{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/City (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/City (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"geo.city.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.city.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"01222130-3eec-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEwMywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP Half-Open Sessions - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Half-Open Sessions - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"TCP\\\" AND tcp.flags.bits: 2 AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Half-Open Sessions\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"01b180e0-c484-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T11:19:38.322Z","version":"WzIwMDczLDhd"}
{"attributes":{"fieldFormatMap":"{\"bgp.next_hop.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"calix.netif.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.netif.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.ibont.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.ibont.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.internet.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.internet.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.pon.bytes.assured.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.pon.bytes.excess.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.pon.bytes.fixed.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.soho.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.soho.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.ethernet.payload.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.ethernet.payload.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes_green\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes_yellow\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.fec.bytes.corrected.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.fec.bytes.corrected.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_green\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_red\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_red_discard\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_yellow\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.bytes_read\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.bytes_write\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.decrypt.bytes_read\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.decrypt.bytes_write\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.encrypt.bytes_read\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.encrypt.bytes_write\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs0.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs1.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs2.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs3.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs5.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs6.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs7.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.sess.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.sess.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sdwan.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.waas.bytes.optimised\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.waas.bytes.orig\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*/field/flow.in.bytes\",\"basePath\":\"\"}}},\"flow.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.client.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.client.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.dst.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst.nat.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.export.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*/field/flow.in.bytes\",\"basePath\":\"\"}}},\"flow.in.bytes_retrans\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.bytes_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.bytes_total_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes_total_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.bytes_ignore\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.flow_select.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.l2.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.l2.bytes_ignore\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_mcast\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_mcast_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_retrans\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes_mcast\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes_mcast_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/monitoring\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"flow.server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.server.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.server.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.server.l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.src.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.src.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src.nat.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.treatment.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.treatment.bytes_drop_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l2.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l2.bytes_drop_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.avail.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.buffers.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.cached.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.commit.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.free.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.total.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.used.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.util.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.util.bytes_max\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"msexch.total_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.bytes.in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.bytes.out\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.bytes.in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.1024_1518_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.128_255_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.1519_2047_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.2048_4095_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.256_511_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.4096_9216_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.512_1023_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.65_127_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.9217_16383_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.to_64_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netscaler.ica.channel.id1_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netscaler.ica.channel.id2_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netscaler.ica.channel.id3_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netscaler.ica.channel.id4_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netscaler.ica.channel.id5_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netscaler.ica.clientside.bytes_in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netscaler.ica.clientside.bytes_out\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"ntop.entropy.client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"ntop.entropy.server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"pim.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"sonicwall.db.proc.mem.commit.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"tcp.bytes_retrans\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"wifi.afd.bytes_accept\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"wifi.afd.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}}}","fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"a10.fwd.tuple_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"a10.fwd.vpn.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"a10.radius.custom1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"a10.radius.custom2\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"a10.radius.custom3\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"a10.rev.tuple_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"a10.rev.vpn.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"antrea.flow.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"antrea.tcp.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"antrea.tcp.state_prev\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.arch\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.attr.encrypt\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.attr.p2p\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.attr.tunnel\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.category.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.codename\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.end.reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.payload\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.cmd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.cmdline\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.end.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.file.atime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.file.ctime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.file.mtime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.group.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.group.gid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.group.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.sig.func.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.sig.func.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.sig.value\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.start.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.user.fullname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.user.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proc.wd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.sub_proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.subcategory.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.svc.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.vendor\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.version.ver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.dst.hw_addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.dst.proto_addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.hw_addr_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.hw_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.msgs.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.msgs.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.op.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.proto_addr_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.proto_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.reqs.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.reqs.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.resps.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.resps.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.src.hw_addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.src.proto_addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.timeouts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"barracuda.audits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"barracuda.log_op.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"barracuda.svc.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"barracuda.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"barracuda.traffic_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.as_path.hop_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.as_path.hops.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.as_path.hops.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.as_path.hops.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.as_path.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.as_path.prepend\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.as_path.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.community.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.community.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.dst.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.dst.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.dst.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.dst.community.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.dst.community.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.dst.peer.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.dst.peer.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.dst.peer.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.local_pref\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.next_hop.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.next_hop.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.next_hop.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.next_hop.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.next_hop.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.pol_acct.dst.traffic_index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.pol_acct.src.traffic_index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.route_valid.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.router.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.router.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.router.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.src.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.src.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.src.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.src.community.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.src.community.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.src.peer.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.src.peer.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"bgp.src.peer.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.local.icmp_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.local.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.local.ipv4_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.local.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.local.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.local.proc.cmd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.local.proc.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.local.proc.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.local.proc.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.remote.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.remote.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cace.remote.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.bng_arp_counters\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.bng_dhcp_pool\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.bng_dhcp_subscriber\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.bng_diameter_client\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.bng_gx_counter\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.bng_policy_mgmt\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.bng_radius_client\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.bng_static_subscriber\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.bng_url_redirect\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.delay_measurement\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.interface_ethernet\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.interface_lag\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.lm_availability\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.loss_measurement\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.mep_stats\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.mip_stats\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.olt_ont_bin\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.olt_pon_dyn_agg_util_total\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.olt_pon_optical\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.olt_pon_util\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.ont_eth_total\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.ont_eth_util\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.ont_evccos_stats\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.ont_evcstats\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.ont_ifstats\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.pon_ont_type_util\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.pon_ont_util\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.aid.subscriber_flows\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.bin.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.bin.number\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.aca.msgs_interim\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.aca.msgs_start\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.aca.msgs_stop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.aca.msgs_success\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.acr.msgs_fail\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.acr.msgs_interim\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.acr.msgs_start\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.acr.msgs_stop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.cca_i.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.cca_u.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.ccr_i.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.ccr_u.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.cea.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.cer.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.client.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.dynamic_policy.fail\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.dynamic_policy.reqs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.dynamic_policy.success\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.msgs_timeout\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.pcrf.disconnects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.pcrf.subscribers_active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.pcrf.subscribers_config\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.pcrf.subscribers_default_policy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.pcrf.timeouts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.raa.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.raa.sess_id_mismatchs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.rar.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.sess.downs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.sess.ups\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.dynamic.active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.dynamic.active_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.dynamic.active_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.dynamic.active_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.dynamic.config\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.dynamic.ips_active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.static.active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.static.active_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.static.active_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.static.active_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.static.config\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.subscriber.static.ips_active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.diameter.watchdog.timeouts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.meas.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.meas.end.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.meas.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.meas.suspect.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.netif.bytes.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.netif.bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.nni.ethernet.role\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.ibont.bytes.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.ibont.bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.internet.bytes.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.internet.bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bucket.bw.used.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bucket.bw.used.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bucket.bw.util.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bucket.bw.util.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bucket.seconds.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bucket.seconds.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bw.assured.admit.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bw.assured.avail.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bw.excess.admit.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bw.excess.avail.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bw.fixed.admit.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bw.fixed.avail.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bytes.assured.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bytes.excess.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.pon.bytes.fixed.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.soho.bytes.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.olt.soho.bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.errors.crc.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.errors.crc.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.errors.gem.encryption_key\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.events.discard.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.events.discard.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.events.drop.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.events.drop.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.frames.discard.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.frames.gem.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.frames.gem.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.1024_1518_bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.128_255_bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.256_511_bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.512_1023_bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.65_127_bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.bcast.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.bcast.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.mcast.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.mcast.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.oversize.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.oversize.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.to_64_bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.ucast.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.ucast.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.undersize.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.undersize.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.packets.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.payload.bytes.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.ethernet.payload.bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.avail_indicators_bkwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.avail_indicators_fwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ccm_bad_if_status_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ccm_bad_port_status_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ccm_bad_sender_id_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ccm_bad_seq_errors_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ccm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ccm_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ccm_rdi_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ccm_rdi_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.consec_high_loss_indicators_bkwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.consec_high_loss_indicators_fwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.dm1_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.dm1_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.dmm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.dmm_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.dmr_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.dmr_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_bkwd_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_bkwd_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_bkwd_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_fwd_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_fwd_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_fwd_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_range_bkwd_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_range_bkwd_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_range_fwd_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_range_fwd_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_range_twoway_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_range_twoway_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_twoway_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_twoway_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_delay_twoway_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_loss_bkwd_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_loss_bkwd_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_loss_bkwd_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_loss_fwd_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_loss_fwd_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frame_loss_fwd_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frames_bkwd_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frames_bkwd_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frames_fwd_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.frames_fwd_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.high_loss_indicators_bkwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.high_loss_indicators_fwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.inter_frame_delay_var_bkwd_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.inter_frame_delay_var_bkwd_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.inter_frame_delay_var_bkwd_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.inter_frame_delay_var_fwd_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.inter_frame_delay_var_fwd_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.inter_frame_delay_var_fwd_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.inter_frame_delay_var_twoway_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.inter_frame_delay_var_twoway_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.inter_frame_delay_var_twoway_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lbm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lbm_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lbr_bad_msdu_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lbr_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lbr_ooo_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lbr_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lmm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lmm_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lmr_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.lmr_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ltm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ltm_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ltr_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ltr_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.ltr_unexpected_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.oam.pdus_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.oam.pdus_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.slm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.slm_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.slr_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.slr_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.unavail_indicators_bkwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mep.unavail_indicators_fwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.down.lbm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.down.lbr_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.down.ltm_fwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.down.ltm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.down.ltr_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.up.lbm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.up.lbr_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.up.ltm_fwd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.up.ltm_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.mip.up.ltr_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.bursts.missed.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.bw.util.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.bw.util.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.bytes.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.bytes_green\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.bytes_yellow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.errors.bip.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.errors.bip.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.errors.hec.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.bytes.corrected.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.bytes.corrected.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.code_words.corrected.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.code_words.corrected.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.code_words.total.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.code_words.total.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.code_words.uncorrected.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.code_words.uncorrected.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.seconds.anomaly.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.fec.seconds.anomaly.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.optical.chan.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.optical.laser.bias\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.optical.launch_pwr\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.optical.pwr.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.optical.pwr_feed.volt\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.optical.temp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.packets_green\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.packets_yellow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.seconds.bip_errored.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.seconds.bip_errored.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.seconds.bip_severely_errored.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.seconds.bip_severely_errored.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.seconds.bip_unavail.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.seconds.bip_unavail.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.pon.seconds.missed_bursts.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.uni.bytes_green\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.uni.bytes_red\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.uni.bytes_red_discard\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.uni.bytes_yellow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.uni.packets_green\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.uni.packets_red\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.uni.packets_red_discard\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.ont.uni.packets_yellow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.smm.url.redirect.subscribers_active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.smm.url.redirect.subscribers_policy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.smm.url.updates\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.stats.cause\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.stats.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.stats.end.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.stats.sample.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.stats.start.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"calix.stats.suspect.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.dhcp.fingerprint\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.dns.hits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.dns.record.a\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.dns.record.aaaa\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.dns.record.resource\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.dns.resp_section.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.ethernet.ip_data\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.first_packet_headers\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.flow.attr\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.flow.directiom_first_eight_nonempty_packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.flow.export.config_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.flow.export.unique_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.flow.keyhash\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.flow.table_flushes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.flow.table_peak\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.flow.template.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.flow.template.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.frags_assembled\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.frags_expired\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.ftp.return\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.interarrival_time_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.interarrival_time_stddev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.irc.text_msg\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.modbus.data\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.nntp.cmd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.nntp.resp\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.observed_data\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.observed_data_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.os.p0f_fingerprint\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.payload\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.payload_entropy\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.payload_size_stddev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.rtsp.command\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.rtsp.return_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.second_packet_headers\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.silk.app.label\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.silk.flow.sensor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.silk.flow.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.silk.tcp.state\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.sip.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.sip.command\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.sip.invite\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.sip.via\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.slp.req.values\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.tls.object_type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.tls.object_value\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.tombstone.access_list\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.tombstone.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cert.tool.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.flowdir_syn\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.sip.msg_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.sip.msg_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.cmd_flags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.code_2XX_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.code_3XX_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.code_4XX_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.code_5XX_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.flags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.mail_cmds\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.recipients\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.smtp.status_codes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cesnet.venom\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.abs_monitor_interval.end\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.abs_monitor_interval.start\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.business_relevance\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.family\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.http_uri_stats\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.new_transacts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.set\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.sub_app.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.sub_app.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.sub_app.value\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.sub_tag\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.traffic_class\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.app.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.packets_dup_recover\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.packets_dup_tunnel_dup\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.packets_fec\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.packets_fec_reconst\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.packets_orig_tunnel_dup\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.tls.bytes_read\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.tls.bytes_write\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.tls.decrypt.bytes_read\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.tls.decrypt.bytes_write\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.tls.encrypt.bytes_read\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.tls.encrypt.bytes_write\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.tls.policy_action.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.tls.svc_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.appqoe.tls.traffic_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.audio.g107.codec.baseline\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.audio.g107.codec.baseline_bpl\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.audio.g107.impair\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.audio.g107.impair_delay_oneway\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.audio.g107.loss_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.byte_rate_per_flow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.byte_rate_per_flow_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.byte_rate_per_flow_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.packet_arrival_timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.packet_rate_per_flow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.packet_rate_per_flow_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.packet_rate_per_flow_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.conns\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.resps\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.resps_late\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.rndtrip.latency_100_500ms\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.rndtrip.latency_10_50ms\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.rndtrip.latency_2_5ms\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.rndtrip.latency_500_1000ms\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.rndtrip.latency_50_100ms\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.rndtrip.latency_5_10ms\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.avc.tcp.rndtrip.latency_to_2ms\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_in_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_in_rollup\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_kth_fee\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_kth_rollup\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_kth_tier_percent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_out_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_out_rollup\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_pool_rsvp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_used\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.bw_util\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.c3pl.class.cce_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.c3pl.class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.c3pl.class.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.c3pl.policy.cce_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.c3pl.policy.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.c3pl.policy.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.conn_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.cost_discard_rollups\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.data_points\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.datalink.event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.datalink.event_ext.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.entrance_downgrade\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.eta.byte_distro\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.eta.idp\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.eta.salt\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.eta.slpt\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.eta.tls.cipher_suites\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.eta.tls.ext_sizes\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.eta.tls.ext_types\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.eta.tls.extensions\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.eta.tls.records\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.flow_time_remaining\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.blackout_time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.config_value\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.erm.code.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.event.level.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.event.level.value\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.packets_drop_pass\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.sess_half_open\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.sess_half_open_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.sess_half_open_rate_limit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.sess_limit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.fw.zonepair.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.app.metadata\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs0.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs0.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs1.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs1.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs2.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs2.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs3.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs3.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs4.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs4.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs5.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs5.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs6.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs6.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs7.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.cs7.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.e2e.header\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.l4.proto.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.my_node.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.my_node.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node1.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node1.in.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node1.in.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node1.out.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node1.out.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node2.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node2.in.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node2.in.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node2.out.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node2.out.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node3.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node3.in.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node3.in.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node3.out.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node3.out.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node4.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node4.in.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node4.in.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node4.out.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.node4.out.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.nodes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.packets_dup\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.packets_lost\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.packets_ooo\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.ppc.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.sfc.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.sfc.invalid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.sfc.valid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.ioam.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.l4.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.l4.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.l4.packet_loss\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.l4.unreachability\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.l4r.event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.l4r.event.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.l4r.server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.l4r.server.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.l4r.server.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.link.capacity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.link.group_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.media_event.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.media_event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.metadata.clock_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.metadata.global_session_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.metadata.multi_party_session_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.misc_unsupported\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.monitor_device_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.monitor_device_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.monitor_event.bits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.mos_low_events\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.netif.fex_node_id.in\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.netif.fex_node_id.out\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.netif.power\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.coord_list\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.dns_suffix\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.hash_list\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.module_list\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.netif.details_list\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.netif.info_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.netif.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.proc.parent.user.acct_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.proc.user.acct_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.udid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.nvzflow.user.acct_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.observ_node.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.observ_node.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pbhk.event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pbhk.event.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pbhk.mapped.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pbhk.mapped.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pbhk.mapped.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.br.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.class.tag\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.dst.site.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.dst.site.ip.subnet.broadcast\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.dst.site.ip.subnet.mask\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.dst.site.ip.subnet.mask_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.dst.site.ip.subnet.prefix\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.label\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.mc\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.priority.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.src.site.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.src.site.ip.subnet.broadcast\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.src.site.ip.subnet.mask\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.src.site.ip.subnet.mask_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.src.site.ip.subnet.prefix\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.state.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.svc_provider.tag\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.threshold\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.traffic_class.errors_bw\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.traffic_class.errors_perf\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.pfr.traffic_class.errors_unknown\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.qos.policy.class_hierarchy\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.qos.policy.queue.drops\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.qos.policy.queue.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attack.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attack.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attack.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attack.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attack.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attack.other.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attack.sess_malicious\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attack.side.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attack.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.attacks\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.bytes.