fluent-plugin-sflow 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (43) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +18 -4
  3. data/README.md +254 -13
  4. data/Rakefile +10 -7
  5. data/example/fluentd.conf +4 -2
  6. data/ext/sflowtool/extconf.rb +27 -0
  7. data/ext/sflowtool/fluent-plugin-sflow.c +52 -0
  8. data/ext/sflowtool/sflow.h +1821 -0
  9. data/ext/sflowtool/sflow_v2v4.h +436 -0
  10. data/ext/sflowtool/sflowtool.c +4801 -0
  11. data/fluent-plugin-sflow.gemspec +11 -25
  12. data/lib/fluent/plugin/in_sflow.rb +66 -23
  13. data/lib/fluent/plugin/parser_sflow.rb +24 -0
  14. data/lib/sflowtool.rb +17 -0
  15. metadata +35 -84
  16. data/.gitmodules +0 -3
  17. data/LICENSE.txt +0 -21
  18. data/lib/sflow/Gemfile +0 -8
  19. data/lib/sflow/Gemfile.lock +0 -38
  20. data/lib/sflow/LICENSE.txt +0 -22
  21. data/lib/sflow/README.md +0 -67
  22. data/lib/sflow/Rakefile +0 -12
  23. data/lib/sflow/bin/bundler +0 -16
  24. data/lib/sflow/bin/rake +0 -16
  25. data/lib/sflow/bin/sflow.rb +0 -7
  26. data/lib/sflow/etc/config.yaml +0 -10
  27. data/lib/sflow/lib/sflow.rb +0 -10
  28. data/lib/sflow/lib/sflow/collector.rb +0 -69
  29. data/lib/sflow/lib/sflow/config.rb +0 -15
  30. data/lib/sflow/lib/sflow/models/binary_models.rb +0 -176
  31. data/lib/sflow/lib/sflow/models/ipv4header.rb +0 -69
  32. data/lib/sflow/lib/sflow/models/protocol.rb +0 -47
  33. data/lib/sflow/lib/sflow/models/tcpheader.rb +0 -82
  34. data/lib/sflow/lib/sflow/models/udpheader.rb +0 -36
  35. data/lib/sflow/lib/sflow/parsers/parsers.rb +0 -68
  36. data/lib/sflow/lib/sflow/snmp/iface_names.rb +0 -40
  37. data/lib/sflow/lib/sflow/storage/storage.rb +0 -34
  38. data/lib/sflow/lib/sflow/version.rb +0 -3
  39. data/lib/sflow/misc/kibana-schema.json +0 -1364
  40. data/lib/sflow/misc/screen1.png +0 -0
  41. data/lib/sflow/sflow.gemspec +0 -23
  42. data/lib/sflow/test/lib/sflow/version_test.rb +0 -8
  43. data/lib/sflow/test/test_helper.rb +0 -4
data/lib/sflow/lib/sflow/models/ipv4header.rb DELETED
@@ -1,69 +0,0 @@
1
- # coding: utf-8
2
- require_relative 'protocol'
3
-
4
- # TODO: チェックサムを確認する
5
- class IPv4Header
6
-
7
- attr_reader :version,:header_length,:packet_length,:identification,:frag_dont,:frag_more,:frag_offset,:ttl,:protocol,:checksum,:sndr_addr,:dest_addr,
8
- :data_length
9
-
10
- def initialize(packet,offset=0)
11
- @packet = packet.force_encoding("ASCII-8BIT")
12
- @offset = offset
13
- header = packet.unpack("x#{offset}n10")
14
- @version = header[0] >> 12
15
- @header_length = ((header[0] >> 8) & 0x0f)*4
16
- @packet_length = header[1]
17
- @identification = header[2]
18
- @frag_dont = (header[3] >> 14) & 0x01 != 0
19
- @frag_more = (header[3] >> 13) & 0x01 != 0
20
- @frag_offset = header[3] & 0x1fff
21
- @ttl = header[4] >> 8
22
- @protocol = header[4] & 0x00ff
23
- @checksum = header[5]
24
- @sndr_addr = ip_to_s(packet[12..15])
25
- @dest_addr = ip_to_s(packet[16..19])
26
- @data_length = @packet_length - @header_length
27
-
28
- @virtual_header = packet[12..19] + [0,6,@data_length].pack("CCn")
29
-
30
- end
31
-
32
- def upper
33
- upper_header = Protocol.to_class(@protocol)
34
- offset = @offset+@header_length
35
- upper_header.new(@packet,offset,@data_length,self)
36
- end
37
-
38
- def data
39
- start = @offset+@header_length
40
- @packet[start..start+@data_length]
41
- end
42
-
43
- def get_virtual_header
44
- @virtual_header
45
- end
46
-
47
- def ip_to_s(ip)
48
- ip = ip.unpack("n2")
49
- sprintf("%d.%d.%d.%d",ip[0]>>8,ip[0]&0x00ff,ip[1]>>8,ip[1]&0x00ff)
50
- end
51
-
52
- def to_s
53
- "IPv4 Header\n" <<
54
- " Version : #{@version}\n" <<
55
- " Header Length : #{@header_length}\n" <<
56
- " Packet Length : #{@packet_length}\n" <<
57
- " Identification : #{@identification}\n" <<
58
- " Don't fragment : #{@frag_dont}\n" <<
59
- " More fragments : #{@frag_more}\n" <<
60
- " Fragment Offset : #{@frag_offset}\n" <<
61
- " TTL : #{@ttl}\n" <<
62
- " Protocol : #{Protocol.to_s(@protocol)}\n" <<
63
- " Header Checksum : #{@checksum}\n" <<
64
- " Sender Address : #{@sndr_addr}\n" <<
65
- " Destination Address: #{@dest_addr}\n" <<
66
- " (Data Length) : #{@data_length}"
67
- end
68
-
69
- end
