{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/City (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/City (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"geo.city.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.city.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"01222130-3eec-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgxOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Half-Open Sessions - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Half-Open Sessions - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"TCP\\\" AND tcp.flags.bits: 2 AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Half-Open Sessions\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"01b180e0-c484-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgxOSwxXQ=="}
{"attributes":{"fieldFormatMap":"{\"flow.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*/field/flow.in.bytes\",\"basePath\":\"\"}}},\"flow.client.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst.nat.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.in.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-codex-*/field/flow.in.bytes\",\"basePath\":\"\"}}},\"flow.out.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://codex.demo.elastiflow.com\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/monitoring\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"flow.server.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src.nat.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.0.2.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}}}","fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"app.category.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"app.subcategory.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.dst.hw.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.dst.proto.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.hw.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.op.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.proto.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.src.hw.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"arp.src.proto.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.community.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.dst.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.dscp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.ecn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.prec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.tos.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.ttl\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.v4.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.v6.ext.route.hops\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.v6.ext.route.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.version.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.ip.version.ver\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.src.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.tcp.flags.bits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.tcp.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.tcp.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.tcp.window.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.typename\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.udp.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.c_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.c_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.c_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.c_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.s_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.s_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.s_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.s_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"encap.vlan.tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ethernet.ether_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.notice\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.severity.code\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.severity.level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.ip.subnet.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.ip.subnet.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.isInternal\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.nat.ip.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.nat.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.nat.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.client.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.collect.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.community.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.conversation.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.direction.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.ip.subnet.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.ip.subnet.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.isInternal\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.nat.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.nat.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.nat.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.end.reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.end.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.end.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.loc.coord\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.subnet.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.subnet.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.start.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.version.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.version.ver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.dst.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ip.dscp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ip.ecn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ip.prec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.ip.tos.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.alias\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.bandwidth.bw\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.src.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.c_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.c_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.c_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.c_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.s_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.s_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.s_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.s_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.vlan.tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.isServer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.locality\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.domain.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.domain.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packet_select.interval.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packets_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packets_total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.as.asn\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.ip.subnet.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.ip.subnet.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.next_hop.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ip.dscp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ip.ecn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ip.prec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.ip.tos.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.alias\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.bandwidth.bw\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.src.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.c_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.c_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.c_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.c_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.s_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.s_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.s_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.s_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.vlan.tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.ip.subnet.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.ip.subnet.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.isInternal\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.nat.ip.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.nat.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.nat.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.server.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.ip.subnet.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.ip.subnet.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.isInternal\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.nat.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.nat.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.nat.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.start.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.start.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gre.key\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gre.pptp.call_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"gre.vsid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"icmp.code.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"icmp.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"icmp.seq_num\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"icmp.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ifa.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ifa.gns\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ifa.metadata.action.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ifa.metadata.frag.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ifa.metadata.frag.last\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ifa.metadata.frag.packet.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ifa.metadata.req.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ifa.metadata.ttl\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"igmp.group.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"igmp.max_resp_time\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"igmp.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.dscp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.ecn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.frag.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.packet.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.prec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.subnet.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.subnet.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.tos.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.ttl\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.v4.options.payload\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.v4.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.v6.ext.route.hops\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.v6.ext.route.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.v6.flow_label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.version.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"ip.version.ver\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l2.frame.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.session.established\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"llc.dsap.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"llc.lpdu.frame_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"llc.ssap.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.alias\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.bandwidth.bw\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.collisions.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"pppoe.code.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.action.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.policy.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.reason.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.rule.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.rule.set.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.sign.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.pen.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.pen.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample.header_proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample.strip_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.source_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.source_id_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sub_agent_id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.ack_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.flags.bits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.header.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.options.payload\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.urgent_pointer\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tcp.window.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.community.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.dst.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.dscp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.ecn.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.prec.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.tos.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.ttl\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.v4.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.v6.ext.route.hops\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.v6.ext.route.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.version.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.ip.version.ver\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.loc.coord\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.sec.threat.feed.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.src.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.flags.bits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.options.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.tcp.window.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.typename\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.udp.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.c_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.c_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.c_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.c_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.s_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.s_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.s_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.s_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tunnel.vlan.tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"udp.size\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.c_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.c_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.c_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.c_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.s_tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.s_tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.s_tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.s_tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.tag.dei.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.tag.id\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.tag.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vlan.tag.pcp.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.flags.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.vni\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.vtep.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.vtep.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"vxlan.vtep.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.channel\",\"type\":\"number\",\"esTypes\":[\"short\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.ssid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.sta.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.sta.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"wifi.wtp.mac.addr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"elastiflow-flow-codex-*"},"id":"elastiflow-flow-codex-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2023-02-02T08:15:04.692Z","version":"WzEyODYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): VLANs Ingress and Egress (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs Ingress and Egress (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress VLAN\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.out.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"01b37df0-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgyMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Flags (records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (records) - tag cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.flags.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false}}"},"id":"0262fbf0-3df7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgyMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"028aac60-c490-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgyMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Flow Exporters (records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exporter\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"02ed6c40-3d34-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgyNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Layer-4 Protocol Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Layer-4 Protocol Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"l4.proto.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Layer-4 Protocols\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"051bf440-3e61-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgyNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"tcp.flags.bits\":[63,127,255]}}]},\"meta\":{\"alias\":\"TCP X-Mas Flags\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"tcp.flags.bits\\\":[63,127,255]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP X-Mas Flags - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP X-Mas Flags - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"058ea560-c413-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgyNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND NOT flow.dst.ip.addr: 255.255.255.255 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"05a49fb0-9b95-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgyNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Options (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Options (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.options.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Option\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0625de60-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgyOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flow Records","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [**Flow Records**](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"06d52ff0-3d43-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgyOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/VLAN (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/VLAN (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"fcb8f380-6d76-11eb-bbbf-d3d457f1cd90\",\"type\":\"math\",\"variables\":[{\"id\":\"00fa94d0-6d77-11eb-bbbf-d3d457f1cd90\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"0b4d1930-6d77-11eb-bbbf-d3d457f1cd90\",\"type\":\"math\",\"variables\":[{\"id\":\"0e36cba0-6d77-11eb-bbbf-d3d457f1cd90\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top VLANs\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"vlan.tag.id\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"vlan.tag.id: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"07262240-3f08-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [**Threats**](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (DDoS TCP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (DDoS TCP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [**DDoS TCP**](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"d3f5df40-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Logo","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Logo\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[![ElastiFlow](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAAAgCAYAAADKbvy8AAAFXWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS41LjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgogICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iCiAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyIKICAgIHhtbG5zOnBob3Rvc2hvcD0iaHR0cDovL25zLmFkb2JlLmNvbS9waG90b3Nob3AvMS4wLyIKICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIgogICAgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIKICAgZXhpZjpQaXhlbFhEaW1lbnNpb249IjExMiIKICAgZXhpZjpQaXhlbFlEaW1lbnNpb249IjMyIgogICBleGlmOkNvbG9yU3BhY2U9IjEiCiAgIHRpZmY6SW1hZ2VXaWR0aD0iMTEyIgogICB0aWZmOkltYWdlTGVuZ3RoPSIzMiIKICAgdGlmZjpSZXNvbHV0aW9uVW5pdD0iMiIKICAgdGlmZjpYUmVzb2x1dGlvbj0iNzIuMCIKICAgdGlmZjpZUmVzb2x1dGlvbj0iNzIuMCIKICAgcGhvdG9zaG9wOkNvbG9yTW9kZT0iMyIKICAgcGhvdG9zaG9wOklDQ1Byb2ZpbGU9InNSR0IgSUVDNjE5NjYtMi4xIgogICB4bXA6TW9kaWZ5RGF0ZT0iMjAyMC0xMS0yOVQwOTo1NzoyNiswMTowMCIKICAgeG1wOk1ldGFkYXRhRGF0ZT0iMjAyMC0xMS0yOVQwOTo1NzoyNiswMTowMCI+CiAgIDxkYzp0aXRsZT4KICAgIDxyZGY6QWx0PgogICAgIDxyZGY6bGkgeG1sOmxhbmc9IngtZGVmYXVsdCI+bG9nby1raWJhbmE8L3JkZjpsaT4KICAgIDwvcmRmOkFsdD4KICAgPC9kYzp0aXRsZT4KICAgPHhtcE1NOkhpc3Rvcnk+CiAgICA8cmRmOlNlcT4KICAgICA8cmRmOmxpCiAgICAgIHN0RXZ0OmFjdGlvbj0icHJvZHVjZWQiCiAgICAgIHN0RXZ0OnNvZnR3YXJlQWdlbnQ9IkFmZmluaXR5IERlc2lnbmVyIChOb3YgIDYgMjAyMCkiCiAgICAgIHN0RXZ0OndoZW49IjIwMjAtMTEtMjlUMDk6NTc6MjYrMDE6MDAiLz4KICAgIDwvcmRmOlNlcT4KICAgPC94bXBNTTpIaXN0b3J5PgogIDwvcmRmOkRlc2NyaXB0aW9uPgogPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KPD94cGFja2V0IGVuZD0iciI/PnTRx9oAAAGCaUNDUHNSR0IgSUVDNjE5NjYtMi4xAAAokXWRzytEURTHPzPIZEaEhQU1aVgNDWpio8wk1KRpjDLYzLz5pebH672RZKtspyix8WvBX8BWWStFpGRlYU1smJ7zZtRI5tzOPZ/7vfec7j0XrOGMktXrPZDNFbTQpM85H1lwNj5jpxsbXtqiiq6OB4MBatrHHRYz3vSbtWqf+9fs8YSugMUmPKaoWkF4SjiwWlBN3hbuUNLRuPCpsFuTCwrfmnqswi8mpyr8ZbIWDvnB2irsTP3i2C9W0lpWWF6OK5tZUX7uY77EkcjNzUrsEe9CJ8QkPpxMM4FfejLIqMxe+hliQFbUyPeU82fIS64is8oaGsukSFPALeqKVE9ITIqekJFhzez/377qyeGhSnWHDxqeDOOtFxq3oFQ0jM9DwygdQd0jXOSq+fkDGHkXvVjVXPvQsgFnl1UttgPnm9D5oEa1aFmqE7cmk/B6As0RaL+GpsVKz372Ob6H8Lp81RXs7kGfnG9Z+gZ7umfvslRXWQAAAAlwSFlzAAALEwAACxMBAJqcGAAABntJREFUaIHtmmmMFVUWx381isYtRGRajRqIQ8gkJqMx4/7Ujk6gERxMHDWj4IIbYhT9ov+JGo3K5IAicRnHcVdmFJfGdiHu4ZnQ4tYIxI1WkZYoPXSDadAWl+6eD+cWXbx57/XyXrUk1j+p1LvnnnvrVJ17z3ZfVLukp4d08M98LpqR0twZAn6T0rw/ALNSmjtDAmkp8O58LvoqpbkzJJCGAjsBS2HeDEWQhgJvz+ei9SnMm6EIqq3ATcCtVZ4zQxnsWKZvHLBmgPN15nPRxsGLk2GgKKfANflc9OmQSZJhUEgrCs0wRCi3A1OFmY0DDijRvVrS4sB3OoCkJ4dQtvOBVkmLQnsP4PQS7JskPWVmNcDJwHJJTUMk6i+nQOBKoK5E31PA4vB7NhABVVegmU0A1hf54PcDjcCi0K4JtGJYjcs7JvD8HfhVKDDGkXj0mkRhOy0sCtfJBfSLgNYi/C8AVxXQfkxBrn6jnAKH1y7pGdGPOTryuairAhmaJX1TwfiqQ9J9Jbo2Sfp4SIXpA+UU+G4/xjcDB1VJln7DzP4E/BXfvaOBT4HbJD2a4NkVuAyYCPwBeB94BbgtjLkRN82HmtkTwEZJl4SxjcAHki6ukrxnANODHFuAZcAsSW+F/t2DbJ9ImpYYNxy3ECslzUjQ9wr0dyuNQq/P56KfK5xjQDCzHYC78Dz1PeBhYCTwiJn9JcF6B17Si4D5wG7A1cAewDBgn8C3M/BbIGltDqdKC9PM5gMLgByQBz4DJgGNZnYlgKRvgW5gqpntmRh+EnAMcEFQZowJwBHA6kp84AdUJ7BoMrPuRPtpSSrFLKnLzOqAtZK6AMzsATxwmA48HVhrge+B8ZI6A9++ktqBdjObCGwGlkoq9IGlkDOzwne+UFJHMWYzmwZMAZ4FZkj6OtAPAh4H5pjZG5KWAQtxZdWFPoBTgPV4EDUBXwjQ67MXVrIDr8vnou6+2frEx/hiiK8+TzEkrQmKHGFmfwQOxAOfMQm2Z4BdgHnB5CBpXYWyjgSOKriGleG/EA9ypsXKC3J8CFyOu7Cpgbww3CcCmNlOuNL+jVfEJgf6MGA80CSpZbA7sAlfVdXAlIEGMWZ2JjAH2C+QfsA/ZGeC7RZgLB5Rnm1m9wA3lNot/USDpLP6KWMEHIr70mLlxbeAHuAQ8EVpZsuAuuAmTsDNfQNecDkvKO9YYDhB4YPdgdfmc1FaJ/llEXK3/wAf4kHMSNy/bUjySVovaTL+IV4HrgBWhI+QRJSGnJJ6gDbc/BXDyPDs5MlNPbAXvrNPAf6L56P1uNJqcf8Z85ZV4GFhsmLXywN8n0qxc+L3ueF+nqS3JW0AjscDkf+DpMWSJgG3A6OAOND5HvgO+F2KsuaB/c1sUhG+88O9MUGrD/eJuJ97VlI38Cael/459H0kaRWUTyM6huhk4XAz21xA645DbOBr4OgQijfQu9Ommtk8YE/87xtb4sHBfD2Hm6nngbX4igf4ErYGQ43AuDDPE8A74YMNBrGPqzOzRyWtBP6G75jHQqB1N77QLsVLcyuBe+IJJK0ys4+Ac4B9cT+OpG4zawBODfSb4jHbQzH7JXwVJq98oj9Oqhfg+ZvhCjFcmevC9UZizO64T7wZWAFsBM4CnpOUXPHTgc9x87oU9zmDgqQ1wGt4+vFgoK3FA5GvwjOaw/udGeSdLKmwkrMQV1IHbvpj1Ad6zAP8sqW0m+hVTiG2VnYkPWxmr+J51DpJm8xsNHAc7itWAC+G38PDmM34Ttgb94E1wAuSPk8+RNIXwBgzG4u7jDgIOg1XeoxWfPV/2cc7jccDl70Tz1hqZofgZv5g3FI0SXqzxBz/wIsObZJ+StDzQYYuSctjYlTmb4Vjs/PA7R/bgwnNUAHKmdDRtUu2bs4N+NaP866f87noCxp6RgE7BVorLW0RveZjCzNr1lZb4AzbotwOfAV3uqtwxd0a2s3ANTT0/B4PAJqB5XguNj/Bc0F6YmeI0Z8gZgHwLb0K+RGv5N8C7BBod9HSNgrPU8ADgLlVlDNDCfSlwC7geuAGemt+/8q3MwKP1MBrkLPZtrA9h5k1Q3Uo+6tGXwp8KPBMCe1OPGl+gN4S1Fxa2g4GTgztVuDOKsuZoQTKKfAnPFebS6+vvCPfzoGEijnQDsxj29LaLGbWJIvKGVJEOQU+jtc9Tw3tDvwEoD7BM5uWtjihBmgB7q22kBlK43/m1ycy1u1O3AAAAABJRU5ErkJggg==)](https://www.elastiflow.com)\"}}"},"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Threats (DDoS TCP) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (DDoS TCP) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"7f67f8d0-c479-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Half-Open Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Half-Open Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":50000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"TCP\\\" AND tcp.flags.bits: 2 AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Half-Open Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"100dff50-c485-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP X-Mas Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP X-Mas Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"tcp.flags.bits: 63 OR tcp.flags.bits: 127 OR tcp.flags.bits: 255\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"X-Mas Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"216d4fc0-c481-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP null Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP null Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"TCP\\\" AND tcp.flags.bits: 0\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"null Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"15622970-c482-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP URG Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP URG Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"tcp.flags.tags: \\\"URG\\\" \",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Urgent Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"f5946090-c481-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":7,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"8acef510-c466-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzgzOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":7,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a89d1d60-c466-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"tcp.flags.tags\":\"URG\"}}]},\"meta\":{\"alias\":\"TCP URG Flag\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"tcp.flags.tags\\\":\\\"URG\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP URG Flag - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP URG Flag - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"627f5ee0-c413-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"tcp.flags.bits\":0}}]},\"meta\":{\"alias\":\"TCP null Flags\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":0}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP null Flags - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP null Flags - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":4,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"c7001200-c46e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0MiwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"34695e7c-2cf5-4115-a2c7-11029b7fbc98\"},\"panelIndex\":\"34695e7c-2cf5-4115-a2c7-11029b7fbc98\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"8da8ea54-feda-4cc3-9eda-d1367cd6f6e4\"},\"panelIndex\":\"8da8ea54-feda-4cc3-9eda-d1367cd6f6e4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"62410829-53ae-49d4-bec5-8d4b2a4d31d2\"},\"panelIndex\":\"62410829-53ae-49d4-bec5-8d4b2a4d31d2\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c209ff24-1623-459f-941c-aa65fad90df8\"},\"panelIndex\":\"c209ff24-1623-459f-941c-aa65fad90df8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"a35b5294-ff2a-4178-85ce-7466834825db\"},\"panelIndex\":\"a35b5294-ff2a-4178-85ce-7466834825db\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"ab6f62f9-7b7d-4d77-bdad-b8d1e52a4d75\"},\"panelIndex\":\"ab6f62f9-7b7d-4d77-bdad-b8d1e52a4d75\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"cc785bfa-34dc-415d-aa45-cbfc3d0c54d4\"},\"panelIndex\":\"cc785bfa-34dc-415d-aa45-cbfc3d0c54d4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":26,\"h\":19,\"i\":\"fb78b64b-76e2-4751-a0a2-689d04c3acc9\"},\"panelIndex\":\"fb78b64b-76e2-4751-a0a2-689d04c3acc9\",\"embeddableConfig\":{\"title\":\"Half-Open Sessions\",\"hidePanelTitles\":false},\"title\":\"Half-Open Sessions\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":26,\"y\":9,\"w\":22,\"h\":19,\"i\":\"3b0f59b3-ae59-4981-91f3-2e1e1dc5b7b8\"},\"panelIndex\":\"3b0f59b3-ae59-4981-91f3-2e1e1dc5b7b8\",\"embeddableConfig\":{\"title\":\"Half-Open Sources\",\"hidePanelTitles\":false},\"title\":\"Half-Open Sources\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":28,\"w\":16,\"h\":14,\"i\":\"803dddd3-e6a3-4a8b-b695-4949f75dece5\"},\"panelIndex\":\"803dddd3-e6a3-4a8b-b695-4949f75dece5\",\"embeddableConfig\":{\"title\":\"X-Mas Flags\",\"hidePanelTitles\":false},\"title\":\"X-Mas Flags\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":28,\"w\":16,\"h\":14,\"i\":\"c6832185-bb97-4c09-9034-13da30894a81\"},\"panelIndex\":\"c6832185-bb97-4c09-9034-13da30894a81\",\"embeddableConfig\":{\"title\":\"URG Flag\",\"hidePanelTitles\":false},\"title\":\"URG Flag\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":28,\"w\":16,\"h\":14,\"i\":\"03a929fc-eb04-40ea-81c4-d763584f20df\"},\"panelIndex\":\"03a929fc-eb04-40ea-81c4-d763584f20df\",\"embeddableConfig\":{\"title\":\"null Flags\",\"hidePanelTitles\":false},\"title\":\"null Flags\",\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (DDoS TCP)","version":1},"id":"0774f5d0-c348-11ec-aaf3-5b4644130c7f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"d3f5df40-c495-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"7f67f8d0-c479-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"01b180e0-c484-11ec-a49f-6168cd647191","name":"panel_4","type":"visualization"},{"id":"100dff50-c485-11ec-a49f-6168cd647191","name":"panel_5","type":"visualization"},{"id":"216d4fc0-c481-11ec-a49f-6168cd647191","name":"panel_6","type":"visualization"},{"id":"15622970-c482-11ec-a49f-6168cd647191","name":"panel_7","type":"visualization"},{"id":"f5946090-c481-11ec-a49f-6168cd647191","name":"panel_8","type":"visualization"},{"id":"8acef510-c466-11ec-a49f-6168cd647191","name":"panel_9","type":"visualization"},{"id":"a89d1d60-c466-11ec-a49f-6168cd647191","name":"panel_10","type":"visualization"},{"id":"058ea560-c413-11ec-a49f-6168cd647191","name":"panel_11","type":"visualization"},{"id":"627f5ee0-c413-11ec-a49f-6168cd647191","name":"panel_12","type":"visualization"},{"id":"c7001200-c46e-11ec-a49f-6168cd647191","name":"panel_13","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (Brute Force)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (Brute Force)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [**Brute Force**](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"08535420-c496-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"853a7a30-6d77-11eb-9ef1-eff5674a4cc1\",\"type\":\"math\",\"variables\":[{\"id\":\"89871800-6d77-11eb-9ef1-eff5674a4cc1\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"964a0020-6d77-11eb-9ef1-eff5674a4cc1\",\"type\":\"math\",\"variables\":[{\"id\":\"98547620-6d77-11eb-9ef1-eff5674a4cc1\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Servers\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"086359d0-3edf-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Client Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"087e6750-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Response\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1645\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.src.