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.end.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.flow.close_mode.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.flow.context.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.link.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.package.usage_counter.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.processor.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.report.duration_config\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.report.duration_elapsed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.report.reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.report.timeframe\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.report.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.access\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.bytes.down\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.bytes.up\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.flavor.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.info\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.initiating_side.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.proto_sig.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.svc.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess.zone.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.sess_skip\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.subscriber.counter.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.subscriber.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.subscriber.package.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.subscriber.quota_state.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.subscribers_active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.svc.global_counter.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.svc.sess_agg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.svc.sess_concur\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.svc.sess_seconds\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.svc.subscribers_active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.svc.usage_counter.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.tag\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sc.traffic.processor.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.bytes_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.conn.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.drop_cause.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.overlay_sess_id.egress\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.overlay_sess_id.ingress\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.packets_cloud_express\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.pref_color_not_met.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.pref_color_not_met.value\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.qos.queue.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.sla_not_met.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.sla_not_met.value\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.tloc.local.color\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.tloc.local.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.tloc.overlay_sess_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.tloc.remote.color\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.tloc.remote.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.tloc.tunnel.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sdwan.vpn.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.sess_concur\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.shortcut_router.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.template.param_range_end\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.timestamp_interval\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.trustsec.dst.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.trustsec.dst.sgt\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.trustsec.src.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.trustsec.src.sgt\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.trustsec.switch_derived_sgt\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.variance\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.bytes.optimised\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.bytes.orig\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.conn_mode.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.dre.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.dre.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.lz.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.lz.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.passthru_reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cisco.waas.segment.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.dpi.class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.dpi.src_os\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.dpi.ssl_class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.dst.asset.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.dst.location.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.file_transfer.filename\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.ioc.feed.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.ioc.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.ioc.value\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.ioc.value_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.ips.rule.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.policy.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.policy.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.policy.rule.action.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.policy.rule.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.policy.rule.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.severity.level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.src.asset.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.src.location.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.url.category.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cognitix.url.reputation.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.arch.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.guest.nice.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.guest.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.guest.steal.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.idle.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.interrupt.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.iowait.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.kernel.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.nice.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.softirq.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.steal.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.system.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.user.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.core.util.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.cores\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.guest.nice.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.guest.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.guest.steal.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.idle.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.interrupt.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.iowait.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.kernel.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.load.15min_avg\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.load.15min_avg_norm\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.load.1min_avg\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.load.1min_avg_norm\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.load.5min_avg\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.load.5min_avg_norm\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.model.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.nice.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.softirq.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.steal.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.system.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.user.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.util.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cpu.vendor.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.card.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.card.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.entity.container.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.entity.container.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.entity.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.model\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.os.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.port.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.shelf.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.shelf.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.system.cpu.arch.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.vendor.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"device.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.client.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.client.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.client.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.file\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.flags.bcast\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.hw_addr.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.hw_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.hw_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.leases.active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.leases.avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.leases.expire\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.leases.grace_expire\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.leases.in_grace\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.leases.max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.leases.min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.leases.renew\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.next_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.offer.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.offers.accept\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.offers.sent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.op.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.op.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.class_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.domain_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.impress_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.ip_lease_time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.local_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.log_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.lpr_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.msg_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.msg_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.name_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.param_list\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.quotes_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.rlp_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.router.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.subnet.mask\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.time_offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.opt.time_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.pool.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.pool.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.pool.size.actual\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.pool.size.config\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.relay.hops\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.relay.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.req.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.reqs.decline\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.reqs.grant\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.reqs.timeout\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.server.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dhcp.server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.additional.class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.additional.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.additional.rdata\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.additional.rdlength\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.additional.ttl\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.additional.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.additionals\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.answer.class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.answer.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.answer.rdata\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.answer.rdlength\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.answer.ttl\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.answer.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.answers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.authorities\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.authority.class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.authority.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.authority.rdata\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.authority.rdlength\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.authority.ttl\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.authority.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.hosts_file\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.name_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.opcode.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.payload_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.qr.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.queries\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.query.class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.query.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.rcode.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.svc.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.tid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.upstream_server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dns.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ericsson.nat.context.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ericsson.nat.context.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ericsson.nat.external.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ericsson.nat.external.port.end\",\"type\":\"number\",\"esTypes\":[\"integer\",\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ericsson.nat.external.port.start\",\"type\":\"number\",\"esTypes\":[\"integer\",\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ericsson.nat.internal.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ericsson.nat.timestamp_assign\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ericsson.nat.timestamp_unassign\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.collisions.excess\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.collisions.late\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.collisions.multi_frame\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.collisions.single_frame\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.collisions.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.errors.align.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.errors.alignment\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.errors.carrier_sense\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.errors.crc.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.errors.fcs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.errors.mac.rcv\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.errors.mac.xmit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.errors.sqe_test\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.ether_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.frame.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.frames.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.frames.multi_collision\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.frames.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.frames.pause.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.frames.pause.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.frames.single_collision\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.frames.too_long\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.frames.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.header.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.payload.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.notice\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.severity.code\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.severity.level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"extreme.client.detail_location\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"extreme.client.location\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"extreme.client.nac_profile\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"extreme.metadata\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"extreme.onesided_flow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"extreme.server.location\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.3gpp_params\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.acl.policy.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.acl.policy.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.acl.rule.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.attack.event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.attack.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.attack.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.attack.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.bigip.mgmt.host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.bigip.mgmt.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.bigip.mgmt.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.class_tokens\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.context.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.context.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.drop_reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.dst.geo\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.err_defs_msg_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.flow.transact.end.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.flow.transact.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.flow.transact.start.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.flow.transacts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.flow.transacts_skipped\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.flow.transacts_success\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.flows_concur\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.flows_ended\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.flows_new\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.ip_intel.policy.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.ip_intel.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.ipfix.msg_no\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.last_record_sent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.log.profile_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.msg.drops\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.msg.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.msg.severity.code\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.nat.route_domain\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.partition.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.query.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.record.reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.record.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.report.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.report.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.src.geo\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.subscriber.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.subscriber.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"f5.url.category.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"fastip.bond_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"fastip.bond_mode\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"fastip.bond_nic_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"fastip.meter.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"fastip.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.biflow.direction.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.ip.routed_block\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.k8s.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.k8s.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.k8s.node.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.k8s.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.k8s.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.k8s.pod.labels\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.k8s.pod.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.k8s.pod.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"conflictDescriptions\":{\"integer\":[\"elastiflow-flow-codex-1.4-2022.w16\",\"elastiflow-flow-codex-1.4-2022.w17\"],\"keyword\":[\"elastiflow-flow-codex-1.3-2022.w12\",\"elastiflow-flow-codex-1.3-2022.w13\",\"elastiflow-flow-codex-1.3-2022.w14\",\"elastiflow-flow-codex-1.3-2022.w15\",\"elastiflow-flow-codex-1.3-2022.w16\"]},\"name\":\"flow.client.l4.port.id\",\"type\":\"conflict\",\"esTypes\":[\"integer\",\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"flow.client.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.nat.ip.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.nat.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.nat.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.collect.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.community.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.conversation.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.direction.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.frags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.ip.routed_block\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.cluster.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.cluster.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.cluster.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.node.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.pod.labels\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.pod.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.pod.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.svc.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.k8s.svc.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.l4.untunnel_port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.l4.untunnel_port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.nat.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.nat.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.nat.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.end.reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.end.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.end.time_offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.end.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.error.absolute\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.error.relative\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.engine.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.engine.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.first.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.loc.coord\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.subnet.broadcast\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.subnet.mask\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.subnet.mask_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.subnet.prefix\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.version.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.version.ver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.last.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.orig.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.proc.pid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.sctp.data_record_reliability.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.sctp.stream_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.start.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.tls.cert.certificate\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.version.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.version.ver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.first.rtp.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.first.rtp.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.flow_rate_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.forwarding.reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.forwarding.status.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.frags_short\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.frags_size_diff\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.frags_too_long\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.frags_too_short\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.bytes_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.bytes_sumsqrs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.bytes_total_sumsqrs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.dst.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ip.dscp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ip.ecn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ip.prec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ip.tos.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ipsec.icv\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ipsec.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ipsec.spi\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.k8s.policy.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.k8s.policy.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.k8s.policy.rule.action.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.k8s.policy.rule.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.k8s.policy.rule.priority\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.k8s.policy.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.k8s.policy.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.l2.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.l2.bytes_sumsqrs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.l2.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.l2.bytes_total_sumsqrs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.l2.frames\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.l2.frames_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.l4.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.alias\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif_phys.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.packets_ooo\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.packets_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.qos.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.qos.packets_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.rtp.payload.clockrate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.sec.acl.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.src.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.tcp.option.max_seg_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.tcp.option.window_scale\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.tcp.window.size_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.tcp.window.size_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.c_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.c_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.c_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.c_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.s_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.s_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.s_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.s_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_1.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_1.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_1.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_1.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_2.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_2.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_2.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_2.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_3.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_3.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_3.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_3.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_4.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_4.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_4.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag_4.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vrf.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vrf.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vxlan.vtep.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.isServer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.key_indicator\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.last.rtp.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.last.rtp.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.locality\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.md5_checksum\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.bytes_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.bytes_ignore\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.class.engine.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.class.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.class.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.first.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_select.algo.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_select.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_select.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_select.gap.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_select.gap.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_select.packet\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_select.size.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_select.size.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_timeout.active\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.flow_timeout.idle\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.digest.hash_value\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.digest.output.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.flow_domain\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.func.initializer\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.ip_payload.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.ip_payload.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.observed.range.max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.observed.range.min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.selected.range.max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.hash_select.selected.range.min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.l2.bytes_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.l2.bytes_ignore\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.l2.frames_ignore\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.last.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.common_props\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.conn_duration_sum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.conns\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.domain.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.domain.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.orig_domain.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.orig_domain.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.packets_bcast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.packets_bcast.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.packets_mcast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.packets_ucast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.packets_ucast.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.point.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.point.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packet_select.algo.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packet_select.gap.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packet_select.gap.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packet_select.interval.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packet_select.size.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packet_select.size.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packets_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packets_ignore\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.proc.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.proc.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.proc.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.random_select.population.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.random_select.size.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.records_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.records_ignore\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.select.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.select.id_flow_flags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.select.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.select.observed.flows_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.select.observed.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.select.selected.flows_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.select.selected.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.select.seq_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.uniprob_select.probability\",\"type\":\"number\",\"esTypes\":[\"double\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.virt_observ.domain.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.virt_observ.domain.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.virt_observ.point.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.virt_observ.point.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.net_func.proc.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.as.asn\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.ip.subnet.broadcast\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.ip.subnet.mask\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.ip.subnet.mask_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.ip.subnet.prefix\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.opaque_octets\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.bytes_mcast\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.bytes_mcast_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.bytes_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.dst.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ip.dscp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ip.ecn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ip.prec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ip.tos.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ipsec.icv\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ipsec.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ipsec.spi\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.k8s.policy.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.k8s.policy.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.k8s.policy.rule.action.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.k8s.policy.rule.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.k8s.policy.rule.priority\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.k8s.policy.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.k8s.policy.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.l2.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.l2.bytes_mcast\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.l2.bytes_mcast_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.l2.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.l4.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.mpls.label_stack.exp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.alias\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif_phys.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.packets_mcast\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.packets_mcast_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.packets_ooo\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.packets_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.qos.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.qos.packets_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.rtp.payload.clockrate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.sec.acl.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.src.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.tcp.option.max_seg_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.tcp.option.window_scale\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.tcp.window.size_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.tcp.window.size_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.c_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.c_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.c_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.c_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.s_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.s_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.s_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.s_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_1.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_1.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_1.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_1.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_2.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_2.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_2.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_2.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_3.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_3.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_3.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_3.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_4.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_4.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_4.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag_4.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vrf.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vrf.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vxlan.vtep.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.ip.routed_block\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.cluster.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.cluster.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.cluster.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.node.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.pod.labels\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.pod.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.pod.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.svc.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.k8s.svc.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.l4.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.l4.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.nat.ip.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.nat.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.nat.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.frags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.ip.routed_block\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.k8s.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.k8s.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.k8s.node.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.k8s.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.k8s.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.k8s.pod.labels\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.k8s.pod.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.k8s.pod.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.l4.untunnel_port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.l4.untunnel_port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.nat.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.nat.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.nat.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.start.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.start.time_offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.start.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.sub_template_list\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.sub_template_multilist\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.anonym.flags.lor\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.anonym.flags.pma\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.anonym.flags.sc.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.anonym.tech.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.data_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.pen.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.pen.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.range.end\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.range.start\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.semantic.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.ie.unit.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.option_scope\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.transact.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.treatment.bytes_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.treatment.bytes_drop_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.treatment.packets_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.treatment.packets_drop_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.email.failed_auth_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.email.is_encrypt.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.email.user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.email.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.email.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.mms.pdu_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.mms.req.confirm_svc.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.mms.resp.confirm_svc.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.mms.uncnf.unconfirm_svc.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.sip.rtp.audio\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.sip.rtp.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.sip.rtp.video\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.sip.stats\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.sip.timestamp_bye\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.sip.timestamp_invite_ring\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.sip.timestamp_ok\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.tls.ext_sizes\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.tls.ext_types\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.tls.handshake_duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.voip.packet_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flowmon.voip.packet_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.crs.code.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.altitude\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.area.radius\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.area.shape\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.civic.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.civic.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.host.fqdn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.latitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.longitude\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.locate.method.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.locate.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.region.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.region.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gre.key\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gre.vsid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.c.s5s8.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.c.s5s8.sgw.teid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.c.teid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ext.content\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ext.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ext.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.mobile.apn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.mobile.ggsn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.mobile.rat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.mobile.rnc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.mobile.sgsn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.msg.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.msg.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.n_pdu\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.pdn.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.proto_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.rai.cell.lac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.rai.cell.rac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.rai.lac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.rai.mcc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.rai.mnc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.rai.rac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.req.msg.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.resp.cause.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.resp.msg.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.teid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.tid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.u.s1u.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.u.s1u.teid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.u.s5s8.pgw.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.u.s5s8.pgw.teid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.u.s5s8.sgw.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.u.s5s8.sgw.teid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.u.teid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.imei\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.imsi\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.info\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.msisdn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.user.fullname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.user.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.ue.subscriber.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.uli.cell.ci\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.uli.cell.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.uli.cell.lac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.uli.cell.tac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.uli.mcc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.uli.mnc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.uli.sac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gtp.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"icmp.code.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"icmp.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"igmp.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"inria.flow.export.device.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.dscp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.ecn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.frag.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.frag.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.frag.offset\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.fwd.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.header.sample\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.header.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.packet.sample\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.packet.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.payload.sample\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.payload.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.ttl\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.ttl_max\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.v4.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.v6.extension_headers\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.v6.flow_label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.v6.next_header.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.version.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.version.ver\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ipsec.icv\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ipsec.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ipsec.spi\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"iptables.conntrack_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"iptables.mark\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ixia.dns.answer.classes\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ixia.dns.answer.names\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ixia.dns.answer.rr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ixia.dns.query.names\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ixia.dns.txt.rdata\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ixia.encrypt.key_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ixia.encrypt.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ixia.http.session\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ixia.req.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.bytes_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.bytes_drop_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.frame.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.frame.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.section.offset\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.section.sample\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.section.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.segment.encap.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.segment.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.network.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.network.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.oneway.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.oneway.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.req.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.req.