data/lib/sflow/lib/sflow/models/protocol.rb DELETED
@@ -1,47 +0,0 @@
1
- require_relative 'ipv4header'
2
- require_relative 'udpheader'
3
- require_relative 'tcpheader'
4
-
5
- class Protocol
6
- ICMP = 0x01
7
- IGMP = 0x02
8
- TCP = 0x06
9
- UDP = 0x11
10
- IPv6 = 0x29
11
-
12
- def self.to_class protocol
13
- case protocol
14
- when Protocol::ICMP
15
- raise "ICMP is not supported"
16
- when Protocol::IGMP
17
- raise "IGMP is not supported"
18
- when Protocol::TCP
19
- TCPHeader
20
- when Protocol::UDP
21
- UDPHeader
22
- when Protocol::IPv6
23
- raise "IPv6 is not supported"
24
- else
25
- raise "Protocol:"+sprintf("0x%2X",protocol)+" is not supported"
26
- end
27
- end
28
-
29
- def self.to_s protocol
30
- case protocol
31
- when Protocol::ICMP
32
- "ICMP"
33
- when Protocol::IGMP
34
- "IGMP"
35
- when Protocol::TCP
36
- "TCP"
37
- when Protocol::UDP
38
- "UDP"
39
- when Protocol::IPv6
40
- "IPv6"
41
- else
42
- sprintf("0x%2X",protocol)
43
- end
44
- end
45
-
46
- end
47
-
data/lib/sflow/lib/sflow/models/tcpheader.rb DELETED
@@ -1,82 +0,0 @@
1
- class TCPHeader
2
-
3
- attr_reader :sndr_port,:dest_port,:seq_num,:ack_num,:header_length,
4
- :urg,:ack,:psh,:rst,:syn,:fin,:win_size,:checksum,:emgcy_ptr,
5
- :packet_length,:data_length,:lower
6
-
7
- def initialize(packet,offset=0,length=nil,lower=nil)
8
- @packet = packet.force_encoding("ASCII-8BIT")
9
- @offset = offset
10
- @length = length || packet.bytesize-offset
11
- header = packet.unpack("x#{offset}n2N2n4")
12
- @sndr_port = header[0]
13
- @dest_port = header[1]
14
- @seq_num = header[2]
15
- @ack_num = header[3]
16
- @header_length = (header[4]>>12)*4
17
- @urg = (header[4] & 0b100000) != 0
18
- @ack = (header[4] & 0b010000) != 0
19
- @psh = (header[4] & 0b001000) != 0
20
- @rst = (header[4] & 0b000100) != 0
21
- @syn = (header[4] & 0b000010) != 0
22
- @fin = (header[4] & 0b000001) != 0
23
- @win_size = header[5]
24
- @checksum = header[6]
25
- @emgcy_ptr = header[7]
26
-
27
- @packet_length = @length
28
- @data_length = @packet_length-@header_length
29
-
30
- @lower = lower
31
-
32
- # check checksum
33
- calc_cs = false
34
- if calc_cs
35
- tmp = @packet[@offset..@offset+@length]
36
- if (tmp.length % 2) != 0
37
- tmp += "\0"
38
- end
39
- data = @lower.get_virtual_header + tmp
40
- sum = 0
41
- list = data.unpack("n*")
42
- list.each do |d|
43
- sum += d
44
- end
45
- sum = (sum & 0xffff) + (sum >> 16)
46
- sum = (sum & 0xffff) + (sum >> 16)
47
- raise if sum != 65535
48
- end
49
-
50
-
51
-
52
-
53
- end
54
-
55
- def data
56
- if(@data_length>0)
57
- @packet[@offset+@header_length..@offset+@length]
58
- else
59
- ""
60
- end
61
- end
62
-
63
- def to_s
64
- "TCP Header\n" <<
65
- " Sender Port : #{@sndr_port}\n" <<
66
- " Destination Port: #{@dest_port}\n" <<
67
- " Sequence Number : #{@seq_num}\n" <<
68
- " ACK Number : #{@ack_num}\n" <<
69
- " Header Length : #{@header_length}\n" <<
70
- " URG : #{@urg}\n" <<
71
- " ACK : #{@ack}\n" <<
72
- " PSH : #{@psh}\n" <<
73
- " RST : #{@rst}\n" <<
74
- " SYN : #{@syn}\n" <<
75
- " FIN : #{@fin}\n" <<
76
- " Window Size : #{@win_size}\n" <<
77
- " Checksum : #{@checksum}\n" <<
78
- " Emergency Ptr : #{@emgcy_ptr}\n" <<
79
- " (Packet Length) : #{@packet_length}\n" <<
80
- " (Data Length) : #{@data_length}"
81
- end
82
- end
data/lib/sflow/lib/sflow/models/udpheader.rb DELETED
@@ -1,36 +0,0 @@
1
- class UDPHeader
2
-
3
- attr_reader :sndr_port,:dist_port,:packet_length,:checksum,
4
- :data_length,:lower
5
-
6
- def initialize(packet,offset=0,length=nil,lower=nil)
7
- @packet = packet
8
- @offset = offset
9
- header = packet.unpack("x#{offset}n4")
10
- @sndr_port = header[0]
11
- @dist_port = header[1]
12
- @packet_length = header[2]
13
- @checksum = header[3]
14
- @data_length = @packet_length - 8
15
- @lower = lower
16
- end
17
-
18
- def data
19
- if(@packet_length>8)
20
- @packet[@offset+8..@offset+@packet_length]
21
- else
22
- ""
23
- end
24
- end
25
-
26
- def to_s
27
- "" <<
28
- "UDP Header\n" <<
29
- " Sender Port : #{@sndr_port}\n" <<
30
- " Distication Port: #{@dist_port}\n" <<
31
- " Packet Length : #{@packet_length}\n" <<
32
- " Checksum : #{@checksum}\n" <<
33
- " (Data Length) : #{@data_length}"