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"08f1070a-4c98-4703-a0ce-28e2ceaea0b8","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [**Flows**](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"98538b80-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/167989f0-3d3f-11eb-bc2c-c5758316d788) | [AS](#/dashboard/264f5760-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"f6181a50-3d43-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg0OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.host.name\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.host.name\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032196248\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0d2b3b30-3e68-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client/server) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client/server) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.client.host.name\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.server.host.name\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"id":"214ff7c0-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"a7db3740-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"1a875610-3e68-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"b54004b0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"29666770-3e68-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"21b512f0-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1NywxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"b72ce2d1-bcec-42ca-b068-451d3b5a9d62\"},\"panelIndex\":\"b72ce2d1-bcec-42ca-b068-451d3b5a9d62\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"a2f9ff30-3efb-4191-b82a-5e6739a02b93\"},\"panelIndex\":\"a2f9ff30-3efb-4191-b82a-5e6739a02b93\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"9b1de842-8921-445e-83d6-709f815083aa\"},\"panelIndex\":\"9b1de842-8921-445e-83d6-709f815083aa\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"3c9f3c98-bb84-4a41-b8e3-44d993f9117e\"},\"panelIndex\":\"3c9f3c98-bb84-4a41-b8e3-44d993f9117e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"385518e4-5344-43a2-9508-917e7f7ed645\"},\"panelIndex\":\"385518e4-5344-43a2-9508-917e7f7ed645\",\"embeddableConfig\":{\"title\":\"Clients (bytes)\",\"hidePanelTitles\":false},\"title\":\"Clients (bytes)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"3ede7a4b-d3a6-42f9-a12f-abe617cdd1f3\"},\"panelIndex\":\"3ede7a4b-d3a6-42f9-a12f-abe617cdd1f3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"acc535a1-7895-4fe1-adde-fb142765043a\"},\"panelIndex\":\"acc535a1-7895-4fe1-adde-fb142765043a\",\"embeddableConfig\":{\"title\":\"Servers (bytes)\",\"hidePanelTitles\":false},\"title\":\"Servers (bytes)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"fefca9db-081e-42b4-b9e6-839f863a4109\"},\"panelIndex\":\"fefca9db-081e-42b4-b9e6-839f863a4109\",\"embeddableConfig\":{\"title\":\"Clients (packets)\",\"hidePanelTitles\":false},\"title\":\"Clients (packets)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"b90e0320-9b08-410f-9e7c-d48bd25b3c92\"},\"panelIndex\":\"b90e0320-9b08-410f-9e7c-d48bd25b3c92\",\"embeddableConfig\":{\"title\":\"Servers (packets)\",\"hidePanelTitles\":false},\"title\":\"Servers (packets)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"8022fdaf-1f2b-4ebd-80eb-3a28c1cd753a\"},\"panelIndex\":\"8022fdaf-1f2b-4ebd-80eb-3a28c1cd753a\",\"embeddableConfig\":{\"title\":\"Clients (flow records)\",\"hidePanelTitles\":false},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"8e84274d-9487-4eae-8dab-7d52da7027e4\"},\"panelIndex\":\"8e84274d-9487-4eae-8dab-7d52da7027e4\",\"embeddableConfig\":{\"title\":\"Servers (flow records)\",\"hidePanelTitles\":false},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flows (client/server)","version":1},"id":"090f3e40-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"98538b80-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"f6181a50-3d43-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"0d2b3b30-3e68-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"214ff7c0-3e65-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"a7db3740-3e66-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"1a875610-3e68-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"b54004b0-3e66-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"29666770-3e68-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"21b512f0-3d38-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"09832fe0-3e6a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg1OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Cities (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Cities (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0a621e90-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [**Core Services**](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (LDAP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (LDAP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[**LDAP**](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"fe628c00-c31a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): LDAP Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.dst.l4.port.id: 389 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"f320aefc-2851-428e-93c5-e5501e8baf3b","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): LDAP Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 389 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"1a57842f-1d61-4337-a14f-ebde886bb94d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): LDAP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 389\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 389\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"a7c8aac9-0b2c-4b87-ae40-408051a0585c","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"7ee8c1df-41d7-4f17-9b7c-dd4de86154e5","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"f0aa7b9d-75d3-4299-8f19-abd117b6c488","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"ce61d9bc-7471-4bad-9641-dceae4b0b6fd","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7442c75e-2101-48a3-bd4e-4c41ccc3c1b7","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg2OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"c9b65544-2c6c-4512-8f08-156296fb7357","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"2760de38-aae3-40cd-bf60-f00dbbe431c4","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"LDAP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":389}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":389}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":389}},{\"match_phrase\":{\"flow.dst.l4.port.id\":389}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"1a134792-e198-41f1-8636-0951002b7895","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3MiwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"e82bdc5b-be64-44e6-a350-da1952432e7e\"},\"panelIndex\":\"e82bdc5b-be64-44e6-a350-da1952432e7e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"6f81c896-26c1-4d45-93d8-b58ca6e02ead\"},\"panelIndex\":\"6f81c896-26c1-4d45-93d8-b58ca6e02ead\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"04f09116-ac3c-481e-99d9-c90778497de3\"},\"panelIndex\":\"04f09116-ac3c-481e-99d9-c90778497de3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"af0379f3-6f77-4d03-b9fc-c33a179eeef8\"},\"panelIndex\":\"af0379f3-6f77-4d03-b9fc-c33a179eeef8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"f49fb158-4b0e-4d72-b577-baa00d521d6f\"},\"panelIndex\":\"f49fb158-4b0e-4d72-b577-baa00d521d6f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"80fbd6e4-db34-47b1-bd44-5429e450b2b4\"},\"panelIndex\":\"80fbd6e4-db34-47b1-bd44-5429e450b2b4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"e79913fc-b30c-4251-bfaa-8b3b3e5dc414\"},\"panelIndex\":\"e79913fc-b30c-4251-bfaa-8b3b3e5dc414\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"b2113458-90c6-412c-8bcb-0e33a7ea29be\"},\"panelIndex\":\"b2113458-90c6-412c-8bcb-0e33a7ea29be\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"e880b91d-6b5d-46a7-a29e-9c72f6d84584\"},\"panelIndex\":\"e880b91d-6b5d-46a7-a29e-9c72f6d84584\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"b1db5d73-7573-4682-8705-59862d2b4509\"},\"panelIndex\":\"b1db5d73-7573-4682-8705-59862d2b4509\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"ad7239c3-aaaf-4995-82ba-59a7a1d3bef7\"},\"panelIndex\":\"ad7239c3-aaaf-4995-82ba-59a7a1d3bef7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (LDAP)","version":1},"id":"0ae30960-c31a-11ec-aaf3-5b4644130c7f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"fe628c00-c31a-11ec-aaf3-5b4644130c7f","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f320aefc-2851-428e-93c5-e5501e8baf3b","name":"panel_3","type":"visualization"},{"id":"1a57842f-1d61-4337-a14f-ebde886bb94d","name":"panel_4","type":"visualization"},{"id":"a7c8aac9-0b2c-4b87-ae40-408051a0585c","name":"panel_5","type":"visualization"},{"id":"7ee8c1df-41d7-4f17-9b7c-dd4de86154e5","name":"panel_6","type":"visualization"},{"id":"f0aa7b9d-75d3-4299-8f19-abd117b6c488","name":"panel_7","type":"visualization"},{"id":"ce61d9bc-7471-4bad-9641-dceae4b0b6fd","name":"panel_8","type":"visualization"},{"id":"7442c75e-2101-48a3-bd4e-4c41ccc3c1b7","name":"panel_9","type":"visualization"},{"id":"c9b65544-2c6c-4512-8f08-156296fb7357","name":"panel_10","type":"visualization"},{"id":"2760de38-aae3-40cd-bf60-f00dbbe431c4","name":"panel_11","type":"visualization"},{"id":"1a134792-e198-41f1-8636-0951002b7895","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"0b02ed40-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0b0bf070-c412-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0b230740-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0b3a81e0-c40f-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0b5fe960-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (conversations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (conversations)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [Services](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [Apps](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [**Conversations**](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"0c217890-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg3OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Destinations from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Destinations from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: (\\\"ICMP\\\" OR \\\"IPv6-ICMP\\\") AND (flow.src.as.org: \\\"PRIVATE\\\" AND flow.dst.as.org: \\\"PRIVATE\\\")\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Destinations (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.dst.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"0ca342c0-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":1812}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":1812}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":1645}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":1645}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":1812}},{\"match_phrase\":{\"flow.dst.l4.port.id\":1812}},{\"match_phrase\":{\"flow.src.l4.port.id\":1645}},{\"match_phrase\":{\"flow.dst.l4.port.id\":1645}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0ce9bc39-bc69-4e87-b053-3a16588447a6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"0d6d69c0-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0d798530-c33a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/167989f0-3d3f-11eb-bc2c-c5758316d788) | [AS](#/dashboard/264f5760-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"0e564f60-3d44-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Exporters - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868774014\",\"fieldName\":\"flow.export.version.name\",\"parent\":\"\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"0f371ce0-3ecd-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"0fbdeb60-c344-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Observed Traffic (flow records/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (flow records/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"27c24400-3ece-11eb-a018-83ddf1ffaeb4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"2b538110-3ece-11eb-a018-83ddf1ffaeb4\",\"name\":\"count\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"505adfd0-3ece-11eb-a018-83ddf1ffaeb4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"59807cf0-3ece-11eb-a018-83ddf1ffaeb4\",\"name\":\"count\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Exporters\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.export.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"11e668f0-3ece-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details (attributes)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (attributes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Attributes**](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Types](#/dashboard/7dfba590-3d3f-11eb-bc2c-c5758316d788) | [Locality](#/dashboard/980f36e0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"12658420-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Src/Dst Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.src.as.label\",\"parent\":\"\",\"label\":\"Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.dst.as.label\",\"parent\":\"\",\"label\":\"Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032550621\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"13ac7020-3d53-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg4OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"145281b0-3d33-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"16000b60-c467-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Src/Dst - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.src.host.name\",\"parent\":\"\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.dst.host.name\",\"parent\":\"\",\"label\":\"Destination\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.dst.l4.port.name\",\"parent\":\"\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032296511\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"b3ab0570-3e69-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (src/dst) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src/dst) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src.host.name\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst.host.name\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source\\\", \\\"Destination\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"id":"3af95590-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"56a96df0-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c1358350-3e69-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"678fc100-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"cdb91880-3e69-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"48e78f10-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzg5OSwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"e9392543-7a3b-4410-82e0-acdc8796055c\"},\"panelIndex\":\"e9392543-7a3b-4410-82e0-acdc8796055c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"45ab167a-8b6c-4284-87bc-bb63194ab67b\"},\"panelIndex\":\"45ab167a-8b6c-4284-87bc-bb63194ab67b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"61821225-4249-4b8a-83b5-b12282d65350\"},\"panelIndex\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"fbe3da65-1654-4f77-b694-d792de20ffc6\"},\"panelIndex\":\"fbe3da65-1654-4f77-b694-d792de20ffc6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"66417ae6-f45c-4acd-98bb-8594ae027283\"},\"panelIndex\":\"66417ae6-f45c-4acd-98bb-8594ae027283\",\"embeddableConfig\":{\"title\":\"Sources (bytes)\",\"hidePanelTitles\":false},\"title\":\"Sources (bytes)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"f77ebdbf-f37e-4728-9c89-06b114de6943\"},\"panelIndex\":\"f77ebdbf-f37e-4728-9c89-06b114de6943\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"33b1452c-f126-40a1-8ba3-17e940753651\"},\"panelIndex\":\"33b1452c-f126-40a1-8ba3-17e940753651\",\"embeddableConfig\":{\"title\":\"Destinations (bytes)\",\"hidePanelTitles\":false},\"title\":\"Destinations (bytes)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"750f0f17-498c-40a1-96db-cd38d48ceef4\"},\"panelIndex\":\"750f0f17-498c-40a1-96db-cd38d48ceef4\",\"embeddableConfig\":{\"title\":\"Sources (packets)\",\"hidePanelTitles\":false},\"title\":\"Sources (packets)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"4cc272c3-959d-4e54-b821-0728ec7498fd\"},\"panelIndex\":\"4cc272c3-959d-4e54-b821-0728ec7498fd\",\"embeddableConfig\":{\"title\":\"Destinations (packets)\",\"hidePanelTitles\":false},\"title\":\"Destinations (packets)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"47feea3b-9d9b-44b4-870e-90c72894cd9e\"},\"panelIndex\":\"47feea3b-9d9b-44b4-870e-90c72894cd9e\",\"embeddableConfig\":{\"title\":\"Sources (flow records)\",\"hidePanelTitles\":false},\"title\":\"Sources (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"6be81876-ec1a-4d3f-8754-beb1dd24cc84\"},\"panelIndex\":\"6be81876-ec1a-4d3f-8754-beb1dd24cc84\",\"embeddableConfig\":{\"title\":\"Destinations (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destinations (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flows (src/dst)","version":1},"id":"167989f0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"98538b80-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"0e564f60-3d44-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"b3ab0570-3e69-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"3af95590-3e65-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"56a96df0-3e67-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"c1358350-3e69-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"678fc100-3e67-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"cdb91880-3e69-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"48e78f10-3d38-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Layer-4 Protocols - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Layer-4 Protocols - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"l4.proto.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Layer-4 Protocols\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"17487960-3e55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations and Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"17a15400-3d32-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23]}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23]}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"17e07110-c49c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"17e74fd0-3eb5-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"client requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 123 AND NOT flow.src.l4.port.id: 123\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"server responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 123 AND NOT flow.dst.l4.port.id: 123\",\"language\":\"kuery\"}},{\"id\":\"70eeb7b0-9d75-11ec-b325-891fbbc52d93\",\"color\":\"rgba(97,221,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"70eedec0-9d75-11ec-b325-891fbbc52d93\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"symmetric messages\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 123 AND flow.dst.l4.port.id: 123\",\"language\":\"kuery\"}},{\"id\":\"b588f930-9d75-11ec-b325-891fbbc52d93\",\"color\":\"rgba(243,163,66,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"b588f931-9d75-11ec-b325-891fbbc52d93\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcasts\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 123 AND flow.dst.ip.addr: \\\"224.0.1.1\\\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"17f41790-9d75-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [**Graph**](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"184df9c0-a073-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (talkers)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (talkers)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Talkers**](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [Services](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [Apps](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [Conversations](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"18500ff0-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Client Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (NOT flow.src.l4.port.id: 123) AND flow.dst.l4.port.id: 123 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"18a453c0-9d80-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Client Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"19505290-9d7d-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkwOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"1a08c550-3e6a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Remote Desktop Sessions from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (1494 OR 3389 OR 5900 OR 5901 OR 5902 OR 5903 OR 5904) AND flow.src.as.org: \\\"PRIVATE\\\" AND flow.dst.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Remote Desktop Sessions (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"1a219c90-c49e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Type - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Type - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868774014\",\"fieldName\":\"flow.export.version.name\",\"parent\":\"\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"1a9e1fe0-3f0c-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): VLANs Ingress and Egress (records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs Ingress and Egress (records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress VLAN\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.out.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"1bd16f80-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"e7c66180-c4b7-11ec-ad5c-5304474b164c\",\"color\":\"rgba(163,144,185,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"e7c66181-c4b7-11ec-ad5c-5304474b164c\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcast\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND flow.dst.ip.addr: 255.255.255.255\",\"language\":\"kuery\"}},{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND NOT flow.dst.ip.addr: 255.255.255.255\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 68\",\"language\":\"kuery\"}},{\"id\":\"f55a00b0-c302-11ec-ad58-dde6b04c7677\",\"color\":\"rgba(138,182,223,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"f55a00b1-c302-11ec-ad58-dde6b04c7677\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"relayed\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 67\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"1d489090-9b95-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Overview\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Overview**](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"1db06be0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Record Count (Threats) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (Threats) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"sec.threat.name: * and (flow.community.id : * or flow.conversation.id : *) \",\"language\":\"kuery\"}}}"},"id":"1dd52c20-75cc-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): UDP Amplification Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND flow.src.l4.port.id: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"UDP Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"1e22fb30-c48b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Service Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Service Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Services\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Remote Desktop Sessions from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (1494 OR 3389 OR 5900 OR 5901 OR 5902 OR 5903 OR 5904) AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Remote Desktop Sessions (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"1f207360-c49e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkxOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): UDP Amplification Bytes - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Bytes - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND flow.src.l4.port.id: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"UDP Bytes\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"1f4a6ec0-c48c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"1ff8f860-c346-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Layer-4 Protocol (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Layer-4 Protocol (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"l4.proto.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"l4.proto.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"20164b90-3eef-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Source Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Sources\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"21799210-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/City (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/City (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"e3c70960-6d77-11eb-95de-e16b5bff1348\",\"type\":\"math\",\"variables\":[{\"id\":\"e595fd00-6d77-11eb-95de-e16b5bff1348\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ec8950d0-6d77-11eb-95de-e16b5bff1348\",\"type\":\"math\",\"variables\":[{\"id\":\"ee7edf40-6d77-11eb-95de-e16b5bff1348\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"geo.city.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.city.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"22378540-3eec-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details (types)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (types)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Attributes](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [**Types**](#/dashboard/7dfba590-3d3f-11eb-bc2c-c5758316d788) | [Locality](#/dashboard/980f36e0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"228552e0-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"22e479c0-c3ad-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (services)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (services)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [**Services**](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [Apps](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [Conversations](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"230d6410-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyNywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client AS/server AS) - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client AS/server AS) - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.client.as.label\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.server.as.label\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 18,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.5,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"}}"},"id":"236ee490-a019-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Flow Locality (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Locality (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.locality\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"23d52c70-3d3b-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkyOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"cdedc990-6d7b-11eb-91f7-1d54a1e3a999\",\"type\":\"math\",\"variables\":[{\"id\":\"cfa627f0-6d7b-11eb-91f7-1d54a1e3a999\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"d4d97c40-6d7b-11eb-91f7-1d54a1e3a999\",\"type\":\"math\",\"variables\":[{\"id\":\"d6d461e0-6d7b-11eb-91f7-1d54a1e3a999\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"254d4600-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzMCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows (AS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (AS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/167989f0-3d3f-11eb-bc2c-c5758316d788) | [**AS**](#/dashboard/264f5760-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"e5f9ce00-3d4a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzMSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.as.label\",\"parent\":\"\",\"label\":\"Client AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.as.label\",\"parent\":\"\",\"label\":\"Server AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032399767\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"75c9b970-3d4e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (src AS/dst AS) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src AS/dst AS) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src.as.label\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst.as.label\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Src AS\\\", \\\"Dst AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"id":"b1e47310-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"8c9c9e00-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzNCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"7fdc26e0-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzNSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"297bb240-3e6a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzNiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"9dc5ed80-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzNywxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"78fdede8-86bb-411f-b572-b749c8fdec4d\"},\"panelIndex\":\"78fdede8-86bb-411f-b572-b749c8fdec4d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"c6325cd9-9d8b-4441-be28-ccec44610042\"},\"panelIndex\":\"c6325cd9-9d8b-4441-be28-ccec44610042\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\"},\"panelIndex\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"6f3a90f6-8f46-4011-a474-49796f2827c8\"},\"panelIndex\":\"6f3a90f6-8f46-4011-a474-49796f2827c8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"35be6656-588c-4913-acd2-482052d58871\"},\"panelIndex\":\"35be6656-588c-4913-acd2-482052d58871\",\"embeddableConfig\":{\"title\":\"Source AS (bytes)\",\"hidePanelTitles\":false},\"title\":\"Source AS (bytes)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"ea2649ad-9daf-4e3a-9458-4aac54f1685e\"},\"panelIndex\":\"ea2649ad-9daf-4e3a-9458-4aac54f1685e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"d2a25f58-f098-4795-8bcf-91fa77a0675a\"},\"panelIndex\":\"d2a25f58-f098-4795-8bcf-91fa77a0675a\",\"embeddableConfig\":{\"title\":\"Destination AS (bytes)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (bytes)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"332fa0e5-4c4f-46c6-9374-d24f596067ce\"},\"panelIndex\":\"332fa0e5-4c4f-46c6-9374-d24f596067ce\",\"embeddableConfig\":{\"title\":\"Source AS (packets)\",\"hidePanelTitles\":false},\"title\":\"Source AS (packets)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"1ba6796a-2f98-47df-b7f8-89308072904e\"},\"panelIndex\":\"1ba6796a-2f98-47df-b7f8-89308072904e\",\"embeddableConfig\":{\"title\":\"Destination AS (packets)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (packets)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"580c0d21-60e5-45a3-b527-aa67d162c5e8\"},\"panelIndex\":\"580c0d21-60e5-45a3-b527-aa67d162c5e8\",\"embeddableConfig\":{\"title\":\"Source AS (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source AS (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"53df5d67-fa1f-4d49-ab8a-05b4fd2f2df2\"},\"panelIndex\":\"53df5d67-fa1f-4d49-ab8a-05b4fd2f2df2\",\"embeddableConfig\":{\"title\":\"Destination AS (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flows (AS)","version":1},"id":"264f5760-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"98538b80-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"e5f9ce00-3d4a-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"75c9b970-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"09832fe0-3e6a-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"b1e47310-3e65-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"8c9c9e00-3e67-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"1a08c550-3e6a-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"7fdc26e0-3e67-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"297bb240-3e6a-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"9dc5ed80-3e67-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzOCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Countries (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Countries (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"27474670-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzkzOSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/DSCP (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/DSCP (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"ip.dscp.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.dscp.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"276702d0-3f09-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"27e80060-c33d-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"2855dd20-c3dc-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Ingress/Egress Interfaces - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress/Egress Interfaces - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.in.netif.type.name\",\"parent\":\"1607868729183\",\"label\":\"Interface Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.in.netif.name\",\"parent\":\"1607868729183\",\"label\":\"Ingress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.out.netif.name\",\"parent\":\"1607868729183\",\"label\":\"Egress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"292d9620-3d55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Maximum Throughput (bits/s) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Maximum Throughput (bits/s) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"},{\"sigma\":\"\",\"id\":\"568d8d10-3e5d-11eb-83e8-ef8dac1c189d\",\"type\":\"max_bucket\",\"field\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Max. Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"\",\"index_pattern\":\"\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"49b0db60-3e5d-11eb-83e8-ef8dac1c189d\"}]}}"},"id":"2b75a3f0-3e5e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"2ce28b50-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"2d654c00-c3ab-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP (destination)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (destination)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [Server](#/dashboard/c3e77260-3eb5-11eb-bc2c-c5758316d788) | [Source](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788) | [**Destination**](#/dashboard/e794e670-3eb5-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"2d785450-3eb7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - AS-Path Hops","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - AS-Path Hops\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Return to Flows](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [**Hops**](#/dashboard/2db6a730-a0a0-11ed-808e-b501c532aca0) | [Flows](#/dashboard/877310b0-a0a0-11ed-808e-b501c532aca0) | [Endpoints](#/dashboard/999406a0-a0a0-11ed-808e-b501c532aca0)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"491dd710-a09f-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-31T14:52:12.487Z","version":"WzEyNTUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path Hops - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path Hops - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-path-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"hop.src.as.label\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"hop.dst.as.label\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 24,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.7,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"}}"},"id":"b47cec80-a0a4-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T13:48:46.278Z","version":"WzEyMjksMV0="}