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.resp.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.resp.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.rndtrip.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.sess_closed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.sess_duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.sess_refused\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.sess_unresp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.session.established\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.session_scope\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.svc.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.svc.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.transact.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.transact.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l7.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.dst.email.addrs_rcvd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.dst.email.addrs_sent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.dst.email.msg_trys_rcvd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.dst.email.msg_trys_sent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.dst.email.msgs_rcvd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.dst.email.msgs_sent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.flow_initiator.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.src.email.addrs_rcvd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.src.email.addrs_sent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.src.email.msg_trys_rcvd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.src.email.msg_trys_sent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.src.email.msgs_rcvd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.src.email.msgs_sent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"lancope.trustsec.src.sgt\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.app.match_level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.dst.geo\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.src.geo\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tls.client_cips\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tls.server_cips\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.dst.geo\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.icmp.code.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.icmp.code.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.icmp.type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.icmp.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.ip.ttl\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.outer_dst.geo\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.outer_src.geo\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.src.geo\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.tcp.flags.bits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.tcp.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.teredo.headers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.teredo.trailers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"masaryk.tunnel.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mcast.replica_factor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mcast.v4.rsvd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mcast.v6.scope.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mcast.v6.scope.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mcast.v6.transient\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mef.evc.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.avail.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.avail.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.buffers.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.buffers.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.cached.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.cached.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.commit.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.commit.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.free.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.free.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.total.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.used.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.used.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.util.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.util.bytes_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.util.pct\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mem.util.pct_max\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.apn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.ggsn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.network.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.plmn.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.rat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.rnc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.sgsn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.uli.cell.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.uli.loc.info\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.uli.region.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mobile.uli.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.ip_vpn.route_dist.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.ip_vpn.route_dist.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.ip_vpn.route_dist.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.ip_vpn.route_dist.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.ip_vpn.route_dist.subfield\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.ip_vpn.route_dist.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.label_stack.exp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.label_stack.label.next_hop.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.label_stack.label.subnet.mask_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.label_stack.label.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.label_stack.labels\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.label_stack.sample\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.label_stack.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.label_stack.ttl\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.payload.sample\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mpls.payload.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.connector_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.custom_data\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.date_time\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.directionality\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.email.from\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.email.message_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.email.orig_date\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.email.recipients\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.email.references\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.email.subject\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.email.to\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.email.trace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.encrypt.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.event_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.internal_message_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.linked_msgid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.log_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.message_info\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.network_message_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.original_client_ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.original_server_ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.partner_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.priority\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.recipient_report_status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.recipient_status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.related_recipient_address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.schema_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.service_version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.source\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.source_context\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.tenant_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.total_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"msexch.transport_traffic_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.answer\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.auth.method\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.client.capability.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.cmd.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.cmd.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.db.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.error.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.error.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.proto.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.query\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.server.capability.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.server.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.svc.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.user.authenticated\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"mysql.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.entries_bib_max\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.entries_peruser_max\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.entries_session_max\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.frags_pend_reassembly_max\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.inst.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.inst.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.ip_pool.high\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.ip_pool.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.ip_pool.low\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.ip_pool.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.port_map.high\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.port_map.low\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.port_map.peruser_global_high\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.port_map.peruser_high\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.quota_exceed_event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.realm.external.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.realm.internal.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.realm.origin.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.src_ports_limit\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.subscribers_max\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.thresh_event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nat.vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.bandwidth.bw\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.bw.util.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.bw.util.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.byte_rate.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.byte_rate.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.bytes.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.direction.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.driver.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.driver.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.buffer.rcv.overflows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.buffer.xmit.overflows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.collisions.excess\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.collisions.late\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.collisions.multi_frame\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.collisions.single_frame\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.collisions.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.deferred_tx\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.align.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.alignment\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.carrier_sense\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.crc.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.fcs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.mac.rcv\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.mac.rx\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.mac.tx\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.mac.xmit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.sqe_test\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.sqetest\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.symbol\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.events.drop.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.frames.multi_collision\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.frames.pause.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.frames.pause.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.frames.single_collision\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.frames.too_long\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.1024_1518_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.128_255_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.1519_2047_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.2048_4095_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.256_511_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.4096_9216_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.512_1023_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.65_127_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.9217_16383_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.bcast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.fragment.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.jabber.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.mcast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.oversize.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.to_64_bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.packets.undersize.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.xmits.deferred\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.firmware.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ip.subnet.broadcast\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ip.subnet.mask\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ip.subnet.mask_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ip.subnet.prefix\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.lag.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.mtu\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packet_rate.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packet_rate.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packet_size.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packet_size.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.bcast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.bcast.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.discard.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.discard.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.error.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.error.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.error.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.mcast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.mcast.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.ucast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.ucast.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.unkproto.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.promisc_mode.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.state.admin.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.state.oper.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.app.incarnations\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.app.start_duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.app.template.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.client.conn.core_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.client.conn.transact.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.embed_obj.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.embed_obj.size_orig\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.embed_obj.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.embed_obj.url.ref\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.combined\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.decrease\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.images_inlined\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.import_to_link\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.increase\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.inlined\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.minified\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.moved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.optimized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.css.scanned\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.gif.converted_png\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.gif.converted_webp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.gif.decrease\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.gif.increase\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.gif.optimized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.gif.scanned\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.html.decrease\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.image.decrease\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.image.increase\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.image.inlined\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.image.lazy_loaded\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.image.optimized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.image.scanned\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.image.shrinked\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.jpeg.converted_jpegxr\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.jpeg.converted_webp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.jpeg.decrease\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.jpeg.increase\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.jpeg.optimized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.jpeg.scanned\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.js.decrease\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.js.increase\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.js.inlined\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.js.minified\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.js.moved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.js.optimized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.js.scanned\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.lazy_load.script_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.object.decrease\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.object.increase\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.object.optimized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.object.scanned\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.png.converted_jpegxr\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.png.converted_webp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.png.decrease\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.png.increase\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.png.optimized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.co.main_page.png.scanned\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.conn.chain.hops\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.conn.chain.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.conn.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.db.client.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.db.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.db.login_flags.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.db.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.db.query\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.db.req.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.db.resp.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.db.resp.status.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.db.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.flow.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.access_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.app.module_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id1.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id1.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id2.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id2.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id3.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id3.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id4.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id4.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id5.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.channel.id5.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.client.device.serial_no\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.client.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.client.host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.client.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.client.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.client.launcher.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.client.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.client.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.clientside.bytes_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.clientside.l7.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.clientside.ns_svc.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.clientside.packets_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.clientside.retrans_timeouts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.clientside.tcp.rndtrip.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.clientside.tcp.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.clientside.tcp.rndtrip.latency_smooth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.clientside.tcp.window_zeros\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.conn.priority\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.host.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.launch_mechanism.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.msi_client.cookie\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.network_update.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.network_update.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.probe.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.bytes_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.l7.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.ns_svc.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.packets_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.retrans_timeouts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.rndtrip.latency_client\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.tcp.rndtrip.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.tcp.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.tcp.rndtrip.latency_fb\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.tcp.rndtrip.latency_lb\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.tcp.rndtrip.latency_smooth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.serverside.tcp.window_zeros\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.sess.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.sess.guid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.sess.reconnects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.sess.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.sess.update.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.sess.update.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.ica.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.license.max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.license.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.license.used\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.main_page.core_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.main_page.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.syslog.msg\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.syslog.pri\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.syslog.timestamp\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.transact.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netscaler.vpn.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"niagra.radius.authenticator\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"niagra.radius.packet_identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.aa.anl.congestion.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.aa.anl.topology.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.aa.anl.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.aa.charging.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.aa.record.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.aa.session.direction.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.aa.subscriber.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.av.mos\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.bsid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.charging.characteristic\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.confidence.abrs\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.confidence.audio\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.confidence.encrypt\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.confidence.esni\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.confidence.realtime_comm\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.confidence.subscriber_download\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.confidence.subscriber_upload\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.confidence.video\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.customer.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.av_sync\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.codec\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.codec_quant\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.codec_quant_encode_bw\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.echo\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.frame_present_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.frame_resolution\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.gop_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.net_bw\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.noise\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.packet_discard\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.packet_loss\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.recency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.degrade_factor.signal\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.frame.interval_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.frame.jitter_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.i_frame.jitter_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.ip.family.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.mos.ref.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.nat.sub_string\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.nat.svcid.inside\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.nat.svcid.outside\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.pgw_ggsn.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.ppdvm\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.rtp.audio.bw_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.rtp.audio.bw_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.rtp.audio.channels\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.rtp.ref_clock.freq\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.rtp.rtt.latency_source.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.rtp.video.bw_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.rtp.video.bw_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.rtp.voice.bw_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.session.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.session.end.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.session.start.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.sgw_sgsn.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.snr_max\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.ssrc\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.timezone.dst\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.timezone.offset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.video.mos_abs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.video.mos_rel\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"nokia.vstq\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.app.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.bittorrent_hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.client.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.dhcp.remote_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.dhcp.subscriber_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.called_party\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.called_station_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.calling_party\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.calling_station_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.clr.cancel_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.clr.cancel_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.clr.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.framed.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.hop_by_hop.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.pdp.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.req.origin.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.req.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.req.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.req.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.resp.code.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.resp.code.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.resp.code_exp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.resp.origin.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.resp.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.resp.vendor.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.resp.vendor.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.served.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.diameter.subscriber.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.down.sess.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.down.tunnel.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.dst.as_map\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.entropy.client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.entropy.server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.flow_server\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.hassh.client.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.hassh.server.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.icmp.type_cumulative\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.in.c2s.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.in.src.osi.sap\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.netbios.query\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.netbios.query_os\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.netbios.query_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.netbios.resp\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.nprobe.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.out.c2s.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.out.src.osi.sap\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.packet_vector\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.payload_hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.plugin\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.rtp.dtmf_tones\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.rtp.sip.call_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.enb.ue.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.enb_mme.cause.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.enb_mme.cause.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.enb_mme.detailed_cause.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.enb_mme.detailed_cause.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.enb_mme.msg.emm_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.enb_mme.msg.emm_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.enb_mme.msg.esm_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.enb_mme.msg.esm_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.mme.ue.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.mme_enb.msg.emm_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.mme_enb.msg.emm_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.mme_enb.msg.esm_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.s1ap.mme_enb.msg.esm_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.seq_plen\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.seq_plen_hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.seq_tdiff\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.seq_tdiff_hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.server.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.call_state.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.call_state.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.rtp.codecs\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.rtp.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.rtp.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.rtp.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.rtp.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.rtp.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.rtp.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.timestamp_bye\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.timestamp_bye_ok\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.timestamp_cancel\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.timestamp_cancel_ok\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.timestamp_invite\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.timestamp_invite_failure\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.timestamp_ok\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.timestamp_ringing\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.sip.timestamp_trying\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.src.as_map\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.ssdp.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.tls.cipher_safety\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.untunnel.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.untunnel.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.untunnel.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.untunnel.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.untunnel.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.untunnel.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.untunnel.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.up.sess.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.up.tunnel.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ntop.whois_das_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"openflow.datapath.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"openflow.port.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"openflow.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"oracle.query\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"oracle.resp.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"oracle.resp.latency\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"oracle.resp.msg\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"oracle.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"oracle.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"origin.host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"os.arch\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"os.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"os.codename\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"os.distro\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"os.family\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"os.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"os.kernel.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"os.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"os.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.auth.method.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.client.msg_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.client.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.db.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.error.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.error.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.error.severity.code\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.error.severity.level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.proto.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.query\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.server.msg_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.server.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pgsql.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pim.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pim.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pmacct.tag1\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pmacct.tag2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pmacct.tag3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pmacct.tag4\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pppoe.code.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pppoe.sess.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pppoe.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.cmd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.cmdline\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.end.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.group.gid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.cmd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.cmdline\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.end.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.group.gid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.pid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.start.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.parent.wd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.cmd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.cmdline\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.end.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.group.gid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.pid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.start.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pgroup.wd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.pid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.cmd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.cmdline\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.end.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.group.gid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.pid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.start.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sess.wd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.sig.value\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.start.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"proc.wd\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pwire.cntrl_word.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pwire.cntrl_word.frag_flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pwire.cntrl_word.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pwire.cntrl_word.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pwire.cntrl_word.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pwire.cntrl_word.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pwire.conn.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pwire.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pwire.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"redsocks.dst.orig.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"redsocks.dst.orig.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"redsocks.dst.orig.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"redsocks.src.orig.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"redsocks.src.orig.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"redsocks.src.orig.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.cfe.inpath.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.cfe.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.cfe.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.fe_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.outer.inpath.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.outer.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.outer.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.passthru_reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.sfe.inpath.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.sfe.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.sfe.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"riverbed.wan_visibility.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.cntrl_packet_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.records\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.dlsr\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.highest_seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.jitter_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.jitter_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.jitter_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.jitter_samples\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.jitter_sum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.loss_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.lsr\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.packets_lost\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.report.ssrc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.sr.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.sr.ntp.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.sr.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.sr.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.ssrc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.conceal_duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.conceal_duration_buff_adj\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.conceal_method.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.concealed_secs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.meas_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.packets_concealed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.packets_severe_concealed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.packets_silent\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.packets_unimpaired\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.playout_duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.playout_interrupt_duration_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.playout_interrupts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.scs_thresh\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.severe_concealed_secs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.ssrc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.audio_conceal.unimpaired_secs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.duration_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.duration_avg_packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.duration_sum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.duration_sumsqrs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.duration_var\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.packet_loss_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.packets_discard\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.packets_discard_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.packets_expected\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.burst.packets_lost\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.bursts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.gap.duration_avg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.gap.duration_avg_packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.gap.packet_discard_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.gap.packet_loss_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.gaps\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.gmin\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.burst_gap.ssrc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.burst.density\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.burst.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.discard_rate\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.gap.density\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.gap.duration\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.gmin\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.jb_delay_abs_max\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.jb_delay_max\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.jb_delay_nom\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.loss_rate\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.mos\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.mos_cq\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.mos_cq_avg\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.mos_cq_total\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.mos_lq\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.mos_lq_avg\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.mos_lq_total\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.network.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.noise\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.r_factor\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.r_factor_avg\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.r_factor_burst\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.r_factor_cq\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.r_factor_external\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.r_factor_gap\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.r_factor_lq\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.r_factor_nom\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.r_total\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.rerl\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.rndtrip.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.rx.config\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.rx.jb_rate\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.rx.jba.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.rx.plc.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.signal\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.snr\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtcp.xr.voip.ssrc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.bytes_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.csrc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.csrcs\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.flag.ext\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.flag.marker\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.interval\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.packets_discard\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.packets_discard_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.packets_lost\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.packets_lost_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.packets_ooo\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.packets_ooo_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.payload.clockrate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.payload.codec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.payload.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.seq_num\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.ssrc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"rtp.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.base_svc.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.content_category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.external.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.external.qoe.in\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.external.qoe.out\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.external.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.flow_behavior\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.internal.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.internal.qoe.in\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.internal.qoe.out\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.internal.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.local.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.property\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.remote.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.remote_geoip\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.subscriber.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.subscriber.location_info\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.svc.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.svc_object\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sandvine.template.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.action.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.action.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.fw.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.fw.packets_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.policy.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.policy.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.reason.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.rule.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.rule.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.rule.set.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.rule.set.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.sign.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.sign.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.zone.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.pen.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.pen.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample.header_proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.source_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.source_id_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sub_agent_id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.app.attr_bit_mask\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.app.bwm_attr\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.app.content_type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.app.