34
- end
35
-
36
- end
data/lib/sflow/lib/sflow/parsers/parsers.rb DELETED
@@ -1,68 +0,0 @@
1
- class SflowParser
2
- require 'ipaddr'
3
- def self.parse_packet(data)
4
- header = Header.read(data)
5
- if header.version == 5
6
- agent_address = IPAddr.new(header.agent_address, Socket::AF_INET).to_s
7
- @sflow = {"agent_address" => $switch_hash[agent_address]}
8
-
9
- header.flow_samples.each do |sample|
10
- if sample.sflow_sample_type == 3 or sample.sflow_sample_type == 1
11
- sampledata = Sflow5sampleheader3.read(sample.sample_data) if sample.sflow_sample_type == 3
12
- sampledata = Sflow5sampleheader1.read(sample.sample_data) if sample.sflow_sample_type == 1
13
- sflow_sample = {"sampling_rate" => sampledata.sampling_rate, "i_iface_value" => sampledata.i_iface_value.to_i, "o_iface_value" => sampledata.o_iface_value.to_i}
14
- @sflow.merge!(sflow_sample)
15
-
16
- sampledata.records.each do |record|
17
- if record.format == 1001
18
- extswitch = Sflow5extswitch.read(record.record_data)
19
- sflow_switch = {"vlan_src" => extswitch.src_vlan.to_i, "vlan_dst" => extswitch.dst_vlan.to_i}
20
- @sflow.merge!(sflow_switch)
21
- elsif record.format == 1
22
- rawpacket = Sflow5rawpacket.read(record.record_data)
23
- if rawpacket.header_protocol == 1 # Ethernet
24
- eth_header = Sflow5rawpacketheaderEthernet.read(rawpacket.rawpacket_data.to_ary.join)
25
- ip_packet = eth_header.ethernetdata.to_ary.join
26
- if eth_header.eth_type == 33024 #VLAN TAG
27
- vlan_header = Sflow5rawpacketdataVLAN.read(eth_header.ethernetdata.to_ary.join)
28
- ip_packet = vlan_header.vlandata.to_ary.join
29
- end
30
- end
31
- ipv4 = IPv4Header.new(ip_packet)
32
- sflow_ip = {"ipv4_src" => ipv4.sndr_addr,"ipv4_dst" => ipv4.dest_addr}
33
- @sflow.merge!(sflow_ip)
34
-
35
- if ipv4.protocol == 6
36
- sflow_frame = {"frame_length" => rawpacket.frame_length.to_i, "frame_length_multiplied" => rawpacket.frame_length.to_i * sflow_sample["sampling_rate"].to_i}
37
- @sflow.merge!(sflow_frame)
38
- header = TCPHeader.new(ipv4.data)
39
- sflow_header = {"tcp_src_port" => header.sndr_port.to_i, "tcp_dst_port" => header.dest_port.to_i}
40
- @sflow.merge!(sflow_header)
41
- elsif ipv4.protocol == 17
42
- header = UDPHeader.new(ipv4.data)
43
- sflow_header = {"udp_src_port" => header.sndr_port.to_i, "udp_dst_port" => header.dist_port.to_i}
44
- @sflow.merge!(sflow_header)
45
- end
46
-
47
- end
48
- end
49
-
50
- elsif sample.sflow_sample_type == 4 or sample.sflow_sample_type == 2
51
- sampledata = Sflow5counterheader4.read(sample.sample_data) if sample.sflow_sample_type == 4
52
- sampledata = Sflow5counterheader2.read(sample.sample_data) if sample.sflow_sample_type == 2
53
- sampledata.records.each do |record|
54
- if record.format == 1
55
- generic_int_counter = Sflow5genericcounter.read(record.record_data)
56
- sflow_counter = {"i_octets" => generic_int_counter.input_octets.to_i, "o_octets" => generic_int_counter.output_octets.to_i, "interface" => generic_int_counter.int_index.to_i, "input_packets_error" => generic_int_counter.input_packets_error.to_i, "output_packets_error" => generic_int_counter.output_packets_error.to_i}
57
- @sflow.merge!(sflow_counter)
58
- elsif record.format == 2
59
- eth_int_counter = Sflow5ethcounter.read(record.record_data)
60
- @sflow
61
- end
62
- end
63
- end
64
- end
65
- end
66
- return @sflow
67
- end
68
- end
data/lib/sflow/lib/sflow/snmp/iface_names.rb DELETED
@@ -1,40 +0,0 @@
1
- class SNMPwalk
2
-
3
- attr_accessor :switchport
4
- def initialize(switchips)
5
- print "Getting switch interface names "
6
- @switchport = {}
7
- switchips.each do |switchip|
8
- switch = Resolv.new.getname(switchip).split(/\./)[0]
9
- ports = {}
10
-
11
- snmpoutput = `snmpwalk -v2c -c public #{switchip} 1.3.6.1.2.1.2.2.1.2`
12
- snmpoutput.each_line do |line|
13
- split = line.split(/\s/)
14
- port = split[0].split(/\./).last
15
- if split[3] =~ /GigabitEthernet/
16
- portname = split[3].scan(/\d+/).join('/')
17
- else
18
- portname = split[3]
19
- end
20
- hashp = { port => portname }
21
- ports.merge!(hashp)
22
- end
23
-
24
- hashs = { switch => ports }
25
- @switchport.merge!(hashs)
26
- print "."
27
- end
28
- puts " done."