{"attributes":{"fieldFormatMap":"{\"flow.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.7.15:5602\",\"pathname\":\"/app/management/opensearch-dashboards/objects\",\"basePath\":\"\"},\"pattern\":\"0,0.[00]b\"}},\"flow.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.7.15:5602\",\"pathname\":\"/app/management/opensearch-dashboards/objects\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"flow.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://192.168.7.15:5602\",\"pathname\":\"/app/management/opensearch-dashboards/objects\",\"basePath\":\"\"},\"pattern\":\"0\"}}}","fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"app.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.collect.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.community.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.conversation.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.dst.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.in.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.out.netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.src.l4.port.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"hop.dst.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"hop.dst.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"hop.dst.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"hop.src.as.asn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"hop.src.as.label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"hop.src.as.org\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"l4.proto.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sec.threat.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"elastiflow-path-codex-*"},"id":"elastiflow-path-codex-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2023-02-01T21:50:11.728Z","version":"WzEyNjcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1675163764907\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1675163937590\",\"fieldName\":\"l4.proto.name\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1675164049619\",\"fieldName\":\"hop.src.as.label\",\"parent\":\"\",\"label\":\"Hop Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675164142579\",\"fieldName\":\"hop.dst.as.label\",\"parent\":\"\",\"label\":\"Hop Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1675164231236\",\"fieldName\":\"flow.src.as.label\",\"parent\":\"\",\"label\":\"Flow Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1675164381586\",\"fieldName\":\"flow.dst.as.label\",\"parent\":\"\",\"label\":\"Flow Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675164419990\",\"fieldName\":\"flow.src.host.name\",\"parent\":\"\",\"label\":\"Endpoint Source IP/Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":2000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"id\":\"1675164474264\",\"fieldName\":\"flow.dst.host.name\",\"parent\":\"\",\"label\":\"Endpoint Destination IP/Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":2000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"88f99fb0-a15b-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-path-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_6_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-codex-*","name":"control_7_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-31T11:36:43.051Z","version":"WzEyNDAsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"c15e7b22-0b3d-4498-bd70-06db1b42fbdb\",\"w\":43,\"x\":0,\"y\":0},\"panelIndex\":\"c15e7b22-0b3d-4498-bd70-06db1b42fbdb\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":37,\"i\":\"d194b611-e86a-468f-9bee-32ca23724b91\",\"w\":38,\"x\":10,\"y\":4},\"panelIndex\":\"d194b611-e86a-468f-9bee-32ca23724b91\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":37,\"i\":\"f1dd67d7-f31f-4c50-9a66-fd51891f9abd\",\"w\":10,\"x\":0,\"y\":4},\"panelIndex\":\"f1dd67d7-f31f-4c50-9a66-fd51891f9abd\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS-Path Graph (hops)","version":1},"id":"2db6a730-a0a0-11ed-808e-b501c532aca0","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"491dd710-a09f-11ed-808e-b501c532aca0","name":"panel_0","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"b47cec80-a0a4-11ed-808e-b501c532aca0","name":"panel_2","type":"visualization"},{"id":"88f99fb0-a15b-11ed-808e-b501c532aca0","name":"panel_3","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-31T11:40:40.179Z","version":"WzEyNDMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"2dc24fc0-c411-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Applications (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Applications (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Applications\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"app.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"axis_min\":\"0\"}}"},"id":"2f03c500-3e64-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk0OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Countries (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Countries (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"2f596f60-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (apps)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (apps)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) |  [Services](#/dashboard/b088bcb0-3d3e-11eb-bc2c-c5758316d788) | [**Apps**](#/dashboard/d4e18bf0-3d3e-11eb-bc2c-c5758316d788) | [Conversations](#/dashboard/c2da3880-3d3e-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"2f8a90a0-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Application Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Application Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"app.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Applications\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"2f9ed3e0-3e61-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DSCP Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DSCP Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"ip.dscp.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"DSCP Values\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"302d17a0-3f05-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Conversation Count (Threats) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Count (Threats) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Conversations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"sec.threat.name: *\",\"language\":\"kuery\"}}}"},"id":"307cb730-75cc-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Remote Desktop Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Remote Desktop Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"31b8a710-c49c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (DHCP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (DHCP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [**DHCP**](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"31c96f80-9b95-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"31e9d630-c40d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Requests by Name Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Name Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"32e2fba0-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Destination Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.dst.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Destinations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"343cbb70-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk1OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (flow records) - coord_map","uiStateJSON":"{\"mapZoom\":2,\"mapCenter\":[24.57585086389495,-13.23577880859375]}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (flow records) - coord_map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"flow.client.geo.loc.coord\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true,\"customLabel\":\"Clients\"},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":20,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}}}}"},"id":"34f08930-3eaf-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"37087910-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Ingress Interface (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Ingress Interface (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.in.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.in.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"37725340-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"37fc5a00-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Server Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"389a61f0-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server/Service/Application - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server/Service/Application - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.host.name\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.host.name\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"app.name\",\"parent\":\"\",\"label\":\"Applications\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"39259170-3edd-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"3af45cf0-c3db-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [**Geo IP**](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP (client)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (client)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Client**](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [Server](#/dashboard/c3e77260-3eb5-11eb-bc2c-c5758316d788) | [Source](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788) | [Destination](#/dashboard/e794e670-3eb5-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"6d1088d0-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"fa5c23f0-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk2OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Time Zones (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Time Zones (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"48e47820-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Time Zones (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Time Zones (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d58dfda0-3eb4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3MSwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\"},\"panelIndex\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"286c7826-03c1-4a33-8dae-1740006f6491\"},\"panelIndex\":\"286c7826-03c1-4a33-8dae-1740006f6491\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"48b01687-fddc-4f99-8195-04d77db8dd66\"},\"panelIndex\":\"48b01687-fddc-4f99-8195-04d77db8dd66\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d35f1697-1274-4159-bdab-83159a87a41c\"},\"panelIndex\":\"d35f1697-1274-4159-bdab-83159a87a41c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"d8430fa3-ca28-455e-a276-930a60d6839f\"},\"panelIndex\":\"d8430fa3-ca28-455e-a276-930a60d6839f\",\"embeddableConfig\":{\"title\":\"Client Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Countries (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"9c64c221-b2ae-4924-bdb1-e2fc73d7975f\"},\"panelIndex\":\"9c64c221-b2ae-4924-bdb1-e2fc73d7975f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"46146688-467d-42a2-ae53-5ae2b2061389\"},\"panelIndex\":\"46146688-467d-42a2-ae53-5ae2b2061389\",\"embeddableConfig\":{\"title\":\"Server Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Countries (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\"},\"panelIndex\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\",\"embeddableConfig\":{\"title\":\"Client Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Cities (flow records)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"92329eb4-2cad-48df-b21b-656f53c9377a\"},\"panelIndex\":\"92329eb4-2cad-48df-b21b-656f53c9377a\",\"embeddableConfig\":{\"title\":\"Server Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Cities (flow records)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\"},\"panelIndex\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\",\"embeddableConfig\":{\"title\":\"Client Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Time Zones (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\"},\"panelIndex\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\",\"embeddableConfig\":{\"title\":\"Server Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Time Zones (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow (flow): Geo Location (client)","version":1},"id":"3b3adf00-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"6d1088d0-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"27474670-3eb4-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"34f08930-3eaf-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"fa5c23f0-3eb4-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"0a621e90-3eb4-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"17e74fd0-3eb5-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"48e47820-3eb4-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"d58dfda0-3eb4-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): VLAN Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"vlan.tag.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"VLANs\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"3b7bf600-3f08-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DNS\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":53}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":53}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":53}},{\"match_phrase\":{\"flow.dst.l4.port.id\":53}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"3d134760-c301-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"3d44ba40-3e67-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Src/Dst](#/dashboard/6afffa70-a072-11ed-808e-b501c532aca0) | [AS](#/dashboard/70edc520-a072-11ed-808e-b501c532aca0)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"3d9a6d40-a072-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"3dae9bf0-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"3fea94f0-c39e-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"4085de60-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk3OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Server Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"40ef7330-9d7d-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4MCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/DSCP (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/DSCP (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"fc047e50-6d7b-11eb-b6ff-0b85dcc4bf4a\",\"type\":\"math\",\"variables\":[{\"id\":\"fe2c8e70-6d7b-11eb-b6ff-0b85dcc4bf4a\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"042380e0-6d7c-11eb-b6ff-0b85dcc4bf4a\",\"type\":\"math\",\"variables\":[{\"id\":\"06000910-6d7c-11eb-b6ff-0b85dcc4bf4a\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top DSCPs\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"ip.dscp.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.dscp.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"411346d0-3f09-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (src/dst) - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src/dst) - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.src.host.name\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.dst.host.name\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 18,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.5,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"}}"},"id":"418680b0-a013-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): IP Reputations (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"sec.threat.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top IP Reputations\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"44e46180-750b-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP (source)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (source)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [Server](#/dashboard/c3e77260-3eb5-11eb-bc2c-c5758316d788) | [**Source**](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788) | [Destination](#/dashboard/e794e670-3eb5-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"88641430-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (flow records) - coord_map","uiStateJSON":"{\"mapZoom\":2,\"mapCenter\":[24.57585086389495,-13.23577880859375]}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - coord_map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"flow.src.geo.loc.coord\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true,\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":20,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}}}}"},"id":"c4e6f620-3eb7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"88fd95f0-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Cities (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Cities (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"5b2522b0-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ad428f10-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Time Zones (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Time Zones (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"47057690-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk4OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Time Zones (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Time Zones (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c15fa320-3ec2-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5MCwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"c58defff-725c-4475-b0eb-f18996211d0d\"},\"panelIndex\":\"c58defff-725c-4475-b0eb-f18996211d0d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"6271ec50-2696-46b6-a1a5-cefc81e72bcb\"},\"panelIndex\":\"6271ec50-2696-46b6-a1a5-cefc81e72bcb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"b05807cd-0371-44d4-a85b-b05813f10374\"},\"panelIndex\":\"b05807cd-0371-44d4-a85b-b05813f10374\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"7f8fb931-9547-405f-8742-562046c6f57f\"},\"panelIndex\":\"7f8fb931-9547-405f-8742-562046c6f57f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"9fd90c38-8625-4bfe-aae6-7eec9c26b251\"},\"panelIndex\":\"9fd90c38-8625-4bfe-aae6-7eec9c26b251\",\"embeddableConfig\":{\"title\":\"Source Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Countries (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"f74ae4dc-ea66-4de3-9539-be2282ff0c9c\"},\"panelIndex\":\"f74ae4dc-ea66-4de3-9539-be2282ff0c9c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"477c6d12-02ef-4115-b338-0454117d7009\"},\"panelIndex\":\"477c6d12-02ef-4115-b338-0454117d7009\",\"embeddableConfig\":{\"title\":\"Destination Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Countries (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"9d62a839-db28-4d47-8ab5-2924452c4724\"},\"panelIndex\":\"9d62a839-db28-4d47-8ab5-2924452c4724\",\"embeddableConfig\":{\"title\":\"Source Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Cities (flow records)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"f533a7f5-e6d9-4224-b437-7524cb18fca3\"},\"panelIndex\":\"f533a7f5-e6d9-4224-b437-7524cb18fca3\",\"embeddableConfig\":{\"title\":\"Destination Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Cities (flow records)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"b89f4400-04b8-4781-8b50-4c07830b24c6\"},\"panelIndex\":\"b89f4400-04b8-4781-8b50-4c07830b24c6\",\"embeddableConfig\":{\"title\":\"Source Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Time Zones (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"0642d565-72f8-4f3e-a82d-bbc300c90270\"},\"panelIndex\":\"0642d565-72f8-4f3e-a82d-bbc300c90270\",\"embeddableConfig\":{\"title\":\"Destination Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Time Zones (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow (flow): Geo Location (source)","version":1},"id":"460b45f0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"88641430-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"2f596f60-3ec2-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"c4e6f620-3eb7-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"88fd95f0-3ec2-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"5b2522b0-3ec2-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"ad428f10-3ec2-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"47057690-3ec2-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"c15fa320-3ec2-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"467aed30-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [**Src/Dst**](#/dashboard/6afffa70-a072-11ed-808e-b501c532aca0) | [AS](#/dashboard/70edc520-a072-11ed-808e-b501c532aca0)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"48e49810-a072-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5MywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Layer-4 Protocol (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Layer-4 Protocol (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"1f8c9010-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"type\":\"math\",\"variables\":[{\"id\":\"215f7b50-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"266fde50-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"type\":\"math\",\"variables\":[{\"id\":\"29889000-6d7c-11eb-b6d2-ff8c9a7cb5fb\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Layer-4 Protocols\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"l4.proto.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"l4.proto.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"49d0f930-3eef-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers and Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Clients (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"a5d7def0-3d2e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"dd32df90-3d32-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5NiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Threats (records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (records) - tag cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"sec.threat.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":12,\"maxFontSize\":32,\"showLabel\":false}}"},"id":"99c9add0-6d73-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): IP Versions and Protocols (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions and Protocols (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"ip.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"l4.proto.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"f618c320-3d2e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: BLANK","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: BLANK\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"\"}}"},"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"Wzk5OSwxXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"d5e06153-1b9c-45db-87e7-31ee8930ba55\"},\"panelIndex\":\"d5e06153-1b9c-45db-87e7-31ee8930ba55\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"99194307-37ba-48b7-82e9-a31b9c396610\"},\"panelIndex\":\"99194307-37ba-48b7-82e9-a31b9c396610\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":16,\"i\":\"0c0401c3-8cf7-4ddf-a598-710489ea06f5\"},\"panelIndex\":\"0c0401c3-8cf7-4ddf-a598-710489ea06f5\",\"embeddableConfig\":{\"title\":\"Servers and Clients (bytes)\",\"hidePanelTitles\":false},\"title\":\"Servers and Clients (bytes)\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":9,\"w\":16,\"h\":16,\"i\":\"065164eb-2e9f-4bc9-9108-de49eec5b788\"},\"panelIndex\":\"065164eb-2e9f-4bc9-9108-de49eec5b788\",\"embeddableConfig\":{\"title\":\"Services (bytes)\",\"hidePanelTitles\":false},\"title\":\"Services (bytes)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":32,\"y\":9,\"w\":16,\"h\":10,\"i\":\"59aa493e-b902-4055-b736-047a382df472\"},\"panelIndex\":\"59aa493e-b902-4055-b736-047a382df472\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":32,\"y\":19,\"w\":16,\"h\":22,\"i\":\"4fb75a57-5569-4c4f-9fbf-15ba651dc98b\"},\"panelIndex\":\"4fb75a57-5569-4c4f-9fbf-15ba651dc98b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":25,\"w\":16,\"h\":16,\"i\":\"8f52881b-8b3f-4357-a1d4-9af0de96d23f\"},\"panelIndex\":\"8f52881b-8b3f-4357-a1d4-9af0de96d23f\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (bytes)\",\"hidePanelTitles\":false},\"title\":\"Autonomous Systems (bytes)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":16,\"y\":25,\"w\":16,\"h\":16,\"i\":\"83bd57d5-df16-4718-b481-d0bee94cc606\"},\"panelIndex\":\"83bd57d5-df16-4718-b481-d0bee94cc606\",\"embeddableConfig\":{\"title\":\"IP Versions and Protocols (bytes)\",\"hidePanelTitles\":false},\"title\":\"IP Versions and Protocols (bytes)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.2\",\"gridData\":{\"x\":0,\"y\":41,\"w\":48,\"h\":1,\"i\":\"24057ec4-107c-42eb-92cd-c2cd6a3d3cda\"},\"panelIndex\":\"24057ec4-107c-42eb-92cd-c2cd6a3d3cda\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"ElastiFlow (flow): Overview","version":1},"id":"4a608bc0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"1db06be0-3d3e-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"a5d7def0-3d2e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"dd32df90-3d32-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"0262fbf0-3df7-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"99c9add0-6d73-11eb-8c14-238bcf08bfa6","name":"panel_6","type":"visualization"},{"id":"145281b0-3d33-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"f618c320-3d2e-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Record Count (src/dst) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (src/dst) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"flow.src.ip.addr: * and flow.dst.ip.addr: *\",\"language\":\"kuery\"}}}"},"id":"4a68d6d0-9d97-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination and Source ASs (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source ASs (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"4abbcc20-3d33-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Services - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Services - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Services\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"4ba1a880-3e55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Locality, Application - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Locality, Application - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"app.name\",\"parent\":\"\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"4ea0e4d0-3d4f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Source AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Source AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.src.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.src.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"4ec656c0-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Ingress Interface (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Ingress Interface (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"3ca54b10-6d7c-11eb-86ec-a78f37e7c6b2\",\"type\":\"math\",\"variables\":[{\"id\":\"3e52fb10-6d7c-11eb-86ec-a78f37e7c6b2\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"42e1f910-6d7c-11eb-86ec-a78f37e7c6b2\",\"type\":\"math\",\"variables\":[{\"id\":\"4496adf0-6d7c-11eb-86ec-a78f37e7c6b2\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.in.