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.app.risk_attr\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.app.sig_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.app.tech_attr\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.aspy.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.aspy.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.aspy.prod.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.aspy.prod.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.aspy.sig.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.column.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.column.ipfix_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.column.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.column.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.db.proc.mem.commit.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.gav.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.gav.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.gav.sig.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.internal_flags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.ips.cat.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.ips.cat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.ips.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.ips.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.ips.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.ips.sig.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.media.proto.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.media.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.media.type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.media.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.mem_flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.mem_per_flow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.netif.conn_rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.netif.mode.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.netif.mode.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.netif.security_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.netif.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.option\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.proto.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.rating.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.rating.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.spam.flow_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.spam.from\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.spam.sess_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.spam.spammer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.spam.time_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.spam.to\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.spam.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.spyware.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.svc.ip.type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.svc.ip.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.svc.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.svc.port_begin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.svc.port_end\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.table.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.template.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.top_apps.appname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.top_apps.rate\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.top_apps.sigid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.url.flow_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.url.rating_val1\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.url.rating_val2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.url.rating_val3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.url.rating_val4\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.url.time_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.user.auth_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.user.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.virus.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.voip.flow_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.voip.time_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.auth_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.encrypt_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.end.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.local.gw.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.policy_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.proto_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.remote.gw.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.start.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.tunnel.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.tunnel.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sonicwall.vpn.tunnel.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ssh.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.call_direction.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.in.codec.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.in.codec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.net_delay\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.net_discard\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.net_jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.net_loss\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.out.codec.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.out.codec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_1.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_1.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_10.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_10.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_2.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_2.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_3.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_3.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_4.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_4.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_5.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_5.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_6.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_6.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_7.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_7.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_8.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_8.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_9.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.rule_9.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"streamcore.wan.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"subscriber.imei\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"subscriber.imsi\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"subscriber.msisdn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"subscriber.roam.state.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"subscriber.tether.state.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.ack_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.ack_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.acks\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.bad_flags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.bad_flags_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.bad_noack\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.bad_noflag\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.bad_rst\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.bad_synfin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.bad_urg\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.bad_xmas\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.bytes_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.cwnd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.fin_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.fins\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.flags.bits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.frags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.frags_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.handshake.cnd.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.handshake.cnd.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.handshake.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.handshake.snd.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.handshake.snd.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.header.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.mss.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.mss.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.network.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.network.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.option.max_seg_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.option.window_scale\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.packet.direction.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.packet_rate_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.packets_lost\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.packets_ooo\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.packets_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.packets_unack\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.path_mtu\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.psh_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.pshs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.req.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.req.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.resp.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.resp.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.rndtrip.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.rndtrip.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.rst_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.rsts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.rto.algo.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.rwnd\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.svc.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.svc.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.syn_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.syn_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.syn_ttl\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.synack_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.synacks\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.syns\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.transact.jitter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.transact.latency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.urg_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.urgent_pointer\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.urgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.window.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.algo.auth\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.algo.block_cipher\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.algo.key_exch\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.algo.msg_auth\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.algo.stream_cipher\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.certificate\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.alpn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.auth_key_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.basic_constraints\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.cert_policies\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.crl_dist_points\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.ext_key_usage\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.fresh_crl\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.inhibit_any_policy\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.issuer_alt_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.key_usage\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.logotype\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.name_constraints\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.policy_constraints\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.policy_maps\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.priv_key_usage_period\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.subject_alt_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.subject_directory_attr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.subject_key_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.thumbprint\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.ext.thumbprint_algo\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.c\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.cn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.dc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.dn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.dnq\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.e\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.l\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.o\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.ou\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.pc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.serialnumber\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.st\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.street\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.issuer.dn.unique_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.pkix.auth_info_access\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.pkix.subject_info_access\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.serial_num\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.sign.algo.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.sign.signature\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.algo.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.c\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.cn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.dc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.dn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.dnq\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.e\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.l\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.o\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.ou\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.pc\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.serialnumber\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.st\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.street\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.dn.unique_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.pub_key.algo.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.pub_key.exponent\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.pub_key.key\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.pub_key.modulus\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.pub_key.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.subject.unique_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.valid.not_after\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.valid.not_before\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cert.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cipher_suites.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.cipher_suites.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.compress_method.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.content_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.ec_curve.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.ec_point.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.handshake.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.heartbeat.mode.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.heartbeat.payload\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.heartbeat.payload_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.heartbeat.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.heartbeat.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.ja3\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.key_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.random\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.sess_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.sni\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.sni_size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tls.version.ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"trammell.sip.client.transaction_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"trammell.sip.server.transaction_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.ip.routed_block\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.client.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.ip.routed_block\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ethernet.ether_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ethernet.frame.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ethernet.header.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ethernet.payload.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.dscp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.frag.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.frag.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.frag.offset\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.fwd.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.packet.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.ttl\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.v4.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.v6.extension_headers\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.v6.flow_label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.v6.next_header.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.version.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.version.ver\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.l2.frame.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.l2.frame.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.l4.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.l4.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.ip.routed_block\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.l4.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.l4.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.server.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.ip.routed_block\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.ack_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.flags.bits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.header.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.option.max_seg_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.option.window_scale\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.urgent_pointer\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.window.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.udp.checksum\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.udp.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.c_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.c_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.c_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.c_tag.pcp.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.c_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.ether_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.ether_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.s_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.s_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.s_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.s_tag.pcp.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.s_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.tag.pcp.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"udp.checksum\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"udp.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.bw_util_100ms_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.bw_util_100ms_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.bw_util_10ms_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.bw_util_10ms_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.bw_util_ms_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.bw_util_ms_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.bw_util_sec_max\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.bw_util_sec_min\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.flow.biflow.direction.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_interval_expval\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_interval_hist\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_interval_sum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_interval_sumsqrs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_interval_var\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_length_expval\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_length_hist\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_length_sum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_length_sumsqrs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_length_var\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packet_payload\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"uninett.packets_reordered\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.fullname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.host.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.flow.biz_policy.rule.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.flow.firewall_policy.rule.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.flow.next_hop.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.flow.packets_fec_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.flow.packets_fec_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.flow.packets_lost_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.flow.packets_retrans\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.link.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.link.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.netif.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.dst.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.jitter_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.jitter_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.latency_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.latency_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.packet_loss_in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.packet_loss_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.packets_lost_out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.route_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.path.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.policy.link_select_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.policy.traffic_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.primary.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"velocloud.priority.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"viptela.app.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"viptela.app.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"viptela.vpn.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"viptela.vpn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"virt.guest.state.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.b_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.b_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.b_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.b_tag.pcp.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.b_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.c_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.c_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.c_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.c_tag.pcp.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.c_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.ether_type.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.ether_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.pbb.cust.dst.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.pbb.cust.src.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.pbb.i_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.pbb.i_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.pbb.i_tag.sid\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.pbb.i_tag.uca\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.pbb.tci\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.s_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.s_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.s_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.s_tag.pcp.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.s_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.tag.pcp.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.alg.cntrl_flow.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.alg.cntrl_flow.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.alg.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.flow.in.netif.iface_attr.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.flow.out.netif.iface_attr.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.rule.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.sess_flags.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tenant.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tenant.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tenant.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tenant.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tenant.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tenant.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tenant.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tunnel.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tunnel.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tunnel.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tunnel.key\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tunnel.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tunnel.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tunnel.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tunnel.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.tunnel.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.vif.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.vif.uuid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.vm.uuid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.vnic.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.vxlan.export_role.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vmware.vxlan.export_role.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vpn.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vpn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vrf.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vrf.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.gpe.next_proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.vni\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.vtep.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.vtep.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.vtep.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.afd.bytes_accept\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.afd.bytes_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.afd.packets_accept\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.afd.packets_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.channel\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.ssid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.sta.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.sta.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.wtp.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ziften.agent.guid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ziften.proc.sig.algo_char\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"elastiflow-flow-codex-*"},"id":"elastiflow-flow-codex-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2022-04-25T18:49:13.829Z","version":"WzI0NDMzLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLANs Ingress and Egress (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs Ingress and Egress (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress VLAN\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.out.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"01b37df0-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEwNSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (records) - tag cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.flags.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false}}"},"id":"0262fbf0-3df7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEwNiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Recon Port Scan (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"028aac60-c490-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T12:42:25.463Z","version":"WzIxMTA5LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Exporters (records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exporter\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"02ed6c40-3d34-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEwNywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Layer-4 Protocol Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Layer-4 Protocol Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"l4.proto.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Layer-4 Protocols\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"051bf440-3e61-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEwOCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"tcp.flags.bits\":[63,127,255]}}]},\"meta\":{\"alias\":\"TCP X-Mas Flags\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"tcp.flags.bits\\\":[63,127,255]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP X-Mas Flags - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP X-Mas Flags - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"058ea560-c413-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T10:50:28.942Z","version":"WzE5NjE1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: DHCP Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND NOT flow.dst.ip.addr: 255.255.255.255 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"05a49fb0-9b95-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T18:15:27.685Z","version":"WzIzODExLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Options (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Options (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.options.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Option\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0625de60-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEwOSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Flow Records","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [**Flow Records**](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"06d52ff0-3d43-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:46:21.918Z","version":"WzY4NDAsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/VLAN (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/VLAN (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"fcb8f380-6d76-11eb-bbbf-d3d457f1cd90\",\"type\":\"math\",\"variables\":[{\"id\":\"00fa94d0-6d77-11eb-bbbf-d3d457f1cd90\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"0b4d1930-6d77-11eb-bbbf-d3d457f1cd90\",\"type\":\"math\",\"variables\":[{\"id\":\"0e36cba0-6d77-11eb-bbbf-d3d457f1cd90\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top VLANs\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"vlan.tag.id\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"vlan.tag.id: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"07262240-3f08-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzExMSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Threats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [**Threats**](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:51:15.837Z","version":"WzY4OTEsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Threats (DDoS TCP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (DDoS TCP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [**DDoS TCP**](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"d3f5df40-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T12:47:12.692Z","version":"WzIxMjEzLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Logo","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Logo\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[![ElastiFlow](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAAAgCAYAAADKbvy8AAAFXWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS41LjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgogICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iCiAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyIKICAgIHhtbG5zOnBob3Rvc2hvcD0iaHR0cDovL25zLmFkb2JlLmNvbS9waG90b3Nob3AvMS4wLyIKICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIgogICAgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIKICAgZXhpZjpQaXhlbFhEaW1lbnNpb249IjExMiIKICAgZXhpZjpQaXhlbFlEaW1lbnNpb249IjMyIgogICBleGlmOkNvbG9yU3BhY2U9IjEiCiAgIHRpZmY6SW1hZ2VXaWR0aD0iMTEyIgogICB0aWZmOkltYWdlTGVuZ3RoPSIzMiIKICAgdGlmZjpSZXNvbHV0aW9uVW5pdD0iMiIKICAgdGlmZjpYUmVzb2x1dGlvbj0iNzIuMCIKICAgdGlmZjpZUmVzb2x1dGlvbj0iNzIuMCIKICAgcGhvdG9zaG9wOkNvbG9yTW9kZT0iMyIKICAgcGhvdG9zaG9wOklDQ1Byb2ZpbGU9InNSR0IgSUVDNjE5NjYtMi4xIgogICB4bXA6TW9kaWZ5RGF0ZT0iMjAyMC0xMS0yOVQwOTo1NzoyNiswMTowMCIKICAgeG1wOk1ldGFkYXRhRGF0ZT0iMjAyMC0xMS0yOVQwOTo1NzoyNiswMTowMCI+CiAgIDxkYzp0aXRsZT4KICAgIDxyZGY6QWx0PgogICAgIDxyZGY6bGkgeG1sOmxhbmc9IngtZGVmYXVsdCI+bG9nby1raWJhbmE8L3JkZjpsaT4KICAgIDwvcmRmOkFsdD4KICAgPC9kYzp0aXRsZT4KICAgPHhtcE1NOkhpc3Rvcnk+CiAgICA8cmRmOlNlcT4KICAgICA8cmRmOmxpCiAgICAgIHN0RXZ0OmFjdGlvbj0icHJvZHVjZWQiCiAgICAgIHN0RXZ0OnNvZnR3YXJlQWdlbnQ9IkFmZmluaXR5IERlc2lnbmVyIChOb3YgIDYgMjAyMCkiCiAgICAgIHN0RXZ0OndoZW49IjIwMjAtMTEtMjlUMDk6NTc6MjYrMDE6MDAiLz4KICAgIDwvcmRmOlNlcT4KICAgPC94bXBNTTpIaXN0b3J5PgogIDwvcmRmOkRlc2NyaXB0aW9uPgogPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KPD94cGFja2V0IGVuZD0iciI/PnTRx9oAAAGCaUNDUHNSR0IgSUVDNjE5NjYtMi4xAAAokXWRzytEURTHPzPIZEaEhQU1aVgNDWpio8wk1KRpjDLYzLz5pebH672RZKtspyix8WvBX8BWWStFpGRlYU1smJ7zZtRI5tzOPZ/7vfec7j0XrOGMktXrPZDNFbTQpM85H1lwNj5jpxsbXtqiiq6OB4MBatrHHRYz3vSbtWqf+9fs8YSugMUmPKaoWkF4SjiwWlBN3hbuUNLRuPCpsFuTCwrfmnqswi8mpyr8ZbIWDvnB2irsTP3i2C9W0lpWWF6OK5tZUX7uY77EkcjNzUrsEe9CJ8QkPpxMM4FfejLIqMxe+hliQFbUyPeU82fIS64is8oaGsukSFPALeqKVE9ITIqekJFhzez/377qyeGhSnWHDxqeDOOtFxq3oFQ0jM9DwygdQd0jXOSq+fkDGHkXvVjVXPvQsgFnl1UttgPnm9D5oEa1aFmqE7cmk/B6As0RaL+GpsVKz372Ob6H8Lp81RXs7kGfnG9Z+gZ7umfvslRXWQAAAAlwSFlzAAALEwAACxMBAJqcGAAABntJREFUaIHtmmmMFVUWx381isYtRGRajRqIQ8gkJqMx4/7Ujk6gERxMHDWj4IIbYhT9ov+JGo3K5IAicRnHcVdmFJfGdiHu4ZnQ4tYIxI1WkZYoPXSDadAWl+6eD+cWXbx57/XyXrUk1j+p1LvnnnvrVJ17z3ZfVLukp4d08M98LpqR0twZAn6T0rw/ALNSmjtDAmkp8O58LvoqpbkzJJCGAjsBS2HeDEWQhgJvz+ei9SnMm6EIqq3ATcCtVZ4zQxnsWKZvHLBmgPN15nPRxsGLk2GgKKfANflc9OmQSZJhUEgrCs0wRCi3A1OFmY0DDijRvVrS4sB3OoCkJ4dQtvOBVkmLQnsP4PQS7JskPWVmNcDJwHJJTUMk6i+nQOBKoK5E31PA4vB7NhABVVegmU0A1hf54PcDjcCi0K4JtGJYjcs7JvD8HfhVKDDGkXj0mkRhOy0sCtfJBfSLgNYi/C8AVxXQfkxBrn6jnAKH1y7pGdGPOTryuairAhmaJX1TwfiqQ9J9Jbo2Sfp4SIXpA+UU+G4/xjcDB1VJln7DzP4E/BXfvaOBT4HbJD2a4NkVuAyYCPwBeB94BbgtjLkRN82HmtkTwEZJl4SxjcAHki6ukrxnANODHFuAZcAsSW+F/t2DbJ9ImpYYNxy3ECslzUjQ9wr0dyuNQq/P56KfK5xjQDCzHYC78Dz1PeBhYCTwiJn9JcF6B17Si4D5wG7A1cAewDBgn8C3M/BbIGltDqdKC9PM5gMLgByQBz4DJgGNZnYlgKRvgW5gqpntmRh+EnAMcEFQZowJwBHA6kp84AdUJ7BoMrPuRPtpSSrFLKnLzOqAtZK6AMzsATxwmA48HVhrge+B8ZI6A9++ktqBdjObCGwGlkoq9IGlkDOzwne+UFJHMWYzmwZMAZ4FZkj6OtAPAh4H5pjZG5KWAQtxZdWFPoBTgPV4EDUBXwjQ67MXVrIDr8vnou6+2frEx/hiiK8+TzEkrQmKHGFmfwQOxAOfMQm2Z4BdgHnB5CBpXYWyjgSOKriGleG/EA9ypsXKC3J8CFyOu7Cpgbww3CcCmNlOuNL+jVfEJgf6MGA80CSpZbA7sAlfVdXAlIEGMWZ2JjAH2C+QfsA/ZGeC7RZgLB5Rnm1m9wA3lNot/USDpLP6KWMEHIr70mLlxbeAHuAQ8EVpZsuAuuAmTsDNfQNecDkvKO9YYDhB4YPdgdfmc1FaJ/llEXK3/wAf4kHMSNy/bUjySVovaTL+IV4HrgBWhI+QRJSGnJJ6gDbc/BXDyPDs5MlNPbAXvrNPAf6L56P1uNJqcf8Z85ZV4GFhsmLXywN8n0qxc+L3ueF+nqS3JW0AjscDkf+DpMWSJgG3A6OAOND5HvgO+F2KsuaB/c1sUhG+88O9MUGrD/eJuJ97VlI38Cael/459H0kaRWUTyM6huhk4XAz21xA645DbOBr4OgQijfQu9Ommtk8YE/87xtb4sHBfD2Hm6nngbX4igf4ErYGQ43AuDDPE8A74YMNBrGPqzOzRyWtBP6G75jHQqB1N77QLsVLcyuBe+IJJK0ys4+Ac4B9cT+OpG4zawBODfSb4jHbQzH7JXwVJq98oj9Oqhfg+ZvhCjFcmevC9UZizO64T7wZWAFsBM4CnpOUXPHTgc9x87oU9zmDgqQ1wGt4+vFgoK3FA5GvwjOaw/udGeSdLKmwkrMQV1IHbvpj1Ad6zAP8sqW0m+hVTiG2VnYkPWxmr+J51DpJm8xsNHAc7itWAC+G38PDmM34Ttgb94E1wAuSPk8+RNIXwBgzG4u7jDgIOg1XeoxWfPV/2cc7jccDl70Tz1hqZofgZv5g3FI0SXqzxBz/wIsObZJ+StDzQYYuSctjYlTmb4Vjs/PA7R/bgwnNUAHKmdDRtUu2bs4N+NaP866f87noCxp6RgE7BVorLW0RveZjCzNr1lZb4AzbotwOfAV3uqtwxd0a2s3ANTT0/B4PAJqB5XguNj/Bc0F6YmeI0Z8gZgHwLb0K+RGv5N8C7BBod9HSNgrPU8ADgLlVlDNDCfSlwC7geuAGemt+/8q3MwKP1MBrkLPZtrA9h5k1Q3Uo+6tGXwp8KPBMCe1OPGl+gN4S1Fxa2g4GTgztVuDOKsuZoQTKKfAnPFebS6+vvCPfzoGEijnQDsxj29LaLGbWJIvKGVJEOQU+jtc9Tw3tDvwEoD7BM5uWtjihBmgB7q22kBlK43/m1ycy1u1O3AAAAABJRU5ErkJggg==)](https://www.elastiflow.com)\"}}"},"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzExNSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Threats (DDoS TCP) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (DDoS TCP) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"7f67f8d0-c479-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T09:24:24.925Z","version":"WzE4OTI5LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP Half-Open Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Half-Open Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":50000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"TCP\\\" AND tcp.flags.bits: 2 AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Half-Open Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"100dff50-c485-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T11:19:23.121Z","version":"WzIwMDcxLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP X-Mas Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP X-Mas Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"tcp.flags.bits: 63 OR tcp.flags.bits: 127 OR tcp.flags.bits: 255\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"X-Mas Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"216d4fc0-c481-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T10:54:59.645Z","version":"WzE5NzQ4LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP null Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP null Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"TCP\\\" AND tcp.flags.bits: 0\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"null Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"15622970-c482-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T10:55:16.086Z","version":"WzE5NzYzLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP URG Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP URG Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"tcp.flags.tags: \\\"URG\\\" \",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Urgent Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"f5946090-c481-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T10:55:34.771Z","version":"WzE5Nzc3LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":7,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"8acef510-c466-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T10:52:16.939Z","version":"WzE5NjYxLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sources (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":7,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a89d1d60-c466-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T10:52:36.950Z","version":"WzE5Njc2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"tcp.flags.tags\":\"URG\"}}]},\"meta\":{\"alias\":\"TCP URG Flag\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"tcp.flags.tags\\\":\\\"URG\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP URG Flag - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP URG Flag - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"627f5ee0-c413-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T10:50:43.474Z","version":"WzE5NjMwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"tcp.flags.bits\":0}}]},\"meta\":{\"alias\":\"TCP null Flags\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":0}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP null Flags - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP null Flags - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"c7001200-c46e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T10:52:02.393Z","version":"WzE5NjQ3LDhd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"34695e7c-2cf5-4115-a2c7-11029b7fbc98\"},\"panelIndex\":\"34695e7c-2cf5-4115-a2c7-11029b7fbc98\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"8da8ea54-feda-4cc3-9eda-d1367cd6f6e4\"},\"panelIndex\":\"8da8ea54-feda-4cc3-9eda-d1367cd6f6e4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"62410829-53ae-49d4-bec5-8d4b2a4d31d2\"},\"panelIndex\":\"62410829-53ae-49d4-bec5-8d4b2a4d31d2\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c209ff24-1623-459f-941c-aa65fad90df8\"},\"panelIndex\":\"c209ff24-1623-459f-941c-aa65fad90df8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"a35b5294-ff2a-4178-85ce-7466834825db\"},\"panelIndex\":\"a35b5294-ff2a-4178-85ce-7466834825db\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"ab6f62f9-7b7d-4d77-bdad-b8d1e52a4d75\"},\"panelIndex\":\"ab6f62f9-7b7d-4d77-bdad-b8d1e52a4d75\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"cc785bfa-34dc-415d-aa45-cbfc3d0c54d4\"},\"panelIndex\":\"cc785bfa-34dc-415d-aa45-cbfc3d0c54d4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":26,\"h\":19,\"i\":\"fb78b64b-76e2-4751-a0a2-689d04c3acc9\"},\"panelIndex\":\"fb78b64b-76e2-4751-a0a2-689d04c3acc9\",\"embeddableConfig\":{\"title\":\"Half-Open Sessions\",\"hidePanelTitles\":false},\"title\":\"Half-Open Sessions\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":26,\"y\":9,\"w\":22,\"h\":19,\"i\":\"3b0f59b3-ae59-4981-91f3-2e1e1dc5b7b8\"},\"panelIndex\":\"3b0f59b3-ae59-4981-91f3-2e1e1dc5b7b8\",\"embeddableConfig\":{\"title\":\"Half-Open Sources\",\"hidePanelTitles\":false},\"title\":\"Half-Open Sources\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":28,\"w\":16,\"h\":14,\"i\":\"803dddd3-e6a3-4a8b-b695-4949f75dece5\"},\"panelIndex\":\"803dddd3-e6a3-4a8b-b695-4949f75dece5\",\"embeddableConfig\":{\"title\":\"X-Mas Flags\",\"hidePanelTitles\":false},\"title\":\"X-Mas Flags\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":28,\"w\":16,\"h\":14,\"i\":\"c6832185-bb97-4c09-9034-13da30894a81\"},\"panelIndex\":\"c6832185-bb97-4c09-9034-13da30894a81\",\"embeddableConfig\":{\"title\":\"URG Flag\",\"hidePanelTitles\":false},\"title\":\"URG Flag\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":28,\"w\":16,\"h\":14,\"i\":\"03a929fc-eb04-40ea-81c4-d763584f20df\"},\"panelIndex\":\"03a929fc-eb04-40ea-81c4-d763584f20df\",\"embeddableConfig\":{\"title\":\"null Flags\",\"hidePanelTitles\":false},\"title\":\"null Flags\",\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"ElastiFlow: Threats (DDoS TCP)","version":1},"id":"0774f5d0-c348-11ec-aaf3-5b4644130c7f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"d3f5df40-c495-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"7f67f8d0-c479-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"01b180e0-c484-11ec-a49f-6168cd647191","name":"panel_4","type":"visualization"},{"id":"100dff50-c485-11ec-a49f-6168cd647191","name":"panel_5","type":"visualization"},{"id":"216d4fc0-c481-11ec-a49f-6168cd647191","name":"panel_6","type":"visualization"},{"id":"15622970-c482-11ec-a49f-6168cd647191","name":"panel_7","type":"visualization"},{"id":"f5946090-c481-11ec-a49f-6168cd647191","name":"panel_8","type":"visualization"},{"id":"8acef510-c466-11ec-a49f-6168cd647191","name":"panel_9","type":"visualization"},{"id":"a89d1d60-c466-11ec-a49f-6168cd647191","name":"panel_10","type":"visualization"},{"id":"058ea560-c413-11ec-a49f-6168cd647191","name":"panel_11","type":"visualization"},{"id":"627f5ee0-c413-11ec-a49f-6168cd647191","name":"panel_12","type":"visualization"},{"id":"c7001200-c46e-11ec-a49f-6168cd647191","name":"panel_13","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:22:50.769Z","version":"WzIyMTY1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Threats (Brute Force)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (Brute Force)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [**Brute Force**](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"08535420-c496-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T12:48:40.546Z","version":"WzIxMjMxLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Server (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"853a7a30-6d77-11eb-9ef1-eff5674a4cc1\",\"type\":\"math\",\"variables\":[{\"id\":\"89871800-6d77-11eb-9ef1-eff5674a4cc1\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"964a0020-6d77-11eb-9ef1-eff5674a4cc1\",\"type\":\"math\",\"variables\":[{\"id\":\"98547620-6d77-11eb-9ef1-eff5674a4cc1\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Servers\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"086359d0-3edf-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzExMiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: NTP Client Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"087e6750-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:18:28.701Z","version":"WzExODMxLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Response\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1645\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.src.