29
- @switchport
30
- end
31
-
32
- def self.mapswitchportname(agent_address,iface)
33
- if $switchportnames.switchport["#{agent_address}"]["#{iface}"]
34
- $switchportnames.switchport["#{agent_address}"]["#{iface}"]
35
- else
36
- agent_address
37
- end
38
- end
39
-
40
- end
data/lib/sflow/lib/sflow/storage/storage.rb DELETED
@@ -1,34 +0,0 @@
1
- class SflowStorage
2
- require 'json'
3
-
4
- def self.send_udpjson(sflow)
5
-
6
- #remap hash-keys with prefix "sflow_"
7
- mappings = {"agent_address" => "sflow_agent_address",
8
- "sampling_rate" => "sflow_sampling_rate",
9
- "i_iface_value" => "sflow_i_iface_value",
10
- "o_iface_value" => "sflow_o_iface_value",
11
- "vlan_src" => "sflow_vlan_src",
12
- "vlan_dst" => "sflow_vlan_dst",
13
- "ipv4_src" => "sflow_ipv4_src",
14
- "ipv4_dst" => "sflow_ipv4_dst",
15
- "frame_length" => "sflow_frame_length",
16
- "frame_length_multiplied" => "sflow_frame_length_multiplied",
17
- "tcp_src_port" => "sflow_tcp_src_port",
18
- "tcp_dst_port" => "sflow_tcp_dst_port"
19
- }
20
-
21
- prefixed_sflow = Hash[sflow.map {|k, v| [mappings[k], v] }]
22
-
23
- if sflow['i_iface_value'] and sflow['o_iface_value']
24
- i_iface_name = {"sflow_i_iface_name" => SNMPwalk.mapswitchportname(sflow['agent_address'],sflow['i_iface_value'])}
25
- o_iface_name = {"sflow_o_iface_name" => SNMPwalk.mapswitchportname(sflow['agent_address'],sflow['o_iface_value'])}
26
- prefixed_sflow.merge!(i_iface_name)
27
- prefixed_sflow.merge!(o_iface_name)
28
- end
29
-
30
- $logstash.send(prefixed_sflow.to_json, 0)
31
-
32
- end
33
-
34
- end
data/lib/sflow/lib/sflow/version.rb DELETED
@@ -1,3 +0,0 @@
1
- module Sflow
2
- VERSION = "0.0.1"
3
- end
data/lib/sflow/misc/kibana-schema.json DELETED
@@ -1,1364 +0,0 @@
1
- {
2
- "title": "sflow-ng",
3
- "services": {
4
- "query": {
5
- "idQueue": [
6
- 0,
7
- 8,
8
- 9,
9
- 10,
10
- 11,
11
- 12,
12
- 13
13
- ],
14
- "list": {
15
- "0": {
16
- "id": 0,
17
- "type": "topN",
18
- "query": "*",
19
- "alias": "interface in",
20
- "color": "#BF1B00",
21
- "pin": true,
22
- "enable": true,
23
- "field": "sflow_o_iface_name.raw",
24
- "size": 3,
25
- "union": "AND"
26
- },
27
- "1": {
28
- "id": 1,
29
- "type": "topN",
30
- "query": "*",
31
- "alias": "interface out",
32
- "color": "#BF1B00",
33
- "pin": true,
34
- "enable": true,
35
- "field": "sflow_i_iface_name.raw",
36
- "size": 3,
37
- "union": "AND"
38
- },
39
- "2": {
40
- "id": 2,
41
- "type": "topN",
42
- "query": "*",
43
- "alias": "ip src",
44
- "color": "#0A50A1",
45
- "pin": true,
46
- "enable": true,
47
- "field": "sflow_ipv4_src.raw",
48
- "size": 3,
49
- "union": "AND"
50
- },
51
- "3": {
52
- "id": 3,
53
- "type": "topN",
54
- "query": "*",
55
- "alias": "ip dst",
56
- "color": "#0A50A1",
57
- "pin": true,
58
- "enable": true,
59
- "field": "sflow_ipv4_dst.raw",
60
- "size": 3,
61
- "union": "AND"
62
- },
63
- "4": {
64
- "id": 4,
65
- "type": "topN",
66
- "query": "*",
67
- "alias": "vlanc src",
68
- "color": "#629E51",
69
- "pin": true,
70
- "enable": true,
71
- "field": "sflow_vlan_src",
72
- "size": 5,
73
- "union": "AND"
74
- },
75
- "5": {
76
- "id": 5,
77
- "type": "topN",
78
- "query": "*",
79
- "alias": "vlan dst",
80
- "color": "#629E51",
81
- "pin": true,
82
- "enable": true,
83
- "field": "sflow_vlan_dst",
84
- "size": 3,
85
- "union": "AND"
86
- },
87
- "6": {
88
- "id": 6,
89
- "type": "topN",
90
- "query": "*",
91
- "alias": "port src",
92
- "color": "#BA43A9",
93
- "pin": true,
94
- "enable": true,
95
- "field": "sflow_tcp_src_port",
96
- "size": 3,
97
- "union": "AND"
98
- },
99
- "7": {
100
- "id": 7,
101
- "type": "lucene",
102
- "query": "*",
103
- "alias": "searchquery",
104
- "color": "#052B51",
105
- "pin": false,
106
- "enable": true
107
- },
108
- "8": {
109
- "id": 8,
110
- "type": "topN",
111
- "query": "*",
112
- "alias": "port dst",
113
- "color": "#BA43A9",
114
- "pin": true,
115
- "enable": true,
116
- "field": "sflow_tcp_dst_port",
117
- "size": 3,
118
- "union": "AND"
119
- }
120
- },
121
- "ids": [
122
- 0,
123
- 1,
124
- 2,
125
- 3,
126
- 4,
127
- 5,
128
- 6,
129
- 7,
130
- 8
131
- ]
132
- },
133
- "filter": {
134
- "idQueue": [
135
- 1
136
- ],
137
- "list": {
138
- "0": {
139
- "type": "time",
140
- "field": "@timestamp",
141
- "from": "now-5m",
142
- "to": "now",
143
- "mandate": "must",
144
- "active": true,
145
- "alias": "",
146
- "id": 0
147
- },
148
- "1": {
149
- "type": "querystring",
150
- "query": "type:sflow",
151
- "mandate": "must",
152
- "active": true,
153
- "alias": "",
154
- "id": 1
155
- }
156
- },
157
- "ids": [
158
- 0,
159
- 1
160
- ]
161
- }
162
- },
163
- "rows": [
164
- {
165
- "title": "Graph",
166
- "height": "350px",
167
- "editable": true,
168
- "collapse": false,
169
- "collapsable": true,
170
- "panels": [
171
- {
172
- "span": 12,
173
- "editable": true,
174
- "group": [
175
- "default"
176
- ],
177
- "type": "histogram",
178
- "mode": "total",
179
- "time_field": "@timestamp",
180
- "value_field": "sflow_frame_length_multiplied",
181
- "auto_int": true,
182
- "resolution": 100,
183
- "interval": "1s",