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.in.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"4efdda20-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"4f3896f0-c3ad-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"530885f0-c345-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Accessed Ports from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Accessed Ports from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"NOT flow.client.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Accessed Ports (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"53adda40-c490-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMDksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Responses by Name Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Name Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"5585dd80-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMTAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Autonomous Systems","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Autonomous Systems\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [**AS Traffic**](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"c26cacd0-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMTEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Autonomous Systems (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - Autonomous Systems (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/578a7da0-3d3f-11eb-bc2c-c5758316d788) | [AS-Path Hops](#/dashboard/2db6a730-a0a0-11ed-808e-b501c532aca0)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"d0899f50-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-31T14:47:34.984Z","version":"WzEyNTAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Destination AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Destination AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.dst.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.dst.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"78dbce90-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMTMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Source AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Source AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"638bca10-6d7c-11eb-b539-590ecf656744\",\"type\":\"math\",\"variables\":[{\"id\":\"65b36500-6d7c-11eb-b539-590ecf656744\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"6a588310-6d7c-11eb-b539-590ecf656744\",\"type\":\"math\",\"variables\":[{\"id\":\"6bfb0f80-6d7c-11eb-b539-590ecf656744\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.src.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.src.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"5f20e490-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMTQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Destination AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Destination AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"797d01e0-6d7c-11eb-bafe-551bc756954c\",\"type\":\"math\",\"variables\":[{\"id\":\"7b6067e0-6d7c-11eb-bafe-551bc756954c\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"823e5ef0-6d7c-11eb-bafe-551bc756954c\",\"type\":\"math\",\"variables\":[{\"id\":\"83e9ec10-6d7c-11eb-bafe-551bc756954c\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.dst.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.dst.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"8f378800-3ec6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMTUsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"137cd6ae-7b43-4d27-826b-984bdf8d5448\"},\"panelIndex\":\"137cd6ae-7b43-4d27-826b-984bdf8d5448\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"8dc4830d-701b-4345-a91e-2224c5a49758\"},\"panelIndex\":\"8dc4830d-701b-4345-a91e-2224c5a49758\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"024dab52-eb07-40c7-be57-70cd7caaf8d9\"},\"panelIndex\":\"024dab52-eb07-40c7-be57-70cd7caaf8d9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"088f7fce-da74-4f9a-a05b-7f9548450f7a\"},\"panelIndex\":\"088f7fce-da74-4f9a-a05b-7f9548450f7a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"3a665f00-530b-442d-898e-61ee558cf725\"},\"panelIndex\":\"3a665f00-530b-442d-898e-61ee558cf725\",\"embeddableConfig\":{\"title\":\"Source AS (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Source AS (bits/s)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"142f32f1-54ee-4185-a8b7-a79e16898cc7\"},\"panelIndex\":\"142f32f1-54ee-4185-a8b7-a79e16898cc7\",\"embeddableConfig\":{\"title\":\"Destination AS (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"76b08b63-9d7f-4fca-a485-3aebf363ded7\"},\"panelIndex\":\"76b08b63-9d7f-4fca-a485-3aebf363ded7\",\"embeddableConfig\":{\"title\":\"Source AS (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Source AS (pkts/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"7c173f95-2904-4398-a01f-2de9aa33206c\"},\"panelIndex\":\"7c173f95-2904-4398-a01f-2de9aa33206c\",\"embeddableConfig\":{\"title\":\"Destination AS (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Destination AS (pkts/s)\",\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS Traffic (src/dst)","version":1},"id":"578a7da0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c26cacd0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"d0899f50-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"13ac7020-3d53-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"4ec656c0-3ec6-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"78dbce90-3ec6-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"5f20e490-3ec6-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"8f378800-3ec6-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMTYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph (AS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph (AS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Src/Dst](#/dashboard/6afffa70-a072-11ed-808e-b501c532aca0) | [**AS**](#/dashboard/70edc520-a072-11ed-808e-b501c532aca0)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"57d053a0-a072-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMTcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [**Top-N**](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMTgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.ip.addr\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.ip.addr\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"5a7588c0-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMTksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Services (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Services (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Services\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"axis_min\":\"0\"}}"},"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMjAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"5c6bd160-c48f-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMjEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Exporters (traffic)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters (traffic)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Traffic**](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Metrics](#/dashboard/ac3e8880-3d41-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"5d7289b0-3d44-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMjIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): City Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: City Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"geo.city.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Cities\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"5e68ef90-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMjMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Layer-4 Protocol (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Layer-4 Protocol (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"l4.proto.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"5e7b8030-3eef-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMjQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Flag Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flag Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"tcp.flags.tags\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"TCP Flags\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"5f3b6940-3ef9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMjUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Autonomous Systems (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - Autonomous Systems (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/578a7da0-3d3f-11eb-bc2c-c5758316d788) | [AS-Path Hops](#/dashboard/2db6a730-a0a0-11ed-808e-b501c532aca0)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"b88b3260-3d45-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-31T14:47:39.095Z","version":"WzEyNTEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.client.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"ba9c2700-3ec4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMjcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"8e4486c0-6d7c-11eb-8df7-e98b704d5431\",\"type\":\"math\",\"variables\":[{\"id\":\"90a7f230-6d7c-11eb-8df7-e98b704d5431\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"9a0fef80-6d7c-11eb-8df7-e98b704d5431\",\"type\":\"math\",\"variables\":[{\"id\":\"9c8b28b0-6d7c-11eb-8df7-e98b704d5431\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.client.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"a6596d10-3ec5-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMjgsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"710b9b72-988a-4deb-91e2-27ca58c67231\"},\"panelIndex\":\"710b9b72-988a-4deb-91e2-27ca58c67231\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"795832d4-77ce-4ff3-b85a-874b6516d2e5\"},\"panelIndex\":\"795832d4-77ce-4ff3-b85a-874b6516d2e5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"71869a5c-4909-4bb6-93f1-50f6363a92ea\"},\"panelIndex\":\"71869a5c-4909-4bb6-93f1-50f6363a92ea\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"45481350-067e-4bc7-a0db-240ad6c516f2\"},\"panelIndex\":\"45481350-067e-4bc7-a0db-240ad6c516f2\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"0e1ff95c-9558-40a8-832c-252775d3ab66\"},\"panelIndex\":\"0e1ff95c-9558-40a8-832c-252775d3ab66\",\"embeddableConfig\":{\"title\":\"Client AS (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Client AS (bits/s)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"a1830171-dbb4-4f16-8b23-e696deb9ad33\"},\"panelIndex\":\"a1830171-dbb4-4f16-8b23-e696deb9ad33\",\"embeddableConfig\":{\"title\":\"Server AS (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Server AS (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"f3d55c3c-d3c8-4547-a73d-ab00daabc4b7\"},\"panelIndex\":\"f3d55c3c-d3c8-4547-a73d-ab00daabc4b7\",\"embeddableConfig\":{\"title\":\"Client AS (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Client AS (pkts/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"e49ac83e-d47c-4cdd-b5c7-93fb11802cb0\"},\"panelIndex\":\"e49ac83e-d47c-4cdd-b5c7-93fb11802cb0\",\"embeddableConfig\":{\"title\":\"Server AS (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Server AS (pkts/s)\",\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS Traffic (client/server)","version":1},"id":"5f59d990-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c26cacd0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"b88b3260-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"75c9b970-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"ba9c2700-3ec4-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"0b02ed40-3ec6-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"a6596d10-3ec5-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"254d4600-3ec6-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMjksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Threats (DDoS Flood) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (DDoS Flood) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"5fc57d50-c487-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"60986660-3ee7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Server Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"sigma\":\"\",\"id\":\"5a51ba40-9b2a-11ec-8947-5dbcd3cabfb0\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (NOT flow.dst.l4.port.id: 123) AND flow.src.l4.port.id: 123 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"}}}"},"id":"6175d650-9d80-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (DNS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (DNS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**DNS**](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"7e85d890-9b2c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DNS Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.dst.l4.port.id: 53 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"ca205110-9b2a-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DNS Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 53 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"e79c88d0-9b2a-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DNS Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 53\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 53\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"dbe6ab40-9b27-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Requests by Name Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Name Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"80ca51b0-9b29-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Responses by Name Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Name Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ab2732c0-9b29-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"cf7cdb70-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwMzksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"bd189af0-9b2e-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDAsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"w\":28,\"x\":0,\"y\":0},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"b08a00c5-dae4-4f27-8f9f-0fe2c6080f8d\",\"w\":15,\"x\":28,\"y\":0},\"panelIndex\":\"b08a00c5-dae4-4f27-8f9f-0fe2c6080f8d\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"6614e2b7-ce1e-40fd-958b-094b3cd9572f\",\"w\":9,\"x\":0,\"y\":4},\"panelIndex\":\"6614e2b7-ce1e-40fd-958b-094b3cd9572f\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"5ee2723a-170e-41b6-818a-d23a29fd5082\",\"w\":9,\"x\":9,\"y\":4},\"panelIndex\":\"5ee2723a-170e-41b6-818a-d23a29fd5082\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":14,\"i\":\"afda2a55-86f5-4642-bcde-47d248c5155c\",\"w\":30,\"x\":18,\"y\":4},\"panelIndex\":\"afda2a55-86f5-4642-bcde-47d248c5155c\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":true,\"title\":\"Requests by Name Server\"},\"gridData\":{\"h\":9,\"i\":\"252429da-55ed-48c2-a568-5293a497eaeb\",\"w\":9,\"x\":0,\"y\":9},\"panelIndex\":\"252429da-55ed-48c2-a568-5293a497eaeb\",\"title\":\"Requests by Name Server\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":true,\"title\":\"Responses by Name Server\"},\"gridData\":{\"h\":9,\"i\":\"cd07cac6-2abd-476e-938f-5fa3e4a008b8\",\"w\":9,\"x\":9,\"y\":9},\"panelIndex\":\"cd07cac6-2abd-476e-938f-5fa3e4a008b8\",\"title\":\"Responses by Name Server\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":true,\"title\":\"Requests by Name Server\"},\"gridData\":{\"h\":23,\"i\":\"591e0df2-b5c2-429b-842a-4f1fbb1063a5\",\"w\":9,\"x\":0,\"y\":18},\"panelIndex\":\"591e0df2-b5c2-429b-842a-4f1fbb1063a5\",\"title\":\"Requests by Name Server\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":true,\"title\":\"Responses by Name Server\"},\"gridData\":{\"h\":23,\"i\":\"29aeb812-da8d-452e-82e2-eb19b5bfc090\",\"w\":9,\"x\":9,\"y\":18},\"panelIndex\":\"29aeb812-da8d-452e-82e2-eb19b5bfc090\",\"title\":\"Responses by Name Server\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"hidePanelTitles\":true,\"title\":\"Requests by Client\"},\"gridData\":{\"h\":23,\"i\":\"1dbfe416-99b6-4767-9820-63f88aedd795\",\"w\":10,\"x\":18,\"y\":18},\"panelIndex\":\"1dbfe416-99b6-4767-9820-63f88aedd795\",\"title\":\"Requests by Client\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"hidePanelTitles\":true,\"title\":\"Responses by Client\"},\"gridData\":{\"h\":23,\"i\":\"38d80d14-ea45-40d6-9090-5c2c3f941d25\",\"w\":10,\"x\":28,\"y\":18},\"panelIndex\":\"38d80d14-ea45-40d6-9090-5c2c3f941d25\",\"title\":\"Responses by Client\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"3122c7d9-47d5-4c38-ac00-76dd19e5875b\",\"w\":10,\"x\":38,\"y\":18},\"panelIndex\":\"3122c7d9-47d5-4c38-ac00-76dd19e5875b\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (DNS)","version":1},"id":"61bf2aa0-9b2b-11ec-a4df-e940aaa4214d","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"7e85d890-9b2c-11ec-a4df-e940aaa4214d","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"ca205110-9b2a-11ec-a4df-e940aaa4214d","name":"panel_3","type":"visualization"},{"id":"e79c88d0-9b2a-11ec-a4df-e940aaa4214d","name":"panel_4","type":"visualization"},{"id":"dbe6ab40-9b27-11ec-a4df-e940aaa4214d","name":"panel_5","type":"visualization"},{"id":"80ca51b0-9b29-11ec-a4df-e940aaa4214d","name":"panel_6","type":"visualization"},{"id":"ab2732c0-9b29-11ec-a4df-e940aaa4214d","name":"panel_7","type":"visualization"},{"id":"32e2fba0-9b2e-11ec-a4df-e940aaa4214d","name":"panel_8","type":"visualization"},{"id":"5585dd80-9b2e-11ec-a4df-e940aaa4214d","name":"panel_9","type":"visualization"},{"id":"cf7cdb70-9b2e-11ec-a4df-e940aaa4214d","name":"panel_10","type":"visualization"},{"id":"bd189af0-9b2e-11ec-a4df-e940aaa4214d","name":"panel_11","type":"visualization"},{"id":"3d134760-c301-11ec-aaf3-5b4644130c7f","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Locality Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Locality Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.locality\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Localities\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"62b4fa40-3ee6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Relayed (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Relayed (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"relayed\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 67 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"62e79640-c305-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server (graph) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server (graph) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.host.name\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.host.name\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675065522604\",\"fieldName\":\"l4.proto.name\",\"parent\":\"\",\"label\":\"Layer-4 Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1619032196248\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675065558441\",\"fieldName\":\"sec.threat.name\",\"parent\":\"\",\"label\":\"Threat\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"ae7e0110-a073-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_6_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client/server) - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client/server) - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.client.host.name\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.server.host.name\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 18,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.5,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"}}"},"id":"d0dd1a40-a012-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDUsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"terms\":{\"flow.src.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}},{\"terms\":{\"flow.dst.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}}],\"minimum_should_match\":1}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":true,\"alias\":\"non-unicast IPs\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.src.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}},{\\\"terms\\\":{\\\"flow.dst.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"50702be6-395d-4acd-a9a7-df7546940d83\"},\"panelIndex\":\"50702be6-395d-4acd-a9a7-df7546940d83\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"4e2b796c-a800-49a1-b798-256efab6658e\"},\"panelIndex\":\"4e2b796c-a800-49a1-b798-256efab6658e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"9b1de842-8921-445e-83d6-709f815083aa\"},\"panelIndex\":\"9b1de842-8921-445e-83d6-709f815083aa\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"7cb7c80d-ac49-434a-8af6-89a4a83c7071\"},\"panelIndex\":\"7cb7c80d-ac49-434a-8af6-89a4a83c7071\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"b8eae52c-0ec8-40eb-b2e7-7ee7c814449b\"},\"panelIndex\":\"b8eae52c-0ec8-40eb-b2e7-7ee7c814449b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"ElastiFlow (flow): Graph (client/server)","version":1},"id":"6368c580-a072-11ed-808e-b501c532aca0","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"184df9c0-a073-11ed-808e-b501c532aca0","name":"panel_0","type":"visualization"},{"id":"3d9a6d40-a072-11ed-808e-b501c532aca0","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"ae7e0110-a073-11ed-808e-b501c532aca0","name":"panel_3","type":"visualization"},{"id":"d0dd1a40-a012-11ed-808e-b501c532aca0","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"64cdd2a0-c3da-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/IP Version (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/IP Version (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"ip.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.version.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"65671460-3f06-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Broadcast (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Broadcast (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcast\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 68 AND flow.dst.l4.port.id: 67 AND flow.dst.ip.addr: 255.255.255.255 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"682aeb00-c4c4-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNDksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"69e3dfa0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"6a4b9320-c33a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Src/Dst (graph) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst (graph) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.src.host.name\",\"parent\":\"\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.dst.host.name\",\"parent\":\"\",\"label\":\"Destination\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675065632798\",\"fieldName\":\"l4.proto.name\",\"parent\":\"\",\"label\":\"Layer-4 Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.dst.l4.port.name\",\"parent\":\"\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1619032296511\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675065708604\",\"fieldName\":\"sec.threat.name\",\"parent\":\"\",\"label\":\"Threat\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"c8c21840-a073-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_6_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTIsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"terms\":{\"flow.src.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}},{\"terms\":{\"flow.dst.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}}],\"minimum_should_match\":1}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":true,\"alias\":\"non-unicast IPs\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.src.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}},{\\\"terms\\\":{\\\"flow.dst.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"b164af11-e78b-432c-9f94-9e5498cc7693\"},\"panelIndex\":\"b164af11-e78b-432c-9f94-9e5498cc7693\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"406a2350-4a39-4be6-92d8-86c9925fd114\"},\"panelIndex\":\"406a2350-4a39-4be6-92d8-86c9925fd114\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"61821225-4249-4b8a-83b5-b12282d65350\"},\"panelIndex\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"677beb38-9bb0-4ffb-a5f1-4f87a9af1b33\"},\"panelIndex\":\"677beb38-9bb0-4ffb-a5f1-4f87a9af1b33\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"e775daba-44fe-4142-af9a-df9a11ed2529\"},\"panelIndex\":\"e775daba-44fe-4142-af9a-df9a11ed2529\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"ElastiFlow (flow): Graph (src/dst)","version":1},"id":"6afffa70-a072-11ed-808e-b501c532aca0","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"184df9c0-a073-11ed-808e-b501c532aca0","name":"panel_0","type":"visualization"},{"id":"48e49810-a072-11ed-808e-b501c532aca0","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"c8c21840-a073-11ed-808e-b501c532aca0","name":"panel_3","type":"visualization"},{"id":"418680b0-a013-11ed-808e-b501c532aca0","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Destinations from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Destinations from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: (\\\"ICMP\\\" OR \\\"IPv6-ICMP\\\") AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Destinations (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.dst.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"6c8e1ee0-c494-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Egress Interface (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Egress Interface (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.out.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.out.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"6d062540-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Conversations - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Conversations - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.conversation.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Conversation ID\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"6dd43c00-3e0b-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.src.l4.port.id: 1812 OR flow.src.l4.port.id: 1645) AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"6e4ded9e-1233-42f1-9b51-158686c49239","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Country Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Country Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"geo.country.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Countries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"6e5949e0-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"6e94d950-c3ad-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNTksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Exporters","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [**Exporters**](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [Traffic Details](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"dc9329e0-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Egress Interface (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Egress Interface (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ae5c02d0-6d7c-11eb-804b-4d51b964b0de\",\"type\":\"math\",\"variables\":[{\"id\":\"affb5af0-6d7c-11eb-804b-4d51b964b0de\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"b5cbd9a0-6d7c-11eb-804b-4d51b964b0de\",\"type\":\"math\",\"variables\":[{\"id\":\"b77013c0-6d7c-11eb-804b-4d51b964b0de\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.out.netif.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.out.netif.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"83d86e40-3ec9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjEsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"3b89a511-d238-4675-ad12-6bdd27bf2e51\"},\"panelIndex\":\"3b89a511-d238-4675-ad12-6bdd27bf2e51\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"2230b4c2-b6b5-4f9e-a774-ffdc201558fe\"},\"panelIndex\":\"2230b4c2-b6b5-4f9e-a774-ffdc201558fe\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"f742042f-bf18-44c3-b27d-18dad55ca878\"},\"panelIndex\":\"f742042f-bf18-44c3-b27d-18dad55ca878\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":39,\"h\":5,\"i\":\"d51bc79c-a8cf-4efd-87c2-19c277ddcda8\"},\"panelIndex\":\"d51bc79c-a8cf-4efd-87c2-19c277ddcda8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":39,\"y\":4,\"w\":9,\"h\":5,\"i\":\"9444adf6-cb19-41f1-af5b-73f125f73483\"},\"panelIndex\":\"9444adf6-cb19-41f1-af5b-73f125f73483\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"dec2e2c1-77cf-4615-829b-c2f033132bf7\"},\"panelIndex\":\"dec2e2c1-77cf-4615-829b-c2f033132bf7\",\"embeddableConfig\":{\"title\":\"Ingress Interface (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Ingress Interface (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"d08f185d-1c41-4ae0-9a0e-942338220b72\"},\"panelIndex\":\"d08f185d-1c41-4ae0-9a0e-942338220b72\",\"embeddableConfig\":{\"title\":\"Egress Interface (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Egress Interface (bits/s)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"b2e7f7c4-6dce-4389-8820-f6425ea1642c\"},\"panelIndex\":\"b2e7f7c4-6dce-4389-8820-f6425ea1642c\",\"embeddableConfig\":{\"title\":\"Ingress Interface (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Ingress Interface (pkts/s)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"bd341ed5-7d9e-4ed9-81aa-d15b44e01b66\"},\"panelIndex\":\"bd341ed5-7d9e-4ed9-81aa-d15b44e01b66\",\"embeddableConfig\":{\"title\":\"Egress Interface (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Egress Interface (pkts/s)\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Exporters (traffic)","version":1},"id":"6fa91cc0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"dc9329e0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"5d7289b0-3d44-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"292d9620-3d55-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"37725340-3ec9-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"6d062540-3ec9-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"4efdda20-3ec9-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"83d86e40-3ec9-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"70739240-c49b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Locality (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Locality (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.locality\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.locality : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"70c95380-3ee4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - AS-Path Flows","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - AS-Path Flows\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Return to Flows](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Hops](#/dashboard/2db6a730-a0a0-11ed-808e-b501c532aca0) | [**Flows**](#/dashboard/877310b0-a0a0-11ed-808e-b501c532aca0) | [Endpoints](#/dashboard/999406a0-a0a0-11ed-808e-b501c532aca0)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"70e14890-a09f-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-31T14:52:18.472Z","version":"WzEyNTYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server Autonomous Systems (graph) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server Autonomous Systems (graph) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.as.label\",\"parent\":\"\",\"label\":\"Client AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.as.label\",\"parent\":\"\",\"label\":\"Server AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675065858334\",\"fieldName\":\"l4.proto.name\",\"parent\":\"\",\"label\":\"Layer-4 Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1619032399767\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675065893621\",\"fieldName\":\"sec.threat.name\",\"parent\":\"\",\"label\":\"Threat\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"d51af3f0-a073-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_6_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjUsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"terms\":{\"flow.src.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}},{\"terms\":{\"flow.dst.ip.addr\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}}],\"minimum_should_match\":1}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":true,\"alias\":\"non-unicasts IPs\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.src.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}},{\\\"terms\\\":{\\\"flow.dst.ip.addr\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f5be0a3a-baaa-4785-a566-1d29203a7ca7\"},\"panelIndex\":\"f5be0a3a-baaa-4785-a566-1d29203a7ca7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"c395e21f-7268-4767-9c63-fe37d1fc3745\"},\"panelIndex\":\"c395e21f-7268-4767-9c63-fe37d1fc3745\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\"},\"panelIndex\":\"7bece6c9-d4e9-48d4-a77e-e720d0d397af\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"13a4fe56-639b-4a9a-8eb6-5b607479d651\"},\"panelIndex\":\"13a4fe56-639b-4a9a-8eb6-5b607479d651\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"03457f10-6b86-4029-97e9-9f983c07bafe\"},\"panelIndex\":\"03457f10-6b86-4029-97e9-9f983c07bafe\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"ElastiFlow (flow): Graph (AS)","version":1},"id":"70edc520-a072-11ed-808e-b501c532aca0","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"184df9c0-a073-11ed-808e-b501c532aca0","name":"panel_0","type":"visualization"},{"id":"57d053a0-a072-11ed-808e-b501c532aca0","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"d51af3f0-a073-11ed-808e-b501c532aca0","name":"panel_3","type":"visualization"},{"id":"236ee490-a019-11ed-808e-b501c532aca0","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Exporters (metrics)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters (metrics)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Traffic](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [**Metrics**](#/dashboard/ac3e8880-3d41-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"722d6460-3d44-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"7354bd70-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): VLANs (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"73788aa0-3f08-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNjksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/VLAN (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/VLAN (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"vlan.tag.id\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"vlan.tag.id: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"73b22db0-3f07-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"7406a000-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.client.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Clients\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"76e6b920-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"At-Risk Servers\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.client.sec.threat.name\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.client.sec.threat.name\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): At-Risk Servers (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: At-Risk Servers (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"At-Risk Servers\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.ip.addr\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7734beb0-75c3-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Option (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Option (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"tcp.options.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.options.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"783f9db0-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":\"CLI & Remote Desktop Public\",\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI & Remote Desktop Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI & Remote Desktop Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"78577a30-c5a4-11ec-be66-9ff35c2449cb","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzYsMV0="}