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: RADIUS AUTH Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"08f1070a-4c98-4703-a0ce-28e2ceaea0b8","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T17:10:48.023Z","version":"WzE1MDk1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Flows","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [**Flows**](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"98538b80-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:46:00.789Z","version":"WzY4MzYsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Flows (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/167989f0-3d3f-11eb-bc2c-c5758316d788) | [AS](#/dashboard/264f5760-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"f6181a50-3d43-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:46:13.280Z","version":"WzY4MzgsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Client/Server - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.host.name\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.host.name\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032196248\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzExNiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0d2b3b30-3e68-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzExNywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flows (client/server) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client/server) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.client.host.name\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.server.host.name\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"id":"214ff7c0-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T19:19:54.599Z","version":"WzI0OTQwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"a7db3740-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzExOSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"1a875610-3e68-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEyMCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"b54004b0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEyMSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"29666770-3e68-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEyMiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"21b512f0-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEyMywyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"b72ce2d1-bcec-42ca-b068-451d3b5a9d62\"},\"panelIndex\":\"b72ce2d1-bcec-42ca-b068-451d3b5a9d62\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"a2f9ff30-3efb-4191-b82a-5e6739a02b93\"},\"panelIndex\":\"a2f9ff30-3efb-4191-b82a-5e6739a02b93\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"9b1de842-8921-445e-83d6-709f815083aa\"},\"panelIndex\":\"9b1de842-8921-445e-83d6-709f815083aa\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"3c9f3c98-bb84-4a41-b8e3-44d993f9117e\"},\"panelIndex\":\"3c9f3c98-bb84-4a41-b8e3-44d993f9117e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"385518e4-5344-43a2-9508-917e7f7ed645\"},\"panelIndex\":\"385518e4-5344-43a2-9508-917e7f7ed645\",\"embeddableConfig\":{\"title\":\"Clients (bytes)\",\"hidePanelTitles\":false},\"title\":\"Clients (bytes)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"3ede7a4b-d3a6-42f9-a12f-abe617cdd1f3\"},\"panelIndex\":\"3ede7a4b-d3a6-42f9-a12f-abe617cdd1f3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"acc535a1-7895-4fe1-adde-fb142765043a\"},\"panelIndex\":\"acc535a1-7895-4fe1-adde-fb142765043a\",\"embeddableConfig\":{\"title\":\"Servers (bytes)\",\"hidePanelTitles\":false},\"title\":\"Servers (bytes)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"fefca9db-081e-42b4-b9e6-839f863a4109\"},\"panelIndex\":\"fefca9db-081e-42b4-b9e6-839f863a4109\",\"embeddableConfig\":{\"title\":\"Clients (packets)\",\"hidePanelTitles\":false},\"title\":\"Clients (packets)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"b90e0320-9b08-410f-9e7c-d48bd25b3c92\"},\"panelIndex\":\"b90e0320-9b08-410f-9e7c-d48bd25b3c92\",\"embeddableConfig\":{\"title\":\"Servers (packets)\",\"hidePanelTitles\":false},\"title\":\"Servers (packets)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"8022fdaf-1f2b-4ebd-80eb-3a28c1cd753a\"},\"panelIndex\":\"8022fdaf-1f2b-4ebd-80eb-3a28c1cd753a\",\"embeddableConfig\":{\"title\":\"Clients (flow records)\",\"hidePanelTitles\":false},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"8e84274d-9487-4eae-8dab-7d52da7027e4\"},\"panelIndex\":\"8e84274d-9487-4eae-8dab-7d52da7027e4\",\"embeddableConfig\":{\"title\":\"Servers (flow records)\",\"hidePanelTitles\":false},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow: Flows (client/server)","version":1},"id":"090f3e40-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"98538b80-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"f6181a50-3d43-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"0d2b3b30-3e68-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"214ff7c0-3e65-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"a7db3740-3e66-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"1a875610-3e68-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"b54004b0-3e66-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"29666770-3e68-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"21b512f0-3d38-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:15:15.990Z","version":"WzIyMDY1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"09832fe0-3e6a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEyNSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Cities (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Cities (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0a621e90-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEyNiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Core Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [**Core Services**](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:52:00.534Z","version":"WzY5MDEsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Core Services (LDAP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (LDAP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[**LDAP**](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"fe628c00-c31a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T18:13:10.931Z","version":"WzE2NDEyLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: LDAP Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.dst.l4.port.id: 389 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"f320aefc-2851-428e-93c5-e5501e8baf3b","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T15:38:12.275Z","version":"WzEzMzg5LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: LDAP Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 389 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"1a57842f-1d61-4337-a14f-ebde886bb94d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T15:38:12.275Z","version":"WzEzMzkwLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: LDAP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 389\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 389\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"}}}"},"id":"a7c8aac9-0b2c-4b87-ae40-408051a0585c","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T17:18:38.730Z","version":"WzE1NTI1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: LDAP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"7ee8c1df-41d7-4f17-9b7c-dd4de86154e5","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T17:11:48.602Z","version":"WzE1MTIzLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: LDAP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"f0aa7b9d-75d3-4299-8f19-abd117b6c488","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T17:14:03.958Z","version":"WzE1NDM5LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: LDAP Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"ce61d9bc-7471-4bad-9641-dceae4b0b6fd","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T17:21:05.210Z","version":"WzE1NTYzLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: LDAP Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7442c75e-2101-48a3-bd4e-4c41ccc3c1b7","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T17:21:19.433Z","version":"WzE1NTg3LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: LDAP Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"c9b65544-2c6c-4512-8f08-156296fb7357","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T15:38:12.275Z","version":"WzEzMzk2LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: LDAP Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"2760de38-aae3-40cd-bf60-f00dbbe431c4","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T15:38:12.275Z","version":"WzEzMzk3LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"LDAP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":389}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":389}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":389}},{\"match_phrase\":{\"flow.dst.l4.port.id\":389}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: LDAP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"1a134792-e198-41f1-8636-0951002b7895","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T15:38:12.275Z","version":"WzEzMzk4LDdd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"e82bdc5b-be64-44e6-a350-da1952432e7e\"},\"panelIndex\":\"e82bdc5b-be64-44e6-a350-da1952432e7e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"6f81c896-26c1-4d45-93d8-b58ca6e02ead\"},\"panelIndex\":\"6f81c896-26c1-4d45-93d8-b58ca6e02ead\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"04f09116-ac3c-481e-99d9-c90778497de3\"},\"panelIndex\":\"04f09116-ac3c-481e-99d9-c90778497de3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"af0379f3-6f77-4d03-b9fc-c33a179eeef8\"},\"panelIndex\":\"af0379f3-6f77-4d03-b9fc-c33a179eeef8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"f49fb158-4b0e-4d72-b577-baa00d521d6f\"},\"panelIndex\":\"f49fb158-4b0e-4d72-b577-baa00d521d6f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"80fbd6e4-db34-47b1-bd44-5429e450b2b4\"},\"panelIndex\":\"80fbd6e4-db34-47b1-bd44-5429e450b2b4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"e79913fc-b30c-4251-bfaa-8b3b3e5dc414\"},\"panelIndex\":\"e79913fc-b30c-4251-bfaa-8b3b3e5dc414\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"b2113458-90c6-412c-8bcb-0e33a7ea29be\"},\"panelIndex\":\"b2113458-90c6-412c-8bcb-0e33a7ea29be\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"e880b91d-6b5d-46a7-a29e-9c72f6d84584\"},\"panelIndex\":\"e880b91d-6b5d-46a7-a29e-9c72f6d84584\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"b1db5d73-7573-4682-8705-59862d2b4509\"},\"panelIndex\":\"b1db5d73-7573-4682-8705-59862d2b4509\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"ad7239c3-aaaf-4995-82ba-59a7a1d3bef7\"},\"panelIndex\":\"ad7239c3-aaaf-4995-82ba-59a7a1d3bef7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"ElastiFlow: Core Services (LDAP)","version":1},"id":"0ae30960-c31a-11ec-aaf3-5b4644130c7f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"fe628c00-c31a-11ec-aaf3-5b4644130c7f","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f320aefc-2851-428e-93c5-e5501e8baf3b","name":"panel_3","type":"visualization"},{"id":"1a57842f-1d61-4337-a14f-ebde886bb94d","name":"panel_4","type":"visualization"},{"id":"a7c8aac9-0b2c-4b87-ae40-408051a0585c","name":"panel_5","type":"visualization"},{"id":"7ee8c1df-41d7-4f17-9b7c-dd4de86154e5","name":"panel_6","type":"visualization"},{"id":"f0aa7b9d-75d3-4299-8f19-abd117b6c488","name":"panel_7","type":"visualization"},{"id":"ce61d9bc-7471-4bad-9641-dceae4b0b6fd","name":"panel_8","type":"visualization"},{"id":"7442c75e-2101-48a3-bd4e-4c41ccc3c1b7","name":"panel_9","type":"visualization"},{"id":"c9b65544-2c6c-4512-8f08-156296fb7357","name":"panel_10","type":"visualization"},{"id":"2760de38-aae3-40cd-bf60-f00dbbe431c4","name":"panel_11","type":"visualization"},{"id":"1a134792-e198-41f1-8636-0951002b7895","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:22:27.018Z","version":"WzIyMTYzLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Server AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"0b02ed40-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEyNywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Clients (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0b0bf070-c412-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T21:03:51.543Z","version":"WzE4NDkxLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0b230740-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEyOCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: UDP Amplification Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0b3a81e0-c40f-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:42:23.357Z","version":"WzE4NDEwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0b5fe960-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:25:16.694Z","version":"WzE4MzA1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Top-N (conversations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (conversations)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [Services](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [Apps](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [**Conversations**](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"0c217890-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:46:36.995Z","version":"WzY4NDQsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: ICMP Destinations from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Destinations from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: (\\\"ICMP\\\" OR \\\"IPv6-ICMP\\\") AND (flow.src.as.org: \\\"PRIVATE\\\" AND flow.dst.as.org: \\\"PRIVATE\\\")\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Destinations (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.dst.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"0ca342c0-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T12:41:56.829Z","version":"WzIxMDk0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":1812}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":1812}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":1645}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":1645}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":1812}},{\"match_phrase\":{\"flow.dst.l4.port.id\":1812}},{\"match_phrase\":{\"flow.src.l4.port.id\":1645}},{\"match_phrase\":{\"flow.dst.l4.port.id\":1645}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: RADIUS AUTH Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0ce9bc39-bc69-4e87-b053-3a16588447a6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T16:40:28.670Z","version":"WzE0Mzg1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0d6d69c0-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEzMCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Brute Force Sessions (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0d798530-c33a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T20:50:23.511Z","version":"WzE3MTczLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Flows (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/167989f0-3d3f-11eb-bc2c-c5758316d788) | [AS](#/dashboard/264f5760-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"0e564f60-3d44-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:46:48.090Z","version":"WzY4NDYsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Exporters - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868774014\",\"fieldName\":\"flow.export.version.name\",\"parent\":\"\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"0f371ce0-3ecd-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEzMiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Echo (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0fbdeb60-c344-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T14:41:36.826Z","version":"WzE4MTU5LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Observed Traffic (flow records/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (flow records/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"27c24400-3ece-11eb-a018-83ddf1ffaeb4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"2b538110-3ece-11eb-a018-83ddf1ffaeb4\",\"name\":\"count\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"505adfd0-3ece-11eb-a018-83ddf1ffaeb4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"59807cf0-3ece-11eb-a018-83ddf1ffaeb4\",\"name\":\"count\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Exporters\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.export.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"11e668f0-3ece-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEzMywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Traffic Details (attributes)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (attributes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Attributes**](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Types](#/dashboard/7dfba590-3d3f-11eb-bc2c-c5758316d788) | [Locality](#/dashboard/980f36e0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"12658420-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:46:58.289Z","version":"WzY4NDgsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Src/Dst Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.src.as.label\",\"parent\":\"\",\"label\":\"Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.dst.as.label\",\"parent\":\"\",\"label\":\"Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032550621\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"13ac7020-3d53-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEzNSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"145281b0-3d33-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEzNiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: UDP Amplification Sources (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"16000b60-c467-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T11:42:18.301Z","version":"WzIwNDQwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Src/Dst - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.src.host.name\",\"parent\":\"\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.dst.host.name\",\"parent\":\"\",\"label\":\"Destination\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.dst.l4.port.name\",\"parent\":\"\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032296511\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEzNywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"b3ab0570-3e69-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzEzOCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flows (src/dst) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src/dst) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src.host.name\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst.host.name\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source\\\", \\\"Destination\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"id":"3af95590-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T19:19:16.216Z","version":"WzI0OTEwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"56a96df0-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE0MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c1358350-3e69-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE0MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"678fc100-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE0MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"cdb91880-3e69-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE0MywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"48e78f10-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE0NCwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"e9392543-7a3b-4410-82e0-acdc8796055c\"},\"panelIndex\":\"e9392543-7a3b-4410-82e0-acdc8796055c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"45ab167a-8b6c-4284-87bc-bb63194ab67b\"},\"panelIndex\":\"45ab167a-8b6c-4284-87bc-bb63194ab67b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"61821225-4249-4b8a-83b5-b12282d65350\"},\"panelIndex\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"fbe3da65-1654-4f77-b694-d792de20ffc6\"},\"panelIndex\":\"fbe3da65-1654-4f77-b694-d792de20ffc6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"66417ae6-f45c-4acd-98bb-8594ae027283\"},\"panelIndex\":\"66417ae6-f45c-4acd-98bb-8594ae027283\",\"embeddableConfig\":{\"title\":\"Sources (bytes)\",\"hidePanelTitles\":false},\"title\":\"Sources (bytes)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"f77ebdbf-f37e-4728-9c89-06b114de6943\"},\"panelIndex\":\"f77ebdbf-f37e-4728-9c89-06b114de6943\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"33b1452c-f126-40a1-8ba3-17e940753651\"},\"panelIndex\":\"33b1452c-f126-40a1-8ba3-17e940753651\",\"embeddableConfig\":{\"title\":\"Destinations (bytes)\",\"hidePanelTitles\":false},\"title\":\"Destinations (bytes)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"750f0f17-498c-40a1-96db-cd38d48ceef4\"},\"panelIndex\":\"750f0f17-498c-40a1-96db-cd38d48ceef4\",\"embeddableConfig\":{\"title\":\"Sources (packets)\",\"hidePanelTitles\":false},\"title\":\"Sources (packets)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"4cc272c3-959d-4e54-b821-0728ec7498fd\"},\"panelIndex\":\"4cc272c3-959d-4e54-b821-0728ec7498fd\",\"embeddableConfig\":{\"title\":\"Destinations (packets)\",\"hidePanelTitles\":false},\"title\":\"Destinations (packets)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"47feea3b-9d9b-44b4-870e-90c72894cd9e\"},\"panelIndex\":\"47feea3b-9d9b-44b4-870e-90c72894cd9e\",\"embeddableConfig\":{\"title\":\"Sources (flow records)\",\"hidePanelTitles\":false},\"title\":\"Sources (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"6be81876-ec1a-4d3f-8754-beb1dd24cc84\"},\"panelIndex\":\"6be81876-ec1a-4d3f-8754-beb1dd24cc84\",\"embeddableConfig\":{\"title\":\"Destinations (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destinations (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow: Flows (src/dst)","version":1},"id":"167989f0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"98538b80-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"0e564f60-3d44-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"b3ab0570-3e69-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"3af95590-3e65-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"56a96df0-3e67-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"c1358350-3e69-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"678fc100-3e67-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"cdb91880-3e69-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"48e78f10-3d38-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:15:32.099Z","version":"WzIyMDkyLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Layer-4 Protocols - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Layer-4 Protocols - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"l4.proto.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Layer-4 Protocols\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"17487960-3e55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE0NiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"17a15400-3d32-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE0NywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23]}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23]}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: CLI Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"17e07110-c49c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T13:38:35.015Z","version":"WzIyNDA2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"17e74fd0-3eb5-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE0OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NTP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"client requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 123 AND NOT flow.src.l4.port.id: 123\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"server responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 123 AND NOT flow.dst.l4.port.id: 123\",\"language\":\"kuery\"}},{\"id\":\"70eeb7b0-9d75-11ec-b325-891fbbc52d93\",\"color\":\"rgba(97,221,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"70eedec0-9d75-11ec-b325-891fbbc52d93\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"symmetric messages\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 123 AND flow.dst.l4.port.id: 123\",\"language\":\"kuery\"}},{\"id\":\"b588f930-9d75-11ec-b325-891fbbc52d93\",\"color\":\"rgba(243,163,66,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"b588f931-9d75-11ec-b325-891fbbc52d93\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcasts\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 123 AND flow.dst.ip.addr: \\\"224.0.1.1\\\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"}}}"},"id":"17f41790-9d75-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T21:00:13.599Z","version":"WzY5OTEsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Top-N (talkers)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (talkers)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Talkers**](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [Services](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [Apps](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [Conversations](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"18500ff0-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:47:09.518Z","version":"WzY4NTAsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NTP Client Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (NOT flow.src.l4.port.id: 123) AND flow.dst.l4.port.id: 123 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"18a453c0-9d80-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T14:32:27.644Z","version":"WzEyODE5LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: NTP Client Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"19505290-9d7d-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:19:04.690Z","version":"WzExODkwLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"1a08c550-3e6a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE1MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Remote Desktop Sessions from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (1494 OR 3389 OR 5900 OR 5901 OR 5902 OR 5903 OR 5904) AND flow.src.as.org: \\\"PRIVATE\\\" AND flow.dst.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Remote Desktop Sessions (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"1a219c90-c49e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T13:49:09.098Z","version":"WzIyNjA1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Exporter, Type - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Type - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868774014\",\"fieldName\":\"flow.export.version.name\",\"parent\":\"\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"1a9e1fe0-3f0c-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE1MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLANs Ingress and Egress (records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs Ingress and Egress (records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress VLAN\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.out.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"1bd16f80-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE1MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: DHCP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"e7c66180-c4b7-11ec-ad5c-5304474b164c\",\"color\":\"rgba(163,144,185,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"e7c66181-c4b7-11ec-ad5c-5304474b164c\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcast\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND flow.dst.ip.addr: 255.255.255.255\",\"language\":\"kuery\"}},{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND NOT flow.dst.ip.addr: 255.255.255.255\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 68\",\"language\":\"kuery\"}},{\"id\":\"f55a00b0-c302-11ec-ad58-dde6b04c7677\",\"color\":\"rgba(138,182,223,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"f55a00b1-c302-11ec-ad58-dde6b04c7677\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"relayed\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 67\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"}}}"},"id":"1d489090-9b95-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T18:39:57.537Z","version":"WzI0MTQyLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Overview\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Overview**](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"1db06be0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:47:21.929Z","version":"WzY4NTMsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Record Count (Threats) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (Threats) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"sec.threat.name: * and (flow.community.id : * or flow.conversation.id : *) \",\"language\":\"kuery\"}}}"},"id":"1dd52c20-75cc-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE1NCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: UDP Amplification Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND flow.src.l4.port.id: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"UDP Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"1e22fb30-c48b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T11:38:38.429Z","version":"WzIwMzg0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Service Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Service Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Services\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE1NSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Remote Desktop Sessions from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (1494 OR 3389 OR 5900 OR 5901 OR 5902 OR 5903 OR 5904) AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Remote Desktop Sessions (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"1f207360-c49e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T13:49:14.745Z","version":"WzIyNjA3LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: UDP Amplification Bytes - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Bytes - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND flow.src.l4.port.id: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"UDP Bytes\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"1f4a6ec0-c48c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T11:39:22.092Z","version":"WzIwMzk2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Recon Port Scan (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"1ff8f860-c346-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T12:42:37.761Z","version":"WzIxMTIyLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Layer-4 Protocol (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Layer-4 Protocol (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"l4.proto.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"l4.proto.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"20164b90-3eef-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE1NiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Source Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Sources\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"21799210-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE1NywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/City (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/City (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"e3c70960-6d77-11eb-95de-e16b5bff1348\",\"type\":\"math\",\"variables\":[{\"id\":\"e595fd00-6d77-11eb-95de-e16b5bff1348\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ec8950d0-6d77-11eb-95de-e16b5bff1348\",\"type\":\"math\",\"variables\":[{\"id\":\"ee7edf40-6d77-11eb-95de-e16b5bff1348\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"geo.city.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.city.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"22378540-3eec-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE1OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Traffic Details (types)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (types)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Attributes](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [**Types**](#/dashboard/7dfba590-3d3f-11eb-bc2c-c5758316d788) | [Locality](#/dashboard/980f36e0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"228552e0-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:47:34.657Z","version":"WzY4NTUsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"22e479c0-c3ad-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T09:01:32.379Z","version":"WzE3NjY3LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Top-N (services)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (services)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [**Services**](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [Apps](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [Conversations](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"230d6410-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:47:53.024Z","version":"WzY4NTcsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Flow Locality (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Locality (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.locality\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"23d52c70-3d3b-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE2MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Server AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"cdedc990-6d7b-11eb-91f7-1d54a1e3a999\",\"type\":\"math\",\"variables\":[{\"id\":\"cfa627f0-6d7b-11eb-91f7-1d54a1e3a999\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"d4d97c40-6d7b-11eb-91f7-1d54a1e3a999\",\"type\":\"math\",\"variables\":[{\"id\":\"d6d461e0-6d7b-11eb-91f7-1d54a1e3a999\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"254d4600-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE2MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Flows (AS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (AS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/167989f0-3d3f-11eb-bc2c-c5758316d788) | [**AS**](#/dashboard/264f5760-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"e5f9ce00-3d4a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:48:06.426Z","version":"WzY4NTksM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Client/Server Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.as.label\",\"parent\":\"\",\"label\":\"Client AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.as.label\",\"parent\":\"\",\"label\":\"Server AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032399767\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"75c9b970-3d4e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE2NCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flows (src AS/dst AS) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src AS/dst AS) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src.as.label\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst.as.label\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Src AS\\\", \\\"Dst AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#888888\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#dddddd\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"id":"b1e47310-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T19:18:36.880Z","version":"WzI0ODc2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"8c9c9e00-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE2NiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"7fdc26e0-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE2NywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"297bb240-3e6a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE2OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"9dc5ed80-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE2OSwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"78fdede8-86bb-411f-b572-b749c8fdec4d\"},\"panelIndex\":\"78fdede8-86bb-411f-b572-b749c8fdec4d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"c6325cd9-9d8b-4441-be28-ccec44610042\"},\"panelIndex\":\"c6325cd9-9d8b-4441-be28-ccec44610042\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\"},\"panelIndex\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"6f3a90f6-8f46-4011-a474-49796f2827c8\"},\"panelIndex\":\"6f3a90f6-8f46-4011-a474-49796f2827c8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"35be6656-588c-4913-acd2-482052d58871\"},\"panelIndex\":\"35be6656-588c-4913-acd2-482052d58871\",\"embeddableConfig\":{\"title\":\"Source AS (bytes)\",\"hidePanelTitles\":false},\"title\":\"Source AS (bytes)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"ea2649ad-9daf-4e3a-9458-4aac54f1685e\"},\"panelIndex\":\"ea2649ad-9daf-4e3a-9458-4aac54f1685e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"d2a25f58-f098-4795-8bcf-91fa77a0675a\"},\"panelIndex\":\"d2a25f58-f098-4795-8bcf-91fa77a0675a\",\"embeddableConfig\":{\"title\":\"Destination AS (bytes)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (bytes)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"332fa0e5-4c4f-46c6-9374-d24f596067ce\"},\"panelIndex\":\"332fa0e5-4c4f-46c6-9374-d24f596067ce\",\"embeddableConfig\":{\"title\":\"Source AS (packets)\",\"hidePanelTitles\":false},\"title\":\"Source AS (packets)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"1ba6796a-2f98-47df-b7f8-89308072904e\"},\"panelIndex\":\"1ba6796a-2f98-47df-b7f8-89308072904e\",\"embeddableConfig\":{\"title\":\"Destination AS (packets)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (packets)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"580c0d21-60e5-45a3-b527-aa67d162c5e8\"},\"panelIndex\":\"580c0d21-60e5-45a3-b527-aa67d162c5e8\",\"embeddableConfig\":{\"title\":\"Source AS (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source AS (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"53df5d67-fa1f-4d49-ab8a-05b4fd2f2df2\"},\"panelIndex\":\"53df5d67-fa1f-4d49-ab8a-05b4fd2f2df2\",\"embeddableConfig\":{\"title\":\"Destination AS (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow: Flows (AS)","version":1},"id":"264f5760-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"98538b80-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"e5f9ce00-3d4a-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"75c9b970-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"09832fe0-3e6a-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"b1e47310-3e65-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"8c9c9e00-3e67-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"1a08c550-3e6a-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"7fdc26e0-3e67-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"297bb240-3e6a-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"9dc5ed80-3e67-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:15:50.960Z","version":"WzIyMTM0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Countries (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Countries (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"27474670-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE3MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/DSCP (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/DSCP (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"ip.dscp.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.dscp.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"276702d0-3f09-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE3MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Echo (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"27e80060-c33d-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T14:41:29.054Z","version":"WzE4MTU4LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sessions (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"2855dd20-c3dc-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T14:39:52.502Z","version":"WzE4MTQzLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Ingress/Egress Interfaces - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress/Egress Interfaces - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.in.netif.type.name\",\"parent\":\"1607868729183\",\"label\":\"Interface Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.in.netif.name\",\"parent\":\"1607868729183\",\"label\":\"Ingress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.out.netif.name\",\"parent\":\"1607868729183\",\"label\":\"Egress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"292d9620-3d55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE3MywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Maximum Throughput (bits/s) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Maximum Throughput (bits/s) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"},{\"sigma\":\"\",\"id\":\"568d8d10-3e5d-11eb-83e8-ef8dac1c189d\",\"type\":\"max_bucket\",\"field\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Max. Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"\",\"index_pattern\":\"\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"49b0db60-3e5d-11eb-83e8-ef8dac1c189d\"}]}}"},"id":"2b75a3f0-3e5e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE3NCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"2ce28b50-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE3NSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Messages Direct (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"2d654c00-c3ab-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T08:47:31.008Z","version":"WzE3NTUxLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Geo IP (destination)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (destination)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [Server](#/dashboard/c3e77260-3eb5-11eb-bc2c-c5758316d788) | [Source](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788) | [**Destination**](#/dashboard/e794e670-3eb5-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"2d785450-3eb7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:48:22.560Z","version":"WzY4NjEsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Clients (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"2dc24fc0-c411-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:57:40.284Z","version":"WzE4NDQwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Applications (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Applications (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Applications\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"app.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"axis_min\":\"0\"}}"},"id":"2f03c500-3e64-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE3NywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Countries (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Countries (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"2f596f60-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE3OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Top-N (apps)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (apps)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [Services](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [**Apps**](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [Conversations](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"2f8a90a0-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:48:40.956Z","version":"WzY4NjMsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Application Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Application Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"app.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Applications\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"2f9ed3e0-3e61-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE4MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: DSCP Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DSCP Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"ip.dscp.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"DSCP Values\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"302d17a0-3f05-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE4MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"title":"ElastiFlow: Conversation Count (Threats) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Count (Threats) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Conversations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"sec.threat.name: *\",\"language\":\"kuery\"}}}"},"id":"307cb730-75cc-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE4MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Remote Desktop Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Remote Desktop Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"31b8a710-c49c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T13:39:04.135Z","version":"WzIyNDI1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Core Services (DHCP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (DHCP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [**DHCP**](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"31c96f80-9b95-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T18:12:57.214Z","version":"WzE2NDA2LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: UDP Amplification Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"31e9d630-c40d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:35:13.182Z","version":"WzE4MzgyLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DNS Requests by Name Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Name Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"32e2fba0-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T11:57:20.996Z","version":"WzEwMDQ1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Destination Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.dst.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Destinations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"343cbb70-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE4MywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (flow records) - coord_map","uiStateJSON":"{\"mapZoom\":2,\"mapCenter\":[24.57585086389495,-13.23577880859375]}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - coord_map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"flow.client.geo.loc.coord\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true,\"customLabel\":\"Clients\"},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":20,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}}}}"},"id":"34f08930-3eaf-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE4NCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DHCP Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"37087910-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:11:40.702Z","version":"WzExNTIzLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Ingress Interface (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Ingress Interface (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.in.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.in.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"37725340-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE4NSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"37fc5a00-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE4NiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: NTP Server Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"389a61f0-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:18:43.213Z","version":"WzExODYxLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Client/Server/Service/Application - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server/Service/Application - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.host.name\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.host.name\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"app.name\",\"parent\":\"\",\"label\":\"Applications\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"39259170-3edd-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE4NywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"3af45cf0-c3db-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T14:36:52.603Z","version":"WzE4MTMwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Geo IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [**Geo IP**](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:48:50.400Z","version":"WzY4NjUsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Geo IP (client)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (client)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Client**](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [Server](#/dashboard/c3e77260-3eb5-11eb-bc2c-c5758316d788) | [Source](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788) | [Destination](#/dashboard/e794e670-3eb5-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"6d1088d0-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:49:00.175Z","version":"WzY4NjksM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"fa5c23f0-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE5MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Time Zones (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Time Zones (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"48e47820-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE5MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Time Zones (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Time Zones (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d58dfda0-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE5MiwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\"},\"panelIndex\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"286c7826-03c1-4a33-8dae-1740006f6491\"},\"panelIndex\":\"286c7826-03c1-4a33-8dae-1740006f6491\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"48b01687-fddc-4f99-8195-04d77db8dd66\"},\"panelIndex\":\"48b01687-fddc-4f99-8195-04d77db8dd66\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d35f1697-1274-4159-bdab-83159a87a41c\"},\"panelIndex\":\"d35f1697-1274-4159-bdab-83159a87a41c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"d8430fa3-ca28-455e-a276-930a60d6839f\"},\"panelIndex\":\"d8430fa3-ca28-455e-a276-930a60d6839f\",\"embeddableConfig\":{\"title\":\"Client Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Countries (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"9c64c221-b2ae-4924-bdb1-e2fc73d7975f\"},\"panelIndex\":\"9c64c221-b2ae-4924-bdb1-e2fc73d7975f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"46146688-467d-42a2-ae53-5ae2b2061389\"},\"panelIndex\":\"46146688-467d-42a2-ae53-5ae2b2061389\",\"embeddableConfig\":{\"title\":\"Server Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Countries (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\"},\"panelIndex\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\",\"embeddableConfig\":{\"title\":\"Client Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Cities (flow records)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"92329eb4-2cad-48df-b21b-656f53c9377a\"},\"panelIndex\":\"92329eb4-2cad-48df-b21b-656f53c9377a\",\"embeddableConfig\":{\"title\":\"Server Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Cities (flow records)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\"},\"panelIndex\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\",\"embeddableConfig\":{\"title\":\"Client Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Time Zones (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\"},\"panelIndex\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\",\"embeddableConfig\":{\"title\":\"Server Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Time Zones (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow: Geo Location (client)","version":1},"id":"3b3adf00-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"6d1088d0-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"27474670-3eb4-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"34f08930-3eaf-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"fa5c23f0-3eb4-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"0a621e90-3eb4-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"17e74fd0-3eb5-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"48e47820-3eb4-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"d58dfda0-3eb4-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:16:04.440Z","version":"WzIyMTM1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: VLAN Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"vlan.tag.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"VLANs\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"3b7bf600-3f08-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE5NCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DNS\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":53}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":53}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":53}},{\"match_phrase\":{\"flow.dst.l4.port.id\":53}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DNS Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"3d134760-c301-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T12:31:02.870Z","version":"WzEwNDAyLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"3d44ba40-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE5NSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Client Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"3dae9bf0-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE5NiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Messages Direct (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"3fea94f0-c39e-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T08:40:24.196Z","version":"WzE3NTI0LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"4085de60-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:25:27.178Z","version":"WzE4MzA4LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: NTP Server Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"40ef7330-9d7d-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:19:24.783Z","version":"WzExOTE5LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/DSCP (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/DSCP (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"fc047e50-6d7b-11eb-b6ff-0b85dcc4bf4a\",\"type\":\"math\",\"variables\":[{\"id\":\"fe2c8e70-6d7b-11eb-b6ff-0b85dcc4bf4a\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"042380e0-6d7c-11eb-b6ff-0b85dcc4bf4a\",\"type\":\"math\",\"variables\":[{\"id\":\"06000910-6d7c-11eb-b6ff-0b85dcc4bf4a\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top DSCPs\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"ip.dscp.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.dscp.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"411346d0-3f09-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE5NywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Reputations (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"sec.threat.