184
- "fill": 4,
185
- "linewidth": 2,
186
- "timezone": "browser",
187
- "spyable": true,
188
- "zoomlinks": true,
189
- "bars": false,
190
- "stack": true,
191
- "points": false,
192
- "lines": true,
193
- "legend": true,
194
- "x-axis": true,
195
- "y-axis": true,
196
- "percentage": false,
197
- "interactive": true,
198
- "queries": {
199
- "mode": "selected",
200
- "ids": [
201
- 7
202
- ]
203
- },
204
- "title": "Events over time",
205
- "intervals": [
206
- "auto",
207
- "1s",
208
- "1m",
209
- "5m",
210
- "10m",
211
- "30m",
212
- "1h",
213
- "3h",
214
- "12h",
215
- "1d",
216
- "1w",
217
- "1M",
218
- "1y"
219
- ],
220
- "options": true,
221
- "tooltip": {
222
- "value_type": "cumulative",
223
- "query_as_alias": true
224
- },
225
- "scale": "1",
226
- "y_format": "bytes",
227
- "grid": {
228
- "max": null,
229
- "min": 0
230
- },
231
- "annotate": {
232
- "enable": false,
233
- "query": "*",
234
- "size": 20,
235
- "field": "_type",
236
- "sort": [
237
- "_score",
238
- "desc"
239
- ]
240
- },
241
- "pointradius": 5,
242
- "show_query": true,
243
- "legend_counts": true,
244
- "zerofill": true,
245
- "derivative": false,
246
- "scaleSeconds": true
247
- }
248
- ],
249
- "notice": false
250
- },
251
- {
252
- "title": "top 10s",
253
- "height": "350px",
254
- "editable": true,
255
- "collapse": false,
256
- "collapsable": true,
257
- "panels": [
258
- {
259
- "error": false,
260
- "span": 7,
261
- "editable": true,
262
- "type": "terms",
263
- "loadingEditor": false,
264
- "field": "sflow_agent_address",
265
- "exclude": [],
266
- "missing": false,
267
- "other": false,
268
- "size": 10,
269
- "order": "total",
270
- "style": {
271
- "font-size": "10pt"
272
- },
273
- "donut": false,
274
- "tilt": false,
275
- "labels": true,
276
- "arrangement": "horizontal",
277
- "chart": "bar",
278
- "counter_pos": "above",
279
- "spyable": true,
280
- "queries": {
281
- "mode": "selected",
282
- "ids": [
283
- 7
284
- ]
285
- },
286
- "tmode": "terms_stats",
287
- "tstat": "total",
288
- "valuefield": "sflow_frame_length_multiplied",
289
- "title": "Switch"
290
- },
291
- {
292
- "error": false,
293
- "span": 1,
294
- "editable": true,
295
- "type": "stats",
296
- "loadingEditor": false,
297
- "queries": {
298
- "mode": "selected",
299
- "ids": [
300
- 7
301
- ]
302
- },
303
- "style": {
304
- "font-size": "24pt"
305
- },
306
- "format": "bytes",
307
- "mode": "total",
308
- "display_breakdown": "yes",
309
- "sort_field": "variance",
310
- "sort_reverse": true,
311
- "label_name": "Query",
312
- "value_name": "Value",
313
- "spyable": true,
314
- "show": {
315
- "count": true,
316
- "min": true,
317
- "max": true,
318
- "mean": true,
319
- "std_deviation": true,
320
- "sum_of_squares": true,
321
- "total": true,
322
- "variance": true
323
- },
324
- "field": "sflow_frame_length_multiplied"
325
- }
326
- ],
327
- "notice": false
328
- },
329
- {
330
- "title": "src traffic header",
331
- "height": "10px",
332
- "editable": true,
333
- "collapse": false,
334
- "collapsable": true,
335
- "panels": [
336
- {
337
- "error": false,
338
- "span": 12,
339
- "editable": true,
340
- "type": "text",
341
- "loadingEditor": false,
342
- "mode": "html",
343
- "content": "<center><h1>Traffic by Source</h1></center>",
344
- "style": {},
345
- "title": "Traffic by Source"
346
- }
347
- ],
348
- "notice": false
349
- },
350
- {
351
- "title": "top 10s src",
352
- "height": "250px",
353
- "editable": true,
354
- "collapse": false,
355
- "collapsable": true,
356
- "panels": [
357
- {
358
- "error": false,
359
- "span": 3,
360
- "editable": true,
361
- "type": "terms",
362
- "loadingEditor": false,
363
- "field": "sflow_o_iface_name",
364
- "exclude": [],
365
- "missing": false,
366
- "other": false,
367
- "size": 10,
368
- "order": "total",
369
- "style": {
370
- "font-size": "10pt"
371
- },
372
- "donut": false,
373
- "tilt": false,
374
- "labels": true,
375
- "arrangement": "horizontal",
376
- "chart": "pie",
377
- "counter_pos": "none",
378
- "spyable": true,
379
- "queries": {
380
- "mode": "selected",
381
- "ids": [
382
- 7
383
- ]
384
- },
385
- "tmode": "terms_stats",
386
- "tstat": "total",
387
- "valuefield": "sflow_frame_length_multiplied",
388
- "title": "Interface outgoing"
389
- },
390
- {
391
- "error": false,
392
- "span": 3,
393
- "editable": true,
394
- "type": "terms",
395
- "loadingEditor": false,
396
- "field": "sflow_ipv4_src",
397
- "exclude": [],
398
- "missing": false,
399
- "other": false,
400
- "size": 10,
401
- "order": "total",
402
- "style": {
403
- "font-size": "10pt"
404
- },
405
- "donut": false,
406
- "tilt": false,
407
- "labels": true,
408
- "arrangement": "horizontal",
409
- "chart": "pie",
410
- "counter_pos": "none",
411
- "spyable": true,
412
- "queries": {
413
- "mode": "selected",
414
- "ids": [
415
- 7
416
- ]
417
- },
418
- "tmode": "terms_stats",
419
- "tstat": "total",
420
- "valuefield": "sflow_frame_length_multiplied",
421
- "title": "IP src"
422
- },
423
- {
424
- "error": false,
425
- "span": 3,
426
- "editable": true,
427
- "type": "terms",