{"attributes":{"columns":["flow.community.id","flow.export.host.name","flow.src.host.name","flow.src.l4.port.name","flow.dst.host.name","flow.dst.l4.port.name","flow.bytes","flow.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.src.ip.addr\"}},{\"exists\":{\"field\":\"flow.dst.ip.addr\"}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.src.ip.addr\\\"}},{\\\"exists\\\":{\\\"field\\\":\\\"flow.dst.ip.addr\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"ElastiFlow (flow): Flow Records (src/dst) - search","version":1},"id":"78b035a0-3f11-11eb-bc2c-c5758316d788","migrationVersion":{"search":"7.9.3"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Source\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7a32e220-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DHCP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":67}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":67}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":67}},{\"match_phrase\":{\"flow.dst.l4.port.id\":67}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Msg\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7c3745e0-c306-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwNzksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/4a608bc0-3d3e-11eb-bc2c-c5758316d788) | [Top-N](#/dashboard/a000b640-3d3e-11eb-bc2c-c5758316d788) | [Core Services](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [Threats](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [Flows](#/dashboard/090f3e40-3d3f-11eb-bc2c-c5758316d788) | [Graph](#/dashboard/6368c580-a072-11ed-808e-b501c532aca0) | [Geo IP](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [AS Traffic](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Exporters](#/dashboard/6fa91cc0-3d3f-11eb-bc2c-c5758316d788) | [**Traffic Details**](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Flow Records](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Server Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.host.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Servers\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"97c2bfb0-3e5f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.client.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.host.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"d80358b0-3edb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.host.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"f3fc4470-3ede-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"cd523060-6d7c-11eb-b746-f1522e0dab3a\",\"type\":\"math\",\"variables\":[{\"id\":\"cf0ead70-6d7c-11eb-b746-f1522e0dab3a\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"d971ac90-6d7c-11eb-b746-f1522e0dab3a\",\"type\":\"math\",\"variables\":[{\"id\":\"db2cf120-6d7c-11eb-b746-f1522e0dab3a\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Clients\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.client.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"f15aed00-3edb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Services (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Services (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"a79c8dd0-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Applications (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Applications (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"app.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"cc173cf0-3d38-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Service (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Service (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.l4.port.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"8298f1f0-3ee0-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Application (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Application (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"app.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"app.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"e87e7f20-3ee1-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Service (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Service (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"e49340c0-6d7c-11eb-b9b4-13da79d84f81\",\"type\":\"math\",\"variables\":[{\"id\":\"e6425050-6d7c-11eb-b9b4-13da79d84f81\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ece8e3b0-6d7c-11eb-b9b4-13da79d84f81\",\"type\":\"math\",\"variables\":[{\"id\":\"ef8e3a20-6d7c-11eb-b9b4-13da79d84f81\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Services\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.l4.port.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"c1cd0f50-3ee0-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwODksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Application (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Application (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"15a3fba0-6d7d-11eb-84f7-77c8f6afc5bb\",\"type\":\"math\",\"variables\":[{\"id\":\"177ba1d0-6d7d-11eb-84f7-77c8f6afc5bb\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"22c50950-6d7d-11eb-84f7-77c8f6afc5bb\",\"type\":\"math\",\"variables\":[{\"id\":\"245ee330-6d7d-11eb-84f7-77c8f6afc5bb\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Applications\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"app.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"app.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"ff906930-3ee1-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTAsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"cf1bd77b-1f5f-4fd2-bdec-4a4f86b2cbf5\"},\"panelIndex\":\"cf1bd77b-1f5f-4fd2-bdec-4a4f86b2cbf5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"25faea81-ab1f-41e5-acb9-6106d4cc0aa4\"},\"panelIndex\":\"25faea81-ab1f-41e5-acb9-6106d4cc0aa4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"98b7b546-bcd1-4f6a-ae72-5537acf3b95e\"},\"panelIndex\":\"98b7b546-bcd1-4f6a-ae72-5537acf3b95e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d3b1d5d8-42b4-4ce3-b869-9cf9b9339e86\"},\"panelIndex\":\"d3b1d5d8-42b4-4ce3-b869-9cf9b9339e86\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"72a017dd-f8eb-4626-acec-90c12df7f147\"},\"panelIndex\":\"72a017dd-f8eb-4626-acec-90c12df7f147\",\"embeddableConfig\":{\"title\":\"Clients (flow records)\",\"hidePanelTitles\":false},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"30822c3b-040f-49e1-a798-4de5eb0c3d5f\"},\"panelIndex\":\"30822c3b-040f-49e1-a798-4de5eb0c3d5f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"d85d8052-38bd-42e0-a2bc-7994cc898e97\"},\"panelIndex\":\"d85d8052-38bd-42e0-a2bc-7994cc898e97\",\"embeddableConfig\":{\"title\":\"Servers (flow records)\",\"hidePanelTitles\":false},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"b7916a81-f14e-4151-988e-03fe34367bf7\"},\"panelIndex\":\"b7916a81-f14e-4151-988e-03fe34367bf7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"f51e7b87-62a2-494f-989e-589ed7aaa2fb\"},\"panelIndex\":\"f51e7b87-62a2-494f-989e-589ed7aaa2fb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"43312a94-47b7-44fb-aee1-a7d602d108a4\"},\"panelIndex\":\"43312a94-47b7-44fb-aee1-a7d602d108a4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"816e3e43-6b65-4eaf-91c6-7073ce905be7\"},\"panelIndex\":\"816e3e43-6b65-4eaf-91c6-7073ce905be7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"c4771e88-2c13-4d6e-a7bf-f63f430a0d54\"},\"panelIndex\":\"c4771e88-2c13-4d6e-a7bf-f63f430a0d54\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":13,\"i\":\"c86d248a-9b29-4a1b-9904-5139da8f954b\"},\"panelIndex\":\"c86d248a-9b29-4a1b-9904-5139da8f954b\",\"embeddableConfig\":{\"title\":\"Clients (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Clients (bits/s)\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":13,\"i\":\"95073fd6-49e8-4196-a2cb-d9dedffc5f09\"},\"panelIndex\":\"95073fd6-49e8-4196-a2cb-d9dedffc5f09\",\"embeddableConfig\":{\"title\":\"Servers (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Servers (bits/s)\",\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":33,\"w\":24,\"h\":14,\"i\":\"17cd868a-a8f9-4f6d-bbf0-d825a7e9aed0\"},\"panelIndex\":\"17cd868a-a8f9-4f6d-bbf0-d825a7e9aed0\",\"embeddableConfig\":{\"title\":\"Clients (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Clients (pkts/s)\",\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":33,\"w\":24,\"h\":14,\"i\":\"52665f63-634d-4f71-8af3-3fa78fd69805\"},\"panelIndex\":\"52665f63-634d-4f71-8af3-3fa78fd69805\",\"embeddableConfig\":{\"title\":\"Servers (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Servers (pkts/s)\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":12,\"h\":11,\"i\":\"01abaf50-4385-4162-99a9-19098a7a2eb7\"},\"panelIndex\":\"01abaf50-4385-4162-99a9-19098a7a2eb7\",\"embeddableConfig\":{\"title\":\"Services (flow records)\",\"hidePanelTitles\":false},\"title\":\"Services (flow records)\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":47,\"w\":12,\"h\":2,\"i\":\"a4d025c1-8e8c-41b3-9914-d30dbfd9c4eb\"},\"panelIndex\":\"a4d025c1-8e8c-41b3-9914-d30dbfd9c4eb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_17\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":47,\"w\":12,\"h\":11,\"i\":\"7c5e07d4-34a2-4023-8f5a-10836add48f0\"},\"panelIndex\":\"7c5e07d4-34a2-4023-8f5a-10836add48f0\",\"embeddableConfig\":{\"title\":\"Applications (flow records)\",\"hidePanelTitles\":false},\"title\":\"Applications (flow records)\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":47,\"w\":12,\"h\":2,\"i\":\"216341be-b759-42f1-9771-8af90aff5d7b\"},\"panelIndex\":\"216341be-b759-42f1-9771-8af90aff5d7b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_19\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":49,\"w\":12,\"h\":7,\"i\":\"bff6ff26-0484-4c7d-9e4c-8a5719cdf602\"},\"panelIndex\":\"bff6ff26-0484-4c7d-9e4c-8a5719cdf602\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_20\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":49,\"w\":12,\"h\":7,\"i\":\"6b050ffa-0e33-4b71-bec2-ade9c902c756\"},\"panelIndex\":\"6b050ffa-0e33-4b71-bec2-ade9c902c756\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_21\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":56,\"w\":12,\"h\":2,\"i\":\"6dfa17fa-42e9-4c82-a657-b8fe5aa806cc\"},\"panelIndex\":\"6dfa17fa-42e9-4c82-a657-b8fe5aa806cc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_22\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":56,\"w\":12,\"h\":2,\"i\":\"4a61399d-0303-4406-9546-148dda9ad8db\"},\"panelIndex\":\"4a61399d-0303-4406-9546-148dda9ad8db\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":14,\"i\":\"36a5f34b-93a1-4b1d-b997-71a644c1eaae\"},\"panelIndex\":\"36a5f34b-93a1-4b1d-b997-71a644c1eaae\",\"embeddableConfig\":{\"title\":\"Services (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_24\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":14,\"i\":\"165535c1-1b24-4dd3-a572-3b7572ccd1dc\"},\"panelIndex\":\"165535c1-1b24-4dd3-a572-3b7572ccd1dc\",\"embeddableConfig\":{\"title\":\"Applications (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Applications (bits/s)\",\"panelRefName\":\"panel_25\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":72,\"w\":24,\"h\":14,\"i\":\"869b0795-1565-4c62-847d-9c9ee627f8f9\"},\"panelIndex\":\"869b0795-1565-4c62-847d-9c9ee627f8f9\",\"embeddableConfig\":{\"title\":\"Services (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Services (pkts/s)\",\"panelRefName\":\"panel_26\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":72,\"w\":24,\"h\":14,\"i\":\"1a126c02-f0fc-4278-9e27-cc285e3eb8f5\"},\"panelIndex\":\"1a126c02-f0fc-4278-9e27-cc285e3eb8f5\",\"embeddableConfig\":{\"title\":\"Applications (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Applications (pkts/s)\",\"panelRefName\":\"panel_27\"}]","timeRestore":false,"title":"ElastiFlow (flow): Traffic Details (types)","version":1},"id":"7dfba590-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"228552e0-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"39259170-3edd-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"0b230740-3d38-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"21b512f0-3d38-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"97c2bfb0-3e5f-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_11","type":"visualization"},{"id":"d80358b0-3edb-11eb-bc2c-c5758316d788","name":"panel_12","type":"visualization"},{"id":"f3fc4470-3ede-11eb-bc2c-c5758316d788","name":"panel_13","type":"visualization"},{"id":"f15aed00-3edb-11eb-bc2c-c5758316d788","name":"panel_14","type":"visualization"},{"id":"086359d0-3edf-11eb-bc2c-c5758316d788","name":"panel_15","type":"visualization"},{"id":"a79c8dd0-3d38-11eb-bc2c-c5758316d788","name":"panel_16","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_17","type":"visualization"},{"id":"cc173cf0-3d38-11eb-bc2c-c5758316d788","name":"panel_18","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_19","type":"visualization"},{"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","name":"panel_20","type":"visualization"},{"id":"2f9ed3e0-3e61-11eb-bc2c-c5758316d788","name":"panel_21","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_22","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_23","type":"visualization"},{"id":"8298f1f0-3ee0-11eb-bc2c-c5758316d788","name":"panel_24","type":"visualization"},{"id":"e87e7f20-3ee1-11eb-bc2c-c5758316d788","name":"panel_25","type":"visualization"},{"id":"c1cd0f50-3ee0-11eb-bc2c-c5758316d788","name":"panel_26","type":"visualization"},{"id":"ff906930-3ee1-11eb-bc2c-c5758316d788","name":"panel_27","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Symmetric Messages by src/dst - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Symmetric Messages by src/dst - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Sym\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"7e20b120-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"81a877e0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations and Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"83029b10-3d31-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Observed Traffic (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"33802db0-6d7d-11eb-b273-0b659d100ef7\",\"type\":\"math\",\"variables\":[{\"id\":\"3544c110-6d7d-11eb-b273-0b659d100ef7\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"3b474c40-6d7d-11eb-b273-0b659d100ef7\",\"type\":\"math\",\"variables\":[{\"id\":\"3ced8230-6d7d-11eb-b273-0b659d100ef7\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Exporters\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.export.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.export.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"831f5010-3ecc-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"850fe610-c467-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Accessed Ports from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Accessed Ports from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"flow.client.as.org: \\\"PRIVATE\\\" AND flow.server.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Accessed Ports (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"851359f0-c492-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Average Throughput (bits/s) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Average Throughput (bits/s) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"},{\"sigma\":\"\",\"id\":\"568d8d10-3e5d-11eb-83e8-ef8dac1c189d\",\"type\":\"avg_bucket\",\"field\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Avg. Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"\",\"index_pattern\":\"\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"49b0db60-3e5d-11eb-83e8-ef8dac1c189d\"}]}}"},"id":"86111840-3e5d-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path Flows - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path Flows - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-path-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.src.as.label\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.dst.as.label\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 24,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.7,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"}}"},"id":"96433bb0-a0a5-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T13:54:16.939Z","version":"WzEyMzMsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"a85901fc-d3fd-47b5-a1f3-246cbe187ef4\",\"w\":43,\"x\":0,\"y\":0},\"panelIndex\":\"a85901fc-d3fd-47b5-a1f3-246cbe187ef4\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":37,\"i\":\"805212a0-a5db-467e-a338-1543e4fd9936\",\"w\":38,\"x\":10,\"y\":4},\"panelIndex\":\"805212a0-a5db-467e-a338-1543e4fd9936\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":37,\"i\":\"9c86b182-9e93-43ac-b3f7-8459a5fd467a\",\"w\":10,\"x\":0,\"y\":4},\"panelIndex\":\"9c86b182-9e93-43ac-b3f7-8459a5fd467a\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS-Path Graph (flows)","version":1},"id":"877310b0-a0a0-11ed-808e-b501c532aca0","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"70e14890-a09f-11ed-808e-b501c532aca0","name":"panel_0","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"96433bb0-a0a5-11ed-808e-b501c532aca0","name":"panel_2","type":"visualization"},{"id":"88f99fb0-a15b-11ed-808e-b501c532aca0","name":"panel_3","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-31T11:48:27.670Z","version":"WzEyNDgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): VLAN/DSCP/TCP Flags/TCP Options - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN/DSCP/TCP Flags/TCP Options - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"vlan.tag.id\",\"parent\":\"\",\"label\":\"VLANs\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"ip.dscp.name\",\"parent\":\"\",\"label\":\"DSCP\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"tcp.flags.tags\",\"parent\":\"\",\"label\":\"TCP Flags\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":16,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"tcp.options.tags\",\"parent\":\"\",\"label\":\"TCP Options\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":64,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"dc1d7e90-3f0c-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEwOTksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): IP Versions (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Versions (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"ip.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ac03b590-3f06-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): IP Version Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"ip.version.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"IP Versions\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"ef4b4a40-3f04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/IP Version (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/IP Version (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"4a631880-6d7d-11eb-958e-eb77245e53fe\",\"type\":\"math\",\"variables\":[{\"id\":\"4bfacf80-6d7d-11eb-958e-eb77245e53fe\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"51a43e30-6d7d-11eb-958e-eb77245e53fe\",\"type\":\"math\",\"variables\":[{\"id\":\"5b33c0b0-6d7d-11eb-958e-eb77245e53fe\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top IP Versions\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"ip.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.version.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"939c9bc0-3f06-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DSCP (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DSCP (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.ip.dscp.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP DSCP\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"9e42d670-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Flags (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.flags.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flags\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d1ec1680-3d3a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Option Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Option Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"tcp.options.tags\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"TCP Options\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"a1902790-3ef9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Flag (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Flag (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"tcp.flags.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.flags.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"d78cbdc0-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Flag (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Flag (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"6b43b0f0-6d7d-11eb-8a07-3582e3771955\",\"type\":\"math\",\"variables\":[{\"id\":\"6d1d2be0-6d7d-11eb-8a07-3582e3771955\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"725bcad0-6d7d-11eb-8a07-3582e3771955\",\"type\":\"math\",\"variables\":[{\"id\":\"73fafbe0-6d7d-11eb-8a07-3582e3771955\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top TCP Flags\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"tcp.flags.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.flags.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"ee1c7f80-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Option (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Option (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"86fd7830-6d7d-11eb-a5ea-e3d4da0e8add\",\"type\":\"math\",\"variables\":[{\"id\":\"8873eb90-6d7d-11eb-a5ea-e3d4da0e8add\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"8e83e440-6d7d-11eb-a5ea-e3d4da0e8add\",\"type\":\"math\",\"variables\":[{\"id\":\"8ffffcf0-6d7d-11eb-a5ea-e3d4da0e8add\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top TCP Options\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"tcp.options.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.options.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"a2ae5910-3f0a-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDgsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"393f1115-ef32-4968-a3e6-562da545bacc\"},\"panelIndex\":\"393f1115-ef32-4968-a3e6-562da545bacc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"ad61a61c-ef89-4232-ada0-ed7964de301c\"},\"panelIndex\":\"ad61a61c-ef89-4232-ada0-ed7964de301c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"1b77ffee-ee57-41ff-9d76-857bbb1c9213\"},\"panelIndex\":\"1b77ffee-ee57-41ff-9d76-857bbb1c9213\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"a199aa42-40cd-494b-b7ed-b341b187bff0\"},\"panelIndex\":\"a199aa42-40cd-494b-b7ed-b341b187bff0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"a28e4934-58a7-4bc5-96c9-e48d10007eea\"},\"panelIndex\":\"a28e4934-58a7-4bc5-96c9-e48d10007eea\",\"embeddableConfig\":{\"title\":\"IP Versions (flow records)\",\"hidePanelTitles\":false},\"title\":\"IP Versions (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"863403c9-a5f9-4df0-9a57-78fbf42d2b79\"},\"panelIndex\":\"863403c9-a5f9-4df0-9a57-78fbf42d2b79\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"6407bdf5-6fd2-4b7d-bc26-edb806e56815\"},\"panelIndex\":\"6407bdf5-6fd2-4b7d-bc26-edb806e56815\",\"embeddableConfig\":{\"title\":\"Layer-4 Protocols (flow records)\",\"hidePanelTitles\":false},\"title\":\"Layer-4 Protocols (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"86f2c4eb-dfdb-48d4-86ce-62b95c7b7257\"},\"panelIndex\":\"86f2c4eb-dfdb-48d4-86ce-62b95c7b7257\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"9f1233b9-7928-4ffd-a00d-8912afcd9fb7\"},\"panelIndex\":\"9f1233b9-7928-4ffd-a00d-8912afcd9fb7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"35dc4060-0a72-4200-9c94-0fbf155d4464\"},\"panelIndex\":\"35dc4060-0a72-4200-9c94-0fbf155d4464\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"26d45398-7bd0-4510-899e-8955f2cb82b0\"},\"panelIndex\":\"26d45398-7bd0-4510-899e-8955f2cb82b0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"080f02e3-1cfa-4d0a-a47c-06722b44815b\"},\"panelIndex\":\"080f02e3-1cfa-4d0a-a47c-06722b44815b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":14,\"i\":\"84fe0e59-8f70-4f1f-bfc2-73efe894ebd4\"},\"panelIndex\":\"84fe0e59-8f70-4f1f-bfc2-73efe894ebd4\",\"embeddableConfig\":{\"title\":\"IP Versions (bits/s)\",\"hidePanelTitles\":false},\"title\":\"IP Versions (bits/s)\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":14,\"i\":\"407c4390-1043-490b-9038-0fd5746973f3\"},\"panelIndex\":\"407c4390-1043-490b-9038-0fd5746973f3\",\"embeddableConfig\":{\"title\":\"Layer-4 Protocols (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Layer-4 Protocols (bits/s)\",\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":24,\"h\":14,\"i\":\"f39fbfb5-7e36-4fcc-9ae8-2b4901e2c9cb\"},\"panelIndex\":\"f39fbfb5-7e36-4fcc-9ae8-2b4901e2c9cb\",\"embeddableConfig\":{\"title\":\"IP Versions (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"IP Versions (pkts/s)\",\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":34,\"w\":24,\"h\":14,\"i\":\"af9cd893-0b4c-4d1c-ac5b-e2440a5e5c0c\"},\"panelIndex\":\"af9cd893-0b4c-4d1c-ac5b-e2440a5e5c0c\",\"embeddableConfig\":{\"title\":\"Layer-4 Protocols (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Layer-4 Protocols (pkts/s)\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":12,\"h\":11,\"i\":\"e3798eaf-2522-4051-be34-39f4d1de9cea\"},\"panelIndex\":\"e3798eaf-2522-4051-be34-39f4d1de9cea\",\"embeddableConfig\":{\"title\":\"VLANs (flow records)\",\"hidePanelTitles\":false},\"title\":\"VLANs (flow records)\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":48,\"w\":12,\"h\":2,\"i\":\"705a44ce-0978-415a-b5e9-b61e3c05e9ff\"},\"panelIndex\":\"705a44ce-0978-415a-b5e9-b61e3c05e9ff\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_17\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":48,\"w\":12,\"h\":11,\"i\":\"860ab4a2-1332-4660-af89-1d99af9a3ccc\"},\"panelIndex\":\"860ab4a2-1332-4660-af89-1d99af9a3ccc\",\"embeddableConfig\":{\"title\":\"DSCP (flow records)\",\"hidePanelTitles\":false},\"title\":\"DSCP (flow records)\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":2,\"i\":\"6d10d399-b5f8-420d-9dbc-8f4cfa435949\"},\"panelIndex\":\"6d10d399-b5f8-420d-9dbc-8f4cfa435949\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_19\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":7,\"i\":\"0d095856-8615-46fd-9f15-6f418420f8b6\"},\"panelIndex\":\"0d095856-8615-46fd-9f15-6f418420f8b6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_20\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":50,\"w\":12,\"h\":7,\"i\":\"7f03b90a-3697-472b-bbe2-b0a0631843f2\"},\"panelIndex\":\"7f03b90a-3697-472b-bbe2-b0a0631843f2\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_21\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":57,\"w\":12,\"h\":2,\"i\":\"c07981ba-bd27-4d1a-867b-e969270bc33b\"},\"panelIndex\":\"c07981ba-bd27-4d1a-867b-e969270bc33b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_22\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":57,\"w\":12,\"h\":2,\"i\":\"504befc1-a66f-433f-b3fc-3c40f3247bfe\"},\"panelIndex\":\"504befc1-a66f-433f-b3fc-3c40f3247bfe\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":59,\"w\":24,\"h\":14,\"i\":\"1efdeaa7-d480-4e9f-8a86-8ae23526bf47\"},\"panelIndex\":\"1efdeaa7-d480-4e9f-8a86-8ae23526bf47\",\"embeddableConfig\":{},\"panelRefName\":\"panel_24\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":59,\"w\":24,\"h\":14,\"i\":\"5f6dce0b-482c-45bd-8b91-7acb9ba74a59\"},\"panelIndex\":\"5f6dce0b-482c-45bd-8b91-7acb9ba74a59\",\"embeddableConfig\":{\"title\":\"DSCP (bits/s)\",\"hidePanelTitles\":false},\"title\":\"DSCP (bits/s)\",\"panelRefName\":\"panel_25\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":14,\"i\":\"a9c91ab2-f565-4cec-8899-20d4c552fb89\"},\"panelIndex\":\"a9c91ab2-f565-4cec-8899-20d4c552fb89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_26\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":14,\"i\":\"066f5801-1ce9-4e4b-9bd2-7641e557df2a\"},\"panelIndex\":\"066f5801-1ce9-4e4b-9bd2-7641e557df2a\",\"embeddableConfig\":{\"title\":\"DSCP (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"DSCP (pkts/s)\",\"panelRefName\":\"panel_27\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":87,\"w\":12,\"h\":11,\"i\":\"a5dcd4c3-993f-41d6-b857-78cbc4b59776\"},\"panelIndex\":\"a5dcd4c3-993f-41d6-b857-78cbc4b59776\",\"embeddableConfig\":{\"title\":\"TCP Flags (flow records)\",\"hidePanelTitles\":false},\"title\":\"TCP Flags (flow records)\",\"panelRefName\":\"panel_28\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":87,\"w\":12,\"h\":2,\"i\":\"18794abf-400e-4052-81d3-9436757c1982\"},\"panelIndex\":\"18794abf-400e-4052-81d3-9436757c1982\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_29\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":87,\"w\":12,\"h\":11,\"i\":\"d28d422b-7358-4d8f-bd87-934bcec94448\"},\"panelIndex\":\"d28d422b-7358-4d8f-bd87-934bcec94448\",\"embeddableConfig\":{\"title\":\"TCP Options (flow records)\",\"hidePanelTitles\":false},\"title\":\"TCP Options (flow records)\",\"panelRefName\":\"panel_30\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":87,\"w\":12,\"h\":2,\"i\":\"4181c6d3-e513-4962-86bd-f1e62454e4bd\"},\"panelIndex\":\"4181c6d3-e513-4962-86bd-f1e62454e4bd\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_31\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":89,\"w\":12,\"h\":7,\"i\":\"b9291dcb-81fd-46b0-aa64-569cd50aa35d\"},\"panelIndex\":\"b9291dcb-81fd-46b0-aa64-569cd50aa35d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_32\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":89,\"w\":12,\"h\":7,\"i\":\"b28f4f0b-4775-4e51-9d12-5fc42aafc7fa\"},\"panelIndex\":\"b28f4f0b-4775-4e51-9d12-5fc42aafc7fa\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_33\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":96,\"w\":12,\"h\":2,\"i\":\"4e907a92-1a5f-4539-b38f-c9dbdf9af3ee\"},\"panelIndex\":\"4e907a92-1a5f-4539-b38f-c9dbdf9af3ee\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_34\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":96,\"w\":12,\"h\":2,\"i\":\"60f8dc8c-c2ba-4167-a2b4-184848b2905a\"},\"panelIndex\":\"60f8dc8c-c2ba-4167-a2b4-184848b2905a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_35\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":98,\"w\":24,\"h\":15,\"i\":\"3ffc64a7-27df-43c2-9236-9fb190218530\"},\"panelIndex\":\"3ffc64a7-27df-43c2-9236-9fb190218530\",\"embeddableConfig\":{\"title\":\"TCP Flags (bits/s)\",\"hidePanelTitles\":false},\"title\":\"TCP Flags (bits/s)\",\"panelRefName\":\"panel_36\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":98,\"w\":24,\"h\":15,\"i\":\"050e6a29-61cd-4ebc-8ff5-e7a7e14f4616\"},\"panelIndex\":\"050e6a29-61cd-4ebc-8ff5-e7a7e14f4616\",\"embeddableConfig\":{\"title\":\"TCP Options (bits/s)\",\"hidePanelTitles\":false},\"title\":\"TCP Options (bits/s)\",\"panelRefName\":\"panel_37\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":113,\"w\":24,\"h\":15,\"i\":\"170f5488-e8dd-41ac-a4ea-d6f32431b014\"},\"panelIndex\":\"170f5488-e8dd-41ac-a4ea-d6f32431b014\",\"embeddableConfig\":{\"title\":\"TCP Flags (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"TCP Flags (pkts/s)\",\"panelRefName\":\"panel_38\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":113,\"w\":24,\"h\":15,\"i\":\"5bf02364-9fd1-4822-ab85-80e95f8a02f9\"},\"panelIndex\":\"5bf02364-9fd1-4822-ab85-80e95f8a02f9\",\"embeddableConfig\":{\"title\":\"TCP Options (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"TCP Options (pkts/s)\",\"panelRefName\":\"panel_39\"}]","timeRestore":false,"title":"ElastiFlow (flow): Traffic Details (attributes)","version":1},"id":"8ae6d630-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"12658420-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"dc1d7e90-3f0c-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"ac03b590-3f06-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"5e7b8030-3eef-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"ef4b4a40-3f04-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"051bf440-3e61-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_11","type":"visualization"},{"id":"65671460-3f06-11eb-bc2c-c5758316d788","name":"panel_12","type":"visualization"},{"id":"20164b90-3eef-11eb-bc2c-c5758316d788","name":"panel_13","type":"visualization"},{"id":"939c9bc0-3f06-11eb-bc2c-c5758316d788","name":"panel_14","type":"visualization"},{"id":"49d0f930-3eef-11eb-bc2c-c5758316d788","name":"panel_15","type":"visualization"},{"id":"73788aa0-3f08-11eb-bc2c-c5758316d788","name":"panel_16","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_17","type":"visualization"},{"id":"9e42d670-3d3a-11eb-bc2c-c5758316d788","name":"panel_18","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_19","type":"visualization"},{"id":"3b7bf600-3f08-11eb-bc2c-c5758316d788","name":"panel_20","type":"visualization"},{"id":"302d17a0-3f05-11eb-bc2c-c5758316d788","name":"panel_21","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_22","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_23","type":"visualization"},{"id":"73b22db0-3f07-11eb-bc2c-c5758316d788","name":"panel_24","type":"visualization"},{"id":"276702d0-3f09-11eb-bc2c-c5758316d788","name":"panel_25","type":"visualization"},{"id":"07262240-3f08-11eb-bc2c-c5758316d788","name":"panel_26","type":"visualization"},{"id":"411346d0-3f09-11eb-bc2c-c5758316d788","name":"panel_27","type":"visualization"},{"id":"d1ec1680-3d3a-11eb-bc2c-c5758316d788","name":"panel_28","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_29","type":"visualization"},{"id":"0625de60-3f0a-11eb-bc2c-c5758316d788","name":"panel_30","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_31","type":"visualization"},{"id":"5f3b6940-3ef9-11eb-bc2c-c5758316d788","name":"panel_32","type":"visualization"},{"id":"a1902790-3ef9-11eb-bc2c-c5758316d788","name":"panel_33","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_34","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_35","type":"visualization"},{"id":"d78cbdc0-3f0a-11eb-bc2c-c5758316d788","name":"panel_36","type":"visualization"},{"id":"783f9db0-3f0a-11eb-bc2c-c5758316d788","name":"panel_37","type":"visualization"},{"id":"ee1c7f80-3f0a-11eb-bc2c-c5758316d788","name":"panel_38","type":"visualization"},{"id":"a2ae5910-3f0a-11eb-bc2c-c5758316d788","name":"panel_39","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMDksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":\"CLI & Remote Desktop Private\",\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI & Remote Desktop Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI & Remote Desktop Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"8af47df0-c5a4-11ec-be66-9ff35c2449cb","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Records/s (client/server) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Records/s (client/server) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"61c95a90-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"646736f0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"2b017560-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"2e9d39c0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Flow Types\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"filter\":{\"query\":\"flow.client.ip.addr: * AND flow.server.ip.addr: *\",\"language\":\"kuery\"}}}"},"id":"8b5fb750-3f0e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): UDP Amplification Packets - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Packets - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND NOT flow.src.as.org: \\\"PRIVATE\\\" AND flow.src.l4.port.id: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"UDP Packets\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"8ba5fee0-c48c-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Symmetric Messages (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Symmetric Messages (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"sigma\":\"\",\"id\":\"5a51ba40-9b2a-11ec-8947-5dbcd3cabfb0\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"symmetric\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 123 AND flow.dst.l4.port.id: 123 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"}}}"},"id":"8ff70cb0-9d80-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Record Count (client/server) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (client/server) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"flow.client.ip.addr : * and flow.server.ip.addr : *\",\"language\":\"kuery\"}}}"},"id":"93fddf80-3f0f-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"94078f20-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"9714b270-c3ac-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details (locality)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (locality)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Attributes](#/dashboard/8ae6d630-3d3f-11eb-bc2c-c5758316d788) | [Types](#/dashboard/7dfba590-3d3f-11eb-bc2c-c5758316d788) | [**Locality**](#/dashboard/980f36e0-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"9dcbb430-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Locality/AS/Country/City - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Locality/AS/Country/City - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"as.label\",\"parent\":\"\",\"label\":\"Autonomous Sytem\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.client.geo.country.name\",\"parent\":\"\",\"label\":\"Country\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"geo.city.name\",\"parent\":\"\",\"label\":\"City\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"e7d026a0-3ef5-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_4_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Autonomous System Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous System Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"as.label\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ASNs\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"dc32a060-3e60-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMTksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Autonomous System (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Autonomous System (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"b6645bd0-3ee7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Locality (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Locality (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"b363e4e0-6d7d-11eb-86d7-3d446d41aad0\",\"type\":\"math\",\"variables\":[{\"id\":\"b54946b0-6d7d-11eb-86d7-3d446d41aad0\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"ba6cbc80-6d7d-11eb-86d7-3d446d41aad0\",\"type\":\"math\",\"variables\":[{\"id\":\"bbec57a0-6d7d-11eb-86d7-3d446d41aad0\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Localities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.locality\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.locality: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"e74cd590-3ee4-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Autonomous System (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Autonomous System (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"cccc4210-6d7d-11eb-8988-b715baeca652\",\"type\":\"math\",\"variables\":[{\"id\":\"ce784460-6d7d-11eb-8988-b715baeca652\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"d41b4a70-6d7d-11eb-8988-b715baeca652\",\"type\":\"math\",\"variables\":[{\"id\":\"db8d9240-6d7d-11eb-8988-b715baeca652\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"b1201790-3ee7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Country (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Country (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"geo.country.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.country.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"cbde1ce0-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Country (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Country (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"e8a57830-6d7d-11eb-abf4-7fd1b3abc67a\",\"type\":\"math\",\"variables\":[{\"id\":\"ea641820-6d7d-11eb-abf4-7fd1b3abc67a\",\"name\":\"packets\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"id\":\"f10a8470-6d7d-11eb-abf4-7fd1b3abc67a\",\"type\":\"math\",\"variables\":[{\"id\":\"f2b686c0-6d7d-11eb-abf4-7fd1b3abc67a\",\"name\":\"packets\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Countries\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"geo.country.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.country.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"e32dd340-3eeb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjQsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"569196ba-289b-4b0a-a845-ee920ec18908\"},\"panelIndex\":\"569196ba-289b-4b0a-a845-ee920ec18908\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"a6bb99d4-7d90-484b-b26f-c178f6bc494b\"},\"panelIndex\":\"a6bb99d4-7d90-484b-b26f-c178f6bc494b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"2ce0b424-851e-4bfd-8f5d-05e27b396a12\"},\"panelIndex\":\"2ce0b424-851e-4bfd-8f5d-05e27b396a12\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d133ea55-74a7-4f8e-b218-d3b922584508\"},\"panelIndex\":\"d133ea55-74a7-4f8e-b218-d3b922584508\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"ce77fdd5-4300-43d3-bf8f-5bb2e3cbe757\"},\"panelIndex\":\"ce77fdd5-4300-43d3-bf8f-5bb2e3cbe757\",\"embeddableConfig\":{\"title\":\"Flow Locality (flow records)\",\"hidePanelTitles\":false},\"title\":\"Flow Locality (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"7bdd4b15-85bf-4c8f-882d-a9a6aee37f33\"},\"panelIndex\":\"7bdd4b15-85bf-4c8f-882d-a9a6aee37f33\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"6ba3a6f5-6cc3-44c4-939a-70a4ef5dea74\"},\"panelIndex\":\"6ba3a6f5-6cc3-44c4-939a-70a4ef5dea74\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (flow records)\",\"hidePanelTitles\":false},\"title\":\"Autonomous Systems (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"2cd94895-13d9-45a7-a6e4-9ac45e34ff96\"},\"panelIndex\":\"2cd94895-13d9-45a7-a6e4-9ac45e34ff96\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"fc540837-7f9e-4946-a0a7-7f923a2126e0\"},\"panelIndex\":\"fc540837-7f9e-4946-a0a7-7f923a2126e0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"4cea02be-a3e5-4c76-b4ab-8291896c6c05\"},\"panelIndex\":\"4cea02be-a3e5-4c76-b4ab-8291896c6c05\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"09e51220-3a50-44f0-ab10-8a3f9062bccf\"},\"panelIndex\":\"09e51220-3a50-44f0-ab10-8a3f9062bccf\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"e7a73648-56a5-4d07-863e-785d6af6abd8\"},\"panelIndex\":\"e7a73648-56a5-4d07-863e-785d6af6abd8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":14,\"i\":\"21996319-0357-44f1-a9bf-b69184464c0f\"},\"panelIndex\":\"21996319-0357-44f1-a9bf-b69184464c0f\",\"embeddableConfig\":{\"title\":\"Locality (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Locality (bits/s)\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":14,\"i\":\"d62a9eca-1c42-48c3-97b9-c6c0e2c450af\"},\"panelIndex\":\"d62a9eca-1c42-48c3-97b9-c6c0e2c450af\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":24,\"h\":14,\"i\":\"319fc540-b90d-4a29-acef-c6a7e131cf7e\"},\"panelIndex\":\"319fc540-b90d-4a29-acef-c6a7e131cf7e\",\"embeddableConfig\":{\"title\":\"Locality (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Locality (pkts/s)\",\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":34,\"w\":24,\"h\":14,\"i\":\"378c3507-9b56-4e4b-a7f3-aa3eafd62178\"},\"panelIndex\":\"378c3507-9b56-4e4b-a7f3-aa3eafd62178\",\"embeddableConfig\":{\"title\":\"Autonomous Systems (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":12,\"h\":11,\"i\":\"5bd3f4d3-b400-4574-ac73-ded08fb99e6e\"},\"panelIndex\":\"5bd3f4d3-b400-4574-ac73-ded08fb99e6e\",\"embeddableConfig\":{\"title\":\"Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Countries (flow records)\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":48,\"w\":12,\"h\":2,\"i\":\"eeb60c25-55a2-4c14-be78-788861a0adb0\"},\"panelIndex\":\"eeb60c25-55a2-4c14-be78-788861a0adb0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_17\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":48,\"w\":12,\"h\":11,\"i\":\"f2ea5dc2-d79f-45dd-bca0-d3c1c6b9ad75\"},\"panelIndex\":\"f2ea5dc2-d79f-45dd-bca0-d3c1c6b9ad75\",\"embeddableConfig\":{\"title\":\"Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Cities (flow records)\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":2,\"i\":\"d6d0d266-1e45-4f4c-a112-581598a6ad4c\"},\"panelIndex\":\"d6d0d266-1e45-4f4c-a112-581598a6ad4c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_19\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":7,\"i\":\"c9e71e17-7ea3-4bd0-a191-28306d127a8e\"},\"panelIndex\":\"c9e71e17-7ea3-4bd0-a191-28306d127a8e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_20\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":50,\"w\":12,\"h\":7,\"i\":\"45b343c2-0fb0-473d-84f8-37a0a1474632\"},\"panelIndex\":\"45b343c2-0fb0-473d-84f8-37a0a1474632\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_21\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":57,\"w\":12,\"h\":2,\"i\":\"63ed9d6e-7f0f-46b9-a811-cb07382f00cc\"},\"panelIndex\":\"63ed9d6e-7f0f-46b9-a811-cb07382f00cc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_22\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":57,\"w\":12,\"h\":2,\"i\":\"6a9e2ce4-e3d6-4260-b6a8-66bf66d5b9a7\"},\"panelIndex\":\"6a9e2ce4-e3d6-4260-b6a8-66bf66d5b9a7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_23\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":59,\"w\":24,\"h\":14,\"i\":\"89a71ace-800a-4ba3-9a67-f888b8d7fbcb\"},\"panelIndex\":\"89a71ace-800a-4ba3-9a67-f888b8d7fbcb\",\"embeddableConfig\":{\"title\":\"Countries (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Countries (bits/s)\",\"panelRefName\":\"panel_24\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":59,\"w\":24,\"h\":14,\"i\":\"b0d12e5d-29d6-4f4f-b9fd-755316e5ec57\"},\"panelIndex\":\"b0d12e5d-29d6-4f4f-b9fd-755316e5ec57\",\"embeddableConfig\":{\"title\":\"Cities (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Cities (bits/s)\",\"panelRefName\":\"panel_25\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":14,\"i\":\"3fcd448a-1c66-41eb-9d71-b5b79a4c9e25\"},\"panelIndex\":\"3fcd448a-1c66-41eb-9d71-b5b79a4c9e25\",\"embeddableConfig\":{\"title\":\"Countries (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Countries (pkts/s)\",\"panelRefName\":\"panel_26\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":14,\"i\":\"8e064605-33fd-403a-97bd-a3c7cd4afce0\"},\"panelIndex\":\"8e064605-33fd-403a-97bd-a3c7cd4afce0\",\"embeddableConfig\":{\"title\":\"Cities (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Cities (pkts/s)\",\"panelRefName\":\"panel_27\"}]","timeRestore":false,"title":"ElastiFlow (flow): Traffic Details (locality)","version":1},"id":"980f36e0-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"f1bfb220-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"9dcbb430-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"e7d026a0-3ef5-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"23d52c70-3d3b-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"60986660-3ee7-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"62b4fa40-3ee6-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"dc32a060-3e60-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_11","type":"visualization"},{"id":"70c95380-3ee4-11eb-bc2c-c5758316d788","name":"panel_12","type":"visualization"},{"id":"b6645bd0-3ee7-11eb-bc2c-c5758316d788","name":"panel_13","type":"visualization"},{"id":"e74cd590-3ee4-11eb-bc2c-c5758316d788","name":"panel_14","type":"visualization"},{"id":"b1201790-3ee7-11eb-bc2c-c5758316d788","name":"panel_15","type":"visualization"},{"id":"467aed30-3eeb-11eb-bc2c-c5758316d788","name":"panel_16","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_17","type":"visualization"},{"id":"7406a000-3eeb-11eb-bc2c-c5758316d788","name":"panel_18","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_19","type":"visualization"},{"id":"6e5949e0-3e60-11eb-bc2c-c5758316d788","name":"panel_20","type":"visualization"},{"id":"5e68ef90-3e60-11eb-bc2c-c5758316d788","name":"panel_21","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_22","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_23","type":"visualization"},{"id":"cbde1ce0-3eeb-11eb-bc2c-c5758316d788","name":"panel_24","type":"visualization"},{"id":"01222130-3eec-11eb-bc2c-c5758316d788","name":"panel_25","type":"visualization"},{"id":"e32dd340-3eeb-11eb-bc2c-c5758316d788","name":"panel_26","type":"visualization"},{"id":"22378540-3eec-11eb-bc2c-c5758316d788","name":"panel_27","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - AS-Path Endpoints","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - AS-Path Endpoints\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Return to Flows](#/dashboard/5f59d990-3d3f-11eb-bc2c-c5758316d788) | [Hops](#/dashboard/2db6a730-a0a0-11ed-808e-b501c532aca0) | [Flows](#/dashboard/877310b0-a0a0-11ed-808e-b501c532aca0) | [**Endpoints**](#/dashboard/999406a0-a0a0-11ed-808e-b501c532aca0)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"99fe0880-a09f-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-31T14:52:25.707Z","version":"WzEyNTcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path Endpoints - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path Endpoints - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-path-codex-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.src.host.name\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.dst.host.name\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"flow.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 24,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.7,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"}}"},"id":"de2184a0-a0a5-11ed-808e-b501c532aca0","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T13:56:17.513Z","version":"WzEyMzQsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"24b328a9-b345-427d-ba72-56e2ca4098d9\",\"w\":43,\"x\":0,\"y\":0},\"panelIndex\":\"24b328a9-b345-427d-ba72-56e2ca4098d9\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"61821225-4249-4b8a-83b5-b12282d65350\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":37,\"i\":\"260e6566-834f-41e7-9c43-3d5be37ec8c3\",\"w\":38,\"x\":10,\"y\":4},\"panelIndex\":\"260e6566-834f-41e7-9c43-3d5be37ec8c3\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":37,\"i\":\"4a025171-a858-49a5-be7a-151ce98e5d3f\",\"w\":10,\"x\":0,\"y\":4},\"panelIndex\":\"4a025171-a858-49a5-be7a-151ce98e5d3f\",\"version\":\"1.0.0\",\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS-Path Graph (endpoints)","version":1},"id":"999406a0-a0a0-11ed-808e-b501c532aca0","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"99fe0880-a09f-11ed-808e-b501c532aca0","name":"panel_0","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"de2184a0-a0a5-11ed-808e-b501c532aca0","name":"panel_2","type":"visualization"},{"id":"88f99fb0-a15b-11ed-808e-b501c532aca0","name":"panel_3","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-31T11:40:03.710Z","version":"WzEyNDEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (flow records) - coord_map","uiStateJSON":"{\"mapZoom\":2,\"mapCenter\":[24.57585086389495,-13.23577880859375]}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers (flow records) - coord_map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"flow.server.geo.loc.coord\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true,\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":20,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}}}}"},"id":"9a4a4cf0-3eb7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Clients - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Clients - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Clients\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"9aeb1f40-3e53-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Observed Traffic (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"47cfb190-3e58-11eb-876f-b5c9643ab6f1\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4c549d70-3e58-11eb-876f-b5c9643ab6f1\",\"name\":\"bytes\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"id\":\"d49ad363-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d49ad362-3e59-11eb-a91f-1f1f49d730ed\",\"name\":\"bytes\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.export.host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"9b0bb110-3ecb-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Conversation Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Conversations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"9bc40400-3e5c-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMjksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"NTP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"123\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"123\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Msg\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"9d7a0d50-9d7c-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): CLI Sessions from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (22 OR 23) AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CLI Sessions (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"a49d6210-c49d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): CLI Sessions from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"\\\"flow.dst.l4.port.id\\\": (22 OR 23) AND flow.src.as.org: \\\"PRIVATE\\\" AND flow.dst.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CLI Sessions (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.l4.port.id\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"d565c950-c49d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzIsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f31b884f-6a5a-4561-8e89-90d4b7d0bcb9\"},\"panelIndex\":\"f31b884f-6a5a-4561-8e89-90d4b7d0bcb9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\"},\"panelIndex\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9f7a7f95-f276-4a6c-9a1e-45b363fe1332\"},\"panelIndex\":\"9f7a7f95-f276-4a6c-9a1e-45b363fe1332\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"dac32c4d-c90d-436c-8172-3687117f640f\"},\"panelIndex\":\"dac32c4d-c90d-436c-8172-3687117f640f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"d8b56209-5929-4048-b484-b2f910d61d81\"},\"panelIndex\":\"d8b56209-5929-4048-b484-b2f910d61d81\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"39cc60d1-67d7-4544-9ca3-7f55bc3dbe12\"},\"panelIndex\":\"39cc60d1-67d7-4544-9ca3-7f55bc3dbe12\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"f6b68c78-8e63-48d9-9f10-c8178cd4743b\"},\"panelIndex\":\"f6b68c78-8e63-48d9-9f10-c8178cd4743b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":32,\"i\":\"4ae31000-6480-4cc9-bd41-0f8751900f37\"},\"panelIndex\":\"4ae31000-6480-4cc9-bd41-0f8751900f37\",\"embeddableConfig\":{\"title\":\"CLI & Remote Desktop Sessions (Public)\",\"hidePanelTitles\":false},\"title\":\"CLI & Remote Desktop Sessions (Public)\",\"panelRefName\":\"panel_9\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":32,\"i\":\"1c686eb6-2999-4722-b23c-09c0a42e6540\"},\"panelIndex\":\"1c686eb6-2999-4722-b23c-09c0a42e6540\",\"embeddableConfig\":{\"title\":\"CLI & Remote Desktop Sessions (Private)\",\"hidePanelTitles\":false},\"title\":\"CLI & Remote Desktop Sessions (Private)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (Brute Force)","version":1},"id":"9e8ee9a0-c495-11ec-a49f-6168cd647191","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"08535420-c496-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"5fc57d50-c487-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"a49d6210-c49d-11ec-a49f-6168cd647191","name":"panel_4","type":"visualization"},{"id":"d565c950-c49d-11ec-a49f-6168cd647191","name":"panel_5","type":"visualization"},{"id":"1f207360-c49e-11ec-a49f-6168cd647191","name":"panel_6","type":"visualization"},{"id":"1a219c90-c49e-11ec-a49f-6168cd647191","name":"panel_7","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"78577a30-c5a4-11ec-be66-9ff35c2449cb","name":"panel_9","type":"visualization"},{"id":"8af47df0-c5a4-11ec-be66-9ff35c2449cb","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): RADIUS AUTH Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.dst.l4.port.id: 1812 OR flow.dst.l4.port.id: 1645\",\"language\":\"kuery\"}},{\"id\":\"7e6a9720-9b26-11ec-8138-3d37937df3c4\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"7e6a9721-9b26-11ec-8138-3d37937df3c4\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"flow.src.l4.port.id: 1812 OR flow.src.l4.port.id: 1645\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"9fcf5aee-4b37-4445-874f-ad2785387e27","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Locality, Service - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Locality, Service - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Servers - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Servers - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Servers\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.ip.addr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d279fdf0-3e53-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzYsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"d5ae3d0e-c956-48d8-ba40-0fc96802b052\"},\"panelIndex\":\"d5ae3d0e-c956-48d8-ba40-0fc96802b052\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f7455ad4-bce8-4eb7-a9a4-9e8e2a012c05\"},\"panelIndex\":\"f7455ad4-bce8-4eb7-a9a4-9e8e2a012c05\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"4a7ca626-f214-429f-b5e5-db9c8d73109a\"},\"panelIndex\":\"4a7ca626-f214-429f-b5e5-db9c8d73109a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"3062fd4a-fc63-41aa-96b7-f9dc11e2e29a\"},\"panelIndex\":\"3062fd4a-fc63-41aa-96b7-f9dc11e2e29a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"02f8c0e3-2a43-4322-98c9-7a945e0e1b8a\"},\"panelIndex\":\"02f8c0e3-2a43-4322-98c9-7a945e0e1b8a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"76652d5d-2ee2-4222-ae36-74424283d963\"},\"panelIndex\":\"76652d5d-2ee2-4222-ae36-74424283d963\",\"embeddableConfig\":{\"title\":\"Throughput (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"3430d37c-4d14-4e0f-8354-4079e26669c9\"},\"panelIndex\":\"3430d37c-4d14-4e0f-8354-4079e26669c9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"72e24e2b-432d-46a4-bd30-a2e27a25a488\"},\"panelIndex\":\"72e24e2b-432d-46a4-bd30-a2e27a25a488\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"c5b72aa7-f1a8-4664-8cd8-93eb5542295d\"},\"panelIndex\":\"c5b72aa7-f1a8-4664-8cd8-93eb5542295d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"b71abd33-4da5-4a3d-8074-6a2a4be9b360\"},\"panelIndex\":\"b71abd33-4da5-4a3d-8074-6a2a4be9b360\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Talkers","version":1},"id":"a000b640-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"18500ff0-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"97c2bfb0-3e5f-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"9aeb1f40-3e53-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"d279fdf0-3e53-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): IP Reputations (flows) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Conversations\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\",\"filter\":{\"query\":\"sec.threat.name: *\",\"language\":\"kuery\"}},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Threats\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\",\"terms_field\":\"sec.threat.