9847],"type":"visualization","updated_at":"2023-02-07T22:25:08.361Z","version":"WzI3NzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"cf7cdb70-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2373],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"bd189af0-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2378],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MjcsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_503ee9c8-3371-4430-9997-5a2f772238ba\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"b08a00c5-dae4-4f27-8f9f-0fe2c6080f8d\"},\"panelIndex\":\"b08a00c5-dae4-4f27-8f9f-0fe2c6080f8d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b08a00c5-dae4-4f27-8f9f-0fe2c6080f8d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e57c863c-11e8-43d8-a2b8-20a63217371e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"6614e2b7-ce1e-40fd-958b-094b3cd9572f\"},\"panelIndex\":\"6614e2b7-ce1e-40fd-958b-094b3cd9572f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6614e2b7-ce1e-40fd-958b-094b3cd9572f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"5ee2723a-170e-41b6-818a-d23a29fd5082\"},\"panelIndex\":\"5ee2723a-170e-41b6-818a-d23a29fd5082\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5ee2723a-170e-41b6-818a-d23a29fd5082\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"afda2a55-86f5-4642-bcde-47d248c5155c\"},\"panelIndex\":\"afda2a55-86f5-4642-bcde-47d248c5155c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_afda2a55-86f5-4642-bcde-47d248c5155c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"252429da-55ed-48c2-a568-5293a497eaeb\"},\"panelIndex\":\"252429da-55ed-48c2-a568-5293a497eaeb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Requests by Name Server\",\"panelRefName\":\"panel_252429da-55ed-48c2-a568-5293a497eaeb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"cd07cac6-2abd-476e-938f-5fa3e4a008b8\"},\"panelIndex\":\"cd07cac6-2abd-476e-938f-5fa3e4a008b8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Responses by Name Server\",\"panelRefName\":\"panel_cd07cac6-2abd-476e-938f-5fa3e4a008b8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"591e0df2-b5c2-429b-842a-4f1fbb1063a5\"},\"panelIndex\":\"591e0df2-b5c2-429b-842a-4f1fbb1063a5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Requests by Name Server\",\"panelRefName\":\"panel_591e0df2-b5c2-429b-842a-4f1fbb1063a5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"29aeb812-da8d-452e-82e2-eb19b5bfc090\"},\"panelIndex\":\"29aeb812-da8d-452e-82e2-eb19b5bfc090\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Responses by Name Server\",\"panelRefName\":\"panel_29aeb812-da8d-452e-82e2-eb19b5bfc090\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"1dbfe416-99b6-4767-9820-63f88aedd795\"},\"panelIndex\":\"1dbfe416-99b6-4767-9820-63f88aedd795\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Requests by Client\",\"panelRefName\":\"panel_1dbfe416-99b6-4767-9820-63f88aedd795\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"38d80d14-ea45-40d6-9090-5c2c3f941d25\"},\"panelIndex\":\"38d80d14-ea45-40d6-9090-5c2c3f941d25\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Responses by Client\",\"panelRefName\":\"panel_38d80d14-ea45-40d6-9090-5c2c3f941d25\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"3122c7d9-47d5-4c38-ac00-76dd19e5875b\"},\"panelIndex\":\"3122c7d9-47d5-4c38-ac00-76dd19e5875b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3122c7d9-47d5-4c38-ac00-76dd19e5875b\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (DNS)","version":1},"coreMigrationVersion":"8.2.0","id":"61bf2aa0-9b2b-11ec-a4df-e940aaa4214d","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"503ee9c8-3371-4430-9997-5a2f772238ba:panel_503ee9c8-3371-4430-9997-5a2f772238ba","type":"visualization"},{"id":"7e85d890-9b2c-11ec-a4df-e940aaa4214d","name":"b08a00c5-dae4-4f27-8f9f-0fe2c6080f8d:panel_b08a00c5-dae4-4f27-8f9f-0fe2c6080f8d","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"e57c863c-11e8-43d8-a2b8-20a63217371e:panel_e57c863c-11e8-43d8-a2b8-20a63217371e","type":"visualization"},{"id":"ca205110-9b2a-11ec-a4df-e940aaa4214d","name":"6614e2b7-ce1e-40fd-958b-094b3cd9572f:panel_6614e2b7-ce1e-40fd-958b-094b3cd9572f","type":"visualization"},{"id":"e79c88d0-9b2a-11ec-a4df-e940aaa4214d","name":"5ee2723a-170e-41b6-818a-d23a29fd5082:panel_5ee2723a-170e-41b6-818a-d23a29fd5082","type":"visualization"},{"id":"dbe6ab40-9b27-11ec-a4df-e940aaa4214d","name":"afda2a55-86f5-4642-bcde-47d248c5155c:panel_afda2a55-86f5-4642-bcde-47d248c5155c","type":"visualization"},{"id":"80ca51b0-9b29-11ec-a4df-e940aaa4214d","name":"252429da-55ed-48c2-a568-5293a497eaeb:panel_252429da-55ed-48c2-a568-5293a497eaeb","type":"visualization"},{"id":"ab2732c0-9b29-11ec-a4df-e940aaa4214d","name":"cd07cac6-2abd-476e-938f-5fa3e4a008b8:panel_cd07cac6-2abd-476e-938f-5fa3e4a008b8","type":"visualization"},{"id":"32e2fba0-9b2e-11ec-a4df-e940aaa4214d","name":"591e0df2-b5c2-429b-842a-4f1fbb1063a5:panel_591e0df2-b5c2-429b-842a-4f1fbb1063a5","type":"visualization"},{"id":"5585dd80-9b2e-11ec-a4df-e940aaa4214d","name":"29aeb812-da8d-452e-82e2-eb19b5bfc090:panel_29aeb812-da8d-452e-82e2-eb19b5bfc090","type":"visualization"},{"id":"cf7cdb70-9b2e-11ec-a4df-e940aaa4214d","name":"1dbfe416-99b6-4767-9820-63f88aedd795:panel_1dbfe416-99b6-4767-9820-63f88aedd795","type":"visualization"},{"id":"bd189af0-9b2e-11ec-a4df-e940aaa4214d","name":"38d80d14-ea45-40d6-9090-5c2c3f941d25:panel_38d80d14-ea45-40d6-9090-5c2c3f941d25","type":"visualization"},{"id":"3d134760-c301-11ec-aaf3-5b4644130c7f","name":"3122c7d9-47d5-4c38-ac00-76dd19e5875b:panel_3122c7d9-47d5-4c38-ac00-76dd19e5875b","type":"visualization"}],"sort":[1675807560837,2392],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Locality Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Locality Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.locality\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Localities\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"62b4fa40-3ee6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2393],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Relayed (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Relayed (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"relayed\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 67 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"62e79640-c305-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2394],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Src/Dst (graph) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst (graph) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.src.host.name\",\"parent\":\"\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.dst.host.name\",\"parent\":\"\",\"label\":\"Destination\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675028723968\",\"fieldName\":\"l4.proto.name\",\"parent\":\"\",\"label\":\"Layer-4 Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.dst.l4.port.name\",\"parent\":\"\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1619032296511\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675028823795\",\"fieldName\":\"sec.threat.name\",\"parent\":\"\",\"label\":\"Threat\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"d937b020-a01b-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_6_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2402],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzEsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"terms\":{\"flow.src.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}},{\"terms\":{\"flow.dst.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}}],\"minimum_should_match\":1}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":true,\"alias\":\"non-unicast IPs\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.src.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}},{\\\"terms\\\":{\\\"flow.dst.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"aa9afd96-e0da-43da-8d09-0c6c935192aa\"},\"panelIndex\":\"aa9afd96-e0da-43da-8d09-0c6c935192aa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_aa9afd96-e0da-43da-8d09-0c6c935192aa\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"e9a93f14-9148-43c3-856b-ed57fe85b5d1\"},\"panelIndex\":\"e9a93f14-9148-43c3-856b-ed57fe85b5d1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e9a93f14-9148-43c3-856b-ed57fe85b5d1\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"61821225-4249-4b8a-83b5-b12282d65350\"},\"panelIndex\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_61821225-4249-4b8a-83b5-b12282d65350\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"996b4f59-2969-4d60-8de5-41a9d79fb707\"},\"panelIndex\":\"996b4f59-2969-4d60-8de5-41a9d79fb707\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_996b4f59-2969-4d60-8de5-41a9d79fb707\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"033f82a2-d164-40c1-84c4-d2bc2bc55fa3\"},\"panelIndex\":\"033f82a2-d164-40c1-84c4-d2bc2bc55fa3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_033f82a2-d164-40c1-84c4-d2bc2bc55fa3\"}]","timeRestore":false,"title":"ElastiFlow (flow): Graph (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"62eebb80-a01a-11ed-8918-ff88f1042f36","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"0aedc830-a01b-11ed-8918-ff88f1042f36","name":"aa9afd96-e0da-43da-8d09-0c6c935192aa:panel_aa9afd96-e0da-43da-8d09-0c6c935192aa","type":"visualization"},{"id":"022b2810-a01a-11ed-8918-ff88f1042f36","name":"e9a93f14-9148-43c3-856b-ed57fe85b5d1:panel_e9a93f14-9148-43c3-856b-ed57fe85b5d1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"61821225-4249-4b8a-83b5-b12282d65350:panel_61821225-4249-4b8a-83b5-b12282d65350","type":"visualization"},{"id":"d937b020-a01b-11ed-8918-ff88f1042f36","name":"996b4f59-2969-4d60-8de5-41a9d79fb707:panel_996b4f59-2969-4d60-8de5-41a9d79fb707","type":"visualization"},{"id":"14314730-a013-11ed-8918-ff88f1042f36","name":"033f82a2-d164-40c1-84c4-d2bc2bc55fa3:panel_033f82a2-d164-40c1-84c4-d2bc2bc55fa3","type":"visualization"}],"sort":[1675807560837,2409],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"64cdd2a0-c3da-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2412],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/IP Version (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/IP Version (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"ip.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.version.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"65671460-3f06-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2413],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Broadcast (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Broadcast (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcast\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND flow.dst.ip.addr: 255.255.255.255 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"682aeb00-c4c4-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2414],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"69e3dfa0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2416],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"6a4b9320-c33a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2419],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Destinations from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Destinations from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"9733e0d3-a59a-41df-9116-ce867ae6da94\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"l4.proto.name: (\\\"ICMP\\\" OR \\\"IPv6-ICMP\\\") AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Destinations (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.dst.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"6c8e1ee0-c494-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2420],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Egress Interface (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Egress Interface (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.out.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.out.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"6d062540-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2421],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5MzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph (AS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph (AS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Src/Dst](#/dashboard/62eebb80-a01a-11ed-8918-ff88f1042f36) | [**AS**](#/dashboard/6d28fcf0-a01a-11ed-8918-ff88f1042f36)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"edc7e340-a019-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2422],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server Autonomous Systems (graph) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server Autonomous Systems (graph) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.as.label\",\"parent\":\"\",\"label\":\"Client AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.as.label\",\"parent\":\"\",\"label\":\"Server AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675029046836\",\"fieldName\":\"l4.proto.name\",\"parent\":\"\",\"label\":\"Layer-4 Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1619032399767\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675029096506\",\"fieldName\":\"sec.threat.name\",\"parent\":\"\",\"label\":\"Threat\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"ebbb3870-a01b-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_6_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2430],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDEsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":\"client is PRIVATE\",\"negate\":true,\"disabled\":true,\"type\":\"phrase\",\"key\":\"flow.client.as.label\",\"params\":{\"query\":\"PRIVATE\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.client.as.label\":\"PRIVATE\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":\"server is PRIVATE\",\"negate\":true,\"disabled\":true,\"type\":\"phrase\",\"key\":\"flow.server.as.label\",\"params\":{\"query\":\"PRIVATE\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.server.as.label\":\"PRIVATE\"}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"87dc5459-2e20-4f53-b009-97517b64f0da\"},\"panelIndex\":\"87dc5459-2e20-4f53-b009-97517b64f0da\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_87dc5459-2e20-4f53-b009-97517b64f0da\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"50027bb3-572a-40a3-82f6-284273c50ccf\"},\"panelIndex\":\"50027bb3-572a-40a3-82f6-284273c50ccf\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_50027bb3-572a-40a3-82f6-284273c50ccf\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\"},\"panelIndex\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7bece6c9-d4e9-48d4-a77e-e720d0d397af\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"e006dc68-9856-4898-9c74-3a00dc1ddd49\"},\"panelIndex\":\"e006dc68-9856-4898-9c74-3a00dc1ddd49\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e006dc68-9856-4898-9c74-3a00dc1ddd49\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"89c16960-5404-4bef-8a3e-ae623dbb4b9b\"},\"panelIndex\":\"89c16960-5404-4bef-8a3e-ae623dbb4b9b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_89c16960-5404-4bef-8a3e-ae623dbb4b9b\"}]","timeRestore":false,"title":"ElastiFlow (flow): Graph (AS)","version":1},"coreMigrationVersion":"8.2.0","id":"6d28fcf0-a01a-11ed-8918-ff88f1042f36","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"0aedc830-a01b-11ed-8918-ff88f1042f36","name":"87dc5459-2e20-4f53-b009-97517b64f0da:panel_87dc5459-2e20-4f53-b009-97517b64f0da","type":"visualization"},{"id":"edc7e340-a019-11ed-8918-ff88f1042f36","name":"50027bb3-572a-40a3-82f6-284273c50ccf:panel_50027bb3-572a-40a3-82f6-284273c50ccf","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"7bece6c9-d4e9-48d4-a77e-e720d0d397af:panel_7bece6c9-d4e9-48d4-a77e-e720d0d397af","type":"visualization"},{"id":"ebbb3870-a01b-11ed-8918-ff88f1042f36","name":"e006dc68-9856-4898-9c74-3a00dc1ddd49:panel_e006dc68-9856-4898-9c74-3a00dc1ddd49","type":"visualization"},{"id":"18f1cdc0-a019-11ed-8918-ff88f1042f36","name":"89c16960-5404-4bef-8a3e-ae623dbb4b9b:panel_89c16960-5404-4bef-8a3e-ae623dbb4b9b","type":"visualization"}],"sort":[1675807560837,2438],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Conversations - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Conversations - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.conversation.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Conversation ID\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"6dd43c00-3e0b-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2440],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.src.l4.port.id: 1812 OR flow.src.l4.port.id: 1645) AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"6e4ded9e-1233-42f1-9b51-158686c49239","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2441],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Country Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Country Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"geo.country.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Countries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"6e5949e0-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2442],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"6e94d950-c3ad-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2445],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Exporters","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [**Exporters**](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"dc9329e0-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2446],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Egress Interface (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Egress Interface (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ae5c02d0-6d7c-11eb-804b-4d51b964b0de\",\"type\":\"math\",\"variables\":[{\"id\":\"affb5af0-6d7c-11eb-804b-4d51b964b0de\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"b5cbd9a0-6d7c-11eb-804b-4d51b964b0de\",\"type\":\"math\",\"variables\":[{\"id\":\"b77013c0-6d7c-11eb-804b-4d51b964b0de\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.out.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.out.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"83d86e40-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2447],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDgsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"3b89a511-d238-4675-ad12-6bdd27bf2e51\"},\"panelIndex\":\"3b89a511-d238-4675-ad12-6bdd27bf2e51\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3b89a511-d238-4675-ad12-6bdd27bf2e51\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"2230b4c2-b6b5-4f9e-a774-ffdc201558fe\"},\"panelIndex\":\"2230b4c2-b6b5-4f9e-a774-ffdc201558fe\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2230b4c2-b6b5-4f9e-a774-ffdc201558fe\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"f742042f-bf18-44c3-b27d-18dad55ca878\"},\"panelIndex\":\"f742042f-bf18-44c3-b27d-18dad55ca878\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f742042f-bf18-44c3-b27d-18dad55ca878\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":39,\"h\":5,\"i\":\"d51bc79c-a8cf-4efd-87c2-19c277ddcda8\"},\"panelIndex\":\"d51bc79c-a8cf-4efd-87c2-19c277ddcda8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d51bc79c-a8cf-4efd-87c2-19c277ddcda8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":4,\"w\":9,\"h\":5,\"i\":\"9444adf6-cb19-41f1-af5b-73f125f73483\"},\"panelIndex\":\"9444adf6-cb19-41f1-af5b-73f125f73483\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9444adf6-cb19-41f1-af5b-73f125f73483\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"dec2e2c1-77cf-4615-829b-c2f033132bf7\"},\"panelIndex\":\"dec2e2c1-77cf-4615-829b-c2f033132bf7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Ingress Interface (bits/s)\",\"panelRefName\":\"panel_dec2e2c1-77cf-4615-829b-c2f033132bf7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"d08f185d-1c41-4ae0-9a0e-942338220b72\"},\"panelIndex\":\"d08f185d-1c41-4ae0-9a0e-942338220b72\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Egress Interface (bits/s)\",\"panelRefName\":\"panel_d08f185d-1c41-4ae0-9a0e-942338220b72\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"b2e7f7c4-6dce-4389-8820-f6425ea1642c\"},\"panelIndex\":\"b2e7f7c4-6dce-4389-8820-f6425ea1642c\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Ingress Interface (pkts/s)\",\"panelRefName\":\"panel_b2e7f7c4-6dce-4389-8820-f6425ea1642c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"bd341ed5-7d9e-4ed9-81aa-d15b44e01b66\"},\"panelIndex\":\"bd341ed5-7d9e-4ed9-81aa-d15b44e01b66\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Egress Interface (pkts/s)\",\"panelRefName\":\"panel_bd341ed5-7d9e-4ed9-81aa-d15b44e01b66\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Exporters (traffic)","version":1},"coreMigrationVersion":"8.2.0","id":"6fa91cc0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"dc9329e0-3d42-11eb-bc2c-c5758316d788","name":"3b89a511-d238-4675-ad12-6bdd27bf2e51:panel_3b89a511-d238-4675-ad12-6bdd27bf2e51","type":"visualization"},{"id":"5d7289b0-3d44-11eb-bc2c-c5758316d788","name":"2230b4c2-b6b5-4f9e-a774-ffdc201558fe:panel_2230b4c2-b6b5-4f9e-a774-ffdc201558fe","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"f742042f-bf18-44c3-b27d-18dad55ca878:panel_f742042f-bf18-44c3-b27d-18dad55ca878","type":"visualization"},{"id":"292d9620-3d55-11eb-bc2c-c5758316d788","name":"d51bc79c-a8cf-4efd-87c2-19c277ddcda8:panel_d51bc79c-a8cf-4efd-87c2-19c277ddcda8","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"9444adf6-cb19-41f1-af5b-73f125f73483:panel_9444adf6-cb19-41f1-af5b-73f125f73483","type":"visualization"},{"id":"37725340-3ec9-11eb-bc2c-c5758316d788","name":"dec2e2c1-77cf-4615-829b-c2f033132bf7:panel_dec2e2c1-77cf-4615-829b-c2f033132bf7","type":"visualization"},{"id":"6d062540-3ec9-11eb-bc2c-c5758316d788","name":"d08f185d-1c41-4ae0-9a0e-942338220b72:panel_d08f185d-1c41-4ae0-9a0e-942338220b72","type":"visualization"},{"id":"4efdda20-3ec9-11eb-bc2c-c5758316d788","name":"b2e7f7c4-6dce-4389-8820-f6425ea1642c:panel_b2e7f7c4-6dce-4389-8820-f6425ea1642c","type":"visualization"},{"id":"83d86e40-3ec9-11eb-bc2c-c5758316d788","name":"bd341ed5-7d9e-4ed9-81aa-d15b44e01b66:panel_bd341ed5-7d9e-4ed9-81aa-d15b44e01b66","type":"visualization"}],"sort":[1675807560837,2457],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"70739240-c49b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2460],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - AS-Path