428
- "loadingEditor": false,
429
- "field": "sflow_vlan_src",
430
- "exclude": [],
431
- "missing": false,
432
- "other": false,
433
- "size": 10,
434
- "order": "total",
435
- "style": {
436
- "font-size": "10pt"
437
- },
438
- "donut": false,
439
- "tilt": false,
440
- "labels": true,
441
- "arrangement": "horizontal",
442
- "chart": "pie",
443
- "counter_pos": "none",
444
- "spyable": true,
445
- "queries": {
446
- "mode": "selected",
447
- "ids": [
448
- 7
449
- ]
450
- },
451
- "tmode": "terms_stats",
452
- "tstat": "total",
453
- "valuefield": "sflow_frame_length_multiplied",
454
- "title": "vlan src"
455
- },
456
- {
457
- "error": false,
458
- "span": 3,
459
- "editable": true,
460
- "type": "terms",
461
- "loadingEditor": false,
462
- "field": "sflow_tcp_dst_port",
463
- "exclude": [],
464
- "missing": false,
465
- "other": false,
466
- "size": 10,
467
- "order": "total",
468
- "style": {
469
- "font-size": "10pt"
470
- },
471
- "donut": false,
472
- "tilt": false,
473
- "labels": true,
474
- "arrangement": "horizontal",
475
- "chart": "pie",
476
- "counter_pos": "none",
477
- "spyable": true,
478
- "queries": {
479
- "mode": "selected",
480
- "ids": [
481
- 7
482
- ]
483
- },
484
- "tmode": "terms_stats",
485
- "tstat": "total",
486
- "valuefield": "sflow_frame_length_multiplied",
487
- "title": "Port src"
488
- }
489
- ],
490
- "notice": false
491
- },
492
- {
493
- "title": "top 10s src histogram",
494
- "height": "150px",
495
- "editable": true,
496
- "collapse": false,
497
- "collapsable": true,
498
- "panels": [
499
- {
500
- "span": 3,
501
- "editable": true,
502
- "type": "histogram",
503
- "loadingEditor": false,
504
- "mode": "total",
505
- "time_field": "@timestamp",
506
- "value_field": "sflow_frame_length_multiplied",
507
- "x-axis": true,
508
- "y-axis": true,
509
- "scale": 1,
510
- "y_format": "bytes",
511
- "grid": {
512
- "max": null,
513
- "min": 3
514
- },
515
- "queries": {
516
- "mode": "selected",
517
- "ids": [
518
- 1
519
- ]
520
- },
521
- "annotate": {
522
- "enable": false,
523
- "query": "*",
524
- "size": 20,
525
- "field": "_type",
526
- "sort": [
527
- "_score",
528
- "desc"
529
- ]
530
- },
531
- "auto_int": true,
532
- "resolution": 100,
533
- "interval": "1s",
534
- "intervals": [
535
- "auto",
536
- "1s",
537
- "1m",
538
- "5m",
539
- "10m",
540
- "30m",
541
- "1h",
542
- "3h",
543
- "12h",
544
- "1d",
545
- "1w",
546
- "1y"
547
- ],
548
- "lines": true,
549
- "fill": 1,
550
- "linewidth": 2,
551
- "points": false,
552
- "pointradius": 5,
553
- "bars": false,
554
- "stack": false,
555
- "spyable": true,
556
- "zoomlinks": false,
557
- "options": false,
558
- "legend": false,
559
- "show_query": false,
560
- "interactive": true,
561
- "legend_counts": true,
562
- "timezone": "browser",
563
- "percentage": false,
564
- "zerofill": true,
565
- "derivative": false,
566
- "tooltip": {
567
- "value_type": "cumulative",
568
- "query_as_alias": true
569
- },
570
- "title": "interface src",
571
- "scaleSeconds": true
572
- },
573
- {
574
- "span": 3,
575
- "editable": true,
576
- "type": "histogram",
577
- "loadingEditor": false,
578
- "mode": "total",
579
- "time_field": "@timestamp",
580
- "value_field": "sflow_frame_length_multiplied",
581
- "x-axis": true,
582
- "y-axis": true,
583
- "scale": 1,
584
- "y_format": "bytes",
585
- "grid": {
586
- "max": null,
587
- "min": 0
588
- },
589
- "queries": {
590
- "mode": "selected",
591
- "ids": [
592
- 2
593
- ]
594
- },
595
- "annotate": {
596
- "enable": false,
597
- "query": "*",
598
- "size": 20,
599
- "field": "_type",
600
- "sort": [
601
- "_score",
602
- "desc"
603
- ]
604
- },
605
- "auto_int": true,
606
- "resolution": 100,
607
- "interval": "1s",
608
- "intervals": [
609
- "auto",
610
- "1s",
611
- "1m",
612
- "5m",
613
- "10m",
614
- "30m",
615
- "1h",
616
- "3h",
617
- "12h",
618
- "1d",
619
- "1w",
620
- "1y"
621
- ],
622
- "lines": true,
623
- "fill": 1,
624
- "linewidth": 2,
625
- "points": false,
626
- "pointradius": 5,
627
- "bars": false,
628
- "stack": false,
629
- "spyable": true,
630
- "zoomlinks": false,
631
- "options": false,
632
- "legend": false,
633
- "show_query": false,
634
- "interactive": true,
635
- "legend_counts": true,
636
- "timezone": "browser",
637
- "percentage": false,
638
- "zerofill": true,
639
- "derivative": false,
640
- "tooltip": {
641
- "value_type": "cumulative",
642
- "query_as_alias": true
643
- },
644
- "scaleSeconds": true,
645
- "title": "ip src"
646
- },
647
- {
648
- "span": 3,
649
- "editable": true,
650
- "type": "histogram",
651
- "loadingEditor": false,
652
- "mode": "total",
653
- "time_field": "@timestamp",
654
- "value_field": "sflow_frame_length_multiplied",
655
- "x-axis": true,
656
- "y-axis": true,
657
- "scale": 1,
658
- "y_format": "bytes",
659
- "grid": {
660
- "max": null,
661
- "min": 0
662
- },
663
- "queries": {
664
- "mode": "selected",
665
- "ids": [
666
- 4
667
- ]
668
- },
669
- "annotate": {
670
- "enable": false,
671
- "query": "*",
672
- "size": 20,
673
- "field": "_type",
674
- "sort": [
675
- "_score",