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_min\":\"0\"}}"},"id":"a41dd6a0-75c8-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23]}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23]}}]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a5007b90-c49b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExMzksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"a6cf5910-3e04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a804a940-c33a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a8a4d7e0-c39d-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a9ce8930-c3fd-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND flow.src.l4.port.id: 67 AND flow.dst.l4.port.id: 68 AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"f69afbe0-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.ip.addr\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.ip.addr\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d4ee60e0-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"e9e16290-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.ip.addr\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.ip.addr\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"fff448a0-9b93-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Relayed Messages by src/dst - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Relayed Messages by src/dst - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Relay\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d9c7acb0-c304-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDgsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"w\":28,\"x\":0,\"y\":0},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"1ebd7429-fc09-4785-a063-2e866346e88e\",\"w\":15,\"x\":28,\"y\":0},\"panelIndex\":\"1ebd7429-fc09-4785-a063-2e866346e88e\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"7779fb3a-fd13-41ac-90de-b70849a7df6e\",\"w\":5,\"x\":0,\"y\":4},\"panelIndex\":\"7779fb3a-fd13-41ac-90de-b70849a7df6e\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"63b829fd-6861-475f-a57e-9acd67cf7ff9\",\"w\":5,\"x\":5,\"y\":4},\"panelIndex\":\"63b829fd-6861-475f-a57e-9acd67cf7ff9\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"d4386109-9d7b-46d9-ad63-635c42c14d2f\",\"w\":5,\"x\":10,\"y\":4},\"panelIndex\":\"d4386109-9d7b-46d9-ad63-635c42c14d2f\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"39c9a04e-0008-472e-a3b8-50583781d9ae\",\"w\":5,\"x\":15,\"y\":4},\"panelIndex\":\"39c9a04e-0008-472e-a3b8-50583781d9ae\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":14,\"i\":\"f25b852b-ff69-4b28-ac75-ee25b7271538\",\"w\":28,\"x\":20,\"y\":4},\"panelIndex\":\"f25b852b-ff69-4b28-ac75-ee25b7271538\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":9,\"i\":\"5528dfd0-9be9-410c-b656-7045a394b233\",\"w\":10,\"x\":0,\"y\":9},\"panelIndex\":\"5528dfd0-9be9-410c-b656-7045a394b233\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":9,\"i\":\"5bb2c88e-540a-4dbd-87d6-aac3322fa05c\",\"w\":10,\"x\":10,\"y\":9},\"panelIndex\":\"5bb2c88e-540a-4dbd-87d6-aac3322fa05c\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"c27cd9a7-ef4c-4920-a252-6088129109a0\",\"w\":8,\"x\":0,\"y\":18},\"panelIndex\":\"c27cd9a7-ef4c-4920-a252-6088129109a0\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"af7ca5a0-2662-4166-b4e4-d8450b040da9\",\"w\":8,\"x\":8,\"y\":18},\"panelIndex\":\"af7ca5a0-2662-4166-b4e4-d8450b040da9\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"9ecda662-2439-44fc-a0b1-97fc40279ed9\",\"w\":8,\"x\":16,\"y\":18},\"panelIndex\":\"9ecda662-2439-44fc-a0b1-97fc40279ed9\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"51705b8e-4c42-45a4-8368-b9286ae9124c\",\"w\":8,\"x\":24,\"y\":18},\"panelIndex\":\"51705b8e-4c42-45a4-8368-b9286ae9124c\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"ba3d074c-192f-4743-a763-e2d4632109a6\",\"w\":9,\"x\":32,\"y\":18},\"panelIndex\":\"ba3d074c-192f-4743-a763-e2d4632109a6\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":23,\"i\":\"430db51d-c9d0-4814-b854-1cbab39afa22\",\"w\":7,\"x\":41,\"y\":18},\"panelIndex\":\"430db51d-c9d0-4814-b854-1cbab39afa22\",\"version\":\"7.10.0\",\"panelRefName\":\"panel_15\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (DHCP)","version":1},"id":"a9f3e040-9b94-11ec-a4df-e940aaa4214d","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"31c96f80-9b95-11ec-a4df-e940aaa4214d","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"682aeb00-c4c4-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"05a49fb0-9b95-11ec-a4df-e940aaa4214d","name":"panel_4","type":"visualization"},{"id":"f69afbe0-9b94-11ec-a4df-e940aaa4214d","name":"panel_5","type":"visualization"},{"id":"62e79640-c305-11ec-aaf3-5b4644130c7f","name":"panel_6","type":"visualization"},{"id":"1d489090-9b95-11ec-a4df-e940aaa4214d","name":"panel_7","type":"visualization"},{"id":"d4ee60e0-9b94-11ec-a4df-e940aaa4214d","name":"panel_8","type":"visualization"},{"id":"e9e16290-9b94-11ec-a4df-e940aaa4214d","name":"panel_9","type":"visualization"},{"id":"fff448a0-9b93-11ec-a4df-e940aaa4214d","name":"panel_10","type":"visualization"},{"id":"37087910-9b94-11ec-a4df-e940aaa4214d","name":"panel_11","type":"visualization"},{"id":"5a7588c0-9b94-11ec-a4df-e940aaa4214d","name":"panel_12","type":"visualization"},{"id":"76e6b920-9b94-11ec-a4df-e940aaa4214d","name":"panel_13","type":"visualization"},{"id":"d9c7acb0-c304-11ec-aaf3-5b4644130c7f","name":"panel_14","type":"visualization"},{"id":"7c3745e0-c306-11ec-aaf3-5b4644130c7f","name":"panel_15","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNDksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Community Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Community Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.community.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Sessions\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"e837f720-3e5b-11eb-83e8-ef8dac1c189d\"}],\"time_range_mode\":\"entire_time_range\"}}"},"id":"aa0dbe60-9d98-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flow Records (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788) | [Src/Dst](#/dashboard/bf9f8a70-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"da205850-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTEsMV0="}
{"attributes":{"columns":["flow.conversation.id","flow.export.host.name","flow.client.host.name","flow.server.host.name","flow.server.l4.port.name","flow.bytes","flow.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.client.ip.addr\"}},{\"exists\":{\"field\":\"flow.server.ip.addr\"}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.client.ip.addr\\\"}},{\\\"exists\\\":{\\\"field\\\":\\\"flow.server.ip.addr\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"ElastiFlow (flow): Flow Records (client/server) - search","version":1},"id":"e797bd40-3f10-11eb-bc2c-c5758316d788","migrationVersion":{"search":"7.9.3"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTIsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"9d130e1e-6975-4a94-923d-4c5371b580b1\"},\"panelIndex\":\"9d130e1e-6975-4a94-923d-4c5371b580b1\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"9c48f2a0-f965-4fc2-8a12-135e9efb896f\"},\"panelIndex\":\"9c48f2a0-f965-4fc2-8a12-135e9efb896f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"2afab535-1aa3-4849-aee3-b66ccd85c75a\"},\"panelIndex\":\"2afab535-1aa3-4849-aee3-b66ccd85c75a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":10,\"i\":\"a5aa4d1c-b039-468b-a5f3-7f71a6308513\"},\"panelIndex\":\"a5aa4d1c-b039-468b-a5f3-7f71a6308513\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"25ef49e8-82cb-4130-a1b2-d1e99929ae6a\"},\"panelIndex\":\"25ef49e8-82cb-4130-a1b2-d1e99929ae6a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":10,\"i\":\"9e924cca-ac9c-4737-81d3-ec6600d91b88\"},\"panelIndex\":\"9e924cca-ac9c-4737-81d3-ec6600d91b88\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":5,\"i\":\"83199726-082c-4e5e-a3d5-6be88c58cf25\"},\"panelIndex\":\"83199726-082c-4e5e-a3d5-6be88c58cf25\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"b88d41a3-7eea-4616-926d-60ac952cbc5b\"},\"panelIndex\":\"b88d41a3-7eea-4616-926d-60ac952cbc5b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Records (client/server)","version":1},"id":"abfed250-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"06d52ff0-3d43-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"da205850-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"1a9e1fe0-3f0c-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"93fddf80-3f0f-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"8b5fb750-3f0e-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"9bc40400-3e5c-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"e797bd40-3f10-11eb-bc2c-c5758316d788","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Exporters (records) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporters (records) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":299,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":15,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"}}"},"id":"ad2e3620-3d35-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTQsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"bdf7a793-86c9-47ab-b1e0-5dc36705ccfd\"},\"panelIndex\":\"bdf7a793-86c9-47ab-b1e0-5dc36705ccfd\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"b6a9acf4-0ba0-486a-882d-e883482c66e3\"},\"panelIndex\":\"b6a9acf4-0ba0-486a-882d-e883482c66e3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"17a9df37-b087-4f13-8af1-250f9b1eeab7\"},\"panelIndex\":\"17a9df37-b087-4f13-8af1-250f9b1eeab7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":24,\"h\":5,\"i\":\"fb45a1fd-ea66-4bd7-b1f2-a4a7cd775bfd\"},\"panelIndex\":\"fb45a1fd-ea66-4bd7-b1f2-a4a7cd775bfd\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":24,\"h\":2,\"i\":\"c5a59524-1395-488e-a52a-67ffd6bbee39\"},\"panelIndex\":\"c5a59524-1395-488e-a52a-67ffd6bbee39\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":6,\"w\":24,\"h\":11,\"i\":\"196cd583-3f35-4f8a-b5a6-73c694833b4a\"},\"panelIndex\":\"196cd583-3f35-4f8a-b5a6-73c694833b4a\",\"embeddableConfig\":{\"title\":\"Observed Traffic (flow records/s)\",\"hidePanelTitles\":false},\"title\":\"Observed Traffic (flow records/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":32,\"i\":\"884e12ad-0be7-4bbc-9725-759faf86a7ee\"},\"panelIndex\":\"884e12ad-0be7-4bbc-9725-759faf86a7ee\",\"embeddableConfig\":{\"title\":\"Observed Traffic (records)\",\"hidePanelTitles\":false},\"title\":\"Observed Traffic (records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":12,\"i\":\"b234fa0a-c920-4d04-b1c8-785a92604bd7\"},\"panelIndex\":\"b234fa0a-c920-4d04-b1c8-785a92604bd7\",\"embeddableConfig\":{\"title\":\"Observed Traffic (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Observed Traffic (bits/s)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":29,\"w\":24,\"h\":12,\"i\":\"f6ce803b-ec0e-4686-8807-1c9c9e69b3c0\"},\"panelIndex\":\"f6ce803b-ec0e-4686-8807-1c9c9e69b3c0\",\"embeddableConfig\":{\"title\":\"Observed Traffic (pkts/s)\",\"hidePanelTitles\":false},\"title\":\"Observed Traffic (pkts/s)\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Exporters (metrics)","version":1},"id":"ac3e8880-3d41-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"dc9329e0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"722d6460-3d44-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"0f371ce0-3ecd-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"11e668f0-3ece-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"ad2e3620-3d35-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"9b0bb110-3ecb-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"831f5010-3ecc-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (IP Reputations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (IP Reputations)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[**IP Reputation**](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"ae161b80-c48d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ae98dbf0-3d30-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"aff13960-c467-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTgsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"89c24646-f6ce-4def-857c-f04ea7d036c0\"},\"panelIndex\":\"89c24646-f6ce-4def-857c-f04ea7d036c0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"fb286cba-33ac-4b88-989b-be068fc45f37\"},\"panelIndex\":\"fb286cba-33ac-4b88-989b-be068fc45f37\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"b42d9704-1f0c-4315-9d1f-656f543400a3\"},\"panelIndex\":\"b42d9704-1f0c-4315-9d1f-656f543400a3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"73ee9463-c8eb-4aa0-b706-3dd9b9c9a5f7\"},\"panelIndex\":\"73ee9463-c8eb-4aa0-b706-3dd9b9c9a5f7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"bba27f42-3451-4d63-8efd-25d608d4fde8\"},\"panelIndex\":\"bba27f42-3451-4d63-8efd-25d608d4fde8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"19ace06e-fa5c-4803-9f92-5def5b1f1fce\"},\"panelIndex\":\"19ace06e-fa5c-4803-9f92-5def5b1f1fce\",\"embeddableConfig\":{\"title\":\"Throughput (bits/s)\",\"hidePanelTitles\":true},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"06ddc035-d17c-45fc-8a22-bad8529004be\"},\"panelIndex\":\"06ddc035-d17c-45fc-8a22-bad8529004be\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"7c47a3d8-00e9-4173-8576-6b79d472ab55\"},\"panelIndex\":\"7c47a3d8-00e9-4173-8576-6b79d472ab55\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"42b4e982-5281-4059-9a22-660daae3850b\"},\"panelIndex\":\"42b4e982-5281-4059-9a22-660daae3850b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"6ac28860-28f0-4bd6-9f96-eea3e2cc5d53\"},\"panelIndex\":\"6ac28860-28f0-4bd6-9f96-eea3e2cc5d53\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Services","version":1},"id":"b088bcb0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"230d6410-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"051bf440-3e61-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"4ba1a880-3e55-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"17487960-3e55-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNTksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Applications - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Applications - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"app.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Applications\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b3a920c0-3e55-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"exists\":{\"field\":\"flow.server.sec.threat.name\"},\"meta\":{\"type\":\"exists\",\"disabled\":false,\"negate\":false,\"alias\":\"Bad Server Reputation\",\"key\":\"flow.server.sec.threat.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): High-Risk Clients (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: High-Risk Clients (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"High-Risk Clients\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b56b5eb0-75c2-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Source\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b6338a20-c40e-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b7b2c502-3d50-4c53-bd0f-1f7e560dde08","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"flow.export.type\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"flow.export.type\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b90b5fe0-c3da-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers and Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Services (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"b9ba5e30-3d32-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (RECON)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (RECON)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [DDoS Flood](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [**RECON**](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"fa278d30-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[]},\"meta\":{\"alias\":\"ICMP Echo Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"cf3d02b0-c343-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjcsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"1592194a-8cb9-41a9-a982-24b60b07a1b6\"},\"panelIndex\":\"1592194a-8cb9-41a9-a982-24b60b07a1b6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\"},\"panelIndex\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"e625b48e-33f4-4241-91c6-949cbcb8e9c4\"},\"panelIndex\":\"e625b48e-33f4-4241-91c6-949cbcb8e9c4\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"80ff4c5f-ea11-4ff3-80c5-e160dc8316a8\"},\"panelIndex\":\"80ff4c5f-ea11-4ff3-80c5-e160dc8316a8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c49202db-477e-4d97-a3a4-8fb8b7e62c2f\"},\"panelIndex\":\"c49202db-477e-4d97-a3a4-8fb8b7e62c2f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"474dcd96-d6cb-450e-bfac-77d99586934c\"},\"panelIndex\":\"474dcd96-d6cb-450e-bfac-77d99586934c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"a0735619-998c-406b-a096-0e1d39761536\"},\"panelIndex\":\"a0735619-998c-406b-a096-0e1d39761536\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":14,\"h\":32,\"i\":\"69d29d1c-c318-4bbf-88be-05debcde7c3f\"},\"panelIndex\":\"69d29d1c-c318-4bbf-88be-05debcde7c3f\",\"embeddableConfig\":{\"title\":\"Port Scan (Public)\",\"hidePanelTitles\":false},\"title\":\"Port Scan (Public)\",\"panelRefName\":\"panel_9\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":14,\"y\":9,\"w\":14,\"h\":32,\"i\":\"99e1761d-0505-4611-a341-f474bfa95519\"},\"panelIndex\":\"99e1761d-0505-4611-a341-f474bfa95519\",\"embeddableConfig\":{\"title\":\"Port Scan (Private)\",\"hidePanelTitles\":false},\"title\":\"Port Scan (Private)\",\"panelRefName\":\"panel_10\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":28,\"y\":9,\"w\":10,\"h\":32,\"i\":\"30c2fc5a-7b5d-4ff3-848e-5f9970175fba\"},\"panelIndex\":\"30c2fc5a-7b5d-4ff3-848e-5f9970175fba\",\"embeddableConfig\":{\"title\":\"ICMP Echo (Public)\",\"hidePanelTitles\":false},\"title\":\"ICMP Echo (Public)\",\"panelRefName\":\"panel_11\"},{\"version\":\"1.0.0\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":32,\"i\":\"9084f85f-9f73-43e5-a0cf-303eea6783bc\"},\"panelIndex\":\"9084f85f-9f73-43e5-a0cf-303eea6783bc\",\"embeddableConfig\":{\"title\":\"ICMP Echo (Private)\",\"hidePanelTitles\":false},\"title\":\"ICMP Echo (Private)\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (RECON)","version":1},"id":"b9cd6a90-c48e-11ec-a49f-6168cd647191","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"fa278d30-c495-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"5fc57d50-c487-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"53adda40-c490-11ec-a49f-6168cd647191","name":"panel_4","type":"visualization"},{"id":"851359f0-c492-11ec-a49f-6168cd647191","name":"panel_5","type":"visualization"},{"id":"6c8e1ee0-c494-11ec-a49f-6168cd647191","name":"panel_6","type":"visualization"},{"id":"0ca342c0-c495-11ec-a49f-6168cd647191","name":"panel_7","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"028aac60-c490-11ec-a49f-6168cd647191","name":"panel_9","type":"visualization"},{"id":"1ff8f860-c346-11ec-aaf3-5b4644130c7f","name":"panel_10","type":"visualization"},{"id":"5c6bd160-c48f-11ec-a49f-6168cd647191","name":"panel_11","type":"visualization"},{"id":"cf3d02b0-c343-11ec-aaf3-5b4644130c7f","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"baf01140-9d81-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNjksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Service, Established - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Service, Established - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"flow.export.host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"id":"beca7d30-75d4-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"control_2_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flow Records (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/abfed250-3d3f-11eb-bc2c-c5758316d788) | [**Src/Dst**](#/dashboard/bf9f8a70-3d3f-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"e801f6e0-3d46-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Records/s (src/dst) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Records/s (src/dst) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"61c95a90-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"646736f0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"d49ad360-3e59-11eb-a91f-1f1f49d730ed\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"type\":\"count\",\"field\":\"flow.bytes\"},{\"id\":\"2b017560-3f0e-11eb-8fe0-a51500598689\",\"type\":\"calculation\",\"variables\":[{\"id\":\"2e9d39c0-3f0e-11eb-8fe0-a51500598689\",\"name\":\"count\",\"field\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Flow Types\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"d49ad361-3e59-11eb-a91f-1f1f49d730ed\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"filter\":{\"query\":\"flow.src.ip.addr: * AND flow.dst.ip.addr: *\",\"language\":\"kuery\"}}}"},"id":"d786d060-9d94-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzIsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"9a294251-20cf-4d94-ba56-d9d0a0cf8987\"},\"panelIndex\":\"9a294251-20cf-4d94-ba56-d9d0a0cf8987\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"4daf2414-af00-4b6e-896d-07368c73615f\"},\"panelIndex\":\"4daf2414-af00-4b6e-896d-07368c73615f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"d6fb0873-a978-4e9b-adaa-ad47e4a1ff5f\"},\"panelIndex\":\"d6fb0873-a978-4e9b-adaa-ad47e4a1ff5f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":10,\"i\":\"9762091d-473e-4157-93e3-2b4c01f19b26\"},\"panelIndex\":\"9762091d-473e-4157-93e3-2b4c01f19b26\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"5df778e6-7791-4e11-bc12-423e44135b5b\"},\"panelIndex\":\"5df778e6-7791-4e11-bc12-423e44135b5b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":10,\"i\":\"ae09239d-128b-4350-a5e6-8131e02f4bb9\"},\"panelIndex\":\"ae09239d-128b-4350-a5e6-8131e02f4bb9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":5,\"i\":\"4e8a9cee-c02d-41a8-9d55-be201ea1f2b8\"},\"panelIndex\":\"4e8a9cee-c02d-41a8-9d55-be201ea1f2b8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"5b609d60-4832-436f-893e-3bd7afae98c9\"},\"panelIndex\":\"5b609d60-4832-436f-893e-3bd7afae98c9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Records (src/dst)","version":1},"id":"bf9f8a70-3d3f-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"06d52ff0-3d43-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"e801f6e0-3d46-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"1a9e1fe0-3f0c-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"4a68d6d0-9d97-11ec-a4df-e940aaa4214d","name":"panel_4","type":"visualization"},{"id":"d786d060-9d94-11ec-a4df-e940aaa4214d","name":"panel_5","type":"visualization"},{"id":"aa0dbe60-9d98-11ec-a4df-e940aaa4214d","name":"panel_6","type":"visualization"},{"id":"78b035a0-3f11-11eb-bc2c-c5758316d788","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzMsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"20b572a3-961c-4e47-b17c-af96003e5606\"},\"panelIndex\":\"20b572a3-961c-4e47-b17c-af96003e5606\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"19b1ecb4-533d-4ded-a17a-7f2d8af38caf\"},\"panelIndex\":\"19b1ecb4-533d-4ded-a17a-7f2d8af38caf\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"1e5b1e06-7cd2-49a7-9f8d-e72b0b6b129e\"},\"panelIndex\":\"1e5b1e06-7cd2-49a7-9f8d-e72b0b6b129e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"d4210038-999a-467f-bb0b-e64906069f55\"},\"panelIndex\":\"d4210038-999a-467f-bb0b-e64906069f55\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"9072ad07-6e82-40c8-8f50-e48700f76095\"},\"panelIndex\":\"9072ad07-6e82-40c8-8f50-e48700f76095\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"821337cb-33a4-416d-95e8-0e49aad13b6a\"},\"panelIndex\":\"821337cb-33a4-416d-95e8-0e49aad13b6a\",\"embeddableConfig\":{\"title\":\"Throughput (bits/s)\",\"hidePanelTitles\":false},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"d3492ccf-dc3a-49bf-9222-b4f81659c3d6\"},\"panelIndex\":\"d3492ccf-dc3a-49bf-9222-b4f81659c3d6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"47705264-40e5-4f44-a660-8291426f4ea0\"},\"panelIndex\":\"47705264-40e5-4f44-a660-8291426f4ea0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":48,\"h\":23,\"i\":\"c54b4a9a-1ed7-43c1-a4fc-9871b4eae94f\"},\"panelIndex\":\"c54b4a9a-1ed7-43c1-a4fc-9871b4eae94f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Conversations","version":1},"id":"c2da3880-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"0c217890-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f270e340-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"9bc40400-3e5c-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"5c04ec10-3e59-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"1ec922a0-3e61-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"6dd43c00-3e0b-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzQsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP (server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[Client](#/dashboard/3b3adf00-3d3f-11eb-bc2c-c5758316d788) | [**Server**](#/dashboard/c3e77260-3eb5-11eb-bc2c-c5758316d788) | [Source](#/dashboard/460b45f0-3d3f-11eb-bc2c-c5758316d788) | [Destination](#/dashboard/e794e670-3eb5-11eb-bc2c-c5758316d788)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"e3877f10-3eb6-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzUsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\"},\"panelIndex\":\"5d06bf0c-b97f-41d9-9f5e-82a38ad0ddf8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"c5794321-e8ef-4e40-99a4-2696a43339e7\"},\"panelIndex\":\"c5794321-e8ef-4e40-99a4-2696a43339e7\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"48b01687-fddc-4f99-8195-04d77db8dd66\"},\"panelIndex\":\"48b01687-fddc-4f99-8195-04d77db8dd66\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"d35f1697-1274-4159-bdab-83159a87a41c\"},\"panelIndex\":\"d35f1697-1274-4159-bdab-83159a87a41c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"d8430fa3-ca28-455e-a276-930a60d6839f\"},\"panelIndex\":\"d8430fa3-ca28-455e-a276-930a60d6839f\",\"embeddableConfig\":{\"title\":\"Client Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Countries (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"175b3012-aaef-4dcc-8dc7-7a111cec7fb3\"},\"panelIndex\":\"175b3012-aaef-4dcc-8dc7-7a111cec7fb3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"46146688-467d-42a2-ae53-5ae2b2061389\"},\"panelIndex\":\"46146688-467d-42a2-ae53-5ae2b2061389\",\"embeddableConfig\":{\"title\":\"Server Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Countries (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\"},\"panelIndex\":\"70eb9e12-1c7c-48dc-822b-477c7cb8ebb2\",\"embeddableConfig\":{\"title\":\"Client Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Cities (flow records)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"92329eb4-2cad-48df-b21b-656f53c9377a\"},\"panelIndex\":\"92329eb4-2cad-48df-b21b-656f53c9377a\",\"embeddableConfig\":{\"title\":\"Server Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Cities (flow records)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\"},\"panelIndex\":\"59db0235-9c7f-416b-81be-d78ea0fb29f7\",\"embeddableConfig\":{\"title\":\"Client Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Client Time Zones (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\"},\"panelIndex\":\"b00704ca-ba57-4d3b-b8c6-ec01a6782d8f\",\"embeddableConfig\":{\"title\":\"Server Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Server Time Zones (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow (flow): Geo Location (server)","version":1},"id":"c3e77260-3eb5-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"e3877f10-3eb6-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"944a8560-3d4d-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"27474670-3eb4-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"9a4a4cf0-3eb7-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"fa5c23f0-3eb4-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"0a621e90-3eb4-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"17e74fd0-3eb5-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"48e47820-3eb4-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"d58dfda0-3eb4-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"UDP\"}},{\"terms\":{\"flow.src.l4.port.id\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"UDP\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.ip.addr\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"c668d220-c40d-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"c89e2590-c345-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"cb8e25b0-c3aa-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExNzksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Remote Desktop Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}},{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Remote Desktop Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"cdbcf310-c49b-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.src.l4.port.id\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.src.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.dst.l4.port.id\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.dst.l4.port.id\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d1068450-9d81-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}}]},\"meta\":{\"alias\":\"ICMP\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"icmp.type.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"ICMP Type\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"icmp.code.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"ICMP Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d15ecc70-c39f-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Countries (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d4558da0-3e04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d4ca6ff9-e8cf-4ce1-bc95-4ebcf77b60f9","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODQsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"0752f037-b31d-4a81-92fd-457c4ab782cb\"},\"panelIndex\":\"0752f037-b31d-4a81-92fd-457c4ab782cb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"4837436f-f86a-49aa-a60a-1e9ec62e9407\"},\"panelIndex\":\"4837436f-f86a-49aa-a60a-1e9ec62e9407\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"562f484f-8184-4b5a-b3ab-409419ba6ea6\"},\"panelIndex\":\"562f484f-8184-4b5a-b3ab-409419ba6ea6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"ea2ed7fa-bf71-4291-bd7a-0522451028f8\"},\"panelIndex\":\"ea2ed7fa-bf71-4291-bd7a-0522451028f8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"182f8712-1773-4a9d-988a-5d59984de343\"},\"panelIndex\":\"182f8712-1773-4a9d-988a-5d59984de343\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"b15e6ced-8999-459b-bd36-c1499cd9267d\"},\"panelIndex\":\"b15e6ced-8999-459b-bd36-c1499cd9267d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"9bbff89d-82f1-4ceb-b068-bcef2ef809dc\"},\"panelIndex\":\"9bbff89d-82f1-4ceb-b068-bcef2ef809dc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"f2a4d19a-5c8e-45c0-893c-98e6294a0d3c\"},\"panelIndex\":\"f2a4d19a-5c8e-45c0-893c-98e6294a0d3c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"fa95c4a9-a7fc-4584-9527-cab868de6d39\"},\"panelIndex\":\"fa95c4a9-a7fc-4584-9527-cab868de6d39\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"7be19337-a56c-4e41-8744-4ece97dc6630\"},\"panelIndex\":\"7be19337-a56c-4e41-8744-4ece97dc6630\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Applications","version":1},"id":"d4e18bf0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"5a3a5400-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"2f8a90a0-3d45-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"4ea0e4d0-3d4f-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"2f9ed3e0-3e61-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"2f03c500-3e64-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"756aa270-3e5f-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"b3a920c0-3e55-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"9aeb1f40-3e53-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}}],\"must_not\":[{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d9e319b0-c411-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client AS/server AS) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client AS/server AS) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.client.as.label\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.server.as.label\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"flow.