Flows","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - AS-Path Flows\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Return to Flows](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Hops](#/dashboard/5ea16380-a0a0-11ed-8918-ff88f1042f36) | [**Flows**](#/dashboard/70c0abc0-a0a0-11ed-8918-ff88f1042f36) | [Endpoints](#/dashboard/7d987b70-a0a0-11ed-8918-ff88f1042f36)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"7ae9cba0-a09f-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2461],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path Flows - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path Flows - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-path-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.src.as.label\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.dst.as.label\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 24,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.7,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"8f297420-a0a5-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2462],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NTIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"a809bb7c-ff45-4a5d-9e77-b620dfc6d691\"},\"panelIndex\":\"a809bb7c-ff45-4a5d-9e77-b620dfc6d691\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a809bb7c-ff45-4a5d-9e77-b620dfc6d691\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"9b1de842-8921-445e-83d6-709f815083aa\"},\"panelIndex\":\"9b1de842-8921-445e-83d6-709f815083aa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9b1de842-8921-445e-83d6-709f815083aa\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"9db41cdc-f3c2-4fbc-838c-097c909868a6\"},\"panelIndex\":\"9db41cdc-f3c2-4fbc-838c-097c909868a6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9db41cdc-f3c2-4fbc-838c-097c909868a6\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"d5845b2b-7fdb-4d95-86f4-0ec46f02818b\"},\"panelIndex\":\"d5845b2b-7fdb-4d95-86f4-0ec46f02818b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d5845b2b-7fdb-4d95-86f4-0ec46f02818b\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS-Path Graph (flows)","version":1},"coreMigrationVersion":"8.2.0","id":"70c0abc0-a0a0-11ed-8918-ff88f1042f36","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"7ae9cba0-a09f-11ed-8918-ff88f1042f36","name":"a809bb7c-ff45-4a5d-9e77-b620dfc6d691:panel_a809bb7c-ff45-4a5d-9e77-b620dfc6d691","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"9b1de842-8921-445e-83d6-709f815083aa:panel_9b1de842-8921-445e-83d6-709f815083aa","type":"visualization"},{"id":"8f297420-a0a5-11ed-8918-ff88f1042f36","name":"9db41cdc-f3c2-4fbc-838c-097c909868a6:panel_9db41cdc-f3c2-4fbc-838c-097c909868a6","type":"visualization"},{"id":"81ef6880-a15b-11ed-8918-ff88f1042f36","name":"d5845b2b-7fdb-4d95-86f4-0ec46f02818b:panel_d5845b2b-7fdb-4d95-86f4-0ec46f02818b","type":"visualization"}],"sort":[1675807560837,2467],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Locality (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Locality (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.locality\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.locality : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"70c95380-3ee4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2468],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Exporters (metrics)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters (metrics)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Traffic](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [**Metrics**](#/dashboard/ac3e8880-3d41-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"722d6460-3d44-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2469],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"7354bd70-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2471],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): VLANs (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): VLANs (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"73788aa0-3f08-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810186370,11653],"type":"visualization","updated_at":"2023-02-07T22:49:46.370Z","version":"WzQ1MTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/VLAN (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/VLAN (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"vlan.tag.id\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"vlan.tag.id: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"73b22db0-3f07-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2474],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"7406a000-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810404057,12165],"type":"visualization","updated_at":"2023-02-07T22:53:24.057Z","version":"WzQ5ODMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.client.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Clients\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"756aa270-3e5f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2477],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"76e6b920-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675807560837,2483],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"At-Risk Servers\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.client.sec.threat.name\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.client.sec.threat.name\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): At-Risk Servers (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: At-Risk Servers (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"At-Risk Servers\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.ip.addr\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7734beb0-75c3-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2486],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Option (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Option (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"tcp.options.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.options.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"783f9db0-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2487],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjMsMl0="}
{"attributes":{"columns":["flow.community.id","flow.export.host.name","flow.src.host.name","flow.src.l4.port.name","flow.dst.host.name","flow.dst.l4.port.name","flow.bytes","flow.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.src.ip.addr\"}},{\"exists\":{\"field\":\"flow.dst.ip.addr\"}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.src.ip.addr\\\"}},{\\\"exists\\\":{\\\"field\\\":\\\"flow.dst.ip.addr\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"ElastiFlow (flow): Flow Records (src/dst) - search","version":1},"coreMigrationVersion":"8.2.0","id":"78b035a0-3f11-11eb-bc2c-c5758316d788","migrationVersion":{"search":"8.0.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2490],"type":"search","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Source\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7a32e220-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2493],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DHCP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":67}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":67}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":67}},{\"match_phrase\":{\"flow.dst.l4.port.id\":67}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Msg\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7c3745e0-c306-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2498],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - AS-Path Endpoints","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - AS-Path Endpoints\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Return to Flows](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Hops](#/dashboard/5ea16380-a0a0-11ed-8918-ff88f1042f36) | [Flows](#/dashboard/70c0abc0-a0a0-11ed-8918-ff88f1042f36) | [**Endpoints**](#/dashboard/7d987b70-a0a0-11ed-8918-ff88f1042f36)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"8af6aea0-a09f-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2499],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path Endpoints - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path Endpoints - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-path-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.src.host.name\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.dst.host.name\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 24,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.7,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"e7367ff0-a0a5-11ed-8918-ff88f1042f36","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2500],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjgsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"1eb2ae9d-75cf-45ed-ad66-5b6cc0a14a82\"},\"panelIndex\":\"1eb2ae9d-75cf-45ed-ad66-5b6cc0a14a82\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1eb2ae9d-75cf-45ed-ad66-5b6cc0a14a82\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"9b1de842-8921-445e-83d6-709f815083aa\"},\"panelIndex\":\"9b1de842-8921-445e-83d6-709f815083aa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9b1de842-8921-445e-83d6-709f815083aa\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"bcb8409c-6e62-4291-91d2-1e2f99b6bb2b\"},\"panelIndex\":\"bcb8409c-6e62-4291-91d2-1e2f99b6bb2b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_bcb8409c-6e62-4291-91d2-1e2f99b6bb2b\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"010c4797-dc54-46ac-85df-f32b30db48b9\"},\"panelIndex\":\"010c4797-dc54-46ac-85df-f32b30db48b9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_010c4797-dc54-46ac-85df-f32b30db48b9\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS-Path Graph (endpoints)","version":1},"coreMigrationVersion":"8.2.0","id":"7d987b70-a0a0-11ed-8918-ff88f1042f36","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"8af6aea0-a09f-11ed-8918-ff88f1042f36","name":"1eb2ae9d-75cf-45ed-ad66-5b6cc0a14a82:panel_1eb2ae9d-75cf-45ed-ad66-5b6cc0a14a82","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"9b1de842-8921-445e-83d6-709f815083aa:panel_9b1de842-8921-445e-83d6-709f815083aa","type":"visualization"},{"id":"e7367ff0-a0a5-11ed-8918-ff88f1042f36","name":"bcb8409c-6e62-4291-91d2-1e2f99b6bb2b:panel_bcb8409c-6e62-4291-91d2-1e2f99b6bb2b","type":"visualization"},{"id":"81ef6880-a15b-11ed-8918-ff88f1042f36","name":"010c4797-dc54-46ac-85df-f32b30db48b9:panel_010c4797-dc54-46ac-85df-f32b30db48b9","type":"visualization"}],"sort":[1675807560837,2505],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/589bc1f0-a01a-11ed-8918-ff88f1042f36) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [**Traffic Details**](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2506],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Server Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Servers\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"97c2bfb0-3e5f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2507],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.client.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.host.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d80358b0-3edb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2508],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.host.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"f3fc4470-3ede-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2509],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"cd523060-6d7c-11eb-b746-f1522e0dab3a\",\"type\":\"math\",\"variables\":[{\"id\":\"cf0ead70-6d7c-11eb-b746-f1522e0dab3a\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"d971ac90-6d7c-11eb-b746-f1522e0dab3a\",\"type\":\"math\",\"variables\":[{\"id\":\"db2cf120-6d7c-11eb-b746-f1522e0dab3a\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Clients\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.client.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"f15aed00-3edb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2510],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Services (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Services (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"a79c8dd0-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810323887,11889],"type":"visualization","updated_at":"2023-02-07T22:52:03.887Z","version":"WzQ3MjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Applications (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Applications (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"app.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"cc173cf0-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810340066,11943],"type":"visualization","updated_at":"2023-02-07T22:52:20.066Z","version":"WzQ3NzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Service (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Service (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.l4.port.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8298f1f0-3ee0-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2515],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Application (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Application (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"app.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"app.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"e87e7f20-3ee1-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2516],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Service (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Service (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"e49340c0-6d7c-11eb-b9b4-13da79d84f81\",\"type\":\"math\",\"variables\":[{\"id\":\"e6425050-6d7c-11eb-b9b4-13da79d84f81\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ece8e3b0-6d7c-11eb-b9b4-13da79d84f81\",\"type\":\"math\",\"variables\":[{\"id\":\"ef8e3a20-6d7c-11eb-b9b4-13da79d84f81\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Services\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.l4.port.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"c1cd0f50-3ee0-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2517],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5NzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Application (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Application (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"15a3fba0-6d7d-11eb-84f7-77c8f6afc5bb\",\"type\":\"math\",\"variables\":[{\"id\":\"177ba1d0-6d7d-11eb-84f7-77c8f6afc5bb\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"22c50950-6d7d-11eb-84f7-77c8f6afc5bb\",\"type\":\"math\",\"variables\":[{\"id\":\"245ee330-6d7d-11eb-84f7-77c8f6afc5bb\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Applications\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"app.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"app.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"ff906930-3ee1-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2518],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"cf1bd77b-1f5f-4fd2-bdec-4a4f86b2cbf5\"},\"panelIndex\":\"cf1bd77b-1f5f-4fd2-bdec-4a4f86b2cbf5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cf1bd77b-1f5f-4fd2-bdec-4a4f86b2cbf5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"25faea81-ab1f-41e5-acb9-6106d4cc0aa4\"},\"panelIndex\":\"25faea81-ab1f-41e5-acb9-6106d4cc0aa4\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_25faea81-ab1f-41e5-acb9-6106d4cc0aa4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"98b7b546-bcd1-4f6a-ae72-5537acf3b95e\"},\"panelIndex\":\"98b7b546-bcd1-4f6a-ae72-5537acf3b95e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_98b7b546-bcd1-4f6a-ae72-5537acf3b95e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d3b1d5d8-42b4-4ce3-b869-9cf9b9339e86\"},\"panelIndex\":\"d3b1d5d8-42b4-4ce3-b869-9cf9b9339e86\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d3b1d5d8-42b4-4ce3-b869-9cf9b9339e86\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"72a017dd-f8eb-4626-acec-90c12df7f147\"},\"panelIndex\":\"72a017dd-f8eb-4626-acec-90c12df7f147\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_72a017dd-f8eb-4626-acec-90c12df7f147\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"30822c3b-040f-49e1-a798-4de5eb0c3d5f\"},\"panelIndex\":\"30822c3b-040f-49e1-a798-4de5eb0c3d5f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_30822c3b-040f-49e1-a798-4de5eb0c3d5f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"d85d8052-38bd-42e0-a2bc-7994cc898e97\"},\"panelIndex\":\"d85d8052-38bd-42e0-a2bc-7994cc898e97\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_d85d8052-38bd-42e0-a2bc-7994cc898e97\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"b7916a81-f14e-4151-988e-03fe34367bf7\"},\"panelIndex\":\"b7916a81-f14e-4151-988e-03fe34367bf7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b7916a81-f14e-4151-988e-03fe34367bf7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"f51e7b87-62a2-494f-989e-589ed7aaa2fb\"},\"panelIndex\":\"f51e7b87-62a2-494f-989e-589ed7aaa2fb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f51e7b87-62a2-494f-989e-589ed7aaa2fb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"43312a94-47b7-44fb-aee1-a7d602d108a4\"},\"panelIndex\":\"43312a94-47b7-44fb-aee1-a7d602d108a4\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_43312a94-47b7-44fb-aee1-a7d602d108a4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"816e3e43-6b65-4eaf-91c6-7073ce905be7\"},\"panelIndex\":\"816e3e43-6b65-4eaf-91c6-7073ce905be7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_816e3e43-6b65-4eaf-91c6-7073ce905be7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"c4771e88-2c13-4d6e-a7bf-f63f430a0d54\"},\"panelIndex\":\"c4771e88-2c13-4d6e-a7bf-f63f430a0d54\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c4771e88-2c13-4d6e-a7bf-f63f430a0d54\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":13,\"i\":\"c86d248a-9b29-4a1b-9904-5139da8f954b\"},\"panelIndex\":\"c86d248a-9b29-4a1b-9904-5139da8f954b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Clients (bits/s)\",\"panelRefName\":\"panel_c86d248a-9b29-4a1b-9904-5139da8f954b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":13,\"i\":\"95073fd6-49e8-4196-a2cb-d9dedffc5f09\"},\"panelIndex\":\"95073fd6-49e8-4196-a2cb-d9dedffc5f09\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Servers (bits/s)\",\"panelRefName\":\"panel_95073fd6-49e8-4196-a2cb-d9dedffc5f09\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":24,\"h\":14,\"i\":\"17cd868a-a8f9-4f6d-bbf0-d825a7e9aed0\"},\"panelIndex\":\"17cd868a-a8f9-4f6d-bbf0-d825a7e9aed0\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Clients (pkts/s)\",\"panelRefName\":\"panel_17cd868a-a8f9-4f6d-bbf0-d825a7e9aed0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":33,\"w\":24,\"h\":14,\"i\":\"52665f63-634d-4f71-8af3-3fa78fd69805\"},\"panelIndex\":\"52665f63-634d-4f71-8af3-3fa78fd69805\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Servers (pkts/s)\",\"panelRefName\":\"panel_52665f63-634d-4f71-8af3-3fa78fd69805\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":47,\"w\":12,\"h\":11,\"i\":\"01abaf50-4385-4162-99a9-19098a7a2eb7\"},\"panelIndex\":\"01abaf50-4385-4162-99a9-19098a7a2eb7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Services (flow records)\",\"panelRefName\":\"panel_01abaf50-4385-4162-99a9-19098a7a2eb7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":47,\"w\":12,\"h\":2,\"i\":\"a4d025c1-8e8c-41b3-9914-d30dbfd9c4eb\"},\"panelIndex\":\"a4d025c1-8e8c-41b3-9914-d30dbfd9c4eb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a4d025c1-8e8c-41b3-9914-d30dbfd9c4eb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":47,\"w\":12,\"h\":11,\"i\":\"7c5e07d4-34a2-4023-8f5a-10836add48f0\"},\"panelIndex\":\"7c5e07d4-34a2-4023-8f5a-10836add48f0\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Applications (flow records)\",\"panelRefName\":\"panel_7c5e07d4-34a2-4023-8f5a-10836add48f0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":47,\"w\":12,\"h\":2,\"i\":\"216341be-b759-42f1-9771-8af90aff5d7b\"},\"panelIndex\":\"216341be-b759-42f1-9771-8af90aff5d7b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_216341be-b759-42f1-9771-8af90aff5d7b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":49,\"w\":12,\"h\":7,\"i\":\"bff6ff26-0484-4c7d-9e4c-8a5719cdf602\"},\"panelIndex\":\"bff6ff26-0484-4c7d-9e4c-8a5719cdf602\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_bff6ff26-0484-4c7d-9e4c-8a5719cdf602\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":49,\"w\":12,\"h\":7,\"i\":\"6b050ffa-0e33-4b71-bec2-ade9c902c756\"},\"panelIndex\":\"6b050ffa-0e33-4b71-bec2-ade9c902c756\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6b050ffa-0e33-4b71-bec2-ade9c902c756\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":56,\"w\":12,\"h\":2,\"i\":\"6dfa17fa-42e9-4c82-a657-b8fe5aa806cc\"},\"panelIndex\":\"6dfa17fa-42e9-4c82-a657-b8fe5aa806cc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6dfa17fa-42e9-4c82-a657-b8fe5aa806cc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":56,\"w\":12,\"h\":2,\"i\":\"4a61399d-0303-4406-9546-148dda9ad8db\"},\"panelIndex\":\"4a61399d-0303-4406-9546-148dda9ad8db\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4a61399d-0303-4406-9546-148dda9ad8db\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":14,\"i\":\"36a5f34b-93a1-4b1d-b997-71a644c1eaae\"},\"panelIndex\":\"36a5f34b-93a1-4b1d-b997-71a644c1eaae\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_36a5f34b-93a1-4b1d-b997-71a644c1eaae\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":14,\"i\":\"165535c1-1b24-4dd3-a572-3b7572ccd1dc\"},\"panelIndex\":\"165535c1-1b24-4dd3-a572-3b7572ccd1dc\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Applications (bits/s)\",\"panelRefName\":\"panel_165535c1-1b24-4dd3-a572-3b7572ccd1dc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":72,\"w\":24,\"h\":14,\"i\":\"869b0795-1565-4c62-847d-9c9ee627f8f9\"},\"panelIndex\":\"869b0795-1565-4c62-847d-9c9ee627f8f9\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Services (pkts/s)\",\"panelRefName\":\"panel_869b0795-1565-4c62-847d-9c9ee627f8f9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":72,\"w\":24,\"h\":14,\"i\":\"1a126c02-f0fc-4278-9e27-cc285e3eb8f5\"},\"panelIndex\":\"1a126c02-f0fc-4278-9e27-cc285e3eb8f5\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Applications (pkts/s)\",\"panelRefName\":\"panel_1a126c02-f0fc-4278-9e27-cc285e3eb8f5\"}]","timeRestore":false,"title":"ElastiFlow (flow): Traffic Details (types)","version":1},"coreMigrationVersion":"8.2.0","id":"7dfba590-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","name":"cf1bd77b-1f5f-4fd2-bdec-4a4f86b2cbf5:panel_cf1bd77b-1f5f-4fd2-bdec-4a4f86b2cbf5","type":"visualization"},{"id":"228552e0-3d46-11eb-bc2c-c5758316d788","name":"25faea81-ab1f-41e5-acb9-6106d4cc0aa4:panel_25faea81-ab1f-41e5-acb9-6106d4cc0aa4","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"98b7b546-bcd1-4f6a-ae72-5537acf3b95e:panel_98b7b546-bcd1-4f6a-ae72-5537acf3b95e","type":"visualization"},{"id":"39259170-3edd-11eb-bc2c-c5758316d788","name":"d3b1d5d8-42b4-4ce3-b869-9cf9b9339e86:panel_d3b1d5d8-42b4-4ce3-b869-9cf9b9339e86","type":"visualization"},{"id":"0b230740-3d38-11eb-bc2c-c5758316d788","name":"72a017dd-f8eb-4626-acec-90c12df7f147:panel_72a017dd-f8eb-4626-acec-90c12df7f147","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"30822c3b-040f-49e1-a798-4de5eb0c3d5f:panel_30822c3b-040f-49e1-a798-4de5eb0c3d5f","type":"visualization"},{"id":"21b512f0-3d38-11eb-bc2c-c5758316d788","name":"d85d8052-38bd-42e0-a2bc-7994cc898e97:panel_d85d8052-38bd-42e0-a2bc-7994cc898e97","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"b7916a81-f14e-4151-988e-03fe34367bf7:panel_b7916a81-f14e-4151-988e-03fe34367bf7","type":"visualization"},{"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","name":"f51e7b87-62a2-494f-989e-589ed7aaa2fb:panel_f51e7b87-62a2-494f-989e-589ed7aaa2fb","type":"visualization"},{"id":"97c2bfb0-3e5f-11eb-bc2c-c5758316d788","name":"43312a94-47b7-44fb-aee1-a7d602d108a4:panel_43312a94-47b7-44fb-aee1-a7d602d108a4","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"816e3e43-6b65-4eaf-91c6-7073ce905be7:panel_816e3e43-6b65-4eaf-91c6-7073ce905be7","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"c4771e88-2c13-4d6e-a7bf-f63f430a0d54:panel_c4771e88-2c13-4d6e-a7bf-f63f430a0d54","type":"visualization"},{"id":"d80358b0-3edb-11eb-bc2c-c5758316d788","name":"c86d248a-9b29-4a1b-9904-5139da8f954b:panel_c86d248a-9b29-4a1b-9904-5139da8f954b","type":"visualization"},{"id":"f3fc4470-3ede-11eb-bc2c-c5758316d788","name":"95073fd6-49e8-4196-a2cb-d9dedffc5f09:panel_95073fd6-49e8-4196-a2cb-d9dedffc5f09","type":"visualization"},{"id":"f15aed00-3edb-11eb-bc2c-c5758316d788","name":"17cd868a-a8f9-4f6d-bbf0-d825a7e9aed0:panel_17cd868a-a8f9-4f6d-bbf0-d825a7e9aed0","type":"visualization"},{"id":"086359d0-3edf-11eb-bc2c-c5758316d788","name":"52665f63-634d-4f71-8af3-3fa78fd69805:panel_52665f63-634d-4f71-8af3-3fa78fd69805","type":"visualization"},{"id":"a79c8dd0-3d38-11eb-bc2c-c5758316d788","name":"01abaf50-4385-4162-99a9-19098a7a2eb7:panel_01abaf50-4385-4162-99a9-19098a7a2eb7","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"a4d025c1-8e8c-41b3-9914-d30dbfd9c4eb:panel_a4d025c1-8e8c-41b3-9914-d30dbfd9c4eb","type":"visualization"},{"id":"cc173cf0-3d38-11eb-bc2c-c5758316d788","name":"7c5e07d4-34a2-4023-8f5a-10836add48f0:panel_7c5e07d4-34a2-4023-8f5a-10836add48f0","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"216341be-b759-42f1-9771-8af90aff5d7b:panel_216341be-b759-42f1-9771-8af90aff5d7b","type":"visualization"},{"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","name":"bff6ff26-0484-4c7d-9e4c-8a5719cdf602:panel_bff6ff26-0484-4c7d-9e4c-8a5719cdf602","type":"visualization"},{"id":"2f9ed3e0-3e61-11eb-bc2c-c5758316d788","name":"6b050ffa-0e33-4b71-bec2-ade9c902c756:panel_6b050ffa-0e33-4b71-bec2-ade9c902c756","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"6dfa17fa-42e9-4c82-a657-b8fe5aa806cc:panel_6dfa17fa-42e9-4c82-a657-b8fe5aa806cc","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"4a61399d-0303-4406-9546-148dda9ad8db:panel_4a61399d-0303-4406-9546-148dda9ad8db","type":"visualization"},{"id":"8298f1f0-3ee0-11eb-bc2c-c5758316d788","name":"36a5f34b-93a1-4b1d-b997-71a644c1eaae:panel_36a5f34b-93a1-4b1d-b997-71a644c1eaae","type":"visualization"},{"id":"e87e7f20-3ee1-11eb-bc2c-c5758316d788","name":"165535c1-1b24-4dd3-a572-3b7572ccd1dc:panel_165535c1-1b24-4dd3-a572-3b7572ccd1dc","type":"visualization"},{"id":"c1cd0f50-3ee0-11eb-bc2c-c5758316d788","name":"869b0795-1565-4c62-847d-9c9ee627f8f9:panel_869b0795-1565-4c62-847d-9c9ee627f8f9","type":"visualization"},{"id":"ff906930-3ee1-11eb-bc2c-c5758316d788","name":"1a126c02-f0fc-4278-9e27-cc285e3eb8f5:panel_1a126c02-f0fc-4278-9e27-cc285e3eb8f5","type":"visualization"}],"sort":[1675807560837,2547],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Symmetric Messages by src/dst - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Symmetric Messages by src/dst - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Sym\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7e20b120-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675807560837,2553],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"81a877e0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2555],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations and Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"83029b10-3d31-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2557],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Observed Traffic (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"33802db0-6d7d-11eb-b273-0b659d100ef7\",\"type\":\"math\",\"variables\":[{\"id\":\"3544c110-6d7d-11eb-b273-0b659d100ef7\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"3b474c40-6d7d-11eb-b273-0b659d100ef7\",\"type\":\"math\",\"variables\":[{\"id\":\"3ced8230-6d7d-11eb-b273-0b659d100ef7\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Exporters\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.export.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.export.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"831f5010-3ecc-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2558],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"850fe610-c467-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2561],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Accessed Ports from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Accessed Ports from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"b7a10df9-0186-4033-aafc-2051261542eb\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"flow.client.as.org: \\\"PRIVATE\\\" AND flow.server.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Accessed Ports (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"851359f0-c492-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2562],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Average Throughput (bits/s) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Average Throughput (bits/s) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"},{\"sigma\":\"\",\"id\":\"568d8d10-3e5d-11eb-83e8-ef8dac1c189d\",\"type\":\"avg_bucket\",\"field\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Avg. Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"\",\"index_pattern\":\"\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"49b0db60-3e5d-11eb-83e8-ef8dac1c189d\"}],\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"86111840-3e5d-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2563],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI & Remote Desktop Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI & Remote Desktop Sessions (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI & Remote Desktop Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"8639aea0-c59c-11ec-bed2-4dc4c8e683a3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2566],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5ODksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): VLAN/DSCP/TCP Flags/TCP Options - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN/DSCP/TCP Flags/TCP Options - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"vlan.tag.id\",\"parent\":\"\",\"label\":\"VLANs\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"ip.dscp.name\",\"parent\":\"\",\"label\":\"DSCP\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"tcp.flags.tags\",\"parent\":\"\",\"label\":\"TCP Flags\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":16,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"tcp.options.tags\",\"parent\":\"\",\"label\":\"TCP Options\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":64,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"dc1d7e90-3f0c-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2572],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5OTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): IP Versions (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): IP Versions (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"ip.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"ac03b590-3f06-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810158164,11534],"type":"visualization","updated_at":"2023-02-07T22:49:18.164Z","version":"WzQzOTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): IP Version Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"ip.version.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"IP Versions\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"ef4b4a40-3f04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2575],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5OTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/IP Version (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/IP Version (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"4a631880-6d7d-11eb-958e-eb77245e53fe\",\"type\":\"math\",\"variables\":[{\"id\":\"4bfacf80-6d7d-11eb-958e-eb77245e53fe\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"51a43e30-6d7d-11eb-958e-eb77245e53fe\",\"type\":\"math\",\"variables\":[{\"id\":\"5b33c0b0-6d7d-11eb-958e-eb77245e53fe\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top IP Versions\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"ip.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.version.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"939c9bc0-3f06-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2576],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5OTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DSCP (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DSCP (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.ip.dscp.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP DSCP\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"9e42d670-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810203371,11715],"type":"visualization","updated_at":"2023-02-07T22:50:03.371Z","version":"WzQ1NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Flags (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): TCP Flags (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.flags.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flags\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"d1ec1680-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675810235100,11782],"type":"visualization","updated_at":"2023-02-07T22:50:35.100Z","version":"WzQ2MTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Option Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Option Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"tcp.options.tags\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"TCP Options\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"a1902790-3ef9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2581],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5OTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Flag (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Flag (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"tcp.flags.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.flags.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d78cbdc0-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2582],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5OTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Flag (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Flag (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"6b43b0f0-6d7d-11eb-8a07-3582e3771955\",\"type\":\"math\",\"variables\":[{\"id\":\"6d1d2be0-6d7d-11eb-8a07-3582e3771955\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"725bcad0-6d7d-11eb-8a07-3582e3771955\",\"type\":\"math\",\"variables\":[{\"id\":\"73fafbe0-6d7d-11eb-8a07-3582e3771955\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top TCP Flags\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"tcp.flags.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.flags.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"ee1c7f80-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2583],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5OTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Option (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Option (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"86fd7830-6d7d-11eb-a5ea-e3d4da0e8add\",\"type\":\"math\",\"variables\":[{\"id\":\"8873eb90-6d7d-11eb-a5ea-e3d4da0e8add\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"8e83e440-6d7d-11eb-a5ea-e3d4da0e8add\",\"type\":\"math\",\"variables\":[{\"id\":\"8ffffcf0-6d7d-11eb-a5ea-e3d4da0e8add\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top TCP Options\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"tcp.options.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.options.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"a2ae5910-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2584],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzE5OTksMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"393f1115-ef32-4968-a3e6-562da545bacc\"},\"panelIndex\":\"393f1115-ef32-4968-a3e6-562da545bacc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_393f1115-ef32-4968-a3e6-562da545bacc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"ad61a61c-ef89-4232-ada0-ed7964de301c\"},\"panelIndex\":\"ad61a61c-ef89-4232-ada0-ed7964de301c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ad61a61c-ef89-4232-ada0-ed7964de301c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"1b77ffee-ee57-41ff-9d76-857bbb1c9213\"},\"panelIndex\":\"1b77ffee-ee57-41ff-9d76-857bbb1c9213\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1b77ffee-ee57-41ff-9d76-857bbb1c9213\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"a199aa42-40cd-494b-b7ed-b341b187bff0\"},\"panelIndex\":\"a199aa42-40cd-494b-b7ed-b341b187bff0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a199aa42-40cd-494b-b7ed-b341b187bff0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"a28e4934-58a7-4bc5-96c9-e48d10007eea\"},\"panelIndex\":\"a28e4934-58a7-4bc5-96c9-e48d10007eea\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"IP Versions (flow records)\",\"panelRefName\":\"panel_a28e4934-58a7-4bc5-96c9-e48d10007eea\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"863403c9-a5f9-4df0-9a57-78fbf42d2b79\"},\"panelIndex\":\"863403c9-a5f9-4df0-9a57-78fbf42d2b79\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_863403c9-a5f9-4df0-9a57-78fbf42d2b79\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"6407bdf5-6fd2-4b7d-bc26-edb806e56815\"},\"panelIndex\":\"6407bdf5-6fd2-4b7d-bc26-edb806e56815\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Layer-4 Protocols (flow records)\",\"panelRefName\":\"panel_6407bdf5-6fd2-4b7d-bc26-edb806e56815\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"86f2c4eb-dfdb-48d4-86ce-62b95c7b7257\"},\"panelIndex\":\"86f2c4eb-dfdb-48d4-86ce-62b95c7b7257\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_86f2c4eb-dfdb-48d4-86ce-62b95c7b7257\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"9f1233b9-7928-4ffd-a00d-8912afcd9fb7\"},\"panelIndex\":\"9f1233b9-7928-4ffd-a00d-8912afcd9fb7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9f1233b9-7928-4ffd-a00d-8912afcd9fb7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"35dc4060-0a72-4200-9c94-0fbf155d4464\"},\"panelIndex\":\"35dc4060-0a72-4200-9c94-0fbf155d4464\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_35dc4060-0a72-4200-9c94-0fbf155d4464\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"26d45398-7bd0-4510-899e-8955f2cb82b0\"},\"panelIndex\":\"26d45398-7bd0-4510-899e-8955f2cb82b0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_26d45398-7bd0-4510-899e-8955f2cb82b0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"080f02e3-1cfa-4d0a-a47c-06722b44815b\"},\"panelIndex\":\"080f02e3-1cfa-4d0a-a47c-06722b44815b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_080f02e3-1cfa-4d0a-a47c-06722b44815b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":14,\"i\":\"84fe0e59-8f70-4f1f-bfc2-73efe894ebd4\"},\"panelIndex\":\"84fe0e59-8f70-4f1f-bfc2-73efe894ebd4\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"IP Versions (bits/s)\",\"panelRefName\":\"panel_84fe0e59-8f70-4f1f-bfc2-73efe894ebd4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":14,\"i\":\"407c4390-1043-490b-9038-0fd5746973f3\"},\"panelIndex\":\"407c4390-1043-490b-9038-0fd5746973f3\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Layer-4 Protocols (bits/s)\",\"panelRefName\":\"panel_407c4390-1043-490b-9038-0fd5746973f3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":24,\"h\":14,\"i\":\"f39fbfb5-7e36-4fcc-9ae8-2b4901e2c9cb\"},\"panelIndex\":\"f39fbfb5-7e36-4fcc-9ae8-2b4901e2c9cb\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"IP Versions (pkts/s)\",\"panelRefName\":\"panel_f39fbfb5-7e36-4fcc-9ae8-2b4901e2c9cb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":34,\"w\":24,\"h\":14,\"i\":\"af9cd893-0b4c-4d1c-ac5b-e2440a5e5c0c\"},\"panelIndex\":\"af9cd893-0b4c-4d1c-ac5b-e2440a5e5c0c\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Layer-4 Protocols (pkts/s)\",\"panelRefName\":\"panel_af9cd893-0b4c-4d1c-ac5b-e2440a5e5c0c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":48,\"w\":12,\"h\":11,\"i\":\"e3798eaf-2522-4051-be34-39f4d1de9cea\"},\"panelIndex\":\"e3798eaf-2522-4051-be34-39f4d1de9cea\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"VLANs (flow records)\",\"panelRefName\":\"panel_e3798eaf-2522-4051-be34-39f4d1de9cea\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":48,\"w\":12,\"h\":2,\"i\":\"705a44ce-0978-415a-b5e9-b61e3c05e9ff\"},\"panelIndex\":\"705a44ce-0978-415a-b5e9-b61e3c05e9ff\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_705a44ce-0978-415a-b5e9-b61e3c05e9ff\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":48,\"w\":12,\"h\":11,\"i\":\"860ab4a2-1332-4660-af89-1d99af9a3ccc\"},\"panelIndex\":\"860ab4a2-1332-4660-af89-1d99af9a3ccc\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"DSCP (flow records)\",\"panelRefName\":\"panel_860ab4a2-1332-4660-af89-1d99af9a3ccc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":2,\"i\":\"6d10d399-b5f8-420d-9dbc-8f4cfa435949\"},\"panelIndex\":\"6d10d399-b5f8-420d-9dbc-8f4cfa435949\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6d10d399-b5f8-420d-9dbc-8f4cfa435949\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":7,\"i\":\"0d095856-8615-46fd-9f15-6f418420f8b6\"},\"panelIndex\":\"0d095856-8615-46fd-9f15-6f418420f8b6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0d095856-8615-46fd-9f15-6f418420f8b6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":50,\"w\":12,\"h\":7,\"i\":\"7f03b90a-3697-472b-bbe2-b0a0631843f2\"},\"panelIndex\":\"7f03b90a-3697-472b-bbe2-b0a0631843f2\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7f03b90a-3697-472b-bbe2-b0a0631843f2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":57,\"w\":12,\"h\":2,\"i\":\"c07981ba-bd27-4d1a-867b-e969270bc33b\"},\"panelIndex\":\"c07981ba-bd27-4d1a-867b-e969270bc33b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c07981ba-bd27-4d1a-867b-e969270bc33b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":57,\"w\":12,\"h\":2,\"i\":\"504befc1-a66f-433f-b3fc-3c40f3247bfe\"},\"panelIndex\":\"504befc1-a66f-433f-b3fc-3c40f3247bfe\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_504befc1-a66f-433f-b3fc-3c40f3247bfe\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":24,\"h\":14,\"i\":\"1efdeaa7-d480-4e9f-8a86-8ae23526bf47\"},\"panelIndex\":\"1efdeaa7-d480-4e9f-8a86-8ae23526bf47\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1efdeaa7-d480-4e9f-8a86-8ae23526bf47\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":59,\"w\":24,\"h\":14,\"i\":\"5f6dce0b-482c-45bd-8b91-7acb9ba74a59\"},\"panelIndex\":\"5f6dce0b-482c-45bd-8b91-7acb9ba74a59\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"DSCP (bits/s)\",\"panelRefName\":\"panel_5f6dce0b-482c-45bd-8b91-7acb9ba74a59\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":14,\"i\":\"a9c91ab2-f565-4cec-8899-20d4c552fb89\"},\"panelIndex\":\"a9c91ab2-f565-4cec-8899-20d4c552fb89\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a9c91ab2-f565-4cec-8899-20d4c552fb89\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":14,\"i\":\"066f5801-1ce9-4e4b-9bd2-7641e557df2a\"},\"panelIndex\":\"066f5801-1ce9-4e4b-9bd2-7641e557df2a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"DSCP (pkts/s)\",\"panelRefName\":\"panel_066f5801-1ce9-4e4b-9bd2-7641e557df2a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":12,\"h\":11,\"i\":\"a5dcd4c3-993f-41d6-b857-78cbc4b59776\"},\"panelIndex\":\"a5dcd4c3-993f-41d6-b857-78cbc4b59776\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Flags (flow records)\",\"panelRefName\":\"panel_a5dcd4c3-993f-41d6-b857-78cbc4b59776\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":87,\"w\":12,\"h\":2,\"i\":\"18794abf-400e-4052-81d3-9436757c1982\"},\"panelIndex\":\"18794abf-400e-4052-81d3-9436757c1982\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_18794abf-400e-4052-81d3-9436757c1982\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":87,\"w\":12,\"h\":11,\"i\":\"d28d422b-7358-4d8f-bd87-934bcec94448\"},\"panelIndex\":\"d28d422b-7358-4d8f-bd87-934bcec94448\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Options (flow