676
- "desc"
677
- ]
678
- },
679
- "auto_int": true,
680
- "resolution": 100,
681
- "interval": "1s",
682
- "intervals": [
683
- "auto",
684
- "1s",
685
- "1m",
686
- "5m",
687
- "10m",
688
- "30m",
689
- "1h",
690
- "3h",
691
- "12h",
692
- "1d",
693
- "1w",
694
- "1y"
695
- ],
696
- "lines": true,
697
- "fill": 1,
698
- "linewidth": 2,
699
- "points": false,
700
- "pointradius": 5,
701
- "bars": false,
702
- "stack": false,
703
- "spyable": true,
704
- "zoomlinks": false,
705
- "options": false,
706
- "legend": false,
707
- "show_query": false,
708
- "interactive": true,
709
- "legend_counts": true,
710
- "timezone": "browser",
711
- "percentage": false,
712
- "zerofill": true,
713
- "derivative": false,
714
- "tooltip": {
715
- "value_type": "cumulative",
716
- "query_as_alias": true
717
- },
718
- "title": "vlan src",
719
- "scaleSeconds": true
720
- },
721
- {
722
- "span": 3,
723
- "editable": true,
724
- "type": "histogram",
725
- "loadingEditor": false,
726
- "mode": "total",
727
- "time_field": "@timestamp",
728
- "value_field": "sflow_frame_length_multiplied",
729
- "x-axis": true,
730
- "y-axis": true,
731
- "scale": 1,
732
- "y_format": "bytes",
733
- "grid": {
734
- "max": null,
735
- "min": 0
736
- },
737
- "queries": {
738
- "mode": "selected",
739
- "ids": [
740
- 6
741
- ]
742
- },
743
- "annotate": {
744
- "enable": false,
745
- "query": "*",
746
- "size": 20,
747
- "field": "_type",
748
- "sort": [
749
- "_score",
750
- "desc"
751
- ]
752
- },
753
- "auto_int": true,
754
- "resolution": 100,
755
- "interval": "1s",
756
- "intervals": [
757
- "auto",
758
- "1s",
759
- "1m",
760
- "5m",
761
- "10m",
762
- "30m",
763
- "1h",
764
- "3h",
765
- "12h",
766
- "1d",
767
- "1w",
768
- "1y"
769
- ],
770
- "lines": true,
771
- "fill": 1,
772
- "linewidth": 2,
773
- "points": false,
774
- "pointradius": 5,
775
- "bars": false,
776
- "stack": false,
777
- "spyable": true,
778
- "zoomlinks": false,
779
- "options": false,
780
- "legend": false,
781
- "show_query": false,
782
- "interactive": true,
783
- "legend_counts": true,
784
- "timezone": "browser",
785
- "percentage": false,
786
- "zerofill": true,
787
- "derivative": false,
788
- "tooltip": {
789
- "value_type": "cumulative",
790
- "query_as_alias": true
791
- },
792
- "title": "port src",
793
- "scaleSeconds": true
794
- }
795
- ],
796
- "notice": false
797
- },
798
- {
799
- "title": "dst traffic header",
800
- "height": "100px",
801
- "editable": true,
802
- "collapse": false,
803
- "collapsable": true,
804
- "panels": [
805
- {
806
- "error": false,
807
- "span": 12,
808
- "editable": true,
809
- "type": "text",
810
- "loadingEditor": false,
811
- "mode": "html",
812
- "content": "<center><h1>Traffic by Destination</h1></center>",
813
- "style": {},
814
- "title": "Traffic by Destination"
815
- }
816
- ],
817
- "notice": false
818
- },
819
- {
820
- "title": "top 10s dst",
821
- "height": "250px",
822
- "editable": true,
823
- "collapse": false,
824
- "collapsable": true,
825
- "panels": [
826
- {
827
- "error": false,
828
- "span": 3,
829
- "editable": true,
830
- "type": "terms",
831
- "loadingEditor": false,
832
- "field": "sflow_i_iface_name",
833
- "exclude": [],
834
- "missing": false,
835
- "other": false,
836
- "size": 10,
837
- "order": "total",
838
- "style": {
839
- "font-size": "10pt"
840
- },
841
- "donut": false,
842
- "tilt": false,
843
- "labels": true,
844
- "arrangement": "horizontal",
845
- "chart": "pie",
846
- "counter_pos": "none",
847
- "spyable": true,
848
- "queries": {
849
- "mode": "selected",
850
- "ids": [
851
- 7
852
- ]
853
- },
854
- "tmode": "terms_stats",
855
- "tstat": "total",
856
- "valuefield": "sflow_frame_length_multiplied",
857
- "title": "Interface incoming"
858
- },
859
- {
860
- "error": false,
861
- "span": 3,
862
- "editable": true,
863
- "type": "terms",
864
- "loadingEditor": false,
865
- "field": "sflow_ipv4_dst",
866
- "exclude": [],
867
- "missing": false,
868
- "other": false,
869
- "size": 10,
870
- "order": "total",
871
- "style": {
872
- "font-size": "10pt"
873
- },
874
- "donut": false,
875
- "tilt": false,
876
- "labels": true,
877
- "arrangement": "horizontal",
878
- "chart": "pie",
879
- "counter_pos": "none",
880
- "spyable": true,
881
- "queries": {
882
- "mode": "selected",
883
- "ids": [
884
- 7
885
- ]
886
- },
887
- "tmode": "terms_stats",
888
- "tstat": "total",
889
- "valuefield": "sflow_frame_length_multiplied",
890
- "title": "IP dst"
891
- },
892
- {
893
- "error": false,
894
- "span": 3,
895
- "editable": true,
896
- "type": "terms",
897
- "loadingEditor": false,
898
- "field": "sflow_vlan_dst",
899
- "exclude": [],
900
- "missing": false,
901
- "other": false,
902
- "size": 10,
903
- "order": "total",
904
- "style": {
905
- "font-size": "10pt"
906
- },
907
- "donut": false,
908
- "tilt": false,
909
- "labels": true,
910
- "arrangement": "horizontal",
911
- "chart": "pie",
912
- "counter_pos": "none",
913
- "spyable": true,
914
- "queries": {
915
- "mode": "selected",
916
- "ids": [
917
- 7
918
- ]
919
- },
920
- "tmode": "terms_stats",