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top IP Reputations\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"44e46180-750b-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzE5OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Geo IP (source)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (source)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [Server](#/dashboard/c3e77260-3eb5-11eb-bc2c-c5758316d788) | [**Source**](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788) | [Destination](#/dashboard/e794e670-3eb5-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"88641430-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:49:09.404Z","version":"WzY4NzEsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (flow records) - coord_map","uiStateJSON":"{\"mapZoom\":2,\"mapCenter\":[24.57585086389495,-13.23577880859375]}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - coord_map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"flow.src.geo.loc.coord\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true,\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":20,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}}}}"},"id":"c4e6f620-3eb7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIwMCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"88fd95f0-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIwMSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Cities (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Cities (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"5b2522b0-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIwMiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ad428f10-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIwMywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Time Zones (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Time Zones (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"47057690-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIwNCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Time Zones (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Time Zones (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c15fa320-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIwNSwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"c58defff-725c-4475-b0eb-f18996211d0d\"},\"panelIndex\":\"c58defff-725c-4475-b0eb-f18996211d0d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"6271ec50-2696-46b6-a1a5-cefc81e72bcb\"},\"panelIndex\":\"6271ec50-2696-46b6-a1a5-cefc81e72bcb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"b05807cd-0371-44d4-a85b-b05813f10374\"},\"panelIndex\":\"b05807cd-0371-44d4-a85b-b05813f10374\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"7f8fb931-9547-405f-8742-562046c6f57f\"},\"panelIndex\":\"7f8fb931-9547-405f-8742-562046c6f57f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"9fd90c38-8625-4bfe-aae6-7eec9c26b251\"},\"panelIndex\":\"9fd90c38-8625-4bfe-aae6-7eec9c26b251\",\"embeddableConfig\":{\"title\":\"Source Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Countries (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"f74ae4dc-ea66-4de3-9539-be2282ff0c9c\"},\"panelIndex\":\"f74ae4dc-ea66-4de3-9539-be2282ff0c9c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"477c6d12-02ef-4115-b338-0454117d7009\"},\"panelIndex\":\"477c6d12-02ef-4115-b338-0454117d7009\",\"embeddableConfig\":{\"title\":\"Destination Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Countries (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"9d62a839-db28-4d47-8ab5-2924452c4724\"},\"panelIndex\":\"9d62a839-db28-4d47-8ab5-2924452c4724\",\"embeddableConfig\":{\"title\":\"Source Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Cities (flow records)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"f533a7f5-e6d9-4224-b437-7524cb18fca3\"},\"panelIndex\":\"f533a7f5-e6d9-4224-b437-7524cb18fca3\",\"embeddableConfig\":{\"title\":\"Destination Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Cities (flow records)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"b89f4400-04b8-4781-8b50-4c07830b24c6\"},\"panelIndex\":\"b89f4400-04b8-4781-8b50-4c07830b24c6\",\"embeddableConfig\":{\"title\":\"Source Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Time Zones (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"0642d565-72f8-4f3e-a82d-bbc300c90270\"},\"panelIndex\":\"0642d565-72f8-4f3e-a82d-bbc300c90270\",\"embeddableConfig\":{\"title\":\"Destination Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Time Zones (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow: Geo Location (source)","version":1},"id":"460b45f0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"88641430-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"2f596f60-3ec2-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"c4e6f620-3eb7-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"88fd95f0-3ec2-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"5b2522b0-3ec2-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"ad428f10-3ec2-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"47057690-3ec2-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"c15fa320-3ec2-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:16:17.747Z","version":"WzIyMTM2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"467aed30-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIwNywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Layer-4 Protocol (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Layer-4 Protocol (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"1f8c9010-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"type\":\"math\",\"variables\":[{\"id\":\"215f7b50-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"266fde50-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"type\":\"math\",\"variables\":[{\"id\":\"29889000-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Layer-4 Protocols\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"l4.proto.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"l4.proto.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"49d0f930-3eef-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIwOCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers and Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Clients (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"a5d7def0-3d2e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIwOSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"dd32df90-3d32-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxMCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Threats (records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (records) - tag cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"sec.threat.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":12,\"maxFontSize\":32,\"showLabel\":false}}"},"id":"99c9add0-6d73-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxMSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Versions and Protocols (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions and Protocols (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"ip.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"l4.proto.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"f618c320-3d2e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxMiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: BLANK","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: BLANK\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"\"}}"},"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxMywyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"d5e06153-1b9c-45db-87e7-31ee8930ba55\"},\"panelIndex\":\"d5e06153-1b9c-45db-87e7-31ee8930ba55\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"99194307-37ba-48b7-82e9-a31b9c396610\"},\"panelIndex\":\"99194307-37ba-48b7-82e9-a31b9c396610\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":16,\"i\":\"0c0401c3-8cf7-4ddf-a598-710489ea06f5\"},\"panelIndex\":\"0c0401c3-8cf7-4ddf-a598-710489ea06f5\",\"embeddableConfig\":{\"title\":\"Servers and Clients (bytes)\",\"hidePanelTitles\":false},\"title\":\"Servers and Clients (bytes)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":9,\"w\":16,\"h\":16,\"i\":\"065164eb-2e9f-4bc9-9108-de49eec5b788\"},\"panelIndex\":\"065164eb-2e9f-4bc9-9108-de49eec5b788\",\"embeddableConfig\":{\"title\":\"Services (bytes)\",\"hidePanelTitles\":false},\"title\":\"Services (bytes)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":32,\"y\":9,\"w\":16,\"h\":10,\"i\":\"59aa493e-b902-4055-b736-047a382df472\"},\"panelIndex\":\"59aa493e-b902-4055-b736-047a382df472\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":32,\"y\":19,\"w\":16,\"h\":22,\"i\":\"4fb75a57-5569-4c4f-9fbf-15ba651dc98b\"},\"panelIndex\":\"4fb75a57-5569-4c4f-9fbf-15ba651dc98b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":25,\"w\":16,\"h\":16,\"i\":\"8f52881b-8b3f-4357-a1d4-9af0de96d23f\"},\"panelIndex\":\"8f52881b-8b3f-4357-a1d4-9af0de96d23f\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (bytes)\",\"hidePanelTitles\":false},\"title\":\"Autonomous Systems (bytes)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":25,\"w\":16,\"h\":16,\"i\":\"83bd57d5-df16-4718-b481-d0bee94cc606\"},\"panelIndex\":\"83bd57d5-df16-4718-b481-d0bee94cc606\",\"embeddableConfig\":{\"title\":\"IP Versions and Protocols (bytes)\",\"hidePanelTitles\":false},\"title\":\"IP Versions and Protocols (bytes)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":41,\"w\":48,\"h\":1,\"i\":\"24057ec4-107c-42eb-92cd-c2cd6a3d3cda\"},\"panelIndex\":\"24057ec4-107c-42eb-92cd-c2cd6a3d3cda\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"ElastiFlow: Overview","version":1},"id":"4a608bc0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"1db06be0-3d3e-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"a5d7def0-3d2e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"dd32df90-3d32-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"0262fbf0-3df7-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"99c9add0-6d73-11eb-8c14-238bcf08bfa6","name":"panel_6","type":"visualization"},{"id":"145281b0-3d33-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"f618c320-3d2e-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxNCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Record Count (src/dst) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (src/dst) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"flow.src.ip.addr: * and flow.dst.ip.addr: *\",\"language\":\"kuery\"}}}"},"id":"4a68d6d0-9d97-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T21:49:25.565Z","version":"WzcyNzIsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination and Source ASs (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source ASs (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"4abbcc20-3d33-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxNSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Services - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Services - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Services\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"4ba1a880-3e55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxNiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Exporter, Locality, Application - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Locality, Application - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"app.name\",\"parent\":\"\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"4ea0e4d0-3d4f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxNywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Source AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Source AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.src.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.src.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"4ec656c0-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxOCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Ingress Interface (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Ingress Interface (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"3ca54b10-6d7c-11eb-86ec-a78f37e7c6b2\",\"type\":\"math\",\"variables\":[{\"id\":\"3e52fb10-6d7c-11eb-86ec-a78f37e7c6b2\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"42e1f910-6d7c-11eb-86ec-a78f37e7c6b2\",\"type\":\"math\",\"variables\":[{\"id\":\"4496adf0-6d7c-11eb-86ec-a78f37e7c6b2\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.in.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.in.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"4efdda20-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIxOSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"4f3896f0-c3ad-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T09:02:46.751Z","version":"WzE3NjcxLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Recon Port Scan (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"530885f0-c345-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T20:38:25.487Z","version":"WzE3MTQ4LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Accessed Ports from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Accessed Ports from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"NOT flow.client.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Accessed Ports (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"53adda40-c490-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T12:26:56.373Z","version":"WzIwOTEzLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DNS Responses by Name Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Name Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"5585dd80-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T11:58:47.403Z","version":"WzEwMTMzLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Autonomous Systems","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Autonomous Systems\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [**AS Traffic**](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"c26cacd0-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:49:20.241Z","version":"WzY4NzMsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Autonomous Systems (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Autonomous Systems (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/578a7da0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"d0899f50-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:49:30.919Z","version":"WzY4NzUsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Destination AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Destination AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.dst.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.dst.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"78dbce90-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIyMiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Source AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Source AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"638bca10-6d7c-11eb-b539-590ecf656744\",\"type\":\"math\",\"variables\":[{\"id\":\"65b36500-6d7c-11eb-b539-590ecf656744\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"6a588310-6d7c-11eb-b539-590ecf656744\",\"type\":\"math\",\"variables\":[{\"id\":\"6bfb0f80-6d7c-11eb-b539-590ecf656744\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.src.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.src.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"5f20e490-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIyMywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Destination AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Destination AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"797d01e0-6d7c-11eb-bafe-551bc756954c\",\"type\":\"math\",\"variables\":[{\"id\":\"7b6067e0-6d7c-11eb-bafe-551bc756954c\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"823e5ef0-6d7c-11eb-bafe-551bc756954c\",\"type\":\"math\",\"variables\":[{\"id\":\"83e9ec10-6d7c-11eb-bafe-551bc756954c\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.dst.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.dst.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"8f378800-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIyNCwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"137cd6ae-7b43-4d27-826b-984bdf8d5448\"},\"panelIndex\":\"137cd6ae-7b43-4d27-826b-984bdf8d5448\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"8dc4830d-701b-4345-a91e-2224c5a49758\"},\"panelIndex\":\"8dc4830d-701b-4345-a91e-2224c5a49758\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"024dab52-eb07-40c7-be57-70cd7caaf8d9\"},\"panelIndex\":\"024dab52-eb07-40c7-be57-70cd7caaf8d9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"088f7fce-da74-4f9a-a05b-7f9548450f7a\"},\"panelIndex\":\"088f7fce-da74-4f9a-a05b-7f9548450f7a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"3a665f00-530b-442d-898e-61ee558cf725\"},\"panelIndex\":\"3a665f00-530b-442d-898e-61ee558cf725\",\"embeddableConfig\":{\"title\":\"Source AS (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Source AS (bits/s)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"142f32f1-54ee-4185-a8b7-a79e16898cc7\"},\"panelIndex\":\"142f32f1-54ee-4185-a8b7-a79e16898cc7\",\"embeddableConfig\":{\"title\":\"Destination AS (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"76b08b63-9d7f-4fca-a485-3aebf363ded7\"},\"panelIndex\":\"76b08b63-9d7f-4fca-a485-3aebf363ded7\",\"embeddableConfig\":{\"title\":\"Source AS (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Source AS (pkts/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"7c173f95-2904-4398-a01f-2de9aa33206c\"},\"panelIndex\":\"7c173f95-2904-4398-a01f-2de9aa33206c\",\"embeddableConfig\":{\"title\":\"Destination AS (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (pkts/s)\",\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: AS Traffic (src/dst)","version":1},"id":"578a7da0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c26cacd0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"d0899f50-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"13ac7020-3d53-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"4ec656c0-3ec6-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"78dbce90-3ec6-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"5f20e490-3ec6-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"8f378800-3ec6-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:16:36.506Z","version":"WzIyMTM3LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Top-N","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [**Top-N**](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:49:43.794Z","version":"WzY4NzcsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.ip.addr\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.ip.addr\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DHCP Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"5a7588c0-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T18:29:33.511Z","version":"WzIzOTMxLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Services (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Services (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Services\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"axis_min\":\"0\"}}"},"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIyNywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Echo (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"5c6bd160-c48f-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T12:42:51.829Z","version":"WzIxMTM1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Exporters (traffic)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters (traffic)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Traffic**](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Metrics](#/dashboard/ac3e8880-3d41-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"5d7289b0-3d44-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:49:53.612Z","version":"WzY4NzksM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: City Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: City Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"geo.city.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Cities\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"5e68ef90-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIyOSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Layer-4 Protocol (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Layer-4 Protocol (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"l4.proto.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"5e7b8030-3eef-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIzMCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP Flag Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flag Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"tcp.flags.tags\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"TCP Flags\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"5f3b6940-3ef9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIzMSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Autonomous Systems (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Autonomous Systems (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/578a7da0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"b88b3260-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:50:05.857Z","version":"WzY4ODEsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Client AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.client.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"ba9c2700-3ec4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIzMywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Client AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"8e4486c0-6d7c-11eb-8df7-e98b704d5431\",\"type\":\"math\",\"variables\":[{\"id\":\"90a7f230-6d7c-11eb-8df7-e98b704d5431\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"9a0fef80-6d7c-11eb-8df7-e98b704d5431\",\"type\":\"math\",\"variables\":[{\"id\":\"9c8b28b0-6d7c-11eb-8df7-e98b704d5431\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.client.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"a6596d10-3ec5-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIzNCwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"710b9b72-988a-4deb-91e2-27ca58c67231\"},\"panelIndex\":\"710b9b72-988a-4deb-91e2-27ca58c67231\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"795832d4-77ce-4ff3-b85a-874b6516d2e5\"},\"panelIndex\":\"795832d4-77ce-4ff3-b85a-874b6516d2e5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"71869a5c-4909-4bb6-93f1-50f6363a92ea\"},\"panelIndex\":\"71869a5c-4909-4bb6-93f1-50f6363a92ea\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"45481350-067e-4bc7-a0db-240ad6c516f2\"},\"panelIndex\":\"45481350-067e-4bc7-a0db-240ad6c516f2\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"0e1ff95c-9558-40a8-832c-252775d3ab66\"},\"panelIndex\":\"0e1ff95c-9558-40a8-832c-252775d3ab66\",\"embeddableConfig\":{\"title\":\"Client AS (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Client AS (bits/s)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"a1830171-dbb4-4f16-8b23-e696deb9ad33\"},\"panelIndex\":\"a1830171-dbb4-4f16-8b23-e696deb9ad33\",\"embeddableConfig\":{\"title\":\"Server AS (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Server AS (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"f3d55c3c-d3c8-4547-a73d-ab00daabc4b7\"},\"panelIndex\":\"f3d55c3c-d3c8-4547-a73d-ab00daabc4b7\",\"embeddableConfig\":{\"title\":\"Client AS (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Client AS (pkts/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"e49ac83e-d47c-4cdd-b5c7-93fb11802cb0\"},\"panelIndex\":\"e49ac83e-d47c-4cdd-b5c7-93fb11802cb0\",\"embeddableConfig\":{\"title\":\"Server AS (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Server AS (pkts/s)\",\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: AS Traffic (client/server)","version":1},"id":"5f59d990-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c26cacd0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"b88b3260-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"75c9b970-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"ba9c2700-3ec4-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"0b02ed40-3ec6-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"a6596d10-3ec5-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"254d4600-3ec6-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:17:44.849Z","version":"WzIyMTQwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Threats (DDoS Flood) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (DDoS Flood) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"5fc57d50-c487-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T11:03:44.805Z","version":"WzE5OTE0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"60986660-3ee7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIzNiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NTP Server Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"sigma\":\"\",\"id\":\"5a51ba40-9b2a-11ec-8947-5dbcd3cabfb0\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (NOT flow.dst.l4.port.id: 123) AND flow.src.l4.port.id: 123 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"}}}"},"id":"6175d650-9d80-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:07:41.228Z","version":"WzYxMDgsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Core Services (DNS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (DNS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**DNS**](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"7e85d890-9b2c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T18:12:51.241Z","version":"WzE2NDA0LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: DNS Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.dst.l4.port.id: 53 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"ca205110-9b2a-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T14:29:19.910Z","version":"WzEyNjAyLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: DNS Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 53 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"e79c88d0-9b2a-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T14:29:42.200Z","version":"WzEyNjI5LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: DNS Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 53\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 53\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"}}}"},"id":"dbe6ab40-9b27-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T17:42:10.867Z","version":"WzUwMDIsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DNS Requests by Name Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Name Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"80ca51b0-9b29-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-03-03T21:19:04.711Z","version":"WzIwNjMsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DNS Responses by Name Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Name Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ab2732c0-9b29-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-03-03T21:18:43.210Z","version":"WzIwNjAsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DNS Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"cf7cdb70-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T11:58:09.505Z","version":"WzEwMDg5LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DNS Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"bd189af0-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T11:58:33.187Z","version":"WzEwMTE0LDdd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"b08a00c5-dae4-4f27-8f9f-0fe2c6080f8d\"},\"panelIndex\":\"b08a00c5-dae4-4f27-8f9f-0fe2c6080f8d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"6614e2b7-ce1e-40fd-958b-094b3cd9572f\"},\"panelIndex\":\"6614e2b7-ce1e-40fd-958b-094b3cd9572f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"5ee2723a-170e-41b6-818a-d23a29fd5082\"},\"panelIndex\":\"5ee2723a-170e-41b6-818a-d23a29fd5082\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"afda2a55-86f5-4642-bcde-47d248c5155c\"},\"panelIndex\":\"afda2a55-86f5-4642-bcde-47d248c5155c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"252429da-55ed-48c2-a568-5293a497eaeb\"},\"panelIndex\":\"252429da-55ed-48c2-a568-5293a497eaeb\",\"embeddableConfig\":{\"title\":\"Requests by Name Server\",\"hidePanelTitles\":true},\"title\":\"Requests by Name Server\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"cd07cac6-2abd-476e-938f-5fa3e4a008b8\"},\"panelIndex\":\"cd07cac6-2abd-476e-938f-5fa3e4a008b8\",\"embeddableConfig\":{\"title\":\"Responses by Name Server\",\"hidePanelTitles\":true},\"title\":\"Responses by Name Server\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"591e0df2-b5c2-429b-842a-4f1fbb1063a5\"},\"panelIndex\":\"591e0df2-b5c2-429b-842a-4f1fbb1063a5\",\"embeddableConfig\":{\"title\":\"Requests by Name Server\",\"hidePanelTitles\":true},\"title\":\"Requests by Name Server\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"29aeb812-da8d-452e-82e2-eb19b5bfc090\"},\"panelIndex\":\"29aeb812-da8d-452e-82e2-eb19b5bfc090\",\"embeddableConfig\":{\"title\":\"Responses by Name Server\",\"hidePanelTitles\":true},\"title\":\"Responses by Name Server\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"1dbfe416-99b6-4767-9820-63f88aedd795\"},\"panelIndex\":\"1dbfe416-99b6-4767-9820-63f88aedd795\",\"embeddableConfig\":{\"title\":\"Requests by Client\",\"hidePanelTitles\":true},\"title\":\"Requests by Client\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"38d80d14-ea45-40d6-9090-5c2c3f941d25\"},\"panelIndex\":\"38d80d14-ea45-40d6-9090-5c2c3f941d25\",\"embeddableConfig\":{\"title\":\"Responses by Client\",\"hidePanelTitles\":true},\"title\":\"Responses by Client\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"3122c7d9-47d5-4c38-ac00-76dd19e5875b\"},\"panelIndex\":\"3122c7d9-47d5-4c38-ac00-76dd19e5875b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"ElastiFlow: Core Services (DNS)","version":1},"id":"61bf2aa0-9b2b-11ec-a4df-e940aaa4214d","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"7e85d890-9b2c-11ec-a4df-e940aaa4214d","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"ca205110-9b2a-11ec-a4df-e940aaa4214d","name":"panel_3","type":"visualization"},{"id":"e79c88d0-9b2a-11ec-a4df-e940aaa4214d","name":"panel_4","type":"visualization"},{"id":"dbe6ab40-9b27-11ec-a4df-e940aaa4214d","name":"panel_5","type":"visualization"},{"id":"80ca51b0-9b29-11ec-a4df-e940aaa4214d","name":"panel_6","type":"visualization"},{"id":"ab2732c0-9b29-11ec-a4df-e940aaa4214d","name":"panel_7","type":"visualization"},{"id":"32e2fba0-9b2e-11ec-a4df-e940aaa4214d","name":"panel_8","type":"visualization"},{"id":"5585dd80-9b2e-11ec-a4df-e940aaa4214d","name":"panel_9","type":"visualization"},{"id":"cf7cdb70-9b2e-11ec-a4df-e940aaa4214d","name":"panel_10","type":"visualization"},{"id":"bd189af0-9b2e-11ec-a4df-e940aaa4214d","name":"panel_11","type":"visualization"},{"id":"3d134760-c301-11ec-aaf3-5b4644130c7f","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:21:25.360Z","version":"WzIyMTU3LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Locality Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Locality Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.locality\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Localities\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"62b4fa40-3ee6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIzNywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: DHCP Relayed (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Relayed (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"relayed\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 67 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"62e79640-c305-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T14:31:02.810Z","version":"WzEyNzM0LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sessions (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"64cdd2a0-c3da-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T14:32:43.470Z","version":"WzE4MTIwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/IP Version (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/IP Version (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"ip.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.version.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"65671460-3f06-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIzOCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: DHCP Broadcast (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Broadcast (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcast\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND flow.dst.ip.addr: 255.255.255.255 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"682aeb00-c4c4-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T18:20:38.192Z","version":"WzIzODU1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"69e3dfa0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzIzOSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Brute Force Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"6a4b9320-c33a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T20:50:41.658Z","version":"WzE3MTc3LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: ICMP Destinations from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Destinations from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: (\\\"ICMP\\\" OR \\\"IPv6-ICMP\\\") AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Destinations (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.dst.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"6c8e1ee0-c494-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T12:37:28.261Z","version":"WzIxMDI3LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Egress Interface (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Egress Interface (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.out.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.out.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"6d062540-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI0MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Conversations - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Conversations - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.conversation.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Conversation ID\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"6dd43c00-3e0b-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI0MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: RADIUS AUTH Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.src.l4.port.id: 1812 OR flow.src.l4.port.id: 1645) AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"6e4ded9e-1233-42f1-9b51-158686c49239","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T16:41:21.034Z","version":"WzE0NDM1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Country Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Country Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"geo.country.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Countries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"6e5949e0-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI0MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"6e94d950-c3ad-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T09:03:39.364Z","version":"WzE3Njc1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Exporters","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [**Exporters**](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"dc9329e0-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:50:22.173Z","version":"WzY4ODMsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Egress Interface (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Egress Interface (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ae5c02d0-6d7c-11eb-804b-4d51b964b0de\",\"type\":\"math\",\"variables\":[{\"id\":\"affb5af0-6d7c-11eb-804b-4d51b964b0de\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"b5cbd9a0-6d7c-11eb-804b-4d51b964b0de\",\"type\":\"math\",\"variables\":[{\"id\":\"b77013c0-6d7c-11eb-804b-4d51b964b0de\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.out.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.out.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"83d86e40-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI0NCwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"3b89a511-d238-4675-ad12-6bdd27bf2e51\"},\"panelIndex\":\"3b89a511-d238-4675-ad12-6bdd27bf2e51\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"2230b4c2-b6b5-4f9e-a774-ffdc201558fe\"},\"panelIndex\":\"2230b4c2-b6b5-4f9e-a774-ffdc201558fe\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"f742042f-bf18-44c3-b27d-18dad55ca878\"},\"panelIndex\":\"f742042f-bf18-44c3-b27d-18dad55ca878\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":39,\"h\":5,\"i\":\"d51bc79c-a8cf-4efd-87c2-19c277ddcda8\"},\"panelIndex\":\"d51bc79c-a8cf-4efd-87c2-19c277ddcda8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":39,\"y\":4,\"w\":9,\"h\":5,\"i\":\"9444adf6-cb19-41f1-af5b-73f125f73483\"},\"panelIndex\":\"9444adf6-cb19-41f1-af5b-73f125f73483\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"dec2e2c1-77cf-4615-829b-c2f033132bf7\"},\"panelIndex\":\"dec2e2c1-77cf-4615-829b-c2f033132bf7\",\"embeddableConfig\":{\"title\":\"Ingress Interface (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Ingress Interface (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"d08f185d-1c41-4ae0-9a0e-942338220b72\"},\"panelIndex\":\"d08f185d-1c41-4ae0-9a0e-942338220b72\",\"embeddableConfig\":{\"title\":\"Egress Interface (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Egress Interface (bits/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"b2e7f7c4-6dce-4389-8820-f6425ea1642c\"},\"panelIndex\":\"b2e7f7c4-6dce-4389-8820-f6425ea1642c\",\"embeddableConfig\":{\"title\":\"Ingress Interface (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Ingress Interface (pkts/s)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"bd341ed5-7d9e-4ed9-81aa-d15b44e01b66\"},\"panelIndex\":\"bd341ed5-7d9e-4ed9-81aa-d15b44e01b66\",\"embeddableConfig\":{\"title\":\"Egress Interface (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Egress Interface (pkts/s)\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastiFlow: Flow Exporters (traffic)","version":1},"id":"6fa91cc0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"dc9329e0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"5d7289b0-3d44-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"292d9620-3d55-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"37725340-3ec9-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"6d062540-3ec9-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"4efdda20-3ec9-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"83d86e40-3ec9-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:17:57.912Z","version":"WzIyMTQxLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Brute Force Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"70739240-c49b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T13:27:22.724Z","version":"WzIyMjE2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Locality (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Locality (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.locality\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.locality : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"70c95380-3ee4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI0NiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Exporters (metrics)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters (metrics)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Traffic](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [**Metrics**](#/dashboard/ac3e8880-3d41-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"722d6460-3d44-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:50:53.082Z","version":"WzY4ODcsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Server Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"7354bd70-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI0OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: VLANs (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"73788aa0-3f08-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI0OSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/VLAN (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/VLAN (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"vlan.tag.id\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"vlan.tag.id: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"73b22db0-3f07-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI1MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"7406a000-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI1MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Client Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.client.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Clients\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI1MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DHCP Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"76e6b920-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:12:28.694Z","version":"WzExNjE1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"At-Risk Servers\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.client.sec.threat.name\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.client.sec.threat.name\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: At-Risk Servers (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: At-Risk Servers (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"At-Risk Servers\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.ip.addr\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7734beb0-75c3-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI1MywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/TCP Option (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Option (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"tcp.options.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.options.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"783f9db0-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI1NCwyXQ=="}
{"attributes":{"columns":["flow.community.id","flow.export.host.name","flow.src.host.name","flow.src.l4.port.name","flow.dst.host.name","flow.dst.l4.port.name","flow.bytes","flow.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.src.ip.addr\"}},{\"exists\":{\"field\":\"flow.dst.ip.addr\"}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.src.ip.addr\\\"}},{\\\"exists\\\":{\\\"field\\\":\\\"flow.dst.ip.addr\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"ElastiFlow: Flow Records (src/dst) - search","version":1},"id":"78b035a0-3f11-11eb-bc2c-c5758316d788","migrationVersion":{"search":"7.9.3"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2022-04-23T18:29:58.689Z","version":"WzE2NjY2LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Source\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7a32e220-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:25:37.973Z","version":"WzE4MzExLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DHCP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":67}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":67}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":67}},{\"match_phrase\":{\"flow.dst.l4.port.id\":67}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DHCP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Msg\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7c3745e0-c306-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:13:23.544Z","version":"WzExNjc1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Traffic Details","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [**Traffic Details**](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:51:02.277Z","version":"WzY4ODksM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Server Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Servers\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"97c2bfb0-3e5f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI1NywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Client (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.client.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.host.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"d80358b0-3edb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI1OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Server (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.host.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"f3fc4470-3ede-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI1OSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Client (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"cd523060-6d7c-11eb-b746-f1522e0dab3a\",\"type\":\"math\",\"variables\":[{\"id\":\"cf0ead70-6d7c-11eb-b746-f1522e0dab3a\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"d971ac90-6d7c-11eb-b746-f1522e0dab3a\",\"type\":\"math\",\"variables\":[{\"id\":\"db2cf120-6d7c-11eb-b746-f1522e0dab3a\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Clients\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.client.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"f15aed00-3edb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI2MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Services (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"a79c8dd0-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI2MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Applications (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"app.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"cc173cf0-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI2MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Service (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Service (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.l4.port.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"8298f1f0-3ee0-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI2MywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Application (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Application (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"app.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"app.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"e87e7f20-3ee1-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI2NCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Service (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Service (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"e49340c0-6d7c-11eb-b9b4-13da79d84f81\",\"type\":\"math\",\"variables\":[{\"id\":\"e6425050-6d7c-11eb-b9b4-13da79d84f81\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ece8e3b0-6d7c-11eb-b9b4-13da79d84f81\",\"type\":\"math\",\"variables\":[{\"id\":\"ef8e3a20-6d7c-11eb-b9b4-13da79d84f81\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Services\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.l4.port.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"c1cd0f50-3ee0-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI2NSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Application (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Application (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"15a3fba0-6d7d-11eb-84f7-77c8f6afc5bb\",\"type\":\"math\",\"variables\":[{\"id\":\"177ba1d0-6d7d-11eb-84f7-77c8f6afc5bb\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"22c50950-6d7d-11eb-84f7-77c8f6afc5bb\",\"type\":\"math\",\"variables\":[{\"id\":\"245ee330-6d7d-11eb-84f7-77c8f6afc5bb\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Applications\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"app.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"app.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"ff906930-3ee1-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI2NiwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"cf1bd77b-1f5f-4fd2-bdec-4a4f86b2cbf5\"},\"panelIndex\":\"cf1bd77b-1f5f-4fd2-bdec-4a4f86b2cbf5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"25faea81-ab1f-41e5-acb9-6106d4cc0aa4\"},\"panelIndex\":\"25faea81-ab1f-41e5-acb9-6106d4cc0aa4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"98b7b546-bcd1-4f6a-ae72-5537acf3b95e\"},\"panelIndex\":\"98b7b546-bcd1-4f6a-ae72-5537acf3b95e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d3b1d5d8-42b4-4ce3-b869-9cf9b9339e86\"},\"panelIndex\":\"d3b1d5d8-42b4-4ce3-b869-9cf9b9339e86\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"72a017dd-f8eb-4626-acec-90c12df7f147\"},\"panelIndex\":\"72a017dd-f8eb-4626-acec-90c12df7f147\",\"embeddableConfig\":{\"title\":\"Clients (flow records)\",\"hidePanelTitles\":false},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"30822c3b-040f-49e1-a798-4de5eb0c3d5f\"},\"panelIndex\":\"30822c3b-040f-49e1-a798-4de5eb0c3d5f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"d85d8052-38bd-42e0-a2bc-7994cc898e97\"},\"panelIndex\":\"d85d8052-38bd-42e0-a2bc-7994cc898e97\",\"embeddableConfig\":{\"title\":\"Servers (flow records)\",\"hidePanelTitles\":false},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"b7916a81-f14e-4151-988e-03fe34367bf7\"},\"panelIndex\":\"b7916a81-f14e-4151-988e-03fe34367bf7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"f51e7b87-62a2-494f-989e-589ed7aaa2fb\"},\"panelIndex\":\"f51e7b87-62a2-494f-989e-589ed7aaa2fb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"43312a94-47b7-44fb-aee1-a7d602d108a4\"},\"panelIndex\":\"43312a94-47b7-44fb-aee1-a7d602d108a4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"816e3e43-6b65-4eaf-91c6-7073ce905be7\"},\"panelIndex\":\"816e3e43-6b65-4eaf-91c6-7073ce905be7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"c4771e88-2c13-4d6e-a7bf-f63f430a0d54\"},\"panelIndex\":\"c4771e88-2c13-4d6e-a7bf-f63f430a0d54\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":13,\"i\":\"c86d248a-9b29-4a1b-9904-5139da8f954b\"},\"panelIndex\":\"c86d248a-9b29-4a1b-9904-5139da8f954b\",\"embeddableConfig\":{\"title\":\"Clients (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Clients (bits/s)\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":13,\"i\":\"95073fd6-49e8-4196-a2cb-d9dedffc5f09\"},\"panelIndex\":\"95073fd6-49e8-4196-a2cb-d9dedffc5f09\",\"embeddableConfig\":{\"title\":\"Servers (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Servers (bits/s)\",\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":33,\"w\":24,\"h\":14,\"i\":\"17cd868a-a8f9-4f6d-bbf0-d825a7e9aed0\"},\"panelIndex\":\"17cd868a-a8f9-4f6d-bbf0-d825a7e9aed0\",\"embeddableConfig\":{\"title\":\"Clients (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Clients (pkts/s)\",\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":33,\"w\":24,\"h\":14,\"i\":\"52665f63-634d-4f71-8af3-3fa78fd69805\"},\"panelIndex\":\"52665f63-634d-4f71-8af3-3fa78fd69805\",\"embeddableConfig\":{\"title\":\"Servers (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Servers (pkts/s)\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":12,\"h\":11,\"i\":\"01abaf50-4385-4162-99a9-19098a7a2eb7\"},\"panelIndex\":\"01abaf50-4385-4162-99a9-19098a7a2eb7\",\"embeddableConfig\":{\"title\":\"Services (flow records)\",\"hidePanelTitles\":false},\"title\":\"Services (flow records)\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":47,\"w\":12,\"h\":2,\"i\":\"a4d025c1-8e8c-41b3-9914-d30dbfd9c4eb\"},\"panelIndex\":\"a4d025c1-8e8c-41b3-9914-d30dbfd9c4eb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_17\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":47,\"w\":12,\"h\":11,\"i\":\"7c5e07d4-34a2-4023-8f5a-10836add48f0\"},\"panelIndex\":\"7c5e07d4-34a2-4023-8f5a-10836add48f0\",\"embeddableConfig\":{\"title\":\"Applications (flow records)\",\"hidePanelTitles\":false},\"title\":\"Applications (flow records)\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":47,\"w\":12,\"h\":2,\"i\":\"216341be-b759-42f1-9771-8af90aff5d7b\"},\"panelIndex\":\"216341be-b759-42f1-9771-8af90aff5d7b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_19\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":49,\"w\":12,\"h\":7,\"i\":\"bff6ff26-0484-4c7d-9e4c-8a5719cdf602\"},\"panelIndex\":\"bff6ff26-0484-4c7d-9e4c-8a5719cdf602\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_20\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":49,\"w\":12,\"h\":7,\"i\":\"6b050ffa-0e33-4b71-bec2-ade9c902c756\"},\"panelIndex\":\"6b050ffa-0e33-4b71-bec2-ade9c902c756\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_21\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":56,\"w\":12,\"h\":2,\"i\":\"6dfa17fa-42e9-4c82-a657-b8fe5aa806cc\"},\"panelIndex\":\"6dfa17fa-42e9-4c82-a657-b8fe5aa806cc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_22\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":56,\"w\":12,\"h\":2,\"i\":\"4a61399d-0303-4406-9546-148dda9ad8db\"},\"panelIndex\":\"4a61399d-0303-4406-9546-148dda9ad8db\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":14,\"i\":\"36a5f34b-93a1-4b1d-b997-71a644c1eaae\"},\"panelIndex\":\"36a5f34b-93a1-4b1d-b997-71a644c1eaae\",\"embeddableConfig\":{\"title\":\"Services (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_24\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":14,\"i\":\"165535c1-1b24-4dd3-a572-3b7572ccd1dc\"},\"panelIndex\":\"165535c1-1b24-4dd3-a572-3b7572ccd1dc\",\"embeddableConfig\":{\"title\":\"Applications (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Applications (bits/s)\",\"panelRefName\":\"panel_25\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":72,\"w\":24,\"h\":14,\"i\":\"869b0795-1565-4c62-847d-9c9ee627f8f9\"},\"panelIndex\":\"869b0795-1565-4c62-847d-9c9ee627f8f9\",\"embeddableConfig\":{\"title\":\"Services (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Services (pkts/s)\",\"panelRefName\":\"panel_26\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":72,\"w\":24,\"h\":14,\"i\":\"1a126c02-f0fc-4278-9e27-cc285e3eb8f5\"},\"panelIndex\":\"1a126c02-f0fc-4278-9e27-cc285e3eb8f5\",\"embeddableConfig\":{\"title\":\"Applications (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Applications (pkts/s)\",\"panelRefName\":\"panel_27\"}]","timeRestore":false,"title":"ElastiFlow: Traffic Details (types)","version":1},"id":"7dfba590-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"228552e0-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"39259170-3edd-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"0b230740-3d38-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"21b512f0-3d38-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"97c2bfb0-3e5f-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_11","type":"visualization"},{"id":"d80358b0-3edb-11eb-bc2c-c5758316d788","name":"panel_12","type":"visualization"},{"id":"f3fc4470-3ede-11eb-bc2c-c5758316d788","name":"panel_13","type":"visualization"},{"id":"f15aed00-3edb-11eb-bc2c-c5758316d788","name":"panel_14","type":"visualization"},{"id":"086359d0-3edf-11eb-bc2c-c5758316d788","name":"panel_15","type":"visualization"},{"id":"a79c8dd0-3d38-11eb-bc2c-c5758316d788","name":"panel_16","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_17","type":"visualization"},{"id":"cc173cf0-3d38-11eb-bc2c-c5758316d788","name":"panel_18","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_19","type":"visualization"},{"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","name":"panel_20","type":"visualization"},{"id":"2f9ed3e0-3e61-11eb-bc2c-c5758316d788","name":"panel_21","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_22","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_23","type":"visualization"},{"id":"8298f1f0-3ee0-11eb-bc2c-c5758316d788","name":"panel_24","type":"visualization"},{"id":"e87e7f20-3ee1-11eb-bc2c-c5758316d788","name":"panel_25","type":"visualization"},{"id":"c1cd0f50-3ee0-11eb-bc2c-c5758316d788","name":"panel_26","type":"visualization"},{"id":"ff906930-3ee1-11eb-bc2c-c5758316d788","name":"panel_27","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:18:14.834Z","version":"WzIyMTQyLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: NTP Symmetric Messages by src/dst - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Symmetric Messages by src/dst - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Sym\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7e20b120-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:22:16.488Z","version":"WzExOTk0LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Clients (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"81a877e0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI2OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations and Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"83029b10-3d31-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Observed Traffic (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"33802db0-6d7d-11eb-b273-0b659d100ef7\",\"type\":\"math\",\"variables\":[{\"id\":\"3544c110-6d7d-11eb-b273-0b659d100ef7\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"3b474c40-6d7d-11eb-b273-0b659d100ef7\",\"type\":\"math\",\"variables\":[{\"id\":\"3ced8230-6d7d-11eb-b273-0b659d100ef7\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Exporters\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.export.