records)\",\"panelRefName\":\"panel_d28d422b-7358-4d8f-bd87-934bcec94448\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":87,\"w\":12,\"h\":2,\"i\":\"4181c6d3-e513-4962-86bd-f1e62454e4bd\"},\"panelIndex\":\"4181c6d3-e513-4962-86bd-f1e62454e4bd\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4181c6d3-e513-4962-86bd-f1e62454e4bd\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":89,\"w\":12,\"h\":7,\"i\":\"b9291dcb-81fd-46b0-aa64-569cd50aa35d\"},\"panelIndex\":\"b9291dcb-81fd-46b0-aa64-569cd50aa35d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b9291dcb-81fd-46b0-aa64-569cd50aa35d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":89,\"w\":12,\"h\":7,\"i\":\"b28f4f0b-4775-4e51-9d12-5fc42aafc7fa\"},\"panelIndex\":\"b28f4f0b-4775-4e51-9d12-5fc42aafc7fa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b28f4f0b-4775-4e51-9d12-5fc42aafc7fa\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":96,\"w\":12,\"h\":2,\"i\":\"4e907a92-1a5f-4539-b38f-c9dbdf9af3ee\"},\"panelIndex\":\"4e907a92-1a5f-4539-b38f-c9dbdf9af3ee\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4e907a92-1a5f-4539-b38f-c9dbdf9af3ee\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":96,\"w\":12,\"h\":2,\"i\":\"60f8dc8c-c2ba-4167-a2b4-184848b2905a\"},\"panelIndex\":\"60f8dc8c-c2ba-4167-a2b4-184848b2905a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_60f8dc8c-c2ba-4167-a2b4-184848b2905a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":98,\"w\":24,\"h\":15,\"i\":\"3ffc64a7-27df-43c2-9236-9fb190218530\"},\"panelIndex\":\"3ffc64a7-27df-43c2-9236-9fb190218530\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Flags (bits/s)\",\"panelRefName\":\"panel_3ffc64a7-27df-43c2-9236-9fb190218530\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":98,\"w\":24,\"h\":15,\"i\":\"050e6a29-61cd-4ebc-8ff5-e7a7e14f4616\"},\"panelIndex\":\"050e6a29-61cd-4ebc-8ff5-e7a7e14f4616\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Options (bits/s)\",\"panelRefName\":\"panel_050e6a29-61cd-4ebc-8ff5-e7a7e14f4616\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":113,\"w\":24,\"h\":15,\"i\":\"170f5488-e8dd-41ac-a4ea-d6f32431b014\"},\"panelIndex\":\"170f5488-e8dd-41ac-a4ea-d6f32431b014\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Flags (pkts/s)\",\"panelRefName\":\"panel_170f5488-e8dd-41ac-a4ea-d6f32431b014\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":113,\"w\":24,\"h\":15,\"i\":\"5bf02364-9fd1-4822-ab85-80e95f8a02f9\"},\"panelIndex\":\"5bf02364-9fd1-4822-ab85-80e95f8a02f9\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Options (pkts/s)\",\"panelRefName\":\"panel_5bf02364-9fd1-4822-ab85-80e95f8a02f9\"}]","timeRestore":false,"title":"ElastiFlow (flow): Traffic Details (attributes)","version":1},"coreMigrationVersion":"8.2.0","id":"8ae6d630-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","name":"393f1115-ef32-4968-a3e6-562da545bacc:panel_393f1115-ef32-4968-a3e6-562da545bacc","type":"visualization"},{"id":"12658420-3d46-11eb-bc2c-c5758316d788","name":"ad61a61c-ef89-4232-ada0-ed7964de301c:panel_ad61a61c-ef89-4232-ada0-ed7964de301c","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"1b77ffee-ee57-41ff-9d76-857bbb1c9213:panel_1b77ffee-ee57-41ff-9d76-857bbb1c9213","type":"visualization"},{"id":"dc1d7e90-3f0c-11eb-bc2c-c5758316d788","name":"a199aa42-40cd-494b-b7ed-b341b187bff0:panel_a199aa42-40cd-494b-b7ed-b341b187bff0","type":"visualization"},{"id":"ac03b590-3f06-11eb-bc2c-c5758316d788","name":"a28e4934-58a7-4bc5-96c9-e48d10007eea:panel_a28e4934-58a7-4bc5-96c9-e48d10007eea","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"863403c9-a5f9-4df0-9a57-78fbf42d2b79:panel_863403c9-a5f9-4df0-9a57-78fbf42d2b79","type":"visualization"},{"id":"5e7b8030-3eef-11eb-bc2c-c5758316d788","name":"6407bdf5-6fd2-4b7d-bc26-edb806e56815:panel_6407bdf5-6fd2-4b7d-bc26-edb806e56815","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"86f2c4eb-dfdb-48d4-86ce-62b95c7b7257:panel_86f2c4eb-dfdb-48d4-86ce-62b95c7b7257","type":"visualization"},{"id":"ef4b4a40-3f04-11eb-bc2c-c5758316d788","name":"9f1233b9-7928-4ffd-a00d-8912afcd9fb7:panel_9f1233b9-7928-4ffd-a00d-8912afcd9fb7","type":"visualization"},{"id":"051bf440-3e61-11eb-bc2c-c5758316d788","name":"35dc4060-0a72-4200-9c94-0fbf155d4464:panel_35dc4060-0a72-4200-9c94-0fbf155d4464","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"26d45398-7bd0-4510-899e-8955f2cb82b0:panel_26d45398-7bd0-4510-899e-8955f2cb82b0","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"080f02e3-1cfa-4d0a-a47c-06722b44815b:panel_080f02e3-1cfa-4d0a-a47c-06722b44815b","type":"visualization"},{"id":"65671460-3f06-11eb-bc2c-c5758316d788","name":"84fe0e59-8f70-4f1f-bfc2-73efe894ebd4:panel_84fe0e59-8f70-4f1f-bfc2-73efe894ebd4","type":"visualization"},{"id":"20164b90-3eef-11eb-bc2c-c5758316d788","name":"407c4390-1043-490b-9038-0fd5746973f3:panel_407c4390-1043-490b-9038-0fd5746973f3","type":"visualization"},{"id":"939c9bc0-3f06-11eb-bc2c-c5758316d788","name":"f39fbfb5-7e36-4fcc-9ae8-2b4901e2c9cb:panel_f39fbfb5-7e36-4fcc-9ae8-2b4901e2c9cb","type":"visualization"},{"id":"49d0f930-3eef-11eb-bc2c-c5758316d788","name":"af9cd893-0b4c-4d1c-ac5b-e2440a5e5c0c:panel_af9cd893-0b4c-4d1c-ac5b-e2440a5e5c0c","type":"visualization"},{"id":"73788aa0-3f08-11eb-bc2c-c5758316d788","name":"e3798eaf-2522-4051-be34-39f4d1de9cea:panel_e3798eaf-2522-4051-be34-39f4d1de9cea","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"705a44ce-0978-415a-b5e9-b61e3c05e9ff:panel_705a44ce-0978-415a-b5e9-b61e3c05e9ff","type":"visualization"},{"id":"9e42d670-3d3a-11eb-bc2c-c5758316d788","name":"860ab4a2-1332-4660-af89-1d99af9a3ccc:panel_860ab4a2-1332-4660-af89-1d99af9a3ccc","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"6d10d399-b5f8-420d-9dbc-8f4cfa435949:panel_6d10d399-b5f8-420d-9dbc-8f4cfa435949","type":"visualization"},{"id":"3b7bf600-3f08-11eb-bc2c-c5758316d788","name":"0d095856-8615-46fd-9f15-6f418420f8b6:panel_0d095856-8615-46fd-9f15-6f418420f8b6","type":"visualization"},{"id":"302d17a0-3f05-11eb-bc2c-c5758316d788","name":"7f03b90a-3697-472b-bbe2-b0a0631843f2:panel_7f03b90a-3697-472b-bbe2-b0a0631843f2","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"c07981ba-bd27-4d1a-867b-e969270bc33b:panel_c07981ba-bd27-4d1a-867b-e969270bc33b","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"504befc1-a66f-433f-b3fc-3c40f3247bfe:panel_504befc1-a66f-433f-b3fc-3c40f3247bfe","type":"visualization"},{"id":"73b22db0-3f07-11eb-bc2c-c5758316d788","name":"1efdeaa7-d480-4e9f-8a86-8ae23526bf47:panel_1efdeaa7-d480-4e9f-8a86-8ae23526bf47","type":"visualization"},{"id":"276702d0-3f09-11eb-bc2c-c5758316d788","name":"5f6dce0b-482c-45bd-8b91-7acb9ba74a59:panel_5f6dce0b-482c-45bd-8b91-7acb9ba74a59","type":"visualization"},{"id":"07262240-3f08-11eb-bc2c-c5758316d788","name":"a9c91ab2-f565-4cec-8899-20d4c552fb89:panel_a9c91ab2-f565-4cec-8899-20d4c552fb89","type":"visualization"},{"id":"411346d0-3f09-11eb-bc2c-c5758316d788","name":"066f5801-1ce9-4e4b-9bd2-7641e557df2a:panel_066f5801-1ce9-4e4b-9bd2-7641e557df2a","type":"visualization"},{"id":"d1ec1680-3d3a-11eb-bc2c-c5758316d788","name":"a5dcd4c3-993f-41d6-b857-78cbc4b59776:panel_a5dcd4c3-993f-41d6-b857-78cbc4b59776","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"18794abf-400e-4052-81d3-9436757c1982:panel_18794abf-400e-4052-81d3-9436757c1982","type":"visualization"},{"id":"0625de60-3f0a-11eb-bc2c-c5758316d788","name":"d28d422b-7358-4d8f-bd87-934bcec94448:panel_d28d422b-7358-4d8f-bd87-934bcec94448","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"4181c6d3-e513-4962-86bd-f1e62454e4bd:panel_4181c6d3-e513-4962-86bd-f1e62454e4bd","type":"visualization"},{"id":"5f3b6940-3ef9-11eb-bc2c-c5758316d788","name":"b9291dcb-81fd-46b0-aa64-569cd50aa35d:panel_b9291dcb-81fd-46b0-aa64-569cd50aa35d","type":"visualization"},{"id":"a1902790-3ef9-11eb-bc2c-c5758316d788","name":"b28f4f0b-4775-4e51-9d12-5fc42aafc7fa:panel_b28f4f0b-4775-4e51-9d12-5fc42aafc7fa","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"4e907a92-1a5f-4539-b38f-c9dbdf9af3ee:panel_4e907a92-1a5f-4539-b38f-c9dbdf9af3ee","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"60f8dc8c-c2ba-4167-a2b4-184848b2905a:panel_60f8dc8c-c2ba-4167-a2b4-184848b2905a","type":"visualization"},{"id":"d78cbdc0-3f0a-11eb-bc2c-c5758316d788","name":"3ffc64a7-27df-43c2-9236-9fb190218530:panel_3ffc64a7-27df-43c2-9236-9fb190218530","type":"visualization"},{"id":"783f9db0-3f0a-11eb-bc2c-c5758316d788","name":"050e6a29-61cd-4ebc-8ff5-e7a7e14f4616:panel_050e6a29-61cd-4ebc-8ff5-e7a7e14f4616","type":"visualization"},{"id":"ee1c7f80-3f0a-11eb-bc2c-c5758316d788","name":"170f5488-e8dd-41ac-a4ea-d6f32431b014:panel_170f5488-e8dd-41ac-a4ea-d6f32431b014","type":"visualization"},{"id":"a2ae5910-3f0a-11eb-bc2c-c5758316d788","name":"5bf02364-9fd1-4822-ab85-80e95f8a02f9:panel_5bf02364-9fd1-4822-ab85-80e95f8a02f9","type":"visualization"}],"sort":[1675807560837,2625],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Records/s (client/server) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Records/s (client/server) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"61c95a90-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"646736f0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"2b017560-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"2e9d39c0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Flow Types\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"filter\":{\"query\":\"flow.client.ip.addr: * AND flow.server.ip.addr: *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8b5fb750-3f0e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2626],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): UDP Amplification Packets - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Packets - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"eb026873-4405-4a68-98aa-2f52d4796249\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND flow.src.l4.port.id: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"UDP Packets\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8ba5fee0-c48c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2627],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Symmetric Messages (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Symmetric Messages (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"sigma\":\"\",\"id\":\"5a51ba40-9b2a-11ec-8947-5dbcd3cabfb0\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"symmetric\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 123 AND flow.dst.l4.port.id: 123 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"8ff70cb0-9d80-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2628],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Record Count (client/server) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (client/server) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"flow.client.ip.addr : * and flow.server.ip.addr : *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"93fddf80-3f0f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2629],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"94078f20-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2631],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"9714b270-c3ac-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2634],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details (locality)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (locality)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Attributes](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Types](#/dashboard/7dfba590-3d3f-11eb-bc2c-c5758316d788) | [**Locality**](#/dashboard/980f36e0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"9dcbb430-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2635],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Locality/AS/Country/City - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Locality/AS/Country/City - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"as.label\",\"parent\":\"\",\"label\":\"Autonomous Sytem\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.client.geo.country.name\",\"parent\":\"\",\"label\":\"Country\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"geo.city.name\",\"parent\":\"\",\"label\":\"City\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"e7d026a0-3ef5-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2641],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Autonomous System Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous System Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"as.label\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ASNs\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"dc32a060-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2642],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Autonomous System (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Autonomous System (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"b6645bd0-3ee7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2643],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Locality (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Locality (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"b363e4e0-6d7d-11eb-86d7-3d446d41aad0\",\"type\":\"math\",\"variables\":[{\"id\":\"b54946b0-6d7d-11eb-86d7-3d446d41aad0\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ba6cbc80-6d7d-11eb-86d7-3d446d41aad0\",\"type\":\"math\",\"variables\":[{\"id\":\"bbec57a0-6d7d-11eb-86d7-3d446d41aad0\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Localities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.locality\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.locality: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"e74cd590-3ee4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2644],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Autonomous System (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Autonomous System (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"cccc4210-6d7d-11eb-8988-b715baeca652\",\"type\":\"math\",\"variables\":[{\"id\":\"ce784460-6d7d-11eb-8988-b715baeca652\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"d41b4a70-6d7d-11eb-8988-b715baeca652\",\"type\":\"math\",\"variables\":[{\"id\":\"db8d9240-6d7d-11eb-8988-b715baeca652\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"b1201790-3ee7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2645],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Country (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Country (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"geo.country.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.country.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"cbde1ce0-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2646],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Country (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Country (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"e8a57830-6d7d-11eb-abf4-7fd1b3abc67a\",\"type\":\"math\",\"variables\":[{\"id\":\"ea641820-6d7d-11eb-abf4-7fd1b3abc67a\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"f10a8470-6d7d-11eb-abf4-7fd1b3abc67a\",\"type\":\"math\",\"variables\":[{\"id\":\"f2b686c0-6d7d-11eb-abf4-7fd1b3abc67a\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Countries\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"geo.country.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.country.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"e32dd340-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2647],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"569196ba-289b-4b0a-a845-ee920ec18908\"},\"panelIndex\":\"569196ba-289b-4b0a-a845-ee920ec18908\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_569196ba-289b-4b0a-a845-ee920ec18908\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"a6bb99d4-7d90-484b-b26f-c178f6bc494b\"},\"panelIndex\":\"a6bb99d4-7d90-484b-b26f-c178f6bc494b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a6bb99d4-7d90-484b-b26f-c178f6bc494b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"2ce0b424-851e-4bfd-8f5d-05e27b396a12\"},\"panelIndex\":\"2ce0b424-851e-4bfd-8f5d-05e27b396a12\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2ce0b424-851e-4bfd-8f5d-05e27b396a12\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d133ea55-74a7-4f8e-b218-d3b922584508\"},\"panelIndex\":\"d133ea55-74a7-4f8e-b218-d3b922584508\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d133ea55-74a7-4f8e-b218-d3b922584508\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"ce77fdd5-4300-43d3-bf8f-5bb2e3cbe757\"},\"panelIndex\":\"ce77fdd5-4300-43d3-bf8f-5bb2e3cbe757\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Flow Locality (flow records)\",\"panelRefName\":\"panel_ce77fdd5-4300-43d3-bf8f-5bb2e3cbe757\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"7bdd4b15-85bf-4c8f-882d-a9a6aee37f33\"},\"panelIndex\":\"7bdd4b15-85bf-4c8f-882d-a9a6aee37f33\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7bdd4b15-85bf-4c8f-882d-a9a6aee37f33\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"6ba3a6f5-6cc3-44c4-939a-70a4ef5dea74\"},\"panelIndex\":\"6ba3a6f5-6cc3-44c4-939a-70a4ef5dea74\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Autonomous Systems (flow records)\",\"panelRefName\":\"panel_6ba3a6f5-6cc3-44c4-939a-70a4ef5dea74\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"2cd94895-13d9-45a7-a6e4-9ac45e34ff96\"},\"panelIndex\":\"2cd94895-13d9-45a7-a6e4-9ac45e34ff96\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2cd94895-13d9-45a7-a6e4-9ac45e34ff96\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"fc540837-7f9e-4946-a0a7-7f923a2126e0\"},\"panelIndex\":\"fc540837-7f9e-4946-a0a7-7f923a2126e0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fc540837-7f9e-4946-a0a7-7f923a2126e0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"4cea02be-a3e5-4c76-b4ab-8291896c6c05\"},\"panelIndex\":\"4cea02be-a3e5-4c76-b4ab-8291896c6c05\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4cea02be-a3e5-4c76-b4ab-8291896c6c05\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"09e51220-3a50-44f0-ab10-8a3f9062bccf\"},\"panelIndex\":\"09e51220-3a50-44f0-ab10-8a3f9062bccf\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_09e51220-3a50-44f0-ab10-8a3f9062bccf\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"e7a73648-56a5-4d07-863e-785d6af6abd8\"},\"panelIndex\":\"e7a73648-56a5-4d07-863e-785d6af6abd8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e7a73648-56a5-4d07-863e-785d6af6abd8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":14,\"i\":\"21996319-0357-44f1-a9bf-b69184464c0f\"},\"panelIndex\":\"21996319-0357-44f1-a9bf-b69184464c0f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Locality (bits/s)\",\"panelRefName\":\"panel_21996319-0357-44f1-a9bf-b69184464c0f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":14,\"i\":\"d62a9eca-1c42-48c3-97b9-c6c0e2c450af\"},\"panelIndex\":\"d62a9eca-1c42-48c3-97b9-c6c0e2c450af\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_d62a9eca-1c42-48c3-97b9-c6c0e2c450af\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":24,\"h\":14,\"i\":\"319fc540-b90d-4a29-acef-c6a7e131cf7e\"},\"panelIndex\":\"319fc540-b90d-4a29-acef-c6a7e131cf7e\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Locality (pkts/s)\",\"panelRefName\":\"panel_319fc540-b90d-4a29-acef-c6a7e131cf7e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":34,\"w\":24,\"h\":14,\"i\":\"378c3507-9b56-4e4b-a7f3-aa3eafd62178\"},\"panelIndex\":\"378c3507-9b56-4e4b-a7f3-aa3eafd62178\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_378c3507-9b56-4e4b-a7f3-aa3eafd62178\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":48,\"w\":12,\"h\":11,\"i\":\"5bd3f4d3-b400-4574-ac73-ded08fb99e6e\"},\"panelIndex\":\"5bd3f4d3-b400-4574-ac73-ded08fb99e6e\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Countries (flow records)\",\"panelRefName\":\"panel_5bd3f4d3-b400-4574-ac73-ded08fb99e6e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":48,\"w\":12,\"h\":2,\"i\":\"eeb60c25-55a2-4c14-be78-788861a0adb0\"},\"panelIndex\":\"eeb60c25-55a2-4c14-be78-788861a0adb0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_eeb60c25-55a2-4c14-be78-788861a0adb0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":48,\"w\":12,\"h\":11,\"i\":\"f2ea5dc2-d79f-45dd-bca0-d3c1c6b9ad75\"},\"panelIndex\":\"f2ea5dc2-d79f-45dd-bca0-d3c1c6b9ad75\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cities (flow records)\",\"panelRefName\":\"panel_f2ea5dc2-d79f-45dd-bca0-d3c1c6b9ad75\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":2,\"i\":\"d6d0d266-1e45-4f4c-a112-581598a6ad4c\"},\"panelIndex\":\"d6d0d266-1e45-4f4c-a112-581598a6ad4c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d6d0d266-1e45-4f4c-a112-581598a6ad4c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":7,\"i\":\"c9e71e17-7ea3-4bd0-a191-28306d127a8e\"},\"panelIndex\":\"c9e71e17-7ea3-4bd0-a191-28306d127a8e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c9e71e17-7ea3-4bd0-a191-28306d127a8e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":50,\"w\":12,\"h\":7,\"i\":\"45b343c2-0fb0-473d-84f8-37a0a1474632\"},\"panelIndex\":\"45b343c2-0fb0-473d-84f8-37a0a1474632\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_45b343c2-0fb0-473d-84f8-37a0a1474632\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":57,\"w\":12,\"h\":2,\"i\":\"63ed9d6e-7f0f-46b9-a811-cb07382f00cc\"},\"panelIndex\":\"63ed9d6e-7f0f-46b9-a811-cb07382f00cc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_63ed9d6e-7f0f-46b9-a811-cb07382f00cc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":57,\"w\":12,\"h\":2,\"i\":\"6a9e2ce4-e3d6-4260-b6a8-66bf66d5b9a7\"},\"panelIndex\":\"6a9e2ce4-e3d6-4260-b6a8-66bf66d5b9a7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6a9e2ce4-e3d6-4260-b6a8-66bf66d5b9a7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":24,\"h\":14,\"i\":\"89a71ace-800a-4ba3-9a67-f888b8d7fbcb\"},\"panelIndex\":\"89a71ace-800a-4ba3-9a67-f888b8d7fbcb\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Countries (bits/s)\",\"panelRefName\":\"panel_89a71ace-800a-4ba3-9a67-f888b8d7fbcb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":59,\"w\":24,\"h\":14,\"i\":\"b0d12e5d-29d6-4f4f-b9fd-755316e5ec57\"},\"panelIndex\":\"b0d12e5d-29d6-4f4f-b9fd-755316e5ec57\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cities (bits/s)\",\"panelRefName\":\"panel_b0d12e5d-29d6-4f4f-b9fd-755316e5ec57\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":14,\"i\":\"3fcd448a-1c66-41eb-9d71-b5b79a4c9e25\"},\"panelIndex\":\"3fcd448a-1c66-41eb-9d71-b5b79a4c9e25\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Countries (pkts/s)\",\"panelRefName\":\"panel_3fcd448a-1c66-41eb-9d71-b5b79a4c9e25\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":14,\"i\":\"8e064605-33fd-403a-97bd-a3c7cd4afce0\"},\"panelIndex\":\"8e064605-33fd-403a-97bd-a3c7cd4afce0\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cities (pkts/s)\",\"panelRefName\":\"panel_8e064605-33fd-403a-97bd-a3c7cd4afce0\"}]","timeRestore":false,"title":"ElastiFlow (flow): Traffic Details (locality)","version":1},"coreMigrationVersion":"8.2.0","id":"980f36e0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","name":"569196ba-289b-4b0a-a845-ee920ec18908:panel_569196ba-289b-4b0a-a845-ee920ec18908","type":"visualization"},{"id":"9dcbb430-3d46-11eb-bc2c-c5758316d788","name":"a6bb99d4-7d90-484b-b26f-c178f6bc494b:panel_a6bb99d4-7d90-484b-b26f-c178f6bc494b","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"2ce0b424-851e-4bfd-8f5d-05e27b396a12:panel_2ce0b424-851e-4bfd-8f5d-05e27b396a12","type":"visualization"},{"id":"e7d026a0-3ef5-11eb-bc2c-c5758316d788","name":"d133ea55-74a7-4f8e-b218-d3b922584508:panel_d133ea55-74a7-4f8e-b218-d3b922584508","type":"visualization"},{"id":"23d52c70-3d3b-11eb-bc2c-c5758316d788","name":"ce77fdd5-4300-43d3-bf8f-5bb2e3cbe757:panel_ce77fdd5-4300-43d3-bf8f-5bb2e3cbe757","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"7bdd4b15-85bf-4c8f-882d-a9a6aee37f33:panel_7bdd4b15-85bf-4c8f-882d-a9a6aee37f33","type":"visualization"},{"id":"60986660-3ee7-11eb-bc2c-c5758316d788","name":"6ba3a6f5-6cc3-44c4-939a-70a4ef5dea74:panel_6ba3a6f5-6cc3-44c4-939a-70a4ef5dea74","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"2cd94895-13d9-45a7-a6e4-9ac45e34ff96:panel_2cd94895-13d9-45a7-a6e4-9ac45e34ff96","type":"visualization"},{"id":"62b4fa40-3ee6-11eb-bc2c-c5758316d788","name":"fc540837-7f9e-4946-a0a7-7f923a2126e0:panel_fc540837-7f9e-4946-a0a7-7f923a2126e0","type":"visualization"},{"id":"dc32a060-3e60-11eb-bc2c-c5758316d788","name":"4cea02be-a3e5-4c76-b4ab-8291896c6c05:panel_4cea02be-a3e5-4c76-b4ab-8291896c6c05","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"09e51220-3a50-44f0-ab10-8a3f9062bccf:panel_09e51220-3a50-44f0-ab10-8a3f9062bccf","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"e7a73648-56a5-4d07-863e-785d6af6abd8:panel_e7a73648-56a5-4d07-863e-785d6af6abd8","type":"visualization"},{"id":"70c95380-3ee4-11eb-bc2c-c5758316d788","name":"21996319-0357-44f1-a9bf-b69184464c0f:panel_21996319-0357-44f1-a9bf-b69184464c0f","type":"visualization"},{"id":"b6645bd0-3ee7-11eb-bc2c-c5758316d788","name":"d62a9eca-1c42-48c3-97b9-c6c0e2c450af:panel_d62a9eca-1c42-48c3-97b9-c6c0e2c450af","type":"visualization"},{"id":"e74cd590-3ee4-11eb-bc2c-c5758316d788","name":"319fc540-b90d-4a29-acef-c6a7e131cf7e:panel_319fc540-b90d-4a29-acef-c6a7e131cf7e","type":"visualization"},{"id":"b1201790-3ee7-11eb-bc2c-c5758316d788","name":"378c3507-9b56-4e4b-a7f3-aa3eafd62178:panel_378c3507-9b56-4e4b-a7f3-aa3eafd62178","type":"visualization"},{"id":"467aed30-3eeb-11eb-bc2c-c5758316d788","name":"5bd3f4d3-b400-4574-ac73-ded08fb99e6e:panel_5bd3f4d3-b400-4574-ac73-ded08fb99e6e","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"eeb60c25-55a2-4c14-be78-788861a0adb0:panel_eeb60c25-55a2-4c14-be78-788861a0adb0","type":"visualization"},{"id":"7406a000-3eeb-11eb-bc2c-c5758316d788","name":"f2ea5dc2-d79f-45dd-bca0-d3c1c6b9ad75:panel_f2ea5dc2-d79f-45dd-bca0-d3c1c6b9ad75","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"d6d0d266-1e45-4f4c-a112-581598a6ad4c:panel_d6d0d266-1e45-4f4c-a112-581598a6ad4c","type":"visualization"},{"id":"6e5949e0-3e60-11eb-bc2c-c5758316d788","name":"c9e71e17-7ea3-4bd0-a191-28306d127a8e:panel_c9e71e17-7ea3-4bd0-a191-28306d127a8e","type":"visualization"},{"id":"5e68ef90-3e60-11eb-bc2c-c5758316d788","name":"45b343c2-0fb0-473d-84f8-37a0a1474632:panel_45b343c2-0fb0-473d-84f8-37a0a1474632","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"63ed9d6e-7f0f-46b9-a811-cb07382f00cc:panel_63ed9d6e-7f0f-46b9-a811-cb07382f00cc","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"6a9e2ce4-e3d6-4260-b6a8-66bf66d5b9a7:panel_6a9e2ce4-e3d6-4260-b6a8-66bf66d5b9a7","type":"visualization"},{"id":"cbde1ce0-3eeb-11eb-bc2c-c5758316d788","name":"89a71ace-800a-4ba3-9a67-f888b8d7fbcb:panel_89a71ace-800a-4ba3-9a67-f888b8d7fbcb","type":"visualization"},{"id":"01222130-3eec-11eb-bc2c-c5758316d788","name":"b0d12e5d-29d6-4f4f-b9fd-755316e5ec57:panel_b0d12e5d-29d6-4f4f-b9fd-755316e5ec57","type":"visualization"},{"id":"e32dd340-3eeb-11eb-bc2c-c5758316d788","name":"3fcd448a-1c66-41eb-9d71-b5b79a4c9e25:panel_3fcd448a-1c66-41eb-9d71-b5b79a4c9e25","type":"visualization"},{"id":"22378540-3eec-11eb-bc2c-c5758316d788","name":"8e064605-33fd-403a-97bd-a3c7cd4afce0:panel_8e064605-33fd-403a-97bd-a3c7cd4afce0","type":"visualization"}],"sort":[1675807560837,2676],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Clients - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Clients - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Clients\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"9aeb1f40-3e53-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2678],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Observed Traffic (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.export.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"9b0bb110-3ecb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2679],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Conversation Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Conversations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"9bc40400-3e5c-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2680],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI & Remote Desktop Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI & Remote Desktop Sessions (Private) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI & Remote Desktop Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"9c7caff0-c59c-11ec-bed2-4dc4c8e683a3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2683],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"NTP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"123\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"123\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Msg\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"9d7a0d50-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2688],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): CLI Sessions from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"6b7deac0-b235-43db-b589-e6b1df5716da\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (22 OR 23) AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CLI Sessions (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"a49d6210-c49d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2689],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): CLI Sessions from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"a0a98765-5688-4723-b639-b96ea6e79736\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (22 OR 23) AND flow.src.as.org: \\\"PRIVATE\\\" AND flow.dst.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CLI Sessions (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d565c950-c49d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2690],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f440d860-64fa-4879-b980-0353a1f26eba\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f31b884f-6a5a-4561-8e89-90d4b7d0bcb9\"},\"panelIndex\":\"f31b884f-6a5a-4561-8e89-90d4b7d0bcb9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f31b884f-6a5a-4561-8e89-90d4b7d0bcb9\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\"},\"panelIndex\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_96ea5c44-f6e4-4970-923b-f9553a843fc0\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9f7a7f95-f276-4a6c-9a1e-45b363fe1332\"},\"panelIndex\":\"9f7a7f95-f276-4a6c-9a1e-45b363fe1332\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9f7a7f95-f276-4a6c-9a1e-45b363fe1332\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"dac32c4d-c90d-436c-8172-3687117f640f\"},\"panelIndex\":\"dac32c4d-c90d-436c-8172-3687117f640f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_dac32c4d-c90d-436c-8172-3687117f640f\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"d8b56209-5929-4048-b484-b2f910d61d81\"},\"panelIndex\":\"d8b56209-5929-4048-b484-b2f910d61d81\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d8b56209-5929-4048-b484-b2f910d61d81\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"39cc60d1-67d7-4544-9ca3-7f55bc3dbe12\"},\"panelIndex\":\"39cc60d1-67d7-4544-9ca3-7f55bc3dbe12\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_39cc60d1-67d7-4544-9ca3-7f55bc3dbe12\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"f6b68c78-8e63-48d9-9f10-c8178cd4743b\"},\"panelIndex\":\"f6b68c78-8e63-48d9-9f10-c8178cd4743b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f6b68c78-8e63-48d9-9f10-c8178cd4743b\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":32,\"i\":\"1801defb-c778-4bc9-93e6-d0661bcff965\"},\"panelIndex\":\"1801defb-c778-4bc9-93e6-d0661bcff965\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"CLI & Remote Desktop Sessions (Public)\",\"panelRefName\":\"panel_1801defb-c778-4bc9-93e6-d0661bcff965\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":32,\"i\":\"f34442dc-33ab-4756-a59d-296a84adeff0\"},\"panelIndex\":\"f34442dc-33ab-4756-a59d-296a84adeff0\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"CLI & Remote Desktop Sessions (Private)\",\"panelRefName\":\"panel_f34442dc-33ab-4756-a59d-296a84adeff0\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (Brute Force)","version":1},"coreMigrationVersion":"8.2.0","id":"9e8ee9a0-c495-11ec-a49f-6168cd647191","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"f440d860-64fa-4879-b980-0353a1f26eba:panel_f440d860-64fa-4879-b980-0353a1f26eba","type":"visualization"},{"id":"08535420-c496-11ec-a49f-6168cd647191","name":"f31b884f-6a5a-4561-8e89-90d4b7d0bcb9:panel_f31b884f-6a5a-4561-8e89-90d4b7d0bcb9","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"ad125fa1-132d-46b3-8cfa-48520ea3c83a:panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a","type":"visualization"},{"id":"5fc57d50-c487-11ec-a49f-6168cd647191","name":"96ea5c44-f6e4-4970-923b-f9553a843fc0:panel_96ea5c44-f6e4-4970-923b-f9553a843fc0","type":"visualization"},{"id":"a49d6210-c49d-11ec-a49f-6168cd647191","name":"9f7a7f95-f276-4a6c-9a1e-45b363fe1332:panel_9f7a7f95-f276-4a6c-9a1e-45b363fe1332","type":"visualization"},{"id":"d565c950-c49d-11ec-a49f-6168cd647191","name":"dac32c4d-c90d-436c-8172-3687117f640f:panel_dac32c4d-c90d-436c-8172-3687117f640f","type":"visualization"},{"id":"1f207360-c49e-11ec-a49f-6168cd647191","name":"d8b56209-5929-4048-b484-b2f910d61d81:panel_d8b56209-5929-4048-b484-b2f910d61d81","type":"visualization"},{"id":"1a219c90-c49e-11ec-a49f-6168cd647191","name":"39cc60d1-67d7-4544-9ca3-7f55bc3dbe12:panel_39cc60d1-67d7-4544-9ca3-7f55bc3dbe12","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"f6b68c78-8e63-48d9-9f10-c8178cd4743b:panel_f6b68c78-8e63-48d9-9f10-c8178cd4743b","type":"visualization"},{"id":"8639aea0-c59c-11ec-bed2-4dc4c8e683a3","name":"1801defb-c778-4bc9-93e6-d0661bcff965:panel_1801defb-c778-4bc9-93e6-d0661bcff965","type":"visualization"},{"id":"9c7caff0-c59c-11ec-bed2-4dc4c8e683a3","name":"f34442dc-33ab-4756-a59d-296a84adeff0:panel_f34442dc-33ab-4756-a59d-296a84adeff0","type":"visualization"}],"sort":[1675807560837,2702],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): RADIUS AUTH Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 1812 OR flow.dst.l4.port.id: 1645\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 1812 OR flow.src.l4.port.id: 1645\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"9fcf5aee-4b37-4445-874f-ad2785387e27","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2703],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Locality, Service - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Locality, Service - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"f270e340-3d4e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2707],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Servers - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Servers - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Servers\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"d279fdf0-3e53-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2709],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjYsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"d5ae3d0e-c956-48d8-ba40-0fc96802b052\"},\"panelIndex\":\"d5ae3d0e-c956-48d8-ba40-0fc96802b052\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d5ae3d0e-c956-48d8-ba40-0fc96802b052\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f7455ad4-bce8-4eb7-a9a4-9e8e2a012c05\"},\"panelIndex\":\"f7455ad4-bce8-4eb7-a9a4-9e8e2a012c05\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f7455ad4-bce8-4eb7-a9a4-9e8e2a012c05\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"4a7ca626-f214-429f-b5e5-db9c8d73109a\"},\"panelIndex\":\"4a7ca626-f214-429f-b5e5-db9c8d73109a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4a7ca626-f214-429f-b5e5-db9c8d73109a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"3062fd4a-fc63-41aa-96b7-f9dc11e2e29a\"},\"panelIndex\":\"3062fd4a-fc63-41aa-96b7-f9dc11e2e29a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3062fd4a-fc63-41aa-96b7-f9dc11e2e29a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"02f8c0e3-2a43-4322-98c9-7a945e0e1b8a\"},\"panelIndex\":\"02f8c0e3-2a43-4322-98c9-7a945e0e1b8a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_02f8c0e3-2a43-4322-98c9-7a945e0e1b8a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"76652d5d-2ee2-4222-ae36-74424283d963\"},\"panelIndex\":\"76652d5d-2ee2-4222-ae36-74424283d963\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_76652d5d-2ee2-4222-ae36-74424283d963\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"3430d37c-4d14-4e0f-8354-4079e26669c9\"},\"panelIndex\":\"3430d37c-4d14-4e0f-8354-4079e26669c9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3430d37c-4d14-4e0f-8354-4079e26669c9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"72e24e2b-432d-46a4-bd30-a2e27a25a488\"},\"panelIndex\":\"72e24e2b-432d-46a4-bd30-a2e27a25a488\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_72e24e2b-432d-46a4-bd30-a2e27a25a488\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"c5b72aa7-f1a8-4664-8cd8-93eb5542295d\"},\"panelIndex\":\"c5b72aa7-f1a8-4664-8cd8-93eb5542295d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c5b72aa7-f1a8-4664-8cd8-93eb5542295d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"b71abd33-4da5-4a3d-8074-6a2a4be9b360\"},\"panelIndex\":\"b71abd33-4da5-4a3d-8074-6a2a4be9b360\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b71abd33-4da5-4a3d-8074-6a2a4be9b360\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Talkers","version":1},"coreMigrationVersion":"8.2.0","id":"a000b640-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"d5ae3d0e-c956-48d8-ba40-0fc96802b052:panel_d5ae3d0e-c956-48d8-ba40-0fc96802b052","type":"visualization"},{"id":"18500ff0-3d45-11eb-bc2c-c5758316d788","name":"f7455ad4-bce8-4eb7-a9a4-9e8e2a012c05:panel_f7455ad4-bce8-4eb7-a9a4-9e8e2a012c05","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"4a7ca626-f214-429f-b5e5-db9c8d73109a:panel_4a7ca626-f214-429f-b5e5-db9c8d73109a","type":"visualization"},{"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","name":"3062fd4a-fc63-41aa-96b7-f9dc11e2e29a:panel_3062fd4a-fc63-41aa-96b7-f9dc11e2e29a","type":"visualization"},{"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","name":"02f8c0e3-2a43-4322-98c9-7a945e0e1b8a:panel_02f8c0e3-2a43-4322-98c9-7a945e0e1b8a","type":"visualization"},{"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","name":"76652d5d-2ee2-4222-ae36-74424283d963:panel_76652d5d-2ee2-4222-ae36-74424283d963","type":"visualization"},{"id":"97c2bfb0-3e5f-11eb-bc2c-c5758316d788","name":"3430d37c-4d14-4e0f-8354-4079e26669c9:panel_3430d37c-4d14-4e0f-8354-4079e26669c9","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"72e24e2b-432d-46a4-bd30-a2e27a25a488:panel_72e24e2b-432d-46a4-bd30-a2e27a25a488","type":"visualization"},{"id":"9aeb1f40-3e53-11eb-bc2c-c5758316d788","name":"c5b72aa7-f1a8-4664-8cd8-93eb5542295d:panel_c5b72aa7-f1a8-4664-8cd8-93eb5542295d","type":"visualization"},{"id":"d279fdf0-3e53-11eb-bc2c-c5758316d788","name":"b71abd33-4da5-4a3d-8074-6a2a4be9b360:panel_b71abd33-4da5-4a3d-8074-6a2a4be9b360","type":"visualization"}],"sort":[1675807560837,2720],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): IP Reputations (flows) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Conversations\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\",\"filter\":{\"query\":\"sec.threat.name: *\",\"language\":\"kuery\"}},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Threats\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\",\"terms_field\":\"sec.threat.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"a41dd6a0-75c8-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2721],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23]}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23]}}]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"a5007b90-c49b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2724],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"a6cf5910-3e04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2726],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"a804a940-c33a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2729],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"a8a4d7e0-c39d-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2732],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"a9ce8930-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2735],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 68 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"f69afbe0-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2736],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.ip.addr\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.ip.addr\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DHCP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"d4ee60e0-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"sort":[1675808745076,9938],"type":"visualization","updated_at":"2023-02-07T22:25:45.076Z","version":"WzI4MjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DHCP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"e9e16290-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675808761284,9945],"type":"visualization","updated_at":"2023-02-07T22:26:01.284Z","version":"WzI4NDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.ip.addr\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.ip.addr\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"fff448a0-9b93-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"sort":[1675807560837,2756],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Relayed Messages by src/dst - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Relayed Messages by src/dst - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Relay\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"d9c7acb0-c304-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675807560837,2762],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMzgsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"w\":28,\"x\":0,\"y\":0},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_503ee9c8-3371-4430-9997-5a2f772238ba\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"1ebd7429-fc09-4785-a063-2e866346e88e\",\"w\":15,\"x\":28,\"y\":0},\"panelIndex\":\"1ebd7429-fc09-4785-a063-2e866346e88e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1ebd7429-fc09-4785-a063-2e866346e88e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e57c863c-11e8-43d8-a2b8-20a63217371e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"7779fb3a-fd13-41ac-90de-b70849a7df6e\",\"w\":5,\"x\":0,\"y\":4},\"panelIndex\":\"7779fb3a-fd13-41ac-90de-b70849a7df6e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7779fb3a-fd13-41ac-90de-b70849a7df6e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"63b829fd-6861-475f-a57e-9acd67cf7ff9\",\"w\":5,\"x\":5,\"y\":4},\"panelIndex\":\"63b829fd-6861-475f-a57e-9acd67cf7ff9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_63b829fd-6861-475f-a57e-9acd67cf7ff9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"d4386109-9d7b-46d9-ad63-635c42c14d2f\",\"w\":5,\"x\":10,\"y\":4},\"panelIndex\":\"d4386109-9d7b-46d9-ad63-635c42c14d2f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d4386109-9d7b-46d9-ad63-635c42c14d2f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"39c9a04e-0008-472e-a3b8-50583781d9ae\",\"w\":5,\"x\":15,\"y\":4},\"panelIndex\":\"39c9a04e-0008-472e-a3b8-50583781d9ae\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_39c9a04e-0008-472e-a3b8-50583781d9ae\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"f25b852b-ff69-4b28-ac75-ee25b7271538\",\"w\":28,\"x\":20,\"y\":4},\"panelIndex\":\"f25b852b-ff69-4b28-ac75-ee25b7271538\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f25b852b-ff69-4b28-ac75-ee25b7271538\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"5528dfd0-9be9-410c-b656-7045a394b233\",\"w\":10,\"x\":0,\"y\":9},\"panelIndex\":\"5528dfd0-9be9-410c-b656-7045a394b233\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5528dfd0-9be9-410c-b656-7045a394b233\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"5bb2c88e-540a-4dbd-87d6-aac3322fa05c\",\"w\":10,\"x\":10,\"y\":9},\"panelIndex\":\"5bb2c88e-540a-4dbd-87d6-aac3322fa05c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5bb2c88e-540a-4dbd-87d6-aac3322fa05c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"c27cd9a7-ef4c-4920-a252-6088129109a0\",\"w\":8,\"x\":0,\"y\":18},\"panelIndex\":\"c27cd9a7-ef4c-4920-a252-6088129109a0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c27cd9a7-ef4c-4920-a252-6088129109a0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"af7ca5a0-2662-4166-b4e4-d8450b040da9\",\"w\":8,\"x\":8,\"y\":18},\"panelIndex\":\"af7ca5a0-2662-4166-b4e4-d8450b040da9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_af7ca5a0-2662-4166-b4e4-d8450b040da9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"9ecda662-2439-44fc-a0b1-97fc40279ed9\",\"w\":8,\"x\":16,\"y\":18},\"panelIndex\":\"9ecda662-2439-44fc-a0b1-97fc40279ed9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9ecda662-2439-44fc-a0b1-97fc40279ed9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"51705b8e-4c42-45a4-8368-b9286ae9124c\",\"w\":8,\"x\":24,\"y\":18},\"panelIndex\":\"51705b8e-4c42-45a4-8368-b9286ae9124c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_51705b8e-4c42-45a4-8368-b9286ae9124c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"ba3d074c-192f-4743-a763-e2d4632109a6\",\"w\":9,\"x\":32,\"y\":18},\"panelIndex\":\"ba3d074c-192f-4743-a763-e2d4632109a6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ba3d074c-192f-4743-a763-e2d4632109a6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"430db51d-c9d0-4814-b854-1cbab39afa22\",\"w\":7,\"x\":41,\"y\":18},\"panelIndex\":\"430db51d-c9d0-4814-b854-1cbab39afa22\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_430db51d-c9d0-4814-b854-1cbab39afa22\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (DHCP)","version":1},"coreMigrationVersion":"8.2.0","id":"a9f3e040-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"503ee9c8-3371-4430-9997-5a2f772238ba:panel_503ee9c8-3371-4430-9997-5a2f772238ba","type":"visualization"},{"id":"31c96f80-9b95-11ec-a4df-e940aaa4214d","name":"1ebd7429-fc09-4785-a063-2e866346e88e:panel_1ebd7429-fc09-4785-a063-2e866346e88e","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"e57c863c-11e8-43d8-a2b8-20a63217371e:panel_e57c863c-11e8-43d8-a2b8-20a63217371e","type":"visualization"},{"id":"682aeb00-c4c4-11ec-a49f-6168cd647191","name":"7779fb3a-fd13-41ac-90de-b70849a7df6e:panel_7779fb3a-fd13-41ac-90de-b70849a7df6e","type":"visualization"},{"id":"05a49fb0-9b95-11ec-a4df-e940aaa4214d","name":"63b829fd-6861-475f-a57e-9acd67cf7ff9:panel_63b829fd-6861-475f-a57e-9acd67cf7ff9","type":"visualization"},{"id":"f69afbe0-9b94-11ec-a4df-e940aaa4214d","name":"d4386109-9d7b-46d9-ad63-635c42c14d2f:panel_d4386109-9d7b-46d9-ad63-635c42c14d2f","type":"visualization"},{"id":"62e79640-c305-11ec-aaf3-5b4644130c7f","name":"39c9a04e-0008-472e-a3b8-50583781d9ae:panel_39c9a04e-0008-472e-a3b8-50583781d9ae","type":"visualization"},{"id":"1d489090-9b95-11ec-a4df-e940aaa4214d","name":"f25b852b-ff69-4b28-ac75-ee25b7271538:panel_f25b852b-ff69-4b28-ac75-ee25b7271538","type":"visualization"},{"id":"d4ee60e0-9b94-11ec-a4df-e940aaa4214d","name":"5528dfd0-9be9-410c-b656-7045a394b233:panel_5528dfd0-9be9-410c-b656-7045a394b233","type":"visualization"},{"id":"e9e16290-9b94-11ec-a4df-e940aaa4214d","name":"5bb2c88e-540a-4dbd-87d6-aac3322fa05c:panel_5bb2c88e-540a-4dbd-87d6-aac3322fa05c","type":"visualization"},{"id":"fff448a0-9b93-11ec-a4df-e940aaa4214d","name":"c27cd9a7-ef4c-4920-a252-6088129109a0:panel_c27cd9a7-ef4c-4920-a252-6088129109a0","type":"visualization"},{"id":"37087910-9b94-11ec-a4df-e940aaa4214d","name":"af7ca5a0-2662-4166-b4e4-d8450b040da9:panel_af7ca5a0-2662-4166-b4e4-d8450b040da9","type":"visualization"},{"id":"5a7588c0-9b94-11ec-a4df-e940aaa4214d","name":"9ecda662-2439-44fc-a0b1-97fc40279ed9:panel_9ecda662-2439-44fc-a0b1-97fc40279ed9","type":"visualization"},{"id":"76e6b920-9b94-11ec-a4df-e940aaa4214d","name":"51705b8e-4c42-45a4-8368-b9286ae9124c:panel_51705b8e-4c42-45a4-8368-b9286ae9124c","type":"visualization"},{"id":"d9c7acb0-c304-11ec-aaf3-5b4644130c7f","name":"ba3d074c-192f-4743-a763-e2d4632109a6:panel_ba3d074c-192f-4743-a763-e2d4632109a6","type":"visualization"},{"id":"7c3745e0-c306-11ec-aaf3-5b4644130c7f","name":"430db51d-c9d0-4814-b854-1cbab39afa22:panel_430db51d-c9d0-4814-b854-1cbab39afa22","type":"visualization"}],"sort":[1675807560837,2779],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwMzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Community Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Community Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.community.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Sessions\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"aa0dbe60-9d98-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2780],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flow Records (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/bf9f8a70-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"da205850-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2781],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNDEsMl0="}
{"attributes":{"columns":["flow.conversation.id","flow.export.host.name","flow.client.host.name","flow.server.host.name","flow.server.l4.port.name","flow.bytes","flow.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.client.ip.addr\"}},{\"exists\":{\"field\":\"flow.server.ip.addr\"}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.client.ip.addr\\\"}},{\\\"exists\\\":{\\\"field\\\":\\\"flow.server.ip.addr\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"ElastiFlow (flow): Flow Records (client/server) - search","version":1},"coreMigrationVersion":"8.2.0","id":"e797bd40-3f10-11eb-bc2c-c5758316d788","migrationVersion":{"search":"8.0.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2784],"type":"search","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNDIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"9d130e1e-6975-4a94-923d-4c5371b580b1\"},\"panelIndex\":\"9d130e1e-6975-4a94-923d-4c5371b580b1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9d130e1e-6975-4a94-923d-4c5371b580b1\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"9c48f2a0-f965-4fc2-8a12-135e9efb896f\"},\"panelIndex\":\"9c48f2a0-f965-4fc2-8a12-135e9efb896f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9c48f2a0-f965-4fc2-8a12-135e9efb896f\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"2afab535-1aa3-4849-aee3-b66ccd85c75a\"},\"panelIndex\":\"2afab535-1aa3-4849-aee3-b66ccd85c75a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2afab535-1aa3-4849-aee3-b66ccd85c75a\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":10,\"i\":\"a5aa4d1c-b039-468b-a5f3-7f71a6308513\"},\"panelIndex\":\"a5aa4d1c-b039-468b-a5f3-7f71a6308513\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a5aa4d1c-b039-468b-a5f3-7f71a6308513\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"25ef49e8-82cb-4130-a1b2-d1e99929ae6a\"},\"panelIndex\":\"25ef49e8-82cb-4130-a1b2-d1e99929ae6a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_25ef49e8-82cb-4130-a1b2-d1e99929ae6a\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":10,\"i\":\"9e924cca-ac9c-4737-81d3-ec6600d91b88\"},\"panelIndex\":\"9e924cca-ac9c-4737-81d3-ec6600d91b88\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9e924cca-ac9c-4737-81d3-ec6600d91b88\"},{\"version\":\"8.2.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":5,\"i\":\"83199726-082c-4e5e-a3d5-6be88c58cf25\"},\"panelIndex\":\"83199726-082c-4e5e-a3d5-6be88c58cf25\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_83199726-082c-4e5e-a3d5-6be88c58cf25\"},{\"version\":\"8.2.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"b88d41a3-7eea-4616-926d-60ac952cbc5b\"},\"panelIndex\":\"b88d41a3-7eea-4616-926d-60ac952cbc5b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{},\"rowHeight\":0},\"panelRefName\":\"panel_b88d41a3-7eea-4616-926d-60ac952cbc5b\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Records (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"abfed250-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"06d52ff0-3d43-11eb-bc2c-c5758316d788","name":"9d130e1e-6975-4a94-923d-4c5371b580b1:panel_9d130e1e-6975-4a94-923d-4c5371b580b1","type":"visualization"},{"id":"da205850-3d46-11eb-bc2c-c5758316d788","name":"9c48f2a0-f965-4fc2-8a12-135e9efb896f:panel_9c48f2a0-f965-4fc2-8a12-135e9efb896f","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"2afab535-1aa3-4849-aee3-b66ccd85c75a:panel_2afab535-1aa3-4849-aee3-b66ccd85c75a","type":"visualization"},{"id":"1a9e1fe0-3f0c-11eb-bc2c-c5758316d788","name":"a5aa4d1c-b039-468b-a5f3-7f71a6308513:panel_a5aa4d1c-b039-468b-a5f3-7f71a6308513","type":"visualization"},{"id":"93fddf80-3f0f-11eb-bc2c-c5758316d788","name":"25ef49e8-82cb-4130-a1b2-d1e99929ae6a:panel_25ef49e8-82cb-4130-a1b2-d1e99929ae6a","type":"visualization"},{"id":"8b5fb750-3f0e-11eb-bc2c-c5758316d788","name":"9e924cca-ac9c-4737-81d3-ec6600d91b88:panel_9e924cca-ac9c-4737-81d3-ec6600d91b88","type":"visualization"},{"id":"9bc40400-3e5c-11eb-bc2c-c5758316d788","name":"83199726-082c-4e5e-a3d5-6be88c58cf25:panel_83199726-082c-4e5e-a3d5-6be88c58cf25","type":"visualization"},{"id":"e797bd40-3f10-11eb-bc2c-c5758316d788","name":"b88d41a3-7eea-4616-926d-60ac952cbc5b:panel_b88d41a3-7eea-4616-926d-60ac952cbc5b","type":"search"}],"sort":[1675810465366,12308],"type":"dashboard","updated_at":"2023-02-07T22:54:25.366Z","version":"WzUxMjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Exporters (records) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporters (records) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":299,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":15,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"ad2e3620-3d35-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2795],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNDQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"bdf7a793-86c9-47ab-b1e0-5dc36705ccfd\"},\"panelIndex\":\"bdf7a793-86c9-47ab-b1e0-5dc36705ccfd\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_bdf7a793-86c9-47ab-b1e0-5dc36705ccfd\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"b6a9acf4-0ba0-486a-882d-e883482c66e3\"},\"panelIndex\":\"b6a9acf4-0ba0-486a-882d-e883482c66e3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b6a9acf4-0ba0-486a-882d-e883482c66e3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"17a9df37-b087-4f13-8af1-250f9b1eeab7\"},\"panelIndex\":\"17a9df37-b087-4f13-8af1-250f9b1eeab7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_17a9df37-b087-4f13-8af1-250f9b1eeab7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":24,\"h\":5,\"i\":\"fb45a1fd-ea66-4bd7-b1f2-a4a7cd775bfd\"},\"panelIndex\":\"fb45a1fd-ea66-4bd7-b1f2-a4a7cd775bfd\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fb45a1fd-ea66-4bd7-b1f2-a4a7cd775bfd\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":24,\"h\":2,\"i\":\"c5a59524-1395-488e-a52a-67ffd6bbee39\"},\"panelIndex\":\"c5a59524-1395-488e-a52a-67ffd6bbee39\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c5a59524-1395-488e-a52a-67ffd6bbee39\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":6,\"w\":24,\"h\":11,\"i\":\"196cd583-3f35-4f8a-b5a6-73c694833b4a\"},\"panelIndex\":\"196cd583-3f35-4f8a-b5a6-73c694833b4a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Observed Traffic (flow records/s)\",\"panelRefName\":\"panel_196cd583-3f35-4f8a-b5a6-73c694833b4a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":32,\"i\":\"884e12ad-0be7-4bbc-9725-759faf86a7ee\"},\"panelIndex\":\"884e12ad-0be7-4bbc-9725-759faf86a7ee\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Observed Traffic (records)\",\"panelRefName\":\"panel_884e12ad-0be7-4bbc-9725-759faf86a7ee\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":12,\"i\":\"b234fa0a-c920-4d04-b1c8-785a92604bd7\"},\"panelIndex\":\"b234fa0a-c920-4d04-b1c8-785a92604bd7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Observed Traffic (bits/s)\",\"panelRefName\":\"panel_b234fa0a-c920-4d04-b1c8-785a92604bd7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":29,\"w\":24,\"h\":12,\"i\":\"f6ce803b-ec0e-4686-8807-1c9c9e69b3c0\"},\"panelIndex\":\"f6ce803b-ec0e-4686-8807-1c9c9e69b3c0\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Observed Traffic (pkts/s)\",\"panelRefName\":\"panel_f6ce803b-ec0e-4686-8807-1c9c9e69b3c0\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Exporters (metrics)","version":1},"coreMigrationVersion":"8.2.0","id":"ac3e8880-3d41-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"dc9329e0-3d42-11eb-bc2c-c5758316d788","name":"bdf7a793-86c9-47ab-b1e0-5dc36705ccfd:panel_bdf7a793-86c9-47ab-b1e0-5dc36705ccfd","type":"visualization"},{"id":"722d6460-3d44-11eb-bc2c-c5758316d788","name":"b6a9acf4-0ba0-486a-882d-e883482c66e3:panel_b6a9acf4-0ba0-486a-882d-e883482c66e3","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"17a9df37-b087-4f13-8af1-250f9b1eeab7:panel_17a9df37-b087-4f13-8af1-250f9b1eeab7","type":"visualization"},{"id":"0f371ce0-3ecd-11eb-bc2c-c5758316d788","name":"fb45a1fd-ea66-4bd7-b1f2-a4a7cd775bfd:panel_fb45a1fd-ea66-4bd7-b1f2-a4a7cd775bfd","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"c5a59524-1395-488e-a52a-67ffd6bbee39:panel_c5a59524-1395-488e-a52a-67ffd6bbee39","type":"visualization"},{"id":"11e668f0-3ece-11eb-bc2c-c5758316d788","name":"196cd583-3f35-4f8a-b5a6-73c694833b4a:panel_196cd583-3f35-4f8a-b5a6-73c694833b4a","type":"visualization"},{"id":"ad2e3620-3d35-11eb-bc2c-c5758316d788","name":"884e12ad-0be7-4bbc-9725-759faf86a7ee:panel_884e12ad-0be7-4bbc-9725-759faf86a7ee","type":"visualization"},{"id":"9b0bb110-3ecb-11eb-bc2c-c5758316d788","name":"b234fa0a-c920-4d04-b1c8-785a92604bd7:panel_b234fa0a-c920-4d04-b1c8-785a92604bd7","type":"visualization"},{"id":"831f5010-3ecc-11eb-bc2c-c5758316d788","name":"f6ce803b-ec0e-4686-8807-1c9c9e69b3c0:panel_f6ce803b-ec0e-4686-8807-1c9c9e69b3c0","type":"visualization"}],"sort":[1675807560837,2805],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (IP Reputations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (IP Reputations)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**IP Reputation**](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"ae161b80-c48d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2806],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"ae98dbf0-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2808],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"aff13960-c467-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2811],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNDgsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"89c24646-f6ce-4def-857c-f04ea7d036c0\"},\"panelIndex\":\"89c24646-f6ce-4def-857c-f04ea7d036c0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_89c24646-f6ce-4def-857c-f04ea7d036c0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"fb286cba-33ac-4b88-989b-be068fc45f37\"},\"panelIndex\":\"fb286cba-33ac-4b88-989b-be068fc45f37\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fb286cba-33ac-4b88-989b-be068fc45f37\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"b42d9704-1f0c-4315-9d1f-656f543400a3\"},\"panelIndex\":\"b42d9704-1f0c-4315-9d1f-656f543400a3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b42d9704-1f0c-4315-9d1f-656f543400a3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"73ee9463-c8eb-4aa0-b706-3dd9b9c9a5f7\"},\"panelIndex\":\"73ee9463-c8eb-4aa0-b706-3dd9b9c9a5f7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_73ee9463-c8eb-4aa0-b706-3dd9b9c9a5f7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"bba27f42-3451-4d63-8efd-25d608d4fde8\"},\"panelIndex\":\"bba27f42-3451-4d63-8efd-25d608d4fde8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_bba27f42-3451-4d63-8efd-25d608d4fde8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"19ace06e-fa5c-4803-9f92-5def5b1f1fce\"},\"panelIndex\":\"19ace06e-fa5c-4803-9f92-5def5b1f1fce\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_19ace06e-fa5c-4803-9f92-5def5b1f1fce\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"06ddc035-d17c-45fc-8a22-bad8529004be\"},\"panelIndex\":\"06ddc035-d17c-45fc-8a22-bad8529004be\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_06ddc035-d17c-45fc-8a22-bad8529004be\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"7c47a3d8-00e9-4173-8576-6b79d472ab55\"},\"panelIndex\":\"7c47a3d8-00e9-4173-8576-6b79d472ab55\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7c47a3d8-00e9-4173-8576-6b79d472ab55\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"42b4e982-5281-4059-9a22-660daae3850b\"},\"panelIndex\":\"42b4e982-5281-4059-9a22-660daae3850b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_42b4e982-5281-4059-9a22-660daae3850b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"6ac28860-28f0-4bd6-9f96-eea3e2cc5d53\"},\"panelIndex\":\"6ac28860-28f0-4bd6-9f96-eea3e2cc5d53\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6ac28860-28f0-4bd6-9f96-eea3e2cc5d53\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Services","version":1},"coreMigrationVersion":"8.2.0","id":"b088bcb0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"89c24646-f6ce-4def-857c-f04ea7d036c0:panel_89c24646-f6ce-4def-857c-f04ea7d036c0","type":"visualization"},{"id":"230d6410-3d45-11eb-bc2c-c5758316d788","name":"fb286cba-33ac-4b88-989b-be068fc45f37:panel_fb286cba-33ac-4b88-989b-be068fc45f37","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"b42d9704-1f0c-4315-9d1f-656f543400a3:panel_b42d9704-1f0c-4315-9d1f-656f543400a3","type":"visualization"},{"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","name":"73ee9463-c8eb-4aa0-b706-3dd9b9c9a5f7:panel_73ee9463-c8eb-4aa0-b706-3dd9b9c9a5f7","type":"visualization"},{"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","name":"bba27f42-3451-4d63-8efd-25d608d4fde8:panel_bba27f42-3451-4d63-8efd-25d608d4fde8","type":"visualization"},{"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","name":"19ace06e-fa5c-4803-9f92-5def5b1f1fce:panel_19ace06e-fa5c-4803-9f92-5def5b1f1fce","type":"visualization"},{"id":"051bf440-3e61-11eb-bc2c-c5758316d788","name":"06ddc035-d17c-45fc-8a22-bad8529004be:panel_06ddc035-d17c-45fc-8a22-bad8529004be","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"7c47a3d8-00e9-4173-8576-6b79d472ab55:panel_7c47a3d8-00e9-4173-8576-6b79d472ab55","type":"visualization"},{"id":"4ba1a880-3e55-11eb-bc2c-c5758316d788","name":"42b4e982-5281-4059-9a22-660daae3850b:panel_42b4e982-5281-4059-9a22-660daae3850b","type":"visualization"},{"id":"17487960-3e55-11eb-bc2c-c5758316d788","name":"6ac28860-28f0-4bd6-9f96-eea3e2cc5d53:panel_6ac28860-28f0-4bd6-9f96-eea3e2cc5d53","type":"visualization"}],"sort":[1675807560837,2822],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Applications - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Applications - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"app.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Applications\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"b3a920c0-3e55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2824],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"exists\":{\"field\":\"flow.server.sec.threat.name\"},\"meta\":{\"type\":\"exists\",\"disabled\":false,\"negate\":false,\"alias\":\"Bad Server Reputation\",\"key\":\"flow.server.sec.threat.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): High-Risk Clients (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: High-Risk Clients (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"High-Risk Clients\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"b56b5eb0-75c2-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2827],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Source\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"b6338a20-c40e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2830],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"b7b2c502-3d50-4c53-bd0f-1f7e560dde08","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2835],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"b90b5fe0-c3da-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2838],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers and Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Services (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"b9ba5e30-3d32-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2840],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (RECON)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (RECON)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [**RECON**](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"fa278d30-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2841],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[]},\"meta\":{\"alias\":\"ICMP Echo Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"cf3d02b0-c343-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2844],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNTcsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f440d860-64fa-4879-b980-0353a1f26eba\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"1592194a-8cb9-41a9-a982-24b60b07a1b6\"},\"panelIndex\":\"1592194a-8cb9-41a9-a982-24b60b07a1b6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1592194a-8cb9-41a9-a982-24b60b07a1b6\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\"},\"panelIndex\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_96ea5c44-f6e4-4970-923b-f9553a843fc0\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"e625b48e-33f4-4241-91c6-949cbcb8e9c4\"},\"panelIndex\":\"e625b48e-33f4-4241-91c6-949cbcb8e9c4\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e625b48e-33f4-4241-91c6-949cbcb8e9c4\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"80ff4c5f-ea11-4ff3-80c5-e160dc8316a8\"},\"panelIndex\":\"80ff4c5f-ea11-4ff3-80c5-e160dc8316a8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_80ff4c5f-ea11-4ff3-80c5-e160dc8316a8\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c49202db-477e-4d97-a3a4-8fb8b7e62c2f\"},\"panelIndex\":\"c49202db-477e-4d97-a3a4-8fb8b7e62c2f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c49202db-477e-4d97-a3a4-8fb8b7e62c2f\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"474dcd96-d6cb-450e-bfac-77d99586934c\"},\"panelIndex\":\"474dcd96-d6cb-450e-bfac-77d99586934c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_474dcd96-d6cb-450e-bfac-77d99586934c\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"a0735619-998c-406b-a096-0e1d39761536\"},\"panelIndex\":\"a0735619-998c-406b-a096-0e1d39761536\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a0735619-998c-406b-a096-0e1d39761536\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":14,\"h\":32,\"i\":\"69d29d1c-c318-4bbf-88be-05debcde7c3f\"},\"panelIndex\":\"69d29d1c-c318-4bbf-88be-05debcde7c3f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Port Scan (Public)\",\"panelRefName\":\"panel_69d29d1c-c318-4bbf-88be-05debcde7c3f\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":9,\"w\":14,\"h\":32,\"i\":\"99e1761d-0505-4611-a341-f474bfa95519\"},\"panelIndex\":\"99e1761d-0505-4611-a341-f474bfa95519\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Port Scan (Private)\",\"panelRefName\":\"panel_99e1761d-0505-4611-a341-f474bfa95519\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":9,\"w\":10,\"h\":32,\"i\":\"30c2fc5a-7b5d-4ff3-848e-5f9970175fba\"},\"panelIndex\":\"30c2fc5a-7b5d-4ff3-848e-5f9970175fba\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"ICMP Echo (Public)\",\"panelRefName\":\"panel_30c2fc5a-7b5d-4ff3-848e-5f9970175fba\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":32,\"i\":\"9084f85f-9f73-43e5-a0cf-303eea6783bc\"},\"panelIndex\":\"9084f85f-9f73-43e5-a0cf-303eea6783bc\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"ICMP Echo (Private)\",\"panelRefName\":\"panel_9084f85f-9f73-43e5-a0cf-303eea6783bc\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (RECON)","version":1},"coreMigrationVersion":"8.2.0","id":"b9cd6a90-c48e-11ec-a49f-6168cd647191","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"f440d860-64fa-4879-b980-0353a1f26eba:panel_f440d860-64fa-4879-b980-0353a1f26eba","type":"visualization"},{"id":"fa278d30-c495-11ec-a49f-6168cd647191","name":"1592194a-8cb9-41a9-a982-24b60b07a1b6:panel_1592194a-8cb9-41a9-a982-24b60b07a1b6","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"ad125fa1-132d-46b3-8cfa-48520ea3c83a:panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a","type":"visualization"},{"id":"5fc57d50-c487-11ec-a49f-6168cd647191","name":"96ea5c44-f6e4-4970-923b-f9553a843fc0:panel_96ea5c44-f6e4-4970-923b-f9553a843fc0","type":"visualization"},{"id":"53adda40-c490-11ec-a49f-6168cd647191","name":"e625b48e-33f4-4241-91c6-949cbcb8e9c4:panel_e625b48e-33f4-4241-91c6-949cbcb8e9c4","type":"visualization"},{"id":"851359f0-c492-11ec-a49f-6168cd647191","name":"80ff4c5f-ea11-4ff3-80c5-e160dc8316a8:panel_80ff4c5f-ea11-4ff3-80c5-e160dc8316a8","type":"visualization"},{"id":"6c8e1ee0-c494-11ec-a49f-6168cd647191","name":"c49202db-477e-4d97-a3a4-8fb8b7e62c2f:panel_c49202db-477e-4d97-a3a4-8fb8b7e62c2f","type":"visualization"},{"id":"0ca342c0-c495-11ec-a49f-6168cd647191","name":"474dcd96-d6cb-450e-bfac-77d99586934c:panel_474dcd96-d6cb-450e-bfac-77d99586934c","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"a0735619-998c-406b-a096-0e1d39761536:panel_a0735619-998c-406b-a096-0e1d39761536","type":"visualization"},{"id":"028aac60-c490-11ec-a49f-6168cd647191","name":"69d29d1c-c318-4bbf-88be-05debcde7c3f:panel_69d29d1c-c318-4bbf-88be-05debcde7c3f","type":"visualization"},{"id":"1ff8f860-c346-11ec-aaf3-5b4644130c7f","name":"99e1761d-0505-4611-a341-f474bfa95519:panel_99e1761d-0505-4611-a341-f474bfa95519","type":"visualization"},{"id":"5c6bd160-c48f-11ec-a49f-6168cd647191","name":"30c2fc5a-7b5d-4ff3-848e-5f9970175fba:panel_30c2fc5a-7b5d-4ff3-848e-5f9970175fba","type":"visualization"},{"id":"cf3d02b0-c343-11ec-aaf3-5b4644130c7f","name":"9084f85f-9f73-43e5-a0cf-303eea6783bc:panel_9084f85f-9f73-43e5-a0cf-303eea6783bc","type":"visualization"}],"sort":[1675807560837,2858],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NTP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"baf01140-9d81-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675808882266,10184],"type":"visualization","updated_at":"2023-02-07T22:28:02.266Z","version":"WzMwNTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Service, Established - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Service, Established - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"beca7d30-75d4-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"}],"sort":[1675807560837,2868],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flow Records (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/bf9f8a70-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"e801f6e0-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2869],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Records/s (src/dst) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Records/s (src/dst) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"61c95a90-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"646736f0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"2b017560-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"2e9d39c0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Flow Types\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"filter\":{\"query\":\"flow.src.ip.addr: * AND flow.dst.ip.addr: *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d786d060-9d94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2870],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNjIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"9a294251-20cf-4d94-ba56-d9d0a0cf8987\"},\"panelIndex\":\"9a294251-20cf-4d94-ba56-d9d0a0cf8987\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9a294251-20cf-4d94-ba56-d9d0a0cf8987\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"4daf2414-af00-4b6e-896d-07368c73615f\"},\"panelIndex\":\"4daf2414-af00-4b6e-896d-07368c73615f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4daf2414-af00-4b6e-896d-07368c73615f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"d6fb0873-a978-4e9b-adaa-ad47e4a1ff5f\"},\"panelIndex\":\"d6fb0873-a978-4e9b-adaa-ad47e4a1ff5f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d6fb0873-a978-4e9b-adaa-ad47e4a1ff5f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":10,\"i\":\"9762091d-473e-4157-93e3-2b4c01f19b26\"},\"panelIndex\":\"9762091d-473e-4157-93e3-2b4c01f19b26\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9762091d-473e-4157-93e3-2b4c01f19b26\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"5df778e6-7791-4e11-bc12-423e44135b5b\"},\"panelIndex\":\"5df778e6-7791-4e11-bc12-423e44135b5b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5df778e6-7791-4e11-bc12-423e44135b5b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":10,\"i\":\"ae09239d-128b-4350-a5e6-8131e02f4bb9\"},\"panelIndex\":\"ae09239d-128b-4350-a5e6-8131e02f4bb9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ae09239d-128b-4350-a5e6-8131e02f4bb9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":5,\"i\":\"4e8a9cee-c02d-41a8-9d55-be201ea1f2b8\"},\"panelIndex\":\"4e8a9cee-c02d-41a8-9d55-be201ea1f2b8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4e8a9cee-c02d-41a8-9d55-be201ea1f2b8\"},{\"version\":\"7.10.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"5b609d60-4832-436f-893e-3bd7afae98c9\"},\"panelIndex\":\"5b609d60-4832-436f-893e-3bd7afae98c9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5b609d60-4832-436f-893e-3bd7afae98c9\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Records (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"bf9f8a70-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"06d52ff0-3d43-11eb-bc2c-c5758316d788","name":"9a294251-20cf-4d94-ba56-d9d0a0cf8987:panel_9a294251-20cf-4d94-ba56-d9d0a0cf8987","type":"visualization"},{"id":"e801f6e0-3d46-11eb-bc2c-c5758316d788","name":"4daf2414-af00-4b6e-896d-07368c73615f:panel_4daf2414-af00-4b6e-896d-07368c73615f","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"d6fb0873-a978-4e9b-adaa-ad47e4a1ff5f:panel_d6fb0873-a978-4e9b-adaa-ad47e4a1ff5f","type":"visualization"},{"id":"1a9e1fe0-3f0c-11eb-bc2c-c5758316d788","name":"9762091d-473e-4157-93e3-2b4c01f19b26:panel_9762091d-473e-4157-93e3-2b4c01f19b26","type":"visualization"},{"id":"4a68d6d0-9d97-11ec-a4df-e940aaa4214d","name":"5df778e6-7791-4e11-bc12-423e44135b5b:panel_5df778e6-7791-4e11-bc12-423e44135b5b","type":"visualization"},{"id":"d786d060-9d94-11ec-a4df-e940aaa4214d","name":"ae09239d-128b-4350-a5e6-8131e02f4bb9:panel_ae09239d-128b-4350-a5e6-8131e02f4bb9","type":"visualization"},{"id":"aa0dbe60-9d98-11ec-a4df-e940aaa4214d","name":"4e8a9cee-c02d-41a8-9d55-be201ea1f2b8:panel_4e8a9cee-c02d-41a8-9d55-be201ea1f2b8","type":"visualization"},{"id":"78b035a0-3f11-11eb-bc2c-c5758316d788","name":"5b609d60-4832-436f-893e-3bd7afae98c9:panel_5b609d60-4832-436f-893e-3bd7afae98c9","type":"search"}],"sort":[1675807560837,2879],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNjMsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"20b572a3-961c-4e47-b17c-af96003e5606\"},\"panelIndex\":\"20b572a3-961c-4e47-b17c-af96003e5606\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_20b572a3-961c-4e47-b17c-af96003e5606\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"19b1ecb4-533d-4ded-a17a-7f2d8af38caf\"},\"panelIndex\":\"19b1ecb4-533d-4ded-a17a-7f2d8af38caf\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_19b1ecb4-533d-4ded-a17a-7f2d8af38caf\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"1e5b1e06-7cd2-49a7-9f8d-e72b0b6b129e\"},\"panelIndex\":\"1e5b1e06-7cd2-49a7-9f8d-e72b0b6b129e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1e5b1e06-7cd2-49a7-9f8d-e72b0b6b129e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"d4210038-999a-467f-bb0b-e64906069f55\"},\"panelIndex\":\"d4210038-999a-467f-bb0b-e64906069f55\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d4210038-999a-467f-bb0b-e64906069f55\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"9072ad07-6e82-40c8-8f50-e48700f76095\"},\"panelIndex\":\"9072ad07-6e82-40c8-8f50-e48700f76095\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9072ad07-6e82-40c8-8f50-e48700f76095\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"821337cb-33a4-416d-95e8-0e49aad13b6a\"},\"panelIndex\":\"821337cb-33a4-416d-95e8-0e49aad13b6a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_821337cb-33a4-416d-95e8-0e49aad13b6a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"d3492ccf-dc3a-49bf-9222-b4f81659c3d6\"},\"panelIndex\":\"d3492ccf-dc3a-49bf-9222-b4f81659c3d6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d3492ccf-dc3a-49bf-9222-b4f81659c3d6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"47705264-40e5-4f44-a660-8291426f4ea0\"},\"panelIndex\":\"47705264-40e5-4f44-a660-8291426f4ea0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_47705264-40e5-4f44-a660-8291426f4ea0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":48,\"h\":23,\"i\":\"c54b4a9a-1ed7-43c1-a4fc-9871b4eae94f\"},\"panelIndex\":\"c54b4a9a-1ed7-43c1-a4fc-9871b4eae94f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c54b4a9a-1ed7-43c1-a4fc-9871b4eae94f\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Conversations","version":1},"coreMigrationVersion":"8.2.0","id":"c2da3880-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"20b572a3-961c-4e47-b17c-af96003e5606:panel_20b572a3-961c-4e47-b17c-af96003e5606","type":"visualization"},{"id":"0c217890-3d45-11eb-bc2c-c5758316d788","name":"19b1ecb4-533d-4ded-a17a-7f2d8af38caf:panel_19b1ecb4-533d-4ded-a17a-7f2d8af38caf","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"1e5b1e06-7cd2-49a7-9f8d-e72b0b6b129e:panel_1e5b1e06-7cd2-49a7-9f8d-e72b0b6b129e","type":"visualization"},{"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","name":"d4210038-999a-467f-bb0b-e64906069f55:panel_d4210038-999a-467f-bb0b-e64906069f55","type":"visualization"},{"id":"9bc40400-3e5c-11eb-bc2c-c5758316d788","name":"9072ad07-6e82-40c8-8f50-e48700f76095:panel_9072ad07-6e82-40c8-8f50-e48700f76095","type":"visualization"},{"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","name":"821337cb-33a4-416d-95e8-0e49aad13b6a:panel_821337cb-33a4-416d-95e8-0e49aad13b6a","type":"visualization"},{"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","name":"d3492ccf-dc3a-49bf-9222-b4f81659c3d6:panel_d3492ccf-dc3a-49bf-9222-b4f81659c3d6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"47705264-40e5-4f44-a660-8291426f4ea0:panel_47705264-40e5-4f44-a660-8291426f4ea0","type":"visualization"},{"id":"6dd43c00-3e0b-11eb-bc2c-c5758316d788","name":"c54b4a9a-1ed7-43c1-a4fc-9871b4eae94f:panel_c54b4a9a-1ed7-43c1-a4fc-9871b4eae94f","type":"visualization"}],"sort":[1675807560837,2889],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c668d220-c40d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2892],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c89e2590-c345-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2895],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"cb8e25b0-c3aa-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2898],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Remote Desktop Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Remote Desktop Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"cdbcf310-c49b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2901],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NTP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"d1068450-9d81-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675808902137,10223],"type":"visualization","updated_at":"2023-02-07T22:28:22.137Z","version":"WzMwODYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}]},\"meta\":{\"alias\":\"ICMP\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"icmp.type.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"ICMP Type\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"icmp.code.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"ICMP Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"d15ecc70-c39f-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2910],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Countries (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"d4558da0-3e04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2912],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"d4ca6ff9-e8cf-4ce1-bc95-4ebcf77b60f9","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2917],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"0752f037-b31d-4a81-92fd-457c4ab782cb\"},\"panelIndex\":\"0752f037-b31d-4a81-92fd-457c4ab782cb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0752f037-b31d-4a81-92fd-457c4ab782cb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"4837436f-f86a-49aa-a60a-1e9ec62e9407\"},\"panelIndex\":\"4837436f-f86a-49aa-a60a-1e9ec62e9407\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4837436f-f86a-49aa-a60a-1e9ec62e9407\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"562f484f-8184-4b5a-b3ab-409419ba6ea6\"},\"panelIndex\":\"562f484f-8184-4b5a-b3ab-409419ba6ea6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_562f484f-8184-4b5a-b3ab-409419ba6ea6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"ea2ed7fa-bf71-4291-bd7a-0522451028f8\"},\"panelIndex\":\"ea2ed7fa-bf71-4291-bd7a-0522451028f8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ea2ed7fa-bf71-4291-bd7a-0522451028f8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"182f8712-1773-4a9d-988a-5d59984de343\"},\"panelIndex\":\"182f8712-1773-4a9d-988a-5d59984de343\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_182f8712-1773-4a9d-988a-5d59984de343\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"b15e6ced-8999-459b-bd36-c1499cd9267d\"},\"panelIndex\":\"b15e6ced-8999-459b-bd36-c1499cd9267d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b15e6ced-8999-459b-bd36-c1499cd9267d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"9bbff89d-82f1-4ceb-b068-bcef2ef809dc\"},\"panelIndex\":\"9bbff89d-82f1-4ceb-b068-bcef2ef809dc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9bbff89d-82f1-4ceb-b068-bcef2ef809dc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"f2a4d19a-5c8e-45c0-893c-98e6294a0d3c\"},\"panelIndex\":\"f2a4d19a-5c8e-45c0-893c-98e6294a0d3c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f2a4d19a-5c8e-45c0-893c-98e6294a0d3c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"fa95c4a9-a7fc-4584-9527-cab868de6d39\"},\"panelIndex\":\"fa95c4a9-a7fc-4584-9527-cab868de6d39\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fa95c4a9-a7fc-4584-9527-cab868de6d39\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"7be19337-a56c-4e41-8744-4ece97dc6630\"},\"panelIndex\":\"7be19337-a56c-4e41-8744-4ece97dc6630\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7be19337-a56c-4e41-8744-4ece97dc6630\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Applications","version":1},"coreMigrationVersion":"8.2.0","id":"d4e18bf0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"0752f037-b31d-4a81-92fd-457c4ab782cb:panel_0752f037-b31d-4a81-92fd-457c4ab782cb","type":"visualization"},{"id":"2f8a90a0-3d45-11eb-bc2c-c5758316d788","name":"4837436f-f86a-49aa-a60a-1e9ec62e9407:panel_4837436f-f86a-49aa-a60a-1e9ec62e9407","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"562f484f-8184-4b5a-b3ab-409419ba6ea6:panel_562f484f-8184-4b5a-b3ab-409419ba6ea6","type":"visualization"},{"id":"4ea0e4d0-3d4f-11eb-bc2c-c5758316d788","name":"ea2ed7fa-bf71-4291-bd7a-0522451028f8:panel_ea2ed7fa-bf71-4291-bd7a-0522451028f8","type":"visualization"},{"id":"2f9ed3e0-3e61-11eb-bc2c-c5758316d788","name":"182f8712-1773-4a9d-988a-5d59984de343:panel_182f8712-1773-4a9d-988a-5d59984de343","type":"visualization"},{"id":"2f03c500-3e64-11eb-bc2c-c5758316d788","name":"b15e6ced-8999-459b-bd36-c1499cd9267d:panel_b15e6ced-8999-459b-bd36-c1499cd9267d","type":"visualization"},{"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","name":"9bbff89d-82f1-4ceb-b068-bcef2ef809dc:panel_9bbff89d-82f1-4ceb-b068-bcef2ef809dc","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"f2a4d19a-5c8e-45c0-893c-98e6294a0d3c:panel_f2a4d19a-5c8e-45c0-893c-98e6294a0d3c","type":"visualization"},{"id":"b3a920c0-3e55-11eb-bc2c-c5758316d788","name":"fa95c4a9-a7fc-4584-9527-cab868de6d39:panel_fa95c4a9-a7fc-4584-9527-cab868de6d39","type":"visualization"},{"id":"9aeb1f40-3e53-11eb-bc2c-c5758316d788","name":"7be19337-a56c-4e41-8744-4ece97dc6630:panel_7be19337-a56c-4e41-8744-4ece97dc6630","type":"visualization"}],"sort":[1675807560837,2928],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}}],\"must_not\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"d9e319b0-c411-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2931],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client AS/server AS) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client AS/server AS) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.client.as.label\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.server.as.label\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client AS\\\", \\\"Server AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"dcb4d670-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2932],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"de4e45b0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2934],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (DDoS Flood)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (DDoS Flood)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [**DDoS Flood**](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"e75a9fd0-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2935],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Messages - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":200,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":2000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":20000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"6caa8600-7e31-4c84-b565-0569c9581225\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"(l4.proto.name: \\\"ICMP\\\" OR l4.proto.name: \\\"IPv6-ICMP\\\") AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Messages\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"f89c9de0-c489-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2936],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":50000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"998dea6b-c642-4e54-9da2-4bf872aeb081\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"(l4.proto.name: \\\"ICMP\\\" OR l4.proto.name: \\\"IPv6-ICMP\\\") AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"f37dff80-c488-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2937],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwNzksMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f440d860-64fa-4879-b980-0353a1f26eba\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"5609d268-4c81-43a9-8c3c-1f56934b9334\"},\"panelIndex\":\"5609d268-4c81-43a9-8c3c-1f56934b9334\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5609d268-4c81-43a9-8c3c-1f56934b9334\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\"},\"panelIndex\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_96ea5c44-f6e4-4970-923b-f9553a843fc0\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"b49af91f-5e84-4c53-a067-9add862c1d15\"},\"panelIndex\":\"b49af91f-5e84-4c53-a067-9add862c1d15\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b49af91f-5e84-4c53-a067-9add862c1d15\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"cfee2852-f7f9-44a0-bc77-4270abd32c5b\"},\"panelIndex\":\"cfee2852-f7f9-44a0-bc77-4270abd32c5b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cfee2852-f7f9-44a0-bc77-4270abd32c5b\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"712bd9c0-1c24-499f-b9cd-ca10512a1d4f\"},\"panelIndex\":\"712bd9c0-1c24-499f-b9cd-ca10512a1d4f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_712bd9c0-1c24-499f-b9cd-ca10512a1d4f\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9af5771e-3507-4114-aa1a-12dc0a88e8cb\"},\"panelIndex\":\"9af5771e-3507-4114-aa1a-12dc0a88e8cb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9af5771e-3507-4114-aa1a-12dc0a88e8cb\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9a899328-ae14-4f50-8185-f0237f5b7606\"},\"panelIndex\":\"9a899328-ae14-4f50-8185-f0237f5b7606\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9a899328-ae14-4f50-8185-f0237f5b7606\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":22,\"h\":32,\"i\":\"34ecb7be-696a-4829-9397-603e5615a000\"},\"panelIndex\":\"34ecb7be-696a-4829-9397-603e5615a000\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"UDP Amplification (Public)\",\"panelRefName\":\"panel_34ecb7be-696a-4829-9397-603e5615a000\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":9,\"w\":15,\"h\":32,\"i\":\"6f1b2597-6597-4753-9820-9047e66b7ab8\"},\"panelIndex\":\"6f1b2597-6597-4753-9820-9047e66b7ab8\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"ICMP Messages (Public)\",\"panelRefName\":\"panel_6f1b2597-6597-4753-9820-9047e66b7ab8\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":32,\"i\":\"93d18a20-25bd-4516-8451-f350a7975b58\"},\"panelIndex\":\"93d18a20-25bd-4516-8451-f350a7975b58\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"ICMP Sources (Public)\",\"panelRefName\":\"panel_93d18a20-25bd-4516-8451-f350a7975b58\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (DDoS