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client AS\\\", \\\"Server AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"id":"dcb4d670-3e65-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"de4e45b0-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (DDoS Flood)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (DDoS Flood)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/f7fbc0b0-3d3e-11eb-bc2c-c5758316d788) | [DDoS TCP](#/dashboard/0774f5d0-c348-11ec-aaf3-5b4644130c7f) | [**DDoS Flood**](#/dashboard/e0ffa950-c472-11ec-a49f-6168cd647191) | [RECON](#/dashboard/b9cd6a90-c48e-11ec-a49f-6168cd647191) | [Brute Force](#/dashboard/9e8ee9a0-c495-11ec-a49f-6168cd647191)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"e75a9fd0-c495-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExODksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Messages - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":200,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":2000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":20000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"(l4.proto.name: \\\"ICMP\\\" OR l4.proto.name: \\\"IPv6-ICMP\\\") AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Messages\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"f89c9de0-c489-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"0fd4d5a0-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"bc4d3570-c47f-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"a756e2f0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":50000,\"id\":\"b79e36e0-c480-11ec-a22a-7b3ac1578417\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"}],\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"(l4.proto.name: \\\"ICMP\\\" OR l4.proto.name: \\\"IPv6-ICMP\\\") AND NOT flow.src.as.org: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"ICMP Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\",\"field\":\"flow.src.ip.addr\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"},"id":"f37dff80-c488-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTEsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"5609d268-4c81-43a9-8c3c-1f56934b9334\"},\"panelIndex\":\"5609d268-4c81-43a9-8c3c-1f56934b9334\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\"},\"panelIndex\":\"96ea5c44-f6e4-4970-923b-f9553a843fc0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"b49af91f-5e84-4c53-a067-9add862c1d15\"},\"panelIndex\":\"b49af91f-5e84-4c53-a067-9add862c1d15\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"cfee2852-f7f9-44a0-bc77-4270abd32c5b\"},\"panelIndex\":\"cfee2852-f7f9-44a0-bc77-4270abd32c5b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"712bd9c0-1c24-499f-b9cd-ca10512a1d4f\"},\"panelIndex\":\"712bd9c0-1c24-499f-b9cd-ca10512a1d4f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9af5771e-3507-4114-aa1a-12dc0a88e8cb\"},\"panelIndex\":\"9af5771e-3507-4114-aa1a-12dc0a88e8cb\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9a899328-ae14-4f50-8185-f0237f5b7606\"},\"panelIndex\":\"9a899328-ae14-4f50-8185-f0237f5b7606\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":22,\"h\":32,\"i\":\"34ecb7be-696a-4829-9397-603e5615a000\"},\"panelIndex\":\"34ecb7be-696a-4829-9397-603e5615a000\",\"embeddableConfig\":{\"title\":\"UDP Amplification (Public)\",\"hidePanelTitles\":false},\"title\":\"UDP Amplification (Public)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":22,\"y\":9,\"w\":15,\"h\":32,\"i\":\"6f1b2597-6597-4753-9820-9047e66b7ab8\"},\"panelIndex\":\"6f1b2597-6597-4753-9820-9047e66b7ab8\",\"embeddableConfig\":{\"title\":\"ICMP Messages (Public)\",\"hidePanelTitles\":false},\"title\":\"ICMP Messages (Public)\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":32,\"i\":\"93d18a20-25bd-4516-8451-f350a7975b58\"},\"panelIndex\":\"93d18a20-25bd-4516-8451-f350a7975b58\",\"embeddableConfig\":{\"title\":\"ICMP Sources (Public)\",\"hidePanelTitles\":false},\"title\":\"ICMP Sources (Public)\",\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (DDoS Flood)","version":1},"id":"e0ffa950-c472-11ec-a49f-6168cd647191","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"e75a9fd0-c495-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"5fc57d50-c487-11ec-a49f-6168cd647191","name":"panel_3","type":"visualization"},{"id":"1e22fb30-c48b-11ec-a49f-6168cd647191","name":"panel_4","type":"visualization"},{"id":"1f4a6ec0-c48c-11ec-a49f-6168cd647191","name":"panel_5","type":"visualization"},{"id":"8ba5fee0-c48c-11ec-a49f-6168cd647191","name":"panel_6","type":"visualization"},{"id":"f89c9de0-c489-11ec-a49f-6168cd647191","name":"panel_7","type":"visualization"},{"id":"f37dff80-c488-11ec-a49f-6168cd647191","name":"panel_8","type":"visualization"},{"id":"16000b60-c467-11ec-a49f-6168cd647191","name":"panel_9","type":"visualization"},{"id":"aff13960-c467-11ec-a49f-6168cd647191","name":"panel_10","type":"visualization"},{"id":"850fe610-c467-11ec-a49f-6168cd647191","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"e146ffd0-3e04-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (NTP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (NTP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[RADIUS](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [**NTP**](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"fae19390-9d73-11ec-a4df-e940aaa4214d","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTQsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"310bed0d-85b1-4fd6-a3e8-54a6a7fd461b\"},\"panelIndex\":\"310bed0d-85b1-4fd6-a3e8-54a6a7fd461b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":7,\"h\":5,\"i\":\"44007a2f-7e53-40a8-9a8f-12a7bfdef25a\"},\"panelIndex\":\"44007a2f-7e53-40a8-9a8f-12a7bfdef25a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":7,\"y\":4,\"w\":7,\"h\":5,\"i\":\"f84dbe69-588e-48bd-859d-99948dfda0ae\"},\"panelIndex\":\"f84dbe69-588e-48bd-859d-99948dfda0ae\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":14,\"y\":4,\"w\":7,\"h\":5,\"i\":\"bda4c5c2-4646-4d1b-983d-fcd5c6fcdc12\"},\"panelIndex\":\"bda4c5c2-4646-4d1b-983d-fcd5c6fcdc12\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":21,\"y\":4,\"w\":27,\"h\":14,\"i\":\"665b8aee-3aba-4f5a-b7f6-0f27b22dbc12\"},\"panelIndex\":\"665b8aee-3aba-4f5a-b7f6-0f27b22dbc12\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":9,\"i\":\"7f5e099d-c11d-4873-acd5-bfc0eaba2934\"},\"panelIndex\":\"7f5e099d-c11d-4873-acd5-bfc0eaba2934\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":9,\"i\":\"ad540009-42e0-49c5-b248-763fb014e3b0\"},\"panelIndex\":\"ad540009-42e0-49c5-b248-763fb014e3b0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":20,\"y\":9,\"w\":1,\"h\":9,\"i\":\"95041dc2-b8d4-46c4-8fb7-b583d6f8a125\"},\"panelIndex\":\"95041dc2-b8d4-46c4-8fb7-b583d6f8a125\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":8,\"h\":23,\"i\":\"d5badb3f-d001-4b50-bab9-7bef1038d71e\"},\"panelIndex\":\"d5badb3f-d001-4b50-bab9-7bef1038d71e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":18,\"w\":8,\"h\":23,\"i\":\"a090888c-04b5-4d61-a285-3ce8f5bcd005\"},\"panelIndex\":\"a090888c-04b5-4d61-a285-3ce8f5bcd005\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":18,\"w\":8,\"h\":23,\"i\":\"190550f7-ba96-4aa1-b472-ae6be84ecfe2\"},\"panelIndex\":\"190550f7-ba96-4aa1-b472-ae6be84ecfe2\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":8,\"h\":23,\"i\":\"fae91842-2c59-4872-a1d7-588ccc92c63e\"},\"panelIndex\":\"fae91842-2c59-4872-a1d7-588ccc92c63e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":32,\"y\":18,\"w\":9,\"h\":23,\"i\":\"a9fc5ffd-6bbd-4611-9e50-bd37376a099c\"},\"panelIndex\":\"a9fc5ffd-6bbd-4611-9e50-bd37376a099c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":41,\"y\":18,\"w\":7,\"h\":23,\"i\":\"c25a252d-abcb-4adc-b310-96062385f9b5\"},\"panelIndex\":\"c25a252d-abcb-4adc-b310-96062385f9b5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_15\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (NTP)","version":1},"id":"e2888380-9d73-11ec-a4df-e940aaa4214d","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"fae19390-9d73-11ec-a4df-e940aaa4214d","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"18a453c0-9d80-11ec-a4df-e940aaa4214d","name":"panel_3","type":"visualization"},{"id":"6175d650-9d80-11ec-a4df-e940aaa4214d","name":"panel_4","type":"visualization"},{"id":"8ff70cb0-9d80-11ec-a4df-e940aaa4214d","name":"panel_5","type":"visualization"},{"id":"17f41790-9d75-11ec-a4df-e940aaa4214d","name":"panel_6","type":"visualization"},{"id":"baf01140-9d81-11ec-a4df-e940aaa4214d","name":"panel_7","type":"visualization"},{"id":"d1068450-9d81-11ec-a4df-e940aaa4214d","name":"panel_8","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"087e6750-9d7c-11ec-a4df-e940aaa4214d","name":"panel_10","type":"visualization"},{"id":"389a61f0-9d7c-11ec-a4df-e940aaa4214d","name":"panel_11","type":"visualization"},{"id":"19505290-9d7d-11ec-a4df-e940aaa4214d","name":"panel_12","type":"visualization"},{"id":"40ef7330-9d7d-11ec-a4df-e940aaa4214d","name":"panel_13","type":"visualization"},{"id":"7e20b120-9d7c-11ec-a4df-e940aaa4214d","name":"panel_14","type":"visualization"},{"id":"9d7a0d50-9d7c-11ec-a4df-e940aaa4214d","name":"panel_15","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"flow.dst.l4.port.id\":[22,23,1494,3389]}},{\"range\":{\"flow.dst.l4.port.id\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}},{\"terms\":{\"flow.src.l4.port.id\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"flow.dst.l4.port.id\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"flow.dst.l4.port.id\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"flow.src.l4.port.id\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.src.l4.port.id\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"e2d7da50-c336-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.server.l4.port.id\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"e3cdb8c0-c346-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (flow records) - coord_map","uiStateJSON":"{\"mapZoom\":2,\"mapCenter\":[24.57585086389495,-13.23577880859375]}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations (flow records) - coord_map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"flow.dst.geo.loc.coord\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true,\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":20,\"attribution\":\"<a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a> | <a rel=\\\"noreferrer noopener\\\" href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a>\"}}}}"},"id":"f0111240-3eb7-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTgsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"c58defff-725c-4475-b0eb-f18996211d0d\"},\"panelIndex\":\"c58defff-725c-4475-b0eb-f18996211d0d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"af0cbe4d-5508-450e-aa71-4310a3cdadef\"},\"panelIndex\":\"af0cbe4d-5508-450e-aa71-4310a3cdadef\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"b05807cd-0371-44d4-a85b-b05813f10374\"},\"panelIndex\":\"b05807cd-0371-44d4-a85b-b05813f10374\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"7f8fb931-9547-405f-8742-562046c6f57f\"},\"panelIndex\":\"7f8fb931-9547-405f-8742-562046c6f57f\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"1a1e25be-b8ff-42b6-a9ca-db230af792cd\"},\"panelIndex\":\"1a1e25be-b8ff-42b6-a9ca-db230af792cd\",\"embeddableConfig\":{\"title\":\"Source Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Countries (flow records)\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"c3fc5ece-97d2-44f0-853b-1fe5923a3f94\"},\"panelIndex\":\"c3fc5ece-97d2-44f0-853b-1fe5923a3f94\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"96f13f07-feb1-4916-a354-5027a3a18dea\"},\"panelIndex\":\"96f13f07-feb1-4916-a354-5027a3a18dea\",\"embeddableConfig\":{\"title\":\"Destination Countries (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Countries (flow records)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"afa75173-aa04-4807-9ff4-47f4b766ed1b\"},\"panelIndex\":\"afa75173-aa04-4807-9ff4-47f4b766ed1b\",\"embeddableConfig\":{\"title\":\"Source Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Cities (flow records)\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"aff0bf1e-cbbc-44e6-b020-9391fe891a6f\"},\"panelIndex\":\"aff0bf1e-cbbc-44e6-b020-9391fe891a6f\",\"embeddableConfig\":{\"title\":\"Destination Cities (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Cities (flow records)\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"25986e2a-8709-4ad5-bbe1-d2f3f004764b\"},\"panelIndex\":\"25986e2a-8709-4ad5-bbe1-d2f3f004764b\",\"embeddableConfig\":{\"title\":\"Source Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Source Time Zones (flow records)\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"6fa5ab15-bdd1-4cd4-8cce-0a8138d6102e\"},\"panelIndex\":\"6fa5ab15-bdd1-4cd4-8cce-0a8138d6102e\",\"embeddableConfig\":{\"title\":\"Destination Time Zones (flow records)\",\"hidePanelTitles\":false},\"title\":\"Destination Time Zones (flow records)\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"ElastiFlow (flow): Geo Location (destination)","version":1},"id":"e794e670-3eb5-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"a89c6610-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"2d785450-3eb7-11eb-bc2c-c5758316d788","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"255234e0-3d4e-11eb-bc2c-c5758316d788","name":"panel_3","type":"visualization"},{"id":"2f596f60-3ec2-11eb-bc2c-c5758316d788","name":"panel_4","type":"visualization"},{"id":"f0111240-3eb7-11eb-bc2c-c5758316d788","name":"panel_5","type":"visualization"},{"id":"88fd95f0-3ec2-11eb-bc2c-c5758316d788","name":"panel_6","type":"visualization"},{"id":"5b2522b0-3ec2-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"ad428f10-3ec2-11eb-bc2c-c5758316d788","name":"panel_8","type":"visualization"},{"id":"47057690-3ec2-11eb-bc2c-c5758316d788","name":"panel_9","type":"visualization"},{"id":"c15fa320-3ec2-11eb-bc2c-c5758316d788","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzExOTksMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Responses\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.src.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"e7ab7b3a-2d17-45ba-9e40-a9a8b9323eae","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDAsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"l4.proto.name\":\"TCP\"}},{\"term\":{\"flow.server.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.client.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"l4.proto.name\\\":\\\"TCP\\\"}},{\\\"term\\\":{\\\"flow.server.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.client.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.client.ip.addr\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"ea70bae0-c410-11ec-a49f-6168cd647191","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDEsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (RADIUS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (RADIUS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-codex-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-*-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/61bf2aa0-9b2b-11ec-a4df-e940aaa4214d) | [DHCP](#/dashboard/a9f3e040-9b94-11ec-a4df-e940aaa4214d) | \\n[**RADIUS**](#/dashboard/fbea2e70-c319-11ec-aaf3-5b4644130c7f) | \\n[LDAP](#/dashboard/0ae30960-c31a-11ec-aaf3-5b4644130c7f) | [NTP](#/dashboard/e2888380-9d73-11ec-a4df-e940aaa4214d)\\n***\",\"markdown_less\":\"p {\\n    color: #aaaaaa;\\n    margin-top: 0px;\\n    margin-bottom: 12px;\\n}\\np a {\\n    color: #888888;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #1ba9f5;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #aaaaaa;\\n    margin: 0px;\\n    height: 1px;\\n}\\na:hover {\\n    opacity: 0.7;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#aaaaaa;margin-top:0;margin-bottom:12px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#1ba9f5;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#aaaaaa;margin:0;height:1px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\"}}"},"id":"ed3bad80-c31a-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDIsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Threat Intelligence Notice","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threat Intelligence Notice\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"# This Panel requires Threat Intelligence information which will be available in Beta 3.\"}}"},"id":"ed756050-3ed9-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDMsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ee4b4a30-3e66-11eb-bc2c-c5758316d788","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDQsMV0="}
{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"flow.collect.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.end.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.city.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.country.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.country.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.loc.coord\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.geo.tz.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.addr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.subnet.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.ip.subnet.tags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.l4.port.id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.msgs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.proc.pid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.sec.zone.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.sysuptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.version.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.export.version.ver\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.isServer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.bytes_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.domain.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.observ.flows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packet_select.interval.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.packets_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.meter.records_drop\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.start.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"flow.template.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.bandwidth.bw\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.bytes.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.bytes.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.descr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.direction.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.collisions.excess\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.collisions.late\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.deferred_xmit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.alignment\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.carrier_sense\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.fcs\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.mac.rcv\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.mac.xmit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.sqe_test\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.errors.symbol\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.frames.multi_collision\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.frames.single_collision\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.ethernet.frames.too_long\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.index\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.bcast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.bcast.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.discard.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.discard.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.error.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.error.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.mcast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.mcast.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.ucast.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.ucast.out\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.packets.unkproto.in\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.promisc_mode.state\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.state.admin.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.state.oper.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"netif.type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.pen.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.pen.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample.seq_num\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sample_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.source_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.source_id_type.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sflow.sub_agent_id\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"elastiflow-telemetry_flow-codex-*"},"id":"elastiflow-telemetry_flow-codex-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2023-02-01T21:48:19.120Z","version":"WzEyNjUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.dst.l4.port.id\\\":\\\"1645\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.dst.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"f07f4eaa-fcfb-4805-91e7-9d8c8e53caf6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDUsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"flow.export.type\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.export.type\":\"ipfix\"}},{\"match_phrase\":{\"flow.export.type\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Responses\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"flow.src.l4.port.id\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"flow.src.l4.port.id\":\"1812\"}},{\"match_phrase\":{\"flow.src.l4.port.id\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"l4.proto.name\",\"negate\":false,\"params\":{\"query\":\"UDP\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"l4.proto.name\":\"UDP\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"f1069065-2cd4-4fb5-bfdc-bf4fb3a5b3ff","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDYsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"l4.proto.name\":[\"ICMP\",\"IPv6-ICMP\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"flow.dst.as.org\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"flow.src.as.org\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"l4.proto.name\\\":[\\\"ICMP\\\",\\\"IPv6-ICMP\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"flow.dst.as.org\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"flow.src.as.org\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.dst.ip.addr\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"f57c4960-c33c-11ec-aaf3-5b4644130c7f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDcsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-codex-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"elastiflow-flow-codex-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"3129fdd0-9b2a-11ec-8947-5dbcd3cabfb0\"}],\"filter\":{\"query\":\"l4.proto.name: \\\"UDP\\\" AND (flow.dst.l4.port.id: 1812 OR flow.dst.l4.port.id: 1645) AND (flow.export.type: \\\"ipfix\\\" OR flow.export.type: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"},"id":"f6357006-4bb0-49f8-bd02-562459184378","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDgsMV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Public Threats\",\"type\":\"exists\",\"key\":\"flow.client.sec.threat.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"flow.client.sec.threat.name\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Public Threats (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Public Threats (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.host.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Public Threats\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.ip.addr\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"f7a0baf0-750e-11eb-8c14-238bcf08bfa6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-codex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMDksMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"f440d860-64fa-4879-b980-0353a1f26eba\"},\"panelIndex\":\"f440d860-64fa-4879-b980-0353a1f26eba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"cfd8d732-c07f-4cd3-a4b1-1cb199aacc26\"},\"panelIndex\":\"cfd8d732-c07f-4cd3-a4b1-1cb199aacc26\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\"},\"panelIndex\":\"ad125fa1-132d-46b3-8cfa-48520ea3c83a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"0aff53b4-0aba-4040-9966-36924cd181e3\"},\"panelIndex\":\"0aff53b4-0aba-4040-9966-36924cd181e3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"472abd09-0771-4438-83b1-67b3d9a470a5\"},\"panelIndex\":\"472abd09-0771-4438-83b1-67b3d9a470a5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"e04284b8-0144-43e5-abc4-ba4c7204926c\"},\"panelIndex\":\"e04284b8-0144-43e5-abc4-ba4c7204926c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"96d1b9ac-bb4d-4c4e-9b18-2363ff5ea3cc\"},\"panelIndex\":\"96d1b9ac-bb4d-4c4e-9b18-2363ff5ea3cc\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"3b8dddbf-dd64-4ec1-bd08-af58450c5ff3\"},\"panelIndex\":\"3b8dddbf-dd64-4ec1-bd08-af58450c5ff3\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":10,\"h\":23,\"i\":\"b7240e19-8859-4502-b85f-6bf3addfc3c6\"},\"panelIndex\":\"b7240e19-8859-4502-b85f-6bf3addfc3c6\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":10,\"y\":18,\"w\":14,\"h\":23,\"i\":\"86b4ae60-6982-403f-bead-3740e122cfa0\"},\"panelIndex\":\"86b4ae60-6982-403f-bead-3740e122cfa0\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":18,\"w\":12,\"h\":23,\"i\":\"9b417032-d5b1-4eae-b8ed-37bb4f119268\"},\"panelIndex\":\"9b417032-d5b1-4eae-b8ed-37bb4f119268\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":23,\"i\":\"e6682e5b-25f1-4e82-9297-2ae7686f94f8\"},\"panelIndex\":\"e6682e5b-25f1-4e82-9297-2ae7686f94f8\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (IP Reputation)","version":1},"id":"f7fbc0b0-3d3e-11eb-bc2c-c5758316d788","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"82b0c1d0-3d42-11eb-bc2c-c5758316d788","name":"panel_0","type":"visualization"},{"id":"ae161b80-c48d-11ec-a49f-6168cd647191","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"beca7d30-75d4-11eb-8c14-238bcf08bfa6","name":"panel_3","type":"visualization"},{"id":"1dd52c20-75cc-11eb-8c14-238bcf08bfa6","name":"panel_4","type":"visualization"},{"id":"a41dd6a0-75c8-11eb-8c14-238bcf08bfa6","name":"panel_5","type":"visualization"},{"id":"307cb730-75cc-11eb-8c14-238bcf08bfa6","name":"panel_6","type":"visualization"},{"id":"676103d0-3d3e-11eb-bc2c-c5758316d788","name":"panel_7","type":"visualization"},{"id":"44e46180-750b-11eb-8c14-238bcf08bfa6","name":"panel_8","type":"visualization"},{"id":"f7a0baf0-750e-11eb-8c14-238bcf08bfa6","name":"panel_9","type":"visualization"},{"id":"7734beb0-75c3-11eb-8c14-238bcf08bfa6","name":"panel_10","type":"visualization"},{"id":"b56b5eb0-75c2-11eb-8c14-238bcf08bfa6","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMTAsMV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"503ee9c8-3371-4430-9997-5a2f772238ba\"},\"panelIndex\":\"503ee9c8-3371-4430-9997-5a2f772238ba\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"1f50d436-eaad-48c1-8b91-ca622d5e6810\"},\"panelIndex\":\"1f50d436-eaad-48c1-8b91-ca622d5e6810\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\"},\"panelIndex\":\"e57c863c-11e8-43d8-a2b8-20a63217371e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"f3f5c819-f6ba-407a-8a85-52a44f203890\"},\"panelIndex\":\"f3f5c819-f6ba-407a-8a85-52a44f203890\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"3ed70fd3-a838-491a-8f09-d0c4f002d699\"},\"panelIndex\":\"3ed70fd3-a838-491a-8f09-d0c4f002d699\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"5f4e6b2e-870c-422d-91fe-79a6163147f9\"},\"panelIndex\":\"5f4e6b2e-870c-422d-91fe-79a6163147f9\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"0a7851c1-f25a-4f80-b971-5747e805580b\"},\"panelIndex\":\"0a7851c1-f25a-4f80-b971-5747e805580b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"4b369b59-78e8-4212-b5b8-650bdc62dfc1\"},\"panelIndex\":\"4b369b59-78e8-4212-b5b8-650bdc62dfc1\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"57732e54-9de3-4850-928c-419a11b1c906\"},\"panelIndex\":\"57732e54-9de3-4850-928c-419a11b1c906\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"1dbabf3c-691e-474f-a3ca-7f48abebf69e\"},\"panelIndex\":\"1dbabf3c-691e-474f-a3ca-7f48abebf69e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"e4e7c7f0-a287-49b2-99e0-ebd952826c51\"},\"panelIndex\":\"e4e7c7f0-a287-49b2-99e0-ebd952826c51\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"beeba4b6-f6f9-4eb5-87f8-ddceb42f7fa5\"},\"panelIndex\":\"beeba4b6-f6f9-4eb5-87f8-ddceb42f7fa5\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"951a3d6b-876a-48d1-856a-6bc0ee27347d\"},\"panelIndex\":\"951a3d6b-876a-48d1-856a-6bc0ee27347d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (RADIUS)","version":1},"id":"fbea2e70-c319-11ec-aaf3-5b4644130c7f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"c69cda30-9b2b-11ec-a4df-e940aaa4214d","name":"panel_0","type":"visualization"},{"id":"ed3bad80-c31a-11ec-aaf3-5b4644130c7f","name":"panel_1","type":"visualization"},{"id":"faba99f0-3d3b-11eb-bc2c-c5758316d788","name":"panel_2","type":"visualization"},{"id":"f6357006-4bb0-49f8-bd02-562459184378","name":"panel_3","type":"visualization"},{"id":"6e4ded9e-1233-42f1-9b51-158686c49239","name":"panel_4","type":"visualization"},{"id":"9fcf5aee-4b37-4445-874f-ad2785387e27","name":"panel_5","type":"visualization"},{"id":"f07f4eaa-fcfb-4805-91e7-9d8c8e53caf6","name":"panel_6","type":"visualization"},{"id":"08f1070a-4c98-4703-a0ce-28e2ceaea0b8","name":"panel_7","type":"visualization"},{"id":"b7b2c502-3d50-4c53-bd0f-1f7e560dde08","name":"panel_8","type":"visualization"},{"id":"e7ab7b3a-2d17-45ba-9e40-a9a8b9323eae","name":"panel_9","type":"visualization"},{"id":"d4ca6ff9-e8cf-4ce1-bc95-4ebcf77b60f9","name":"panel_10","type":"visualization"},{"id":"f1069065-2cd4-4fb5-bfdc-bf4fb3a5b3ff","name":"panel_11","type":"visualization"},{"id":"0ce9bc39-bc69-4e87-b053-3a16588447a6","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2023-01-30T09:39:53.211Z","version":"WzEyMTEsMV0="}
{"exportedCount":406,"missingRefCount":0,"missingReferences":[]}