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.export.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"831f5010-3ecc-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Sources (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"850fe610-c467-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T11:42:44.421Z","version":"WzIwNDY1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Accessed Ports from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Accessed Ports from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"flow.client.as.org: \\\"PRIVATE\\\" AND flow.server.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Accessed Ports (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"851359f0-c492-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T12:25:18.667Z","version":"WzIwODgyLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Average Throughput (bits/s) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Average Throughput (bits/s) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"},{\"sigma\":\"\",\"id\":\"568d8d10-3e5d-11eb-83e8-ef8dac1c189d\",\"type\":\"avg_bucket\",\"field\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Avg. Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"\",\"index_pattern\":\"\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"49b0db60-3e5d-11eb-83e8-ef8dac1c189d\"}]}}"},"id":"86111840-3e5d-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: VLAN/DSCP/TCP Flags/TCP Options - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN/DSCP/TCP Flags/TCP Options - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"vlan.tag.id\",\"parent\":\"\",\"label\":\"VLANs\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"ip.dscp.name\",\"parent\":\"\",\"label\":\"DSCP\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"tcp.flags.tags\",\"parent\":\"\",\"label\":\"TCP Flags\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":16,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"tcp.options.tags\",\"parent\":\"\",\"label\":\"TCP Options\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":64,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"dc1d7e90-3f0c-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3NSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: IP Versions (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"ip.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ac03b590-3f06-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3MywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Version Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"ip.version.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"IP Versions\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"ef4b4a40-3f04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3NCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/IP Version (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/IP Version (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"4a631880-6d7d-11eb-958e-eb77245e53fe\",\"type\":\"math\",\"variables\":[{\"id\":\"4bfacf80-6d7d-11eb-958e-eb77245e53fe\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"51a43e30-6d7d-11eb-958e-eb77245e53fe\",\"type\":\"math\",\"variables\":[{\"id\":\"5b33c0b0-6d7d-11eb-958e-eb77245e53fe\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top IP Versions\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"ip.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.version.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"939c9bc0-3f06-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3NiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DSCP (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DSCP (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.ip.dscp.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP DSCP\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"9e42d670-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3NywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Flags (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.flags.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flags\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d1ec1680-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: TCP Option Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Option Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"tcp.options.tags\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"TCP Options\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"a1902790-3ef9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI3OSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/TCP Flag (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Flag (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"tcp.flags.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.flags.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"d78cbdc0-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI4MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/TCP Flag (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Flag (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"6b43b0f0-6d7d-11eb-8a07-3582e3771955\",\"type\":\"math\",\"variables\":[{\"id\":\"6d1d2be0-6d7d-11eb-8a07-3582e3771955\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"725bcad0-6d7d-11eb-8a07-3582e3771955\",\"type\":\"math\",\"variables\":[{\"id\":\"73fafbe0-6d7d-11eb-8a07-3582e3771955\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top TCP Flags\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"tcp.flags.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.flags.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"ee1c7f80-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI4MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/TCP Option (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Option (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"86fd7830-6d7d-11eb-a5ea-e3d4da0e8add\",\"type\":\"math\",\"variables\":[{\"id\":\"8873eb90-6d7d-11eb-a5ea-e3d4da0e8add\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"8e83e440-6d7d-11eb-a5ea-e3d4da0e8add\",\"type\":\"math\",\"variables\":[{\"id\":\"8ffffcf0-6d7d-11eb-a5ea-e3d4da0e8add\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top TCP Options\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"tcp.options.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.options.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"a2ae5910-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI4MiwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"393f1115-ef32-4968-a3e6-562da545bacc\"},\"panelIndex\":\"393f1115-ef32-4968-a3e6-562da545bacc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"ad61a61c-ef89-4232-ada0-ed7964de301c\"},\"panelIndex\":\"ad61a61c-ef89-4232-ada0-ed7964de301c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"1b77ffee-ee57-41ff-9d76-857bbb1c9213\"},\"panelIndex\":\"1b77ffee-ee57-41ff-9d76-857bbb1c9213\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"a199aa42-40cd-494b-b7ed-b341b187bff0\"},\"panelIndex\":\"a199aa42-40cd-494b-b7ed-b341b187bff0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"a28e4934-58a7-4bc5-96c9-e48d10007eea\"},\"panelIndex\":\"a28e4934-58a7-4bc5-96c9-e48d10007eea\",\"embeddableConfig\":{\"title\":\"IP Versions (flow records)\",\"hidePanelTitles\":false},\"title\":\"IP Versions (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"863403c9-a5f9-4df0-9a57-78fbf42d2b79\"},\"panelIndex\":\"863403c9-a5f9-4df0-9a57-78fbf42d2b79\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"6407bdf5-6fd2-4b7d-bc26-edb806e56815\"},\"panelIndex\":\"6407bdf5-6fd2-4b7d-bc26-edb806e56815\",\"embeddableConfig\":{\"title\":\"Layer-4 Protocols (flow records)\",\"hidePanelTitles\":false},\"title\":\"Layer-4 Protocols (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"86f2c4eb-dfdb-48d4-86ce-62b95c7b7257\"},\"panelIndex\":\"86f2c4eb-dfdb-48d4-86ce-62b95c7b7257\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"9f1233b9-7928-4ffd-a00d-8912afcd9fb7\"},\"panelIndex\":\"9f1233b9-7928-4ffd-a00d-8912afcd9fb7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"35dc4060-0a72-4200-9c94-0fbf155d4464\"},\"panelIndex\":\"35dc4060-0a72-4200-9c94-0fbf155d4464\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"26d45398-7bd0-4510-899e-8955f2cb82b0\"},\"panelIndex\":\"26d45398-7bd0-4510-899e-8955f2cb82b0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"080f02e3-1cfa-4d0a-a47c-06722b44815b\"},\"panelIndex\":\"080f02e3-1cfa-4d0a-a47c-06722b44815b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":14,\"i\":\"84fe0e59-8f70-4f1f-bfc2-73efe894ebd4\"},\"panelIndex\":\"84fe0e59-8f70-4f1f-bfc2-73efe894ebd4\",\"embeddableConfig\":{\"title\":\"IP Versions (bits/s)\",\"hidePanelTitles\":false},\"title\":\"IP Versions (bits/s)\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":14,\"i\":\"407c4390-1043-490b-9038-0fd5746973f3\"},\"panelIndex\":\"407c4390-1043-490b-9038-0fd5746973f3\",\"embeddableConfig\":{\"title\":\"Layer-4 Protocols (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Layer-4 Protocols (bits/s)\",\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":24,\"h\":14,\"i\":\"f39fbfb5-7e36-4fcc-9ae8-2b4901e2c9cb\"},\"panelIndex\":\"f39fbfb5-7e36-4fcc-9ae8-2b4901e2c9cb\",\"embeddableConfig\":{\"title\":\"IP Versions (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"IP Versions (pkts/s)\",\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":34,\"w\":24,\"h\":14,\"i\":\"af9cd893-0b4c-4d1c-ac5b-e2440a5e5c0c\"},\"panelIndex\":\"af9cd893-0b4c-4d1c-ac5b-e2440a5e5c0c\",\"embeddableConfig\":{\"title\":\"Layer-4 Protocols (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Layer-4 Protocols (pkts/s)\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":12,\"h\":11,\"i\":\"e3798eaf-2522-4051-be34-39f4d1de9cea\"},\"panelIndex\":\"e3798eaf-2522-4051-be34-39f4d1de9cea\",\"embeddableConfig\":{\"title\":\"VLANs (flow records)\",\"hidePanelTitles\":false},\"title\":\"VLANs (flow records)\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":48,\"w\":12,\"h\":2,\"i\":\"705a44ce-0978-415a-b5e9-b61e3c05e9ff\"},\"panelIndex\":\"705a44ce-0978-415a-b5e9-b61e3c05e9ff\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_17\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":48,\"w\":12,\"h\":11,\"i\":\"860ab4a2-1332-4660-af89-1d99af9a3ccc\"},\"panelIndex\":\"860ab4a2-1332-4660-af89-1d99af9a3ccc\",\"embeddableConfig\":{\"title\":\"DSCP (flow records)\",\"hidePanelTitles\":false},\"title\":\"DSCP (flow records)\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":2,\"i\":\"6d10d399-b5f8-420d-9dbc-8f4cfa435949\"},\"panelIndex\":\"6d10d399-b5f8-420d-9dbc-8f4cfa435949\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_19\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":7,\"i\":\"0d095856-8615-46fd-9f15-6f418420f8b6\"},\"panelIndex\":\"0d095856-8615-46fd-9f15-6f418420f8b6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_20\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":50,\"w\":12,\"h\":7,\"i\":\"7f03b90a-3697-472b-bbe2-b0a0631843f2\"},\"panelIndex\":\"7f03b90a-3697-472b-bbe2-b0a0631843f2\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_21\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":57,\"w\":12,\"h\":2,\"i\":\"c07981ba-bd27-4d1a-867b-e969270bc33b\"},\"panelIndex\":\"c07981ba-bd27-4d1a-867b-e969270bc33b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_22\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":57,\"w\":12,\"h\":2,\"i\":\"504befc1-a66f-433f-b3fc-3c40f3247bfe\"},\"panelIndex\":\"504befc1-a66f-433f-b3fc-3c40f3247bfe\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":59,\"w\":24,\"h\":14,\"i\":\"1efdeaa7-d480-4e9f-8a86-8ae23526bf47\"},\"panelIndex\":\"1efdeaa7-d480-4e9f-8a86-8ae23526bf47\",\"embeddableConfig\":{},\"panelRefName\":\"panel_24\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":59,\"w\":24,\"h\":14,\"i\":\"5f6dce0b-482c-45bd-8b91-7acb9ba74a59\"},\"panelIndex\":\"5f6dce0b-482c-45bd-8b91-7acb9ba74a59\",\"embeddableConfig\":{\"title\":\"DSCP (bits/s)\",\"hidePanelTitles\":false},\"title\":\"DSCP (bits/s)\",\"panelRefName\":\"panel_25\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":14,\"i\":\"a9c91ab2-f565-4cec-8899-20d4c552fb89\"},\"panelIndex\":\"a9c91ab2-f565-4cec-8899-20d4c552fb89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_26\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":14,\"i\":\"066f5801-1ce9-4e4b-9bd2-7641e557df2a\"},\"panelIndex\":\"066f5801-1ce9-4e4b-9bd2-7641e557df2a\",\"embeddableConfig\":{\"title\":\"DSCP (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"DSCP (pkts/s)\",\"panelRefName\":\"panel_27\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":87,\"w\":12,\"h\":11,\"i\":\"a5dcd4c3-993f-41d6-b857-78cbc4b59776\"},\"panelIndex\":\"a5dcd4c3-993f-41d6-b857-78cbc4b59776\",\"embeddableConfig\":{\"title\":\"TCP Flags (flow records)\",\"hidePanelTitles\":false},\"title\":\"TCP Flags (flow records)\",\"panelRefName\":\"panel_28\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":87,\"w\":12,\"h\":2,\"i\":\"18794abf-400e-4052-81d3-9436757c1982\"},\"panelIndex\":\"18794abf-400e-4052-81d3-9436757c1982\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_29\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":87,\"w\":12,\"h\":11,\"i\":\"d28d422b-7358-4d8f-bd87-934bcec94448\"},\"panelIndex\":\"d28d422b-7358-4d8f-bd87-934bcec94448\",\"embeddableConfig\":{\"title\":\"TCP Options (flow records)\",\"hidePanelTitles\":false},\"title\":\"TCP Options (flow records)\",\"panelRefName\":\"panel_30\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":87,\"w\":12,\"h\":2,\"i\":\"4181c6d3-e513-4962-86bd-f1e62454e4bd\"},\"panelIndex\":\"4181c6d3-e513-4962-86bd-f1e62454e4bd\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_31\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":89,\"w\":12,\"h\":7,\"i\":\"b9291dcb-81fd-46b0-aa64-569cd50aa35d\"},\"panelIndex\":\"b9291dcb-81fd-46b0-aa64-569cd50aa35d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_32\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":89,\"w\":12,\"h\":7,\"i\":\"b28f4f0b-4775-4e51-9d12-5fc42aafc7fa\"},\"panelIndex\":\"b28f4f0b-4775-4e51-9d12-5fc42aafc7fa\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_33\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":96,\"w\":12,\"h\":2,\"i\":\"4e907a92-1a5f-4539-b38f-c9dbdf9af3ee\"},\"panelIndex\":\"4e907a92-1a5f-4539-b38f-c9dbdf9af3ee\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_34\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":96,\"w\":12,\"h\":2,\"i\":\"60f8dc8c-c2ba-4167-a2b4-184848b2905a\"},\"panelIndex\":\"60f8dc8c-c2ba-4167-a2b4-184848b2905a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_35\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":98,\"w\":24,\"h\":15,\"i\":\"3ffc64a7-27df-43c2-9236-9fb190218530\"},\"panelIndex\":\"3ffc64a7-27df-43c2-9236-9fb190218530\",\"embeddableConfig\":{\"title\":\"TCP Flags (bits/s)\",\"hidePanelTitles\":false},\"title\":\"TCP Flags (bits/s)\",\"panelRefName\":\"panel_36\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":98,\"w\":24,\"h\":15,\"i\":\"050e6a29-61cd-4ebc-8ff5-e7a7e14f4616\"},\"panelIndex\":\"050e6a29-61cd-4ebc-8ff5-e7a7e14f4616\",\"embeddableConfig\":{\"title\":\"TCP Options (bits/s)\",\"hidePanelTitles\":false},\"title\":\"TCP Options (bits/s)\",\"panelRefName\":\"panel_37\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":113,\"w\":24,\"h\":15,\"i\":\"170f5488-e8dd-41ac-a4ea-d6f32431b014\"},\"panelIndex\":\"170f5488-e8dd-41ac-a4ea-d6f32431b014\",\"embeddableConfig\":{\"title\":\"TCP Flags (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"TCP Flags (pkts/s)\",\"panelRefName\":\"panel_38\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":113,\"w\":24,\"h\":15,\"i\":\"5bf02364-9fd1-4822-ab85-80e95f8a02f9\"},\"panelIndex\":\"5bf02364-9fd1-4822-ab85-80e95f8a02f9\",\"embeddableConfig\":{\"title\":\"TCP Options (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"TCP Options (pkts/s)\",\"panelRefName\":\"panel_39\"}]","timeRestore":false,"title":"ElastiFlow: Traffic Details (attributes)","version":1},"id":"8ae6d630-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"12658420-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"dc1d7e90-3f0c-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"ac03b590-3f06-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"5e7b8030-3eef-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"ef4b4a40-3f04-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"051bf440-3e61-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_11","type":"visualization"},{"id":"65671460-3f06-11eb-bc2c-c5758316d788","name":"panel_12","type":"visualization"},{"id":"20164b90-3eef-11eb-bc2c-c5758316d788","name":"panel_13","type":"visualization"},{"id":"939c9bc0-3f06-11eb-bc2c-c5758316d788","name":"panel_14","type":"visualization"},{"id":"49d0f930-3eef-11eb-bc2c-c5758316d788","name":"panel_15","type":"visualization"},{"id":"73788aa0-3f08-11eb-bc2c-c5758316d788","name":"panel_16","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_17","type":"visualization"},{"id":"9e42d670-3d3a-11eb-bc2c-c5758316d788","name":"panel_18","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_19","type":"visualization"},{"id":"3b7bf600-3f08-11eb-bc2c-c5758316d788","name":"panel_20","type":"visualization"},{"id":"302d17a0-3f05-11eb-bc2c-c5758316d788","name":"panel_21","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_22","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_23","type":"visualization"},{"id":"73b22db0-3f07-11eb-bc2c-c5758316d788","name":"panel_24","type":"visualization"},{"id":"276702d0-3f09-11eb-bc2c-c5758316d788","name":"panel_25","type":"visualization"},{"id":"07262240-3f08-11eb-bc2c-c5758316d788","name":"panel_26","type":"visualization"},{"id":"411346d0-3f09-11eb-bc2c-c5758316d788","name":"panel_27","type":"visualization"},{"id":"d1ec1680-3d3a-11eb-bc2c-c5758316d788","name":"panel_28","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_29","type":"visualization"},{"id":"0625de60-3f0a-11eb-bc2c-c5758316d788","name":"panel_30","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_31","type":"visualization"},{"id":"5f3b6940-3ef9-11eb-bc2c-c5758316d788","name":"panel_32","type":"visualization"},{"id":"a1902790-3ef9-11eb-bc2c-c5758316d788","name":"panel_33","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_34","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_35","type":"visualization"},{"id":"d78cbdc0-3f0a-11eb-bc2c-c5758316d788","name":"panel_36","type":"visualization"},{"id":"783f9db0-3f0a-11eb-bc2c-c5758316d788","name":"panel_37","type":"visualization"},{"id":"ee1c7f80-3f0a-11eb-bc2c-c5758316d788","name":"panel_38","type":"visualization"},{"id":"a2ae5910-3f0a-11eb-bc2c-c5758316d788","name":"panel_39","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:18:28.184Z","version":"WzIyMTQ1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Records/s (client/server) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Records/s (client/server) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"61c95a90-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"646736f0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"2b017560-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"2e9d39c0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Flow Types\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"filter\":{\"query\":\"flow.client.ip.addr: * AND flow.server.ip.addr: *\",\"language\":\"kuery\"}}}"},"id":"8b5fb750-3f0e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T21:26:50.356Z","version":"WzcxMjQsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: UDP Amplification Packets - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Packets - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND flow.src.l4.port.id: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"UDP Packets\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"8ba5fee0-c48c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T11:40:45.902Z","version":"WzIwNDI0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NTP Symmetric Messages (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Symmetric Messages (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"sigma\":\"\",\"id\":\"5a51ba40-9b2a-11ec-8947-5dbcd3cabfb0\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"symmetric\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 123 AND flow.dst.l4.port.id: 123 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"}}}"},"id":"8ff70cb0-9d80-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:06:43.835Z","version":"WzYwOTIsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Record Count (client/server) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (client/server) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"flow.client.ip.addr : * and flow.server.ip.addr : *\",\"language\":\"kuery\"}}}"},"id":"93fddf80-3f0f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T21:47:51.250Z","version":"WzcyNTksM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Source Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"94078f20-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI4NiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"9714b270-c3ac-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T08:57:37.815Z","version":"WzE3NjYyLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Traffic Details (locality)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (locality)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Attributes](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Types](#/dashboard/7dfba590-3d3f-11eb-bc2c-c5758316d788) | [**Locality**](#/dashboard/980f36e0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"9dcbb430-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:51:24.963Z","version":"WzY4OTMsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Locality/AS/Country/City - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Locality/AS/Country/City - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"as.label\",\"parent\":\"\",\"label\":\"Autonomous Sytem\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.client.geo.country.name\",\"parent\":\"\",\"label\":\"Country\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"geo.city.name\",\"parent\":\"\",\"label\":\"City\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"e7d026a0-3ef5-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI4OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Autonomous System Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous System Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"as.label\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ASNs\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"dc32a060-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI4OSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Autonomous System (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Autonomous System (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"b6645bd0-3ee7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI5MCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Locality (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Locality (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"b363e4e0-6d7d-11eb-86d7-3d446d41aad0\",\"type\":\"math\",\"variables\":[{\"id\":\"b54946b0-6d7d-11eb-86d7-3d446d41aad0\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ba6cbc80-6d7d-11eb-86d7-3d446d41aad0\",\"type\":\"math\",\"variables\":[{\"id\":\"bbec57a0-6d7d-11eb-86d7-3d446d41aad0\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Localities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.locality\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.locality: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"e74cd590-3ee4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI5MSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Autonomous System (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Autonomous System (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"cccc4210-6d7d-11eb-8988-b715baeca652\",\"type\":\"math\",\"variables\":[{\"id\":\"ce784460-6d7d-11eb-8988-b715baeca652\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"d41b4a70-6d7d-11eb-8988-b715baeca652\",\"type\":\"math\",\"variables\":[{\"id\":\"db8d9240-6d7d-11eb-8988-b715baeca652\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"b1201790-3ee7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI5MiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Country (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Country (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"geo.country.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.country.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"cbde1ce0-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI5MywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Throughput/Country (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Country (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"e8a57830-6d7d-11eb-abf4-7fd1b3abc67a\",\"type\":\"math\",\"variables\":[{\"id\":\"ea641820-6d7d-11eb-abf4-7fd1b3abc67a\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"f10a8470-6d7d-11eb-abf4-7fd1b3abc67a\",\"type\":\"math\",\"variables\":[{\"id\":\"f2b686c0-6d7d-11eb-abf4-7fd1b3abc67a\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Countries\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"geo.country.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.country.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"e32dd340-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI5NCwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"569196ba-289b-4b0a-a845-ee920ec18908\"},\"panelIndex\":\"569196ba-289b-4b0a-a845-ee920ec18908\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"a6bb99d4-7d90-484b-b26f-c178f6bc494b\"},\"panelIndex\":\"a6bb99d4-7d90-484b-b26f-c178f6bc494b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"2ce0b424-851e-4bfd-8f5d-05e27b396a12\"},\"panelIndex\":\"2ce0b424-851e-4bfd-8f5d-05e27b396a12\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d133ea55-74a7-4f8e-b218-d3b922584508\"},\"panelIndex\":\"d133ea55-74a7-4f8e-b218-d3b922584508\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"ce77fdd5-4300-43d3-bf8f-5bb2e3cbe757\"},\"panelIndex\":\"ce77fdd5-4300-43d3-bf8f-5bb2e3cbe757\",\"embeddableConfig\":{\"title\":\"Flow Locality (flow records)\",\"hidePanelTitles\":false},\"title\":\"Flow Locality (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"7bdd4b15-85bf-4c8f-882d-a9a6aee37f33\"},\"panelIndex\":\"7bdd4b15-85bf-4c8f-882d-a9a6aee37f33\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"6ba3a6f5-6cc3-44c4-939a-70a4ef5dea74\"},\"panelIndex\":\"6ba3a6f5-6cc3-44c4-939a-70a4ef5dea74\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (flow records)\",\"hidePanelTitles\":false},\"title\":\"Autonomous Systems (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"2cd94895-13d9-45a7-a6e4-9ac45e34ff96\"},\"panelIndex\":\"2cd94895-13d9-45a7-a6e4-9ac45e34ff96\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"fc540837-7f9e-4946-a0a7-7f923a2126e0\"},\"panelIndex\":\"fc540837-7f9e-4946-a0a7-7f923a2126e0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"4cea02be-a3e5-4c76-b4ab-8291896c6c05\"},\"panelIndex\":\"4cea02be-a3e5-4c76-b4ab-8291896c6c05\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"09e51220-3a50-44f0-ab10-8a3f9062bccf\"},\"panelIndex\":\"09e51220-3a50-44f0-ab10-8a3f9062bccf\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"e7a73648-56a5-4d07-863e-785d6af6abd8\"},\"panelIndex\":\"e7a73648-56a5-4d07-863e-785d6af6abd8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":14,\"i\":\"21996319-0357-44f1-a9bf-b69184464c0f\"},\"panelIndex\":\"21996319-0357-44f1-a9bf-b69184464c0f\",\"embeddableConfig\":{\"title\":\"Locality (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Locality (bits/s)\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":14,\"i\":\"d62a9eca-1c42-48c3-97b9-c6c0e2c450af\"},\"panelIndex\":\"d62a9eca-1c42-48c3-97b9-c6c0e2c450af\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":24,\"h\":14,\"i\":\"319fc540-b90d-4a29-acef-c6a7e131cf7e\"},\"panelIndex\":\"319fc540-b90d-4a29-acef-c6a7e131cf7e\",\"embeddableConfig\":{\"title\":\"Locality (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Locality (pkts/s)\",\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":34,\"w\":24,\"h\":14,\"i\":\"378c3507-9b56-4e4b-a7f3-aa3eafd62178\"},\"panelIndex\":\"378c3507-9b56-4e4b-a7f3-aa3eafd62178\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":12,\"h\":11,\"i\":\"5bd3f4d3-b400-4574-ac73-ded08fb99e6e\"},\"panelIndex\":\"5bd3f4d3-b400-4574-ac73-ded08fb99e6e\",\"embeddableConfig\":{\"title\":\"Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Countries (flow records)\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":48,\"w\":12,\"h\":2,\"i\":\"eeb60c25-55a2-4c14-be78-788861a0adb0\"},\"panelIndex\":\"eeb60c25-55a2-4c14-be78-788861a0adb0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_17\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":48,\"w\":12,\"h\":11,\"i\":\"f2ea5dc2-d79f-45dd-bca0-d3c1c6b9ad75\"},\"panelIndex\":\"f2ea5dc2-d79f-45dd-bca0-d3c1c6b9ad75\",\"embeddableConfig\":{\"title\":\"Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Cities (flow records)\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":2,\"i\":\"d6d0d266-1e45-4f4c-a112-581598a6ad4c\"},\"panelIndex\":\"d6d0d266-1e45-4f4c-a112-581598a6ad4c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_19\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":7,\"i\":\"c9e71e17-7ea3-4bd0-a191-28306d127a8e\"},\"panelIndex\":\"c9e71e17-7ea3-4bd0-a191-28306d127a8e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_20\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":50,\"w\":12,\"h\":7,\"i\":\"45b343c2-0fb0-473d-84f8-37a0a1474632\"},\"panelIndex\":\"45b343c2-0fb0-473d-84f8-37a0a1474632\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_21\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":57,\"w\":12,\"h\":2,\"i\":\"63ed9d6e-7f0f-46b9-a811-cb07382f00cc\"},\"panelIndex\":\"63ed9d6e-7f0f-46b9-a811-cb07382f00cc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_22\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":57,\"w\":12,\"h\":2,\"i\":\"6a9e2ce4-e3d6-4260-b6a8-66bf66d5b9a7\"},\"panelIndex\":\"6a9e2ce4-e3d6-4260-b6a8-66bf66d5b9a7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":59,\"w\":24,\"h\":14,\"i\":\"89a71ace-800a-4ba3-9a67-f888b8d7fbcb\"},\"panelIndex\":\"89a71ace-800a-4ba3-9a67-f888b8d7fbcb\",\"embeddableConfig\":{\"title\":\"Countries (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Countries (bits/s)\",\"panelRefName\":\"panel_24\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":59,\"w\":24,\"h\":14,\"i\":\"b0d12e5d-29d6-4f4f-b9fd-755316e5ec57\"},\"panelIndex\":\"b0d12e5d-29d6-4f4f-b9fd-755316e5ec57\",\"embeddableConfig\":{\"title\":\"Cities (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Cities (bits/s)\",\"panelRefName\":\"panel_25\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":14,\"i\":\"3fcd448a-1c66-41eb-9d71-b5b79a4c9e25\"},\"panelIndex\":\"3fcd448a-1c66-41eb-9d71-b5b79a4c9e25\",\"embeddableConfig\":{\"title\":\"Countries (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Countries (pkts/s)\",\"panelRefName\":\"panel_26\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":14,\"i\":\"8e064605-33fd-403a-97bd-a3c7cd4afce0\"},\"panelIndex\":\"8e064605-33fd-403a-97bd-a3c7cd4afce0\",\"embeddableConfig\":{\"title\":\"Cities (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Cities (pkts/s)\",\"panelRefName\":\"panel_27\"}]","timeRestore":false,"title":"ElastiFlow: Traffic Details (locality)","version":1},"id":"980f36e0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"9dcbb430-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"e7d026a0-3ef5-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"23d52c70-3d3b-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"60986660-3ee7-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"62b4fa40-3ee6-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"dc32a060-3e60-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_11","type":"visualization"},{"id":"70c95380-3ee4-11eb-bc2c-c5758316d788","name":"panel_12","type":"visualization"},{"id":"b6645bd0-3ee7-11eb-bc2c-c5758316d788","name":"panel_13","type":"visualization"},{"id":"e74cd590-3ee4-11eb-bc2c-c5758316d788","name":"panel_14","type":"visualization"},{"id":"b1201790-3ee7-11eb-bc2c-c5758316d788","name":"panel_15","type":"visualization"},{"id":"467aed30-3eeb-11eb-bc2c-c5758316d788","name":"panel_16","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_17","type":"visualization"},{"id":"7406a000-3eeb-11eb-bc2c-c5758316d788","name":"panel_18","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_19","type":"visualization"},{"id":"6e5949e0-3e60-11eb-bc2c-c5758316d788","name":"panel_20","type":"visualization"},{"id":"5e68ef90-3e60-11eb-bc2c-c5758316d788","name":"panel_21","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_22","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_23","type":"visualization"},{"id":"cbde1ce0-3eeb-11eb-bc2c-c5758316d788","name":"panel_24","type":"visualization"},{"id":"01222130-3eec-11eb-bc2c-c5758316d788","name":"panel_25","type":"visualization"},{"id":"e32dd340-3eeb-11eb-bc2c-c5758316d788","name":"panel_26","type":"visualization"},{"id":"22378540-3eec-11eb-bc2c-c5758316d788","name":"panel_27","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:18:40.766Z","version":"WzIyMTQ2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers (flow records) - coord_map","uiStateJSON":"{\"mapZoom\":2,\"mapCenter\":[24.57585086389495,-13.23577880859375]}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (flow records) - coord_map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"flow.server.geo.loc.coord\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true,\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":20,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}}}}"},"id":"9a4a4cf0-3eb7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI5NiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Clients - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Clients - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Clients\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"9aeb1f40-3e53-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI5NywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Observed Traffic (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.export.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"9b0bb110-3ecb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI5OCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Conversation Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Conversations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"9bc40400-3e5c-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzI5OSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"NTP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"123\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"123\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: NTP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Msg\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"9d7a0d50-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:27:16.118Z","version":"WzEyMjA3LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: CLI Sessions from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (22 OR 23) AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CLI Sessions (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"a49d6210-c49d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T13:43:09.233Z","version":"WzIyNTA0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: CLI Sessions from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (22 OR 23) AND flow.src.as.org: \\\"PRIVATE\\\" AND flow.dst.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CLI Sessions (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"d565c950-c49d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T13:44:31.076Z","version":"WzIyNTE1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23]}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23]}}]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: CLI Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a5007b90-c49b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T13:38:46.099Z","version":"WzIyNDE1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Remote Desktop Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Remote Desktop Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"cdbcf310-c49b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T13:39:24.755Z","version":"WzIyNDQyLDhd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f31b884f-6a5a-4561-8e89-90d4b7d0bcb9\"},\"panelIndex\":\"f31b884f-6a5a-4561-8e89-90d4b7d0bcb9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\"},\"panelIndex\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9f7a7f95-f276-4a6c-9a1e-45b363fe1332\"},\"panelIndex\":\"9f7a7f95-f276-4a6c-9a1e-45b363fe1332\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"dac32c4d-c90d-436c-8172-3687117f640f\"},\"panelIndex\":\"dac32c4d-c90d-436c-8172-3687117f640f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"d8b56209-5929-4048-b484-b2f910d61d81\"},\"panelIndex\":\"d8b56209-5929-4048-b484-b2f910d61d81\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"39cc60d1-67d7-4544-9ca3-7f55bc3dbe12\"},\"panelIndex\":\"39cc60d1-67d7-4544-9ca3-7f55bc3dbe12\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"f6b68c78-8e63-48d9-9f10-c8178cd4743b\"},\"panelIndex\":\"f6b68c78-8e63-48d9-9f10-c8178cd4743b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":32,\"i\":\"82b1b7da-2236-49d5-802c-ea2ef104755a\"},\"panelIndex\":\"82b1b7da-2236-49d5-802c-ea2ef104755a\",\"embeddableConfig\":{\"title\":\"CLI Sessions (Public)\",\"hidePanelTitles\":false},\"title\":\"CLI Sessions (Public)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":32,\"i\":\"f516145f-cb19-42da-b78d-ffd4b9aada50\"},\"panelIndex\":\"f516145f-cb19-42da-b78d-ffd4b9aada50\",\"embeddableConfig\":{\"title\":\"CLI Sessions (Private)\",\"hidePanelTitles\":false},\"title\":\"CLI Sessions (Private)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":32,\"i\":\"109bf601-447c-4cd7-9aef-f7192ac8342b\"},\"panelIndex\":\"109bf601-447c-4cd7-9aef-f7192ac8342b\",\"embeddableConfig\":{\"title\":\"Remote Desktop Sessions (Public)\",\"hidePanelTitles\":false},\"title\":\"Remote Desktop Sessions (Public)\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":32,\"i\":\"886a92d9-4f85-4d49-9471-0f78141926a7\"},\"panelIndex\":\"886a92d9-4f85-4d49-9471-0f78141926a7\",\"embeddableConfig\":{\"title\":\"Remote Desktop Sessions (Private)\",\"hidePanelTitles\":false},\"title\":\"Remote Desktop Sessions (Private)\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"ElastiFlow: Threats (Brute Force)","version":1},"id":"9e8ee9a0-c495-11ec-a49f-6168cd647191","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"08535420-c496-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"5fc57d50-c487-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"a49d6210-c49d-11ec-a49f-6168cd647191","name":"panel_4","type":"visualization"},{"id":"d565c950-c49d-11ec-a49f-6168cd647191","name":"panel_5","type":"visualization"},{"id":"1f207360-c49e-11ec-a49f-6168cd647191","name":"panel_6","type":"visualization"},{"id":"1a219c90-c49e-11ec-a49f-6168cd647191","name":"panel_7","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"17e07110-c49c-11ec-a49f-6168cd647191","name":"panel_9","type":"visualization"},{"id":"a5007b90-c49b-11ec-a49f-6168cd647191","name":"panel_10","type":"visualization"},{"id":"31b8a710-c49c-11ec-a49f-6168cd647191","name":"panel_11","type":"visualization"},{"id":"cdbcf310-c49b-11ec-a49f-6168cd647191","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:51:59.978Z","version":"WzIyNjI4LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: RADIUS AUTH Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 1812 OR flow.dst.l4.port.id: 1645\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 1812 OR flow.src.l4.port.id: 1645\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"}}}"},"id":"9fcf5aee-4b37-4445-874f-ad2785387e27","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T16:35:27.786Z","version":"WzE0MTg3LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Exporter, Locality, Service - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Locality, Service - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMwMCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Servers - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Servers - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Servers\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d279fdf0-3e53-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMwMSwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"d5ae3d0e-c956-48d8-ba40-0fc96802b052\"},\"panelIndex\":\"d5ae3d0e-c956-48d8-ba40-0fc96802b052\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f7455ad4-bce8-4eb7-a9a4-9e8e2a012c05\"},\"panelIndex\":\"f7455ad4-bce8-4eb7-a9a4-9e8e2a012c05\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"4a7ca626-f214-429f-b5e5-db9c8d73109a\"},\"panelIndex\":\"4a7ca626-f214-429f-b5e5-db9c8d73109a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"3062fd4a-fc63-41aa-96b7-f9dc11e2e29a\"},\"panelIndex\":\"3062fd4a-fc63-41aa-96b7-f9dc11e2e29a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"02f8c0e3-2a43-4322-98c9-7a945e0e1b8a\"},\"panelIndex\":\"02f8c0e3-2a43-4322-98c9-7a945e0e1b8a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"76652d5d-2ee2-4222-ae36-74424283d963\"},\"panelIndex\":\"76652d5d-2ee2-4222-ae36-74424283d963\",\"embeddableConfig\":{\"title\":\"Throughput (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"3430d37c-4d14-4e0f-8354-4079e26669c9\"},\"panelIndex\":\"3430d37c-4d14-4e0f-8354-4079e26669c9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"72e24e2b-432d-46a4-bd30-a2e27a25a488\"},\"panelIndex\":\"72e24e2b-432d-46a4-bd30-a2e27a25a488\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"c5b72aa7-f1a8-4664-8cd8-93eb5542295d\"},\"panelIndex\":\"c5b72aa7-f1a8-4664-8cd8-93eb5542295d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"b71abd33-4da5-4a3d-8074-6a2a4be9b360\"},\"panelIndex\":\"b71abd33-4da5-4a3d-8074-6a2a4be9b360\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"ElastiFlow: Top Talkers","version":1},"id":"a000b640-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"18500ff0-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"97c2bfb0-3e5f-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"9aeb1f40-3e53-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"d279fdf0-3e53-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:18:59.061Z","version":"WzIyMTQ3LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: IP Reputations (flows) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Conversations\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\",\"filter\":{\"query\":\"sec.threat.name: *\",\"language\":\"kuery\"}},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Threats\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\",\"terms_field\":\"sec.threat.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"a41dd6a0-75c8-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMwMywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"a6cf5910-3e04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMwNCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Brute Force Sessions (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a804a940-c33a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T20:51:03.359Z","version":"WzE3MTgxLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Messages Direct (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a8a4d7e0-c39d-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T08:40:41.064Z","version":"WzE3NTI3LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a9ce8930-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:25:49.241Z","version":"WzE4MzE0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: DHCP Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 68 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"f69afbe0-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T14:30:40.972Z","version":"WzEyNzA1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.ip.addr\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.ip.addr\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DHCP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d4ee60e0-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T18:31:21.516Z","version":"WzIzOTc0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DHCP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"e9e16290-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T12:42:51.638Z","version":"WzEwNzgyLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.ip.addr\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.ip.addr\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DHCP Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"fff448a0-9b93-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T18:25:40.754Z","version":"WzIzODk0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: DHCP Relayed Messages by src/dst - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Relayed Messages by src/dst - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Relay\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d9c7acb0-c304-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:12:45.903Z","version":"WzExNjQ1LDdd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"w\":28,\"x\":0,\"y\":0},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"1ebd7429-fc09-4785-a063-2e866346e88e\",\"w\":15,\"x\":28,\"y\":0},\"panelIndex\":\"1ebd7429-fc09-4785-a063-2e866346e88e\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"7779fb3a-fd13-41ac-90de-b70849a7df6e\",\"w\":5,\"x\":0,\"y\":4},\"panelIndex\":\"7779fb3a-fd13-41ac-90de-b70849a7df6e\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"63b829fd-6861-475f-a57e-9acd67cf7ff9\",\"w\":5,\"x\":5,\"y\":4},\"panelIndex\":\"63b829fd-6861-475f-a57e-9acd67cf7ff9\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"d4386109-9d7b-46d9-ad63-635c42c14d2f\",\"w\":5,\"x\":10,\"y\":4},\"panelIndex\":\"d4386109-9d7b-46d9-ad63-635c42c14d2f\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"39c9a04e-0008-472e-a3b8-50583781d9ae\",\"w\":5,\"x\":15,\"y\":4},\"panelIndex\":\"39c9a04e-0008-472e-a3b8-50583781d9ae\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":14,\"i\":\"f25b852b-ff69-4b28-ac75-ee25b7271538\",\"w\":28,\"x\":20,\"y\":4},\"panelIndex\":\"f25b852b-ff69-4b28-ac75-ee25b7271538\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":9,\"i\":\"5528dfd0-9be9-410c-b656-7045a394b233\",\"w\":10,\"x\":0,\"y\":9},\"panelIndex\":\"5528dfd0-9be9-410c-b656-7045a394b233\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":9,\"i\":\"5bb2c88e-540a-4dbd-87d6-aac3322fa05c\",\"w\":10,\"x\":10,\"y\":9},\"panelIndex\":\"5bb2c88e-540a-4dbd-87d6-aac3322fa05c\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"c27cd9a7-ef4c-4920-a252-6088129109a0\",\"w\":8,\"x\":0,\"y\":18},\"panelIndex\":\"c27cd9a7-ef4c-4920-a252-6088129109a0\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"af7ca5a0-2662-4166-b4e4-d8450b040da9\",\"w\":8,\"x\":8,\"y\":18},\"panelIndex\":\"af7ca5a0-2662-4166-b4e4-d8450b040da9\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"9ecda662-2439-44fc-a0b1-97fc40279ed9\",\"w\":8,\"x\":16,\"y\":18},\"panelIndex\":\"9ecda662-2439-44fc-a0b1-97fc40279ed9\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"51705b8e-4c42-45a4-8368-b9286ae9124c\",\"w\":8,\"x\":24,\"y\":18},\"panelIndex\":\"51705b8e-4c42-45a4-8368-b9286ae9124c\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"ba3d074c-192f-4743-a763-e2d4632109a6\",\"w\":9,\"x\":32,\"y\":18},\"panelIndex\":\"ba3d074c-192f-4743-a763-e2d4632109a6\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"430db51d-c9d0-4814-b854-1cbab39afa22\",\"w\":7,\"x\":41,\"y\":18},\"panelIndex\":\"430db51d-c9d0-4814-b854-1cbab39afa22\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_15\"}]","timeRestore":false,"title":"ElastiFlow: Core Services (DHCP)","version":1},"id":"a9f3e040-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"31c96f80-9b95-11ec-a4df-e940aaa4214d","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"682aeb00-c4c4-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"05a49fb0-9b95-11ec-a4df-e940aaa4214d","name":"panel_4","type":"visualization"},{"id":"f69afbe0-9b94-11ec-a4df-e940aaa4214d","name":"panel_5","type":"visualization"},{"id":"62e79640-c305-11ec-aaf3-5b4644130c7f","name":"panel_6","type":"visualization"},{"id":"1d489090-9b95-11ec-a4df-e940aaa4214d","name":"panel_7","type":"visualization"},{"id":"d4ee60e0-9b94-11ec-a4df-e940aaa4214d","name":"panel_8","type":"visualization"},{"id":"e9e16290-9b94-11ec-a4df-e940aaa4214d","name":"panel_9","type":"visualization"},{"id":"fff448a0-9b93-11ec-a4df-e940aaa4214d","name":"panel_10","type":"visualization"},{"id":"37087910-9b94-11ec-a4df-e940aaa4214d","name":"panel_11","type":"visualization"},{"id":"5a7588c0-9b94-11ec-a4df-e940aaa4214d","name":"panel_12","type":"visualization"},{"id":"76e6b920-9b94-11ec-a4df-e940aaa4214d","name":"panel_13","type":"visualization"},{"id":"d9c7acb0-c304-11ec-aaf3-5b4644130c7f","name":"panel_14","type":"visualization"},{"id":"7c3745e0-c306-11ec-aaf3-5b4644130c7f","name":"panel_15","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T18:40:07.688Z","version":"WzI0MTcwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Community Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Community Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.community.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Sessions\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"aa0dbe60-9d98-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T18:30:57.738Z","version":"WzE2NzAzLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Flow Records (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/bf9f8a70-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"da205850-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:51:34.700Z","version":"WzY4OTUsM10="}