Flood)","version":1},"coreMigrationVersion":"8.2.0","id":"e0ffa950-c472-11ec-a49f-6168cd647191","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"f440d860-64fa-4879-b980-0353a1f26eba:panel_f440d860-64fa-4879-b980-0353a1f26eba","type":"visualization"},{"id":"e75a9fd0-c495-11ec-a49f-6168cd647191","name":"5609d268-4c81-43a9-8c3c-1f56934b9334:panel_5609d268-4c81-43a9-8c3c-1f56934b9334","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"ad125fa1-132d-46b3-8cfa-48520ea3c83a:panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a","type":"visualization"},{"id":"5fc57d50-c487-11ec-a49f-6168cd647191","name":"96ea5c44-f6e4-4970-923b-f9553a843fc0:panel_96ea5c44-f6e4-4970-923b-f9553a843fc0","type":"visualization"},{"id":"1e22fb30-c48b-11ec-a49f-6168cd647191","name":"b49af91f-5e84-4c53-a067-9add862c1d15:panel_b49af91f-5e84-4c53-a067-9add862c1d15","type":"visualization"},{"id":"1f4a6ec0-c48c-11ec-a49f-6168cd647191","name":"cfee2852-f7f9-44a0-bc77-4270abd32c5b:panel_cfee2852-f7f9-44a0-bc77-4270abd32c5b","type":"visualization"},{"id":"8ba5fee0-c48c-11ec-a49f-6168cd647191","name":"712bd9c0-1c24-499f-b9cd-ca10512a1d4f:panel_712bd9c0-1c24-499f-b9cd-ca10512a1d4f","type":"visualization"},{"id":"f89c9de0-c489-11ec-a49f-6168cd647191","name":"9af5771e-3507-4114-aa1a-12dc0a88e8cb:panel_9af5771e-3507-4114-aa1a-12dc0a88e8cb","type":"visualization"},{"id":"f37dff80-c488-11ec-a49f-6168cd647191","name":"9a899328-ae14-4f50-8185-f0237f5b7606:panel_9a899328-ae14-4f50-8185-f0237f5b7606","type":"visualization"},{"id":"16000b60-c467-11ec-a49f-6168cd647191","name":"34ecb7be-696a-4829-9397-603e5615a000:panel_34ecb7be-696a-4829-9397-603e5615a000","type":"visualization"},{"id":"aff13960-c467-11ec-a49f-6168cd647191","name":"6f1b2597-6597-4753-9820-9047e66b7ab8:panel_6f1b2597-6597-4753-9820-9047e66b7ab8","type":"visualization"},{"id":"850fe610-c467-11ec-a49f-6168cd647191","name":"93d18a20-25bd-4516-8451-f350a7975b58:panel_93d18a20-25bd-4516-8451-f350a7975b58","type":"visualization"}],"sort":[1675807560837,2950],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"e146ffd0-3e04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2952],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (NTP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (NTP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [**NTP**](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"fae19390-9d73-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2953],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_503ee9c8-3371-4430-9997-5a2f772238ba\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"310bed0d-85b1-4fd6-a3e8-54a6a7fd461b\"},\"panelIndex\":\"310bed0d-85b1-4fd6-a3e8-54a6a7fd461b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_310bed0d-85b1-4fd6-a3e8-54a6a7fd461b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e57c863c-11e8-43d8-a2b8-20a63217371e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":7,\"h\":5,\"i\":\"44007a2f-7e53-40a8-9a8f-12a7bfdef25a\"},\"panelIndex\":\"44007a2f-7e53-40a8-9a8f-12a7bfdef25a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_44007a2f-7e53-40a8-9a8f-12a7bfdef25a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":4,\"w\":7,\"h\":5,\"i\":\"f84dbe69-588e-48bd-859d-99948dfda0ae\"},\"panelIndex\":\"f84dbe69-588e-48bd-859d-99948dfda0ae\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f84dbe69-588e-48bd-859d-99948dfda0ae\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":4,\"w\":7,\"h\":5,\"i\":\"bda4c5c2-4646-4d1b-983d-fcd5c6fcdc12\"},\"panelIndex\":\"bda4c5c2-4646-4d1b-983d-fcd5c6fcdc12\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_bda4c5c2-4646-4d1b-983d-fcd5c6fcdc12\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":21,\"y\":4,\"w\":27,\"h\":14,\"i\":\"665b8aee-3aba-4f5a-b7f6-0f27b22dbc12\"},\"panelIndex\":\"665b8aee-3aba-4f5a-b7f6-0f27b22dbc12\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_665b8aee-3aba-4f5a-b7f6-0f27b22dbc12\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":9,\"i\":\"7f5e099d-c11d-4873-acd5-bfc0eaba2934\"},\"panelIndex\":\"7f5e099d-c11d-4873-acd5-bfc0eaba2934\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7f5e099d-c11d-4873-acd5-bfc0eaba2934\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":9,\"i\":\"ad540009-42e0-49c5-b248-763fb014e3b0\"},\"panelIndex\":\"ad540009-42e0-49c5-b248-763fb014e3b0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ad540009-42e0-49c5-b248-763fb014e3b0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":9,\"w\":1,\"h\":9,\"i\":\"95041dc2-b8d4-46c4-8fb7-b583d6f8a125\"},\"panelIndex\":\"95041dc2-b8d4-46c4-8fb7-b583d6f8a125\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_95041dc2-b8d4-46c4-8fb7-b583d6f8a125\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":8,\"h\":23,\"i\":\"d5badb3f-d001-4b50-bab9-7bef1038d71e\"},\"panelIndex\":\"d5badb3f-d001-4b50-bab9-7bef1038d71e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d5badb3f-d001-4b50-bab9-7bef1038d71e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":18,\"w\":8,\"h\":23,\"i\":\"a090888c-04b5-4d61-a285-3ce8f5bcd005\"},\"panelIndex\":\"a090888c-04b5-4d61-a285-3ce8f5bcd005\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a090888c-04b5-4d61-a285-3ce8f5bcd005\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":18,\"w\":8,\"h\":23,\"i\":\"190550f7-ba96-4aa1-b472-ae6be84ecfe2\"},\"panelIndex\":\"190550f7-ba96-4aa1-b472-ae6be84ecfe2\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_190550f7-ba96-4aa1-b472-ae6be84ecfe2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":8,\"h\":23,\"i\":\"fae91842-2c59-4872-a1d7-588ccc92c63e\"},\"panelIndex\":\"fae91842-2c59-4872-a1d7-588ccc92c63e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fae91842-2c59-4872-a1d7-588ccc92c63e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":18,\"w\":9,\"h\":23,\"i\":\"a9fc5ffd-6bbd-4611-9e50-bd37376a099c\"},\"panelIndex\":\"a9fc5ffd-6bbd-4611-9e50-bd37376a099c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a9fc5ffd-6bbd-4611-9e50-bd37376a099c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":41,\"y\":18,\"w\":7,\"h\":23,\"i\":\"c25a252d-abcb-4adc-b310-96062385f9b5\"},\"panelIndex\":\"c25a252d-abcb-4adc-b310-96062385f9b5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c25a252d-abcb-4adc-b310-96062385f9b5\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (NTP)","version":1},"coreMigrationVersion":"8.2.0","id":"e2888380-9d73-11ec-a4df-e940aaa4214d","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"503ee9c8-3371-4430-9997-5a2f772238ba:panel_503ee9c8-3371-4430-9997-5a2f772238ba","type":"visualization"},{"id":"fae19390-9d73-11ec-a4df-e940aaa4214d","name":"310bed0d-85b1-4fd6-a3e8-54a6a7fd461b:panel_310bed0d-85b1-4fd6-a3e8-54a6a7fd461b","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"e57c863c-11e8-43d8-a2b8-20a63217371e:panel_e57c863c-11e8-43d8-a2b8-20a63217371e","type":"visualization"},{"id":"18a453c0-9d80-11ec-a4df-e940aaa4214d","name":"44007a2f-7e53-40a8-9a8f-12a7bfdef25a:panel_44007a2f-7e53-40a8-9a8f-12a7bfdef25a","type":"visualization"},{"id":"6175d650-9d80-11ec-a4df-e940aaa4214d","name":"f84dbe69-588e-48bd-859d-99948dfda0ae:panel_f84dbe69-588e-48bd-859d-99948dfda0ae","type":"visualization"},{"id":"8ff70cb0-9d80-11ec-a4df-e940aaa4214d","name":"bda4c5c2-4646-4d1b-983d-fcd5c6fcdc12:panel_bda4c5c2-4646-4d1b-983d-fcd5c6fcdc12","type":"visualization"},{"id":"17f41790-9d75-11ec-a4df-e940aaa4214d","name":"665b8aee-3aba-4f5a-b7f6-0f27b22dbc12:panel_665b8aee-3aba-4f5a-b7f6-0f27b22dbc12","type":"visualization"},{"id":"baf01140-9d81-11ec-a4df-e940aaa4214d","name":"7f5e099d-c11d-4873-acd5-bfc0eaba2934:panel_7f5e099d-c11d-4873-acd5-bfc0eaba2934","type":"visualization"},{"id":"d1068450-9d81-11ec-a4df-e940aaa4214d","name":"ad540009-42e0-49c5-b248-763fb014e3b0:panel_ad540009-42e0-49c5-b248-763fb014e3b0","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"95041dc2-b8d4-46c4-8fb7-b583d6f8a125:panel_95041dc2-b8d4-46c4-8fb7-b583d6f8a125","type":"visualization"},{"id":"087e6750-9d7c-11ec-a4df-e940aaa4214d","name":"d5badb3f-d001-4b50-bab9-7bef1038d71e:panel_d5badb3f-d001-4b50-bab9-7bef1038d71e","type":"visualization"},{"id":"389a61f0-9d7c-11ec-a4df-e940aaa4214d","name":"a090888c-04b5-4d61-a285-3ce8f5bcd005:panel_a090888c-04b5-4d61-a285-3ce8f5bcd005","type":"visualization"},{"id":"19505290-9d7d-11ec-a4df-e940aaa4214d","name":"190550f7-ba96-4aa1-b472-ae6be84ecfe2:panel_190550f7-ba96-4aa1-b472-ae6be84ecfe2","type":"visualization"},{"id":"40ef7330-9d7d-11ec-a4df-e940aaa4214d","name":"fae91842-2c59-4872-a1d7-588ccc92c63e:panel_fae91842-2c59-4872-a1d7-588ccc92c63e","type":"visualization"},{"id":"7e20b120-9d7c-11ec-a4df-e940aaa4214d","name":"a9fc5ffd-6bbd-4611-9e50-bd37376a099c:panel_a9fc5ffd-6bbd-4611-9e50-bd37376a099c","type":"visualization"},{"id":"9d7a0d50-9d7c-11ec-a4df-e940aaa4214d","name":"c25a252d-abcb-4adc-b310-96062385f9b5:panel_c25a252d-abcb-4adc-b310-96062385f9b5","type":"visualization"}],"sort":[1675807560837,2970],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"e2d7da50-c336-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2973],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"e3cdb8c0-c346-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2976],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Responses\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.src.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"e7ab7b3a-2d17-45ba-9e40-a9a8b9323eae","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2981],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"ea70bae0-c410-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,2984],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (RADIUS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (RADIUS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[**RADIUS**](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"ed3bad80-c31a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2985],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Threat Intelligence Notice","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threat Intelligence Notice\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"# This Panel requires Threat Intelligence information which will be available in Beta 3.\"}}"},"coreMigrationVersion":"8.2.0","id":"ed756050-3ed9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,2986],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwODksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"ee4b4a30-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675807560837,2988],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwOTAsMl0="}
{"attributes":{"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"elastiflow-telemetry_flow-codex-*","typeMeta":"{}"},"coreMigrationVersion":"8.2.0","id":"elastiflow-telemetry_flow-codex-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1675807560837,2989],"type":"index-pattern","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwOTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1645\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): RADIUS AUTH Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"f07f4eaa-fcfb-4805-91e7-9d8c8e53caf6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675808793618,9979],"type":"visualization","updated_at":"2023-02-07T22:26:33.618Z","version":"WzI4OTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Responses\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.src.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"f1069065-2cd4-4fb5-bfdc-bf4fb3a5b3ff","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675807560837,2999],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwOTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"f57c4960-c33c-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,3002],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwOTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.dst.l4.port.id: 1812 OR flow.dst.l4.port.id: 1645) AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"f6357006-4bb0-49f8-bd02-562459184378","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675807560837,3003],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwOTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Public Threats\",\"type\":\"exists\",\"key\":\"flow.client.sec.threat.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"flow.client.sec.threat.name\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Public Threats (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Public Threats (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Public Threats\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"f7a0baf0-750e-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675807560837,3006],"type":"visualization","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwOTYsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f440d860-64fa-4879-b980-0353a1f26eba\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"cfd8d732-c07f-4cd3-a4b1-1cb199aacc26\"},\"panelIndex\":\"cfd8d732-c07f-4cd3-a4b1-1cb199aacc26\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cfd8d732-c07f-4cd3-a4b1-1cb199aacc26\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"0aff53b4-0aba-4040-9966-36924cd181e3\"},\"panelIndex\":\"0aff53b4-0aba-4040-9966-36924cd181e3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0aff53b4-0aba-4040-9966-36924cd181e3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"472abd09-0771-4438-83b1-67b3d9a470a5\"},\"panelIndex\":\"472abd09-0771-4438-83b1-67b3d9a470a5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_472abd09-0771-4438-83b1-67b3d9a470a5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"e04284b8-0144-43e5-abc4-ba4c7204926c\"},\"panelIndex\":\"e04284b8-0144-43e5-abc4-ba4c7204926c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e04284b8-0144-43e5-abc4-ba4c7204926c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"96d1b9ac-bb4d-4c4e-9b18-2363ff5ea3cc\"},\"panelIndex\":\"96d1b9ac-bb4d-4c4e-9b18-2363ff5ea3cc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_96d1b9ac-bb4d-4c4e-9b18-2363ff5ea3cc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"3b8dddbf-dd64-4ec1-bd08-af58450c5ff3\"},\"panelIndex\":\"3b8dddbf-dd64-4ec1-bd08-af58450c5ff3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3b8dddbf-dd64-4ec1-bd08-af58450c5ff3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":10,\"h\":23,\"i\":\"b7240e19-8859-4502-b85f-6bf3addfc3c6\"},\"panelIndex\":\"b7240e19-8859-4502-b85f-6bf3addfc3c6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b7240e19-8859-4502-b85f-6bf3addfc3c6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":18,\"w\":14,\"h\":23,\"i\":\"86b4ae60-6982-403f-bead-3740e122cfa0\"},\"panelIndex\":\"86b4ae60-6982-403f-bead-3740e122cfa0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_86b4ae60-6982-403f-bead-3740e122cfa0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":12,\"h\":23,\"i\":\"9b417032-d5b1-4eae-b8ed-37bb4f119268\"},\"panelIndex\":\"9b417032-d5b1-4eae-b8ed-37bb4f119268\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9b417032-d5b1-4eae-b8ed-37bb4f119268\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":23,\"i\":\"e6682e5b-25f1-4e82-9297-2ae7686f94f8\"},\"panelIndex\":\"e6682e5b-25f1-4e82-9297-2ae7686f94f8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e6682e5b-25f1-4e82-9297-2ae7686f94f8\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (IP Reputation)","version":1},"coreMigrationVersion":"8.2.0","id":"f7fbc0b0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"f440d860-64fa-4879-b980-0353a1f26eba:panel_f440d860-64fa-4879-b980-0353a1f26eba","type":"visualization"},{"id":"ae161b80-c48d-11ec-a49f-6168cd647191","name":"cfd8d732-c07f-4cd3-a4b1-1cb199aacc26:panel_cfd8d732-c07f-4cd3-a4b1-1cb199aacc26","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"ad125fa1-132d-46b3-8cfa-48520ea3c83a:panel_ad125fa1-132d-46b3-8cfa-48520ea3c83a","type":"visualization"},{"id":"beca7d30-75d4-11eb-8c14-238bcf08bfa6","name":"0aff53b4-0aba-4040-9966-36924cd181e3:panel_0aff53b4-0aba-4040-9966-36924cd181e3","type":"visualization"},{"id":"1dd52c20-75cc-11eb-8c14-238bcf08bfa6","name":"472abd09-0771-4438-83b1-67b3d9a470a5:panel_472abd09-0771-4438-83b1-67b3d9a470a5","type":"visualization"},{"id":"a41dd6a0-75c8-11eb-8c14-238bcf08bfa6","name":"e04284b8-0144-43e5-abc4-ba4c7204926c:panel_e04284b8-0144-43e5-abc4-ba4c7204926c","type":"visualization"},{"id":"307cb730-75cc-11eb-8c14-238bcf08bfa6","name":"96d1b9ac-bb4d-4c4e-9b18-2363ff5ea3cc:panel_96d1b9ac-bb4d-4c4e-9b18-2363ff5ea3cc","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"3b8dddbf-dd64-4ec1-bd08-af58450c5ff3:panel_3b8dddbf-dd64-4ec1-bd08-af58450c5ff3","type":"visualization"},{"id":"44e46180-750b-11eb-8c14-238bcf08bfa6","name":"b7240e19-8859-4502-b85f-6bf3addfc3c6:panel_b7240e19-8859-4502-b85f-6bf3addfc3c6","type":"visualization"},{"id":"f7a0baf0-750e-11eb-8c14-238bcf08bfa6","name":"86b4ae60-6982-403f-bead-3740e122cfa0:panel_86b4ae60-6982-403f-bead-3740e122cfa0","type":"visualization"},{"id":"7734beb0-75c3-11eb-8c14-238bcf08bfa6","name":"9b417032-d5b1-4eae-b8ed-37bb4f119268:panel_9b417032-d5b1-4eae-b8ed-37bb4f119268","type":"visualization"},{"id":"b56b5eb0-75c2-11eb-8c14-238bcf08bfa6","name":"e6682e5b-25f1-4e82-9297-2ae7686f94f8:panel_e6682e5b-25f1-4e82-9297-2ae7686f94f8","type":"visualization"}],"sort":[1675807560837,3019],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwOTcsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_503ee9c8-3371-4430-9997-5a2f772238ba\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"1f50d436-eaad-48c1-8b91-ca622d5e6810\"},\"panelIndex\":\"1f50d436-eaad-48c1-8b91-ca622d5e6810\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1f50d436-eaad-48c1-8b91-ca622d5e6810\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e57c863c-11e8-43d8-a2b8-20a63217371e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"f3f5c819-f6ba-407a-8a85-52a44f203890\"},\"panelIndex\":\"f3f5c819-f6ba-407a-8a85-52a44f203890\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f3f5c819-f6ba-407a-8a85-52a44f203890\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"3ed70fd3-a838-491a-8f09-d0c4f002d699\"},\"panelIndex\":\"3ed70fd3-a838-491a-8f09-d0c4f002d699\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3ed70fd3-a838-491a-8f09-d0c4f002d699\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"5f4e6b2e-870c-422d-91fe-79a6163147f9\"},\"panelIndex\":\"5f4e6b2e-870c-422d-91fe-79a6163147f9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5f4e6b2e-870c-422d-91fe-79a6163147f9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"0a7851c1-f25a-4f80-b971-5747e805580b\"},\"panelIndex\":\"0a7851c1-f25a-4f80-b971-5747e805580b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0a7851c1-f25a-4f80-b971-5747e805580b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"4b369b59-78e8-4212-b5b8-650bdc62dfc1\"},\"panelIndex\":\"4b369b59-78e8-4212-b5b8-650bdc62dfc1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4b369b59-78e8-4212-b5b8-650bdc62dfc1\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"57732e54-9de3-4850-928c-419a11b1c906\"},\"panelIndex\":\"57732e54-9de3-4850-928c-419a11b1c906\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_57732e54-9de3-4850-928c-419a11b1c906\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"1dbabf3c-691e-474f-a3ca-7f48abebf69e\"},\"panelIndex\":\"1dbabf3c-691e-474f-a3ca-7f48abebf69e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1dbabf3c-691e-474f-a3ca-7f48abebf69e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"e4e7c7f0-a287-49b2-99e0-ebd952826c51\"},\"panelIndex\":\"e4e7c7f0-a287-49b2-99e0-ebd952826c51\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e4e7c7f0-a287-49b2-99e0-ebd952826c51\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"beeba4b6-f6f9-4eb5-87f8-ddceb42f7fa5\"},\"panelIndex\":\"beeba4b6-f6f9-4eb5-87f8-ddceb42f7fa5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_beeba4b6-f6f9-4eb5-87f8-ddceb42f7fa5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"951a3d6b-876a-48d1-856a-6bc0ee27347d\"},\"panelIndex\":\"951a3d6b-876a-48d1-856a-6bc0ee27347d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_951a3d6b-876a-48d1-856a-6bc0ee27347d\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (RADIUS)","version":1},"coreMigrationVersion":"8.2.0","id":"fbea2e70-c319-11ec-aaf3-5b4644130c7f","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"503ee9c8-3371-4430-9997-5a2f772238ba:panel_503ee9c8-3371-4430-9997-5a2f772238ba","type":"visualization"},{"id":"ed3bad80-c31a-11ec-aaf3-5b4644130c7f","name":"1f50d436-eaad-48c1-8b91-ca622d5e6810:panel_1f50d436-eaad-48c1-8b91-ca622d5e6810","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"e57c863c-11e8-43d8-a2b8-20a63217371e:panel_e57c863c-11e8-43d8-a2b8-20a63217371e","type":"visualization"},{"id":"f6357006-4bb0-49f8-bd02-562459184378","name":"f3f5c819-f6ba-407a-8a85-52a44f203890:panel_f3f5c819-f6ba-407a-8a85-52a44f203890","type":"visualization"},{"id":"6e4ded9e-1233-42f1-9b51-158686c49239","name":"3ed70fd3-a838-491a-8f09-d0c4f002d699:panel_3ed70fd3-a838-491a-8f09-d0c4f002d699","type":"visualization"},{"id":"9fcf5aee-4b37-4445-874f-ad2785387e27","name":"5f4e6b2e-870c-422d-91fe-79a6163147f9:panel_5f4e6b2e-870c-422d-91fe-79a6163147f9","type":"visualization"},{"id":"f07f4eaa-fcfb-4805-91e7-9d8c8e53caf6","name":"0a7851c1-f25a-4f80-b971-5747e805580b:panel_0a7851c1-f25a-4f80-b971-5747e805580b","type":"visualization"},{"id":"08f1070a-4c98-4703-a0ce-28e2ceaea0b8","name":"4b369b59-78e8-4212-b5b8-650bdc62dfc1:panel_4b369b59-78e8-4212-b5b8-650bdc62dfc1","type":"visualization"},{"id":"b7b2c502-3d50-4c53-bd0f-1f7e560dde08","name":"57732e54-9de3-4850-928c-419a11b1c906:panel_57732e54-9de3-4850-928c-419a11b1c906","type":"visualization"},{"id":"e7ab7b3a-2d17-45ba-9e40-a9a8b9323eae","name":"1dbabf3c-691e-474f-a3ca-7f48abebf69e:panel_1dbabf3c-691e-474f-a3ca-7f48abebf69e","type":"visualization"},{"id":"d4ca6ff9-e8cf-4ce1-bc95-4ebcf77b60f9","name":"e4e7c7f0-a287-49b2-99e0-ebd952826c51:panel_e4e7c7f0-a287-49b2-99e0-ebd952826c51","type":"visualization"},{"id":"f1069065-2cd4-4fb5-bfdc-bf4fb3a5b3ff","name":"beeba4b6-f6f9-4eb5-87f8-ddceb42f7fa5:panel_beeba4b6-f6f9-4eb5-87f8-ddceb42f7fa5","type":"visualization"},{"id":"0ce9bc39-bc69-4e87-b053-3a16588447a6","name":"951a3d6b-876a-48d1-856a-6bc0ee27347d:panel_951a3d6b-876a-48d1-856a-6bc0ee27347d","type":"visualization"}],"sort":[1675807560837,3033],"type":"dashboard","updated_at":"2023-02-07T22:06:00.837Z","version":"WzIwOTgsMl0="}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":400,"missingRefCount":0,"missingReferences":[]}