{"attributes":{"columns":["flow.conversation.id","flow.export.host.name","flow.client.host.name","flow.server.host.name","flow.server.l4.port.name","flow.bytes","flow.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.client.ip.addr\"}},{\"exists\":{\"field\":\"flow.server.ip.addr\"}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.client.ip.addr\\\"}},{\\\"exists\\\":{\\\"field\\\":\\\"flow.server.ip.addr\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"ElastiFlow: Flow Records (client/server) - search","version":1},"id":"e797bd40-3f10-11eb-bc2c-c5758316d788","migrationVersion":{"search":"7.9.3"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2022-04-23T18:27:49.701Z","version":"WzE2NTg3LDdd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"9d130e1e-6975-4a94-923d-4c5371b580b1\"},\"panelIndex\":\"9d130e1e-6975-4a94-923d-4c5371b580b1\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"9c48f2a0-f965-4fc2-8a12-135e9efb896f\"},\"panelIndex\":\"9c48f2a0-f965-4fc2-8a12-135e9efb896f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"2afab535-1aa3-4849-aee3-b66ccd85c75a\"},\"panelIndex\":\"2afab535-1aa3-4849-aee3-b66ccd85c75a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":10,\"i\":\"a5aa4d1c-b039-468b-a5f3-7f71a6308513\"},\"panelIndex\":\"a5aa4d1c-b039-468b-a5f3-7f71a6308513\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"25ef49e8-82cb-4130-a1b2-d1e99929ae6a\"},\"panelIndex\":\"25ef49e8-82cb-4130-a1b2-d1e99929ae6a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":10,\"i\":\"9e924cca-ac9c-4737-81d3-ec6600d91b88\"},\"panelIndex\":\"9e924cca-ac9c-4737-81d3-ec6600d91b88\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":5,\"i\":\"83199726-082c-4e5e-a3d5-6be88c58cf25\"},\"panelIndex\":\"83199726-082c-4e5e-a3d5-6be88c58cf25\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"b88d41a3-7eea-4616-926d-60ac952cbc5b\"},\"panelIndex\":\"b88d41a3-7eea-4616-926d-60ac952cbc5b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: Flow Records (client/server)","version":1},"id":"abfed250-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"06d52ff0-3d43-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"da205850-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"1a9e1fe0-3f0c-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"93fddf80-3f0f-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"8b5fb750-3f0e-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"9bc40400-3e5c-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"e797bd40-3f10-11eb-bc2c-c5758316d788","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2022-04-25T13:20:58.314Z","version":"WzIyMTU1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Exporters (records) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporters (records) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":299,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":15,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"}}"},"id":"ad2e3620-3d35-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMwOCwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"bdf7a793-86c9-47ab-b1e0-5dc36705ccfd\"},\"panelIndex\":\"bdf7a793-86c9-47ab-b1e0-5dc36705ccfd\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"b6a9acf4-0ba0-486a-882d-e883482c66e3\"},\"panelIndex\":\"b6a9acf4-0ba0-486a-882d-e883482c66e3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"17a9df37-b087-4f13-8af1-250f9b1eeab7\"},\"panelIndex\":\"17a9df37-b087-4f13-8af1-250f9b1eeab7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":24,\"h\":5,\"i\":\"fb45a1fd-ea66-4bd7-b1f2-a4a7cd775bfd\"},\"panelIndex\":\"fb45a1fd-ea66-4bd7-b1f2-a4a7cd775bfd\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":24,\"h\":2,\"i\":\"c5a59524-1395-488e-a52a-67ffd6bbee39\"},\"panelIndex\":\"c5a59524-1395-488e-a52a-67ffd6bbee39\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":6,\"w\":24,\"h\":11,\"i\":\"196cd583-3f35-4f8a-b5a6-73c694833b4a\"},\"panelIndex\":\"196cd583-3f35-4f8a-b5a6-73c694833b4a\",\"embeddableConfig\":{\"title\":\"Observed Traffic (flow records/s)\",\"hidePanelTitles\":false},\"title\":\"Observed Traffic (flow records/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":32,\"i\":\"884e12ad-0be7-4bbc-9725-759faf86a7ee\"},\"panelIndex\":\"884e12ad-0be7-4bbc-9725-759faf86a7ee\",\"embeddableConfig\":{\"title\":\"Observed Traffic (records)\",\"hidePanelTitles\":false},\"title\":\"Observed Traffic (records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":12,\"i\":\"b234fa0a-c920-4d04-b1c8-785a92604bd7\"},\"panelIndex\":\"b234fa0a-c920-4d04-b1c8-785a92604bd7\",\"embeddableConfig\":{\"title\":\"Observed Traffic (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Observed Traffic (bits/s)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":29,\"w\":24,\"h\":12,\"i\":\"f6ce803b-ec0e-4686-8807-1c9c9e69b3c0\"},\"panelIndex\":\"f6ce803b-ec0e-4686-8807-1c9c9e69b3c0\",\"embeddableConfig\":{\"title\":\"Observed Traffic (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Observed Traffic (pkts/s)\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastiFlow: Flow Exporters (metrics)","version":1},"id":"ac3e8880-3d41-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"dc9329e0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"722d6460-3d44-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"0f371ce0-3ecd-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"11e668f0-3ece-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"ad2e3620-3d35-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"9b0bb110-3ecb-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"831f5010-3ecc-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:19:11.861Z","version":"WzIyMTQ4LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Threats (IP Reputations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (IP Reputations)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**IP Reputation**](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"ae161b80-c48d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T12:46:43.227Z","version":"WzIxMjA3LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destination Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ae98dbf0-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMxMCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Messages Direct (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"aff13960-c467-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T11:42:31.796Z","version":"WzIwNDUyLDhd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"89c24646-f6ce-4def-857c-f04ea7d036c0\"},\"panelIndex\":\"89c24646-f6ce-4def-857c-f04ea7d036c0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"fb286cba-33ac-4b88-989b-be068fc45f37\"},\"panelIndex\":\"fb286cba-33ac-4b88-989b-be068fc45f37\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"b42d9704-1f0c-4315-9d1f-656f543400a3\"},\"panelIndex\":\"b42d9704-1f0c-4315-9d1f-656f543400a3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"73ee9463-c8eb-4aa0-b706-3dd9b9c9a5f7\"},\"panelIndex\":\"73ee9463-c8eb-4aa0-b706-3dd9b9c9a5f7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"bba27f42-3451-4d63-8efd-25d608d4fde8\"},\"panelIndex\":\"bba27f42-3451-4d63-8efd-25d608d4fde8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"19ace06e-fa5c-4803-9f92-5def5b1f1fce\"},\"panelIndex\":\"19ace06e-fa5c-4803-9f92-5def5b1f1fce\",\"embeddableConfig\":{\"title\":\"Throughput (bits/s)\",\"hidePanelTitles\":true},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"06ddc035-d17c-45fc-8a22-bad8529004be\"},\"panelIndex\":\"06ddc035-d17c-45fc-8a22-bad8529004be\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"7c47a3d8-00e9-4173-8576-6b79d472ab55\"},\"panelIndex\":\"7c47a3d8-00e9-4173-8576-6b79d472ab55\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"42b4e982-5281-4059-9a22-660daae3850b\"},\"panelIndex\":\"42b4e982-5281-4059-9a22-660daae3850b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"6ac28860-28f0-4bd6-9f96-eea3e2cc5d53\"},\"panelIndex\":\"6ac28860-28f0-4bd6-9f96-eea3e2cc5d53\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"ElastiFlow: Top Services","version":1},"id":"b088bcb0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"230d6410-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"051bf440-3e61-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"4ba1a880-3e55-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"17487960-3e55-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:19:27.811Z","version":"WzIyMTQ5LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Top Applications - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Applications - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"app.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Applications\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b3a920c0-3e55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMxMiwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"exists\":{\"field\":\"flow.server.sec.threat.name\"},\"meta\":{\"type\":\"exists\",\"disabled\":false,\"negate\":false,\"alias\":\"Bad Server Reputation\",\"key\":\"flow.server.sec.threat.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: High-Risk Clients (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: High-Risk Clients (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"High-Risk Clients\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b56b5eb0-75c2-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMxMywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: UDP Amplification Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Source\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b6338a20-c40e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:40:00.706Z","version":"WzE4NDAyLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: RADIUS AUTH Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b7b2c502-3d50-4c53-bd0f-1f7e560dde08","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T17:06:16.195Z","version":"WzE0NzM2LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP SYN-only Sessions (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b90b5fe0-c3da-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T14:33:53.273Z","version":"WzE4MTIzLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Servers and Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Services (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"b9ba5e30-3d32-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMxNCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Threats (RECON)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (RECON)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [**RECON**](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"fa278d30-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T12:48:16.771Z","version":"WzIxMjI1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[]},\"meta\":{\"alias\":\"ICMP Echo Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Echo (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"cf3d02b0-c343-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-25T12:43:06.625Z","version":"WzIxMTQ4LDhd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"1592194a-8cb9-41a9-a982-24b60b07a1b6\"},\"panelIndex\":\"1592194a-8cb9-41a9-a982-24b60b07a1b6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\"},\"panelIndex\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"e625b48e-33f4-4241-91c6-949cbcb8e9c4\"},\"panelIndex\":\"e625b48e-33f4-4241-91c6-949cbcb8e9c4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"80ff4c5f-ea11-4ff3-80c5-e160dc8316a8\"},\"panelIndex\":\"80ff4c5f-ea11-4ff3-80c5-e160dc8316a8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c49202db-477e-4d97-a3a4-8fb8b7e62c2f\"},\"panelIndex\":\"c49202db-477e-4d97-a3a4-8fb8b7e62c2f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"474dcd96-d6cb-450e-bfac-77d99586934c\"},\"panelIndex\":\"474dcd96-d6cb-450e-bfac-77d99586934c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"a0735619-998c-406b-a096-0e1d39761536\"},\"panelIndex\":\"a0735619-998c-406b-a096-0e1d39761536\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":32,\"i\":\"69d29d1c-c318-4bbf-88be-05debcde7c3f\"},\"panelIndex\":\"69d29d1c-c318-4bbf-88be-05debcde7c3f\",\"embeddableConfig\":{\"title\":\"Port Scan (Public)\",\"hidePanelTitles\":false},\"title\":\"Port Scan (Public)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":32,\"i\":\"99e1761d-0505-4611-a341-f474bfa95519\"},\"panelIndex\":\"99e1761d-0505-4611-a341-f474bfa95519\",\"embeddableConfig\":{\"title\":\"Port Scan (Private)\",\"hidePanelTitles\":false},\"title\":\"Port Scan (Private)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":32,\"i\":\"30c2fc5a-7b5d-4ff3-848e-5f9970175fba\"},\"panelIndex\":\"30c2fc5a-7b5d-4ff3-848e-5f9970175fba\",\"embeddableConfig\":{\"title\":\"ICMP Echo (Public)\",\"hidePanelTitles\":false},\"title\":\"ICMP Echo (Public)\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":32,\"i\":\"9084f85f-9f73-43e5-a0cf-303eea6783bc\"},\"panelIndex\":\"9084f85f-9f73-43e5-a0cf-303eea6783bc\",\"embeddableConfig\":{\"title\":\"ICMP Echo (Private)\",\"hidePanelTitles\":false},\"title\":\"ICMP Echo (Private)\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"ElastiFlow: Threats (RECON)","version":1},"id":"b9cd6a90-c48e-11ec-a49f-6168cd647191","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"fa278d30-c495-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"5fc57d50-c487-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"53adda40-c490-11ec-a49f-6168cd647191","name":"panel_4","type":"visualization"},{"id":"851359f0-c492-11ec-a49f-6168cd647191","name":"panel_5","type":"visualization"},{"id":"6c8e1ee0-c494-11ec-a49f-6168cd647191","name":"panel_6","type":"visualization"},{"id":"0ca342c0-c495-11ec-a49f-6168cd647191","name":"panel_7","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"028aac60-c490-11ec-a49f-6168cd647191","name":"panel_9","type":"visualization"},{"id":"1ff8f860-c346-11ec-aaf3-5b4644130c7f","name":"panel_10","type":"visualization"},{"id":"5c6bd160-c48f-11ec-a49f-6168cd647191","name":"panel_11","type":"visualization"},{"id":"cf3d02b0-c343-11ec-aaf3-5b4644130c7f","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:23:16.608Z","version":"WzIyMTY3LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: NTP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"baf01140-9d81-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:33:10.756Z","version":"WzEyNDIzLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Exporter, Service, Established - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Service, Established - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"beca7d30-75d4-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMxNSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Flow Records (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/bf9f8a70-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"e801f6e0-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:51:42.883Z","version":"WzY4OTcsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flow Records/s (src/dst) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Records/s (src/dst) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"61c95a90-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"646736f0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"2b017560-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"2e9d39c0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Flow Types\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"filter\":{\"query\":\"flow.src.ip.addr: * AND flow.dst.ip.addr: *\",\"language\":\"kuery\"}}}"},"id":"d786d060-9d94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T21:31:53.829Z","version":"WzcxNTQsM10="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"9a294251-20cf-4d94-ba56-d9d0a0cf8987\"},\"panelIndex\":\"9a294251-20cf-4d94-ba56-d9d0a0cf8987\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"4daf2414-af00-4b6e-896d-07368c73615f\"},\"panelIndex\":\"4daf2414-af00-4b6e-896d-07368c73615f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"d6fb0873-a978-4e9b-adaa-ad47e4a1ff5f\"},\"panelIndex\":\"d6fb0873-a978-4e9b-adaa-ad47e4a1ff5f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":10,\"i\":\"9762091d-473e-4157-93e3-2b4c01f19b26\"},\"panelIndex\":\"9762091d-473e-4157-93e3-2b4c01f19b26\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"5df778e6-7791-4e11-bc12-423e44135b5b\"},\"panelIndex\":\"5df778e6-7791-4e11-bc12-423e44135b5b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":10,\"i\":\"ae09239d-128b-4350-a5e6-8131e02f4bb9\"},\"panelIndex\":\"ae09239d-128b-4350-a5e6-8131e02f4bb9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":5,\"i\":\"4e8a9cee-c02d-41a8-9d55-be201ea1f2b8\"},\"panelIndex\":\"4e8a9cee-c02d-41a8-9d55-be201ea1f2b8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"5b609d60-4832-436f-893e-3bd7afae98c9\"},\"panelIndex\":\"5b609d60-4832-436f-893e-3bd7afae98c9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow: Flow Records (src/dst)","version":1},"id":"bf9f8a70-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"06d52ff0-3d43-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"e801f6e0-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"1a9e1fe0-3f0c-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"4a68d6d0-9d97-11ec-a4df-e940aaa4214d","name":"panel_4","type":"visualization"},{"id":"d786d060-9d94-11ec-a4df-e940aaa4214d","name":"panel_5","type":"visualization"},{"id":"aa0dbe60-9d98-11ec-a4df-e940aaa4214d","name":"panel_6","type":"visualization"},{"id":"78b035a0-3f11-11eb-bc2c-c5758316d788","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2022-04-25T13:21:09.611Z","version":"WzIyMTU2LDhd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"20b572a3-961c-4e47-b17c-af96003e5606\"},\"panelIndex\":\"20b572a3-961c-4e47-b17c-af96003e5606\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"19b1ecb4-533d-4ded-a17a-7f2d8af38caf\"},\"panelIndex\":\"19b1ecb4-533d-4ded-a17a-7f2d8af38caf\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"1e5b1e06-7cd2-49a7-9f8d-e72b0b6b129e\"},\"panelIndex\":\"1e5b1e06-7cd2-49a7-9f8d-e72b0b6b129e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"d4210038-999a-467f-bb0b-e64906069f55\"},\"panelIndex\":\"d4210038-999a-467f-bb0b-e64906069f55\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"9072ad07-6e82-40c8-8f50-e48700f76095\"},\"panelIndex\":\"9072ad07-6e82-40c8-8f50-e48700f76095\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"821337cb-33a4-416d-95e8-0e49aad13b6a\"},\"panelIndex\":\"821337cb-33a4-416d-95e8-0e49aad13b6a\",\"embeddableConfig\":{\"title\":\"Throughput (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"d3492ccf-dc3a-49bf-9222-b4f81659c3d6\"},\"panelIndex\":\"d3492ccf-dc3a-49bf-9222-b4f81659c3d6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"47705264-40e5-4f44-a660-8291426f4ea0\"},\"panelIndex\":\"47705264-40e5-4f44-a660-8291426f4ea0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":48,\"h\":23,\"i\":\"c54b4a9a-1ed7-43c1-a4fc-9871b4eae94f\"},\"panelIndex\":\"c54b4a9a-1ed7-43c1-a4fc-9871b4eae94f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastiFlow: Top Conversations","version":1},"id":"c2da3880-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"0c217890-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"9bc40400-3e5c-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"6dd43c00-3e0b-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:19:40.524Z","version":"WzIyMTUwLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Geo IP (server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [**Server**](#/dashboard/c3e77260-3eb5-11eb-bc2c-c5758316d788) | [Source](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788) | [Destination](#/dashboard/e794e670-3eb5-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"e3877f10-3eb6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-03-06T19:51:51.432Z","version":"WzY4OTksM10="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\"},\"panelIndex\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"c5794321-e8ef-4e40-99a4-2696a43339e7\"},\"panelIndex\":\"c5794321-e8ef-4e40-99a4-2696a43339e7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"48b01687-fddc-4f99-8195-04d77db8dd66\"},\"panelIndex\":\"48b01687-fddc-4f99-8195-04d77db8dd66\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d35f1697-1274-4159-bdab-83159a87a41c\"},\"panelIndex\":\"d35f1697-1274-4159-bdab-83159a87a41c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"d8430fa3-ca28-455e-a276-930a60d6839f\"},\"panelIndex\":\"d8430fa3-ca28-455e-a276-930a60d6839f\",\"embeddableConfig\":{\"title\":\"Client Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Countries (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"175b3012-aaef-4dcc-8dc7-7a111cec7fb3\"},\"panelIndex\":\"175b3012-aaef-4dcc-8dc7-7a111cec7fb3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"46146688-467d-42a2-ae53-5ae2b2061389\"},\"panelIndex\":\"46146688-467d-42a2-ae53-5ae2b2061389\",\"embeddableConfig\":{\"title\":\"Server Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Countries (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\"},\"panelIndex\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\",\"embeddableConfig\":{\"title\":\"Client Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Cities (flow records)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"92329eb4-2cad-48df-b21b-656f53c9377a\"},\"panelIndex\":\"92329eb4-2cad-48df-b21b-656f53c9377a\",\"embeddableConfig\":{\"title\":\"Server Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Cities (flow records)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\"},\"panelIndex\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\",\"embeddableConfig\":{\"title\":\"Client Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Time Zones (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\"},\"panelIndex\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\",\"embeddableConfig\":{\"title\":\"Server Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Time Zones (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow: Geo Location (server)","version":1},"id":"c3e77260-3eb5-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"e3877f10-3eb6-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"27474670-3eb4-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"9a4a4cf0-3eb7-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"fa5c23f0-3eb4-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"0a621e90-3eb4-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"17e74fd0-3eb5-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"48e47820-3eb4-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"d58dfda0-3eb4-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:20:00.140Z","version":"WzIyMTUxLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: UDP Amplification Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"c668d220-c40d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:36:15.761Z","version":"WzE4Mzg2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Recon Port Scan (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"c89e2590-c345-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T20:41:42.761Z","version":"WzE3MTU2LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Messages Direct (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"cb8e25b0-c3aa-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T08:44:46.859Z","version":"WzE3NTM3LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: NTP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d1068450-9d81-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T13:34:41.932Z","version":"WzEyNDM2LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}]},\"meta\":{\"alias\":\"ICMP\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Messages - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"icmp.type.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"ICMP Type\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"icmp.code.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"ICMP Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d15ecc70-c39f-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T14:02:26.905Z","version":"WzE4MDA1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Countries (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d4558da0-3e04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMyMSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: RADIUS AUTH Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d4ca6ff9-e8cf-4ce1-bc95-4ebcf77b60f9","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T16:39:02.976Z","version":"WzE0MzMzLDdd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"0752f037-b31d-4a81-92fd-457c4ab782cb\"},\"panelIndex\":\"0752f037-b31d-4a81-92fd-457c4ab782cb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"4837436f-f86a-49aa-a60a-1e9ec62e9407\"},\"panelIndex\":\"4837436f-f86a-49aa-a60a-1e9ec62e9407\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"562f484f-8184-4b5a-b3ab-409419ba6ea6\"},\"panelIndex\":\"562f484f-8184-4b5a-b3ab-409419ba6ea6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"ea2ed7fa-bf71-4291-bd7a-0522451028f8\"},\"panelIndex\":\"ea2ed7fa-bf71-4291-bd7a-0522451028f8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"182f8712-1773-4a9d-988a-5d59984de343\"},\"panelIndex\":\"182f8712-1773-4a9d-988a-5d59984de343\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"b15e6ced-8999-459b-bd36-c1499cd9267d\"},\"panelIndex\":\"b15e6ced-8999-459b-bd36-c1499cd9267d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"9bbff89d-82f1-4ceb-b068-bcef2ef809dc\"},\"panelIndex\":\"9bbff89d-82f1-4ceb-b068-bcef2ef809dc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"f2a4d19a-5c8e-45c0-893c-98e6294a0d3c\"},\"panelIndex\":\"f2a4d19a-5c8e-45c0-893c-98e6294a0d3c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"fa95c4a9-a7fc-4584-9527-cab868de6d39\"},\"panelIndex\":\"fa95c4a9-a7fc-4584-9527-cab868de6d39\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"7be19337-a56c-4e41-8744-4ece97dc6630\"},\"panelIndex\":\"7be19337-a56c-4e41-8744-4ece97dc6630\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"ElastiFlow: Top Applications","version":1},"id":"d4e18bf0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"2f8a90a0-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"4ea0e4d0-3d4f-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"2f9ed3e0-3e61-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"2f03c500-3e64-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"b3a920c0-3e55-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"9aeb1f40-3e53-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:20:20.536Z","version":"WzIyMTUzLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}}],\"must_not\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Clients (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d9e319b0-c411-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T21:02:29.066Z","version":"WzE4NDg2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Flows (client AS/server AS) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client AS/server AS) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.client.as.label\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.server.as.label\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client AS\\\", \\\"Server AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"id":"dcb4d670-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMyMywyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"de4e45b0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMyNCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Threats (DDoS Flood)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (DDoS Flood)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [**DDoS Flood**](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"e75a9fd0-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T12:47:45.229Z","version":"WzIxMjE5LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: ICMP Messages - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":200,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":2000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":20000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"(l4.proto.name: \\\"ICMP\\\" OR l4.proto.name: \\\"IPv6-ICMP\\\") AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Messages\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"f89c9de0-c489-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T11:31:38.641Z","version":"WzIwMjU2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: ICMP Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":50000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"(l4.proto.name: \\\"ICMP\\\" OR l4.proto.name: \\\"IPv6-ICMP\\\") AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"f37dff80-c488-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-25T11:31:49.741Z","version":"WzIwMjY5LDhd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"5609d268-4c81-43a9-8c3c-1f56934b9334\"},\"panelIndex\":\"5609d268-4c81-43a9-8c3c-1f56934b9334\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\"},\"panelIndex\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"b49af91f-5e84-4c53-a067-9add862c1d15\"},\"panelIndex\":\"b49af91f-5e84-4c53-a067-9add862c1d15\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"cfee2852-f7f9-44a0-bc77-4270abd32c5b\"},\"panelIndex\":\"cfee2852-f7f9-44a0-bc77-4270abd32c5b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"712bd9c0-1c24-499f-b9cd-ca10512a1d4f\"},\"panelIndex\":\"712bd9c0-1c24-499f-b9cd-ca10512a1d4f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9af5771e-3507-4114-aa1a-12dc0a88e8cb\"},\"panelIndex\":\"9af5771e-3507-4114-aa1a-12dc0a88e8cb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9a899328-ae14-4f50-8185-f0237f5b7606\"},\"panelIndex\":\"9a899328-ae14-4f50-8185-f0237f5b7606\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":22,\"h\":32,\"i\":\"34ecb7be-696a-4829-9397-603e5615a000\"},\"panelIndex\":\"34ecb7be-696a-4829-9397-603e5615a000\",\"embeddableConfig\":{\"title\":\"UDP Amplification (Public)\",\"hidePanelTitles\":false},\"title\":\"UDP Amplification (Public)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":22,\"y\":9,\"w\":15,\"h\":32,\"i\":\"6f1b2597-6597-4753-9820-9047e66b7ab8\"},\"panelIndex\":\"6f1b2597-6597-4753-9820-9047e66b7ab8\",\"embeddableConfig\":{\"title\":\"ICMP Messages (Public)\",\"hidePanelTitles\":false},\"title\":\"ICMP Messages (Public)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":32,\"i\":\"93d18a20-25bd-4516-8451-f350a7975b58\"},\"panelIndex\":\"93d18a20-25bd-4516-8451-f350a7975b58\",\"embeddableConfig\":{\"title\":\"ICMP Sources (Public)\",\"hidePanelTitles\":false},\"title\":\"ICMP Sources (Public)\",\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"ElastiFlow: Threats (DDoS Flood)","version":1},"id":"e0ffa950-c472-11ec-a49f-6168cd647191","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"e75a9fd0-c495-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"5fc57d50-c487-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"1e22fb30-c48b-11ec-a49f-6168cd647191","name":"panel_4","type":"visualization"},{"id":"1f4a6ec0-c48c-11ec-a49f-6168cd647191","name":"panel_5","type":"visualization"},{"id":"8ba5fee0-c48c-11ec-a49f-6168cd647191","name":"panel_6","type":"visualization"},{"id":"f89c9de0-c489-11ec-a49f-6168cd647191","name":"panel_7","type":"visualization"},{"id":"f37dff80-c488-11ec-a49f-6168cd647191","name":"panel_8","type":"visualization"},{"id":"16000b60-c467-11ec-a49f-6168cd647191","name":"panel_9","type":"visualization"},{"id":"aff13960-c467-11ec-a49f-6168cd647191","name":"panel_10","type":"visualization"},{"id":"850fe610-c467-11ec-a49f-6168cd647191","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:23:04.175Z","version":"WzIyMTY2LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"e146ffd0-3e04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMyNSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Core Services (NTP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (NTP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [**NTP**](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"fae19390-9d73-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T18:13:00.704Z","version":"WzE2NDA4LDdd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"310bed0d-85b1-4fd6-a3e8-54a6a7fd461b\"},\"panelIndex\":\"310bed0d-85b1-4fd6-a3e8-54a6a7fd461b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":7,\"h\":5,\"i\":\"44007a2f-7e53-40a8-9a8f-12a7bfdef25a\"},\"panelIndex\":\"44007a2f-7e53-40a8-9a8f-12a7bfdef25a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":7,\"y\":4,\"w\":7,\"h\":5,\"i\":\"f84dbe69-588e-48bd-859d-99948dfda0ae\"},\"panelIndex\":\"f84dbe69-588e-48bd-859d-99948dfda0ae\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":14,\"y\":4,\"w\":7,\"h\":5,\"i\":\"bda4c5c2-4646-4d1b-983d-fcd5c6fcdc12\"},\"panelIndex\":\"bda4c5c2-4646-4d1b-983d-fcd5c6fcdc12\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":21,\"y\":4,\"w\":27,\"h\":14,\"i\":\"665b8aee-3aba-4f5a-b7f6-0f27b22dbc12\"},\"panelIndex\":\"665b8aee-3aba-4f5a-b7f6-0f27b22dbc12\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":9,\"i\":\"7f5e099d-c11d-4873-acd5-bfc0eaba2934\"},\"panelIndex\":\"7f5e099d-c11d-4873-acd5-bfc0eaba2934\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":9,\"i\":\"ad540009-42e0-49c5-b248-763fb014e3b0\"},\"panelIndex\":\"ad540009-42e0-49c5-b248-763fb014e3b0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":20,\"y\":9,\"w\":1,\"h\":9,\"i\":\"95041dc2-b8d4-46c4-8fb7-b583d6f8a125\"},\"panelIndex\":\"95041dc2-b8d4-46c4-8fb7-b583d6f8a125\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":8,\"h\":23,\"i\":\"d5badb3f-d001-4b50-bab9-7bef1038d71e\"},\"panelIndex\":\"d5badb3f-d001-4b50-bab9-7bef1038d71e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":18,\"w\":8,\"h\":23,\"i\":\"a090888c-04b5-4d61-a285-3ce8f5bcd005\"},\"panelIndex\":\"a090888c-04b5-4d61-a285-3ce8f5bcd005\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":18,\"w\":8,\"h\":23,\"i\":\"190550f7-ba96-4aa1-b472-ae6be84ecfe2\"},\"panelIndex\":\"190550f7-ba96-4aa1-b472-ae6be84ecfe2\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":8,\"h\":23,\"i\":\"fae91842-2c59-4872-a1d7-588ccc92c63e\"},\"panelIndex\":\"fae91842-2c59-4872-a1d7-588ccc92c63e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":18,\"w\":9,\"h\":23,\"i\":\"a9fc5ffd-6bbd-4611-9e50-bd37376a099c\"},\"panelIndex\":\"a9fc5ffd-6bbd-4611-9e50-bd37376a099c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":41,\"y\":18,\"w\":7,\"h\":23,\"i\":\"c25a252d-abcb-4adc-b310-96062385f9b5\"},\"panelIndex\":\"c25a252d-abcb-4adc-b310-96062385f9b5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_15\"}]","timeRestore":false,"title":"ElastiFlow: Core Services (NTP)","version":1},"id":"e2888380-9d73-11ec-a4df-e940aaa4214d","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"fae19390-9d73-11ec-a4df-e940aaa4214d","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"18a453c0-9d80-11ec-a4df-e940aaa4214d","name":"panel_3","type":"visualization"},{"id":"6175d650-9d80-11ec-a4df-e940aaa4214d","name":"panel_4","type":"visualization"},{"id":"8ff70cb0-9d80-11ec-a4df-e940aaa4214d","name":"panel_5","type":"visualization"},{"id":"17f41790-9d75-11ec-a4df-e940aaa4214d","name":"panel_6","type":"visualization"},{"id":"baf01140-9d81-11ec-a4df-e940aaa4214d","name":"panel_7","type":"visualization"},{"id":"d1068450-9d81-11ec-a4df-e940aaa4214d","name":"panel_8","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"087e6750-9d7c-11ec-a4df-e940aaa4214d","name":"panel_10","type":"visualization"},{"id":"389a61f0-9d7c-11ec-a4df-e940aaa4214d","name":"panel_11","type":"visualization"},{"id":"19505290-9d7d-11ec-a4df-e940aaa4214d","name":"panel_12","type":"visualization"},{"id":"40ef7330-9d7d-11ec-a4df-e940aaa4214d","name":"panel_13","type":"visualization"},{"id":"7e20b120-9d7c-11ec-a4df-e940aaa4214d","name":"panel_14","type":"visualization"},{"id":"9d7a0d50-9d7c-11ec-a4df-e940aaa4214d","name":"panel_15","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:21:48.328Z","version":"WzIyMTYxLDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Brute Force Sessions (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"e2d7da50-c336-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T20:51:22.349Z","version":"WzE3MTg1LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Recon Port Scan (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"e3cdb8c0-c346-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T20:49:37.868Z","version":"WzE3MTY0LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Destinations (flow records) - coord_map","uiStateJSON":"{\"mapZoom\":2,\"mapCenter\":[24.57585086389495,-13.23577880859375]}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (flow records) - coord_map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"flow.dst.geo.loc.coord\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true,\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":20,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}}}}"},"id":"f0111240-3eb7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMyNiwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"c58defff-725c-4475-b0eb-f18996211d0d\"},\"panelIndex\":\"c58defff-725c-4475-b0eb-f18996211d0d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"af0cbe4d-5508-450e-aa71-4310a3cdadef\"},\"panelIndex\":\"af0cbe4d-5508-450e-aa71-4310a3cdadef\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"b05807cd-0371-44d4-a85b-b05813f10374\"},\"panelIndex\":\"b05807cd-0371-44d4-a85b-b05813f10374\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"7f8fb931-9547-405f-8742-562046c6f57f\"},\"panelIndex\":\"7f8fb931-9547-405f-8742-562046c6f57f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"1a1e25be-b8ff-42b6-a9ca-db230af792cd\"},\"panelIndex\":\"1a1e25be-b8ff-42b6-a9ca-db230af792cd\",\"embeddableConfig\":{\"title\":\"Source Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Countries (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"c3fc5ece-97d2-44f0-853b-1fe5923a3f94\"},\"panelIndex\":\"c3fc5ece-97d2-44f0-853b-1fe5923a3f94\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"96f13f07-feb1-4916-a354-5027a3a18dea\"},\"panelIndex\":\"96f13f07-feb1-4916-a354-5027a3a18dea\",\"embeddableConfig\":{\"title\":\"Destination Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Countries (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"afa75173-aa04-4807-9ff4-47f4b766ed1b\"},\"panelIndex\":\"afa75173-aa04-4807-9ff4-47f4b766ed1b\",\"embeddableConfig\":{\"title\":\"Source Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Cities (flow records)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"aff0bf1e-cbbc-44e6-b020-9391fe891a6f\"},\"panelIndex\":\"aff0bf1e-cbbc-44e6-b020-9391fe891a6f\",\"embeddableConfig\":{\"title\":\"Destination Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Cities (flow records)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"25986e2a-8709-4ad5-bbe1-d2f3f004764b\"},\"panelIndex\":\"25986e2a-8709-4ad5-bbe1-d2f3f004764b\",\"embeddableConfig\":{\"title\":\"Source Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Time Zones (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"6fa5ab15-bdd1-4cd4-8cce-0a8138d6102e\"},\"panelIndex\":\"6fa5ab15-bdd1-4cd4-8cce-0a8138d6102e\",\"embeddableConfig\":{\"title\":\"Destination Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Time Zones (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow: Geo Location (destination)","version":1},"id":"e794e670-3eb5-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"2d785450-3eb7-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"2f596f60-3ec2-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"f0111240-3eb7-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"88fd95f0-3ec2-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"5b2522b0-3ec2-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"ad428f10-3ec2-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"47057690-3ec2-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"c15fa320-3ec2-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:20:44.833Z","version":"WzIyMTU0LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Responses\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.src.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: RADIUS AUTH Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"e7ab7b3a-2d17-45ba-9e40-a9a8b9323eae","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T17:06:33.185Z","version":"WzE0NzYwLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: TCP Clients (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"ea70bae0-c410-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T20:55:47.342Z","version":"WzE4NDM3LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: NAV - Core Services (RADIUS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (RADIUS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[**RADIUS**](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"ed3bad80-c31a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T18:13:05.152Z","version":"WzE2NDEwLDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Threat Intelligence Notice","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threat Intelligence Notice\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"# This Panel requires Threat Intelligence information which will be available in Beta 3.\"}}"},"id":"ed756050-3ed9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMyOCwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Sources (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ee4b4a30-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMyOSwyXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1645\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: RADIUS AUTH Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"f07f4eaa-fcfb-4805-91e7-9d8c8e53caf6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T17:10:21.013Z","version":"WzE1MDY3LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Responses\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.src.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: RADIUS AUTH Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"f1069065-2cd4-4fb5-bfdc-bf4fb3a5b3ff","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-23T16:39:46.523Z","version":"WzE0MzU4LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: ICMP Echo (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"f57c4960-c33c-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-04-24T14:41:20.806Z","version":"WzE4MTU1LDhd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: RADIUS AUTH Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.dst.l4.port.id: 1812 OR flow.dst.l4.port.id: 1645) AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"f6357006-4bb0-49f8-bd02-562459184378","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2022-04-23T16:41:09.281Z","version":"WzE0NDA5LDdd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Public Threats\",\"type\":\"exists\",\"key\":\"flow.client.sec.threat.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"flow.client.sec.threat.name\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow: Public Threats (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Public Threats (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Public Threats\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"f7a0baf0-750e-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-02-24T18:09:27.448Z","version":"WzMzMCwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"cfd8d732-c07f-4cd3-a4b1-1cb199aacc26\"},\"panelIndex\":\"cfd8d732-c07f-4cd3-a4b1-1cb199aacc26\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"0aff53b4-0aba-4040-9966-36924cd181e3\"},\"panelIndex\":\"0aff53b4-0aba-4040-9966-36924cd181e3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"472abd09-0771-4438-83b1-67b3d9a470a5\"},\"panelIndex\":\"472abd09-0771-4438-83b1-67b3d9a470a5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"e04284b8-0144-43e5-abc4-ba4c7204926c\"},\"panelIndex\":\"e04284b8-0144-43e5-abc4-ba4c7204926c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"96d1b9ac-bb4d-4c4e-9b18-2363ff5ea3cc\"},\"panelIndex\":\"96d1b9ac-bb4d-4c4e-9b18-2363ff5ea3cc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"3b8dddbf-dd64-4ec1-bd08-af58450c5ff3\"},\"panelIndex\":\"3b8dddbf-dd64-4ec1-bd08-af58450c5ff3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":10,\"h\":23,\"i\":\"b7240e19-8859-4502-b85f-6bf3addfc3c6\"},\"panelIndex\":\"b7240e19-8859-4502-b85f-6bf3addfc3c6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":10,\"y\":18,\"w\":14,\"h\":23,\"i\":\"86b4ae60-6982-403f-bead-3740e122cfa0\"},\"panelIndex\":\"86b4ae60-6982-403f-bead-3740e122cfa0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":12,\"h\":23,\"i\":\"9b417032-d5b1-4eae-b8ed-37bb4f119268\"},\"panelIndex\":\"9b417032-d5b1-4eae-b8ed-37bb4f119268\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":23,\"i\":\"e6682e5b-25f1-4e82-9297-2ae7686f94f8\"},\"panelIndex\":\"e6682e5b-25f1-4e82-9297-2ae7686f94f8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"ElastiFlow: Threats (IP Reputation)","version":1},"id":"f7fbc0b0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"ae161b80-c48d-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"beca7d30-75d4-11eb-8c14-238bcf08bfa6","name":"panel_3","type":"visualization"},{"id":"1dd52c20-75cc-11eb-8c14-238bcf08bfa6","name":"panel_4","type":"visualization"},{"id":"a41dd6a0-75c8-11eb-8c14-238bcf08bfa6","name":"panel_5","type":"visualization"},{"id":"307cb730-75cc-11eb-8c14-238bcf08bfa6","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"44e46180-750b-11eb-8c14-238bcf08bfa6","name":"panel_8","type":"visualization"},{"id":"f7a0baf0-750e-11eb-8c14-238bcf08bfa6","name":"panel_9","type":"visualization"},{"id":"7734beb0-75c3-11eb-8c14-238bcf08bfa6","name":"panel_10","type":"visualization"},{"id":"b56b5eb0-75c2-11eb-8c14-238bcf08bfa6","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:22:39.286Z","version":"WzIyMTY0LDhd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"1f50d436-eaad-48c1-8b91-ca622d5e6810\"},\"panelIndex\":\"1f50d436-eaad-48c1-8b91-ca622d5e6810\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"f3f5c819-f6ba-407a-8a85-52a44f203890\"},\"panelIndex\":\"f3f5c819-f6ba-407a-8a85-52a44f203890\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"3ed70fd3-a838-491a-8f09-d0c4f002d699\"},\"panelIndex\":\"3ed70fd3-a838-491a-8f09-d0c4f002d699\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"5f4e6b2e-870c-422d-91fe-79a6163147f9\"},\"panelIndex\":\"5f4e6b2e-870c-422d-91fe-79a6163147f9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"0a7851c1-f25a-4f80-b971-5747e805580b\"},\"panelIndex\":\"0a7851c1-f25a-4f80-b971-5747e805580b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"4b369b59-78e8-4212-b5b8-650bdc62dfc1\"},\"panelIndex\":\"4b369b59-78e8-4212-b5b8-650bdc62dfc1\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"57732e54-9de3-4850-928c-419a11b1c906\"},\"panelIndex\":\"57732e54-9de3-4850-928c-419a11b1c906\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"1dbabf3c-691e-474f-a3ca-7f48abebf69e\"},\"panelIndex\":\"1dbabf3c-691e-474f-a3ca-7f48abebf69e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"e4e7c7f0-a287-49b2-99e0-ebd952826c51\"},\"panelIndex\":\"e4e7c7f0-a287-49b2-99e0-ebd952826c51\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"beeba4b6-f6f9-4eb5-87f8-ddceb42f7fa5\"},\"panelIndex\":\"beeba4b6-f6f9-4eb5-87f8-ddceb42f7fa5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"951a3d6b-876a-48d1-856a-6bc0ee27347d\"},\"panelIndex\":\"951a3d6b-876a-48d1-856a-6bc0ee27347d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"ElastiFlow: Core Services (RADIUS)","version":1},"id":"fbea2e70-c319-11ec-aaf3-5b4644130c7f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"ed3bad80-c31a-11ec-aaf3-5b4644130c7f","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f6357006-4bb0-49f8-bd02-562459184378","name":"panel_3","type":"visualization"},{"id":"6e4ded9e-1233-42f1-9b51-158686c49239","name":"panel_4","type":"visualization"},{"id":"9fcf5aee-4b37-4445-874f-ad2785387e27","name":"panel_5","type":"visualization"},{"id":"f07f4eaa-fcfb-4805-91e7-9d8c8e53caf6","name":"panel_6","type":"visualization"},{"id":"08f1070a-4c98-4703-a0ce-28e2ceaea0b8","name":"panel_7","type":"visualization"},{"id":"b7b2c502-3d50-4c53-bd0f-1f7e560dde08","name":"panel_8","type":"visualization"},{"id":"e7ab7b3a-2d17-45ba-9e40-a9a8b9323eae","name":"panel_9","type":"visualization"},{"id":"d4ca6ff9-e8cf-4ce1-bc95-4ebcf77b60f9","name":"panel_10","type":"visualization"},{"id":"f1069065-2cd4-4fb5-bfdc-bf4fb3a5b3ff","name":"panel_11","type":"visualization"},{"id":"0ce9bc39-bc69-4e87-b053-3a16588447a6","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2022-04-25T13:22:01.933Z","version":"WzIyMTYyLDhd"}
{"exportedCount":379,"missingRefCount":0,"missingReferences":[]}