921
- "tstat": "total",
922
- "valuefield": "sflow_frame_length_multiplied",
923
- "title": "VLAN dst"
924
- },
925
- {
926
- "error": false,
927
- "span": 3,
928
- "editable": true,
929
- "type": "terms",
930
- "loadingEditor": false,
931
- "field": "sflow_tcp_dst_port",
932
- "exclude": [],
933
- "missing": false,
934
- "other": false,
935
- "size": 10,
936
- "order": "count",
937
- "style": {
938
- "font-size": "10pt"
939
- },
940
- "donut": false,
941
- "tilt": false,
942
- "labels": true,
943
- "arrangement": "horizontal",
944
- "chart": "pie",
945
- "counter_pos": "none",
946
- "spyable": true,
947
- "queries": {
948
- "mode": "selected",
949
- "ids": [
950
- 7
951
- ]
952
- },
953
- "tmode": "terms_stats",
954
- "tstat": "total",
955
- "valuefield": "sflow_frame_length_multiplied",
956
- "title": "ports dst"
957
- }
958
- ],
959
- "notice": false
960
- },
961
- {
962
- "title": "top 10s dst histogram",
963
- "height": "150px",
964
- "editable": true,
965
- "collapse": false,
966
- "collapsable": true,
967
- "panels": [
968
- {
969
- "span": 3,
970
- "editable": true,
971
- "type": "histogram",
972
- "loadingEditor": false,
973
- "mode": "total",
974
- "time_field": "@timestamp",
975
- "value_field": "sflow_frame_length_multiplied",
976
- "x-axis": true,
977
- "y-axis": true,
978
- "scale": 1,
979
- "y_format": "bytes",
980
- "grid": {
981
- "max": null,
982
- "min": 0
983
- },
984
- "queries": {
985
- "mode": "selected",
986
- "ids": [
987
- 0
988
- ]
989
- },
990
- "annotate": {
991
- "enable": false,
992
- "query": "*",
993
- "size": 20,
994
- "field": "_type",
995
- "sort": [
996
- "_score",
997
- "desc"
998
- ]
999
- },
1000
- "auto_int": true,
1001
- "resolution": 100,
1002
- "interval": "1s",
1003
- "intervals": [
1004
- "auto",
1005
- "1s",
1006
- "1m",
1007
- "5m",
1008
- "10m",
1009
- "30m",
1010
- "1h",
1011
- "3h",
1012
- "12h",
1013
- "1d",
1014
- "1w",
1015
- "1y"
1016
- ],
1017
- "lines": true,
1018
- "fill": 1,
1019
- "linewidth": 2,
1020
- "points": false,
1021
- "pointradius": 5,
1022
- "bars": false,
1023
- "stack": false,
1024
- "spyable": true,
1025
- "zoomlinks": false,
1026
- "options": false,
1027
- "legend": false,
1028
- "show_query": false,
1029
- "interactive": true,
1030
- "legend_counts": true,
1031
- "timezone": "browser",
1032
- "percentage": false,
1033
- "zerofill": true,
1034
- "derivative": false,
1035
- "tooltip": {
1036
- "value_type": "cumulative",
1037
- "query_as_alias": true
1038
- },
1039
- "title": "Interface dst",
1040
- "scaleSeconds": true
1041
- },
1042
- {
1043
- "span": 3,
1044
- "editable": true,
1045
- "type": "histogram",
1046
- "loadingEditor": false,
1047
- "mode": "total",
1048
- "time_field": "@timestamp",
1049
- "value_field": "sflow_frame_length_multiplied",
1050
- "x-axis": true,
1051
- "y-axis": true,
1052
- "scale": 1,
1053
- "y_format": "bytes",
1054
- "grid": {
1055
- "max": null,
1056
- "min": 0
1057
- },
1058
- "queries": {
1059
- "mode": "selected",
1060
- "ids": [
1061
- 3
1062
- ]
1063
- },
1064
- "annotate": {
1065
- "enable": false,
1066
- "query": "*",
1067
- "size": 20,
1068
- "field": "_type",
1069
- "sort": [
1070
- "_score",
1071
- "desc"
1072
- ]
1073
- },
1074
- "auto_int": true,
1075
- "resolution": 100,
1076
- "interval": "1s",
1077
- "intervals": [
1078
- "auto",
1079
- "1s",
1080
- "1m",
1081
- "5m",
1082
- "10m",
1083
- "30m",
1084
- "1h",
1085
- "3h",
1086
- "12h",
1087
- "1d",
1088
- "1w",
1089
- "1y"
1090
- ],
1091
- "lines": true,
1092
- "fill": 1,
1093
- "linewidth": 2,
1094
- "points": false,
1095
- "pointradius": 5,
1096
- "bars": false,
1097
- "stack": false,
1098
- "spyable": true,
1099
- "zoomlinks": false,
1100
- "options": false,
1101
- "legend": false,
1102
- "show_query": false,
1103
- "interactive": true,
1104
- "legend_counts": true,
1105
- "timezone": "browser",
1106
- "percentage": false,
1107
- "zerofill": true,
1108
- "derivative": false,
1109
- "tooltip": {
1110
- "value_type": "cumulative",
1111
- "query_as_alias": true
1112
- },
1113
- "title": "ip dst",
1114
- "scaleSeconds": true
1115
- },
1116
- {
1117
- "span": 3,
1118
- "editable": true,
1119
- "type": "histogram",
1120
- "loadingEditor": false,
1121
- "mode": "total",
1122
- "time_field": "@timestamp",
1123
- "value_field": "sflow_frame_length_multiplied",
1124
- "x-axis": true,
1125
- "y-axis": true,
1126
- "scale": 1,
1127
- "y_format": "bytes",
1128
- "grid": {
1129
- "max": null,
1130
- "min": 0
1131
- },
1132
- "queries": {
1133
- "mode": "selected",
1134
- "ids": [
1135
- 5
1136
- ]
1137
- },
1138
- "annotate": {
1139
- "enable": false,
1140
- "query": "*",
1141
- "size": 20,
1142
- "field": "_type",
1143
- "sort": [
1144
- "_score",
1145
- "desc"
1146
- ]
1147
- },
1148
- "auto_int": true,
1149
- "resolution": 100,
1150
- "interval": "1s",
1151
- "intervals": [
1152
- "auto",
1153
- "1s",
1154
- "1m",
1155
- "5m",
1156
- "10m",
1157
- "30m",
1158
- "1h",
1159
- "3h",
1160
- "12h",
1161
- "1d",
1162
- "1w",
1163
- "1y"
1164
- ],
1165
- "lines": true,
1166
- "fill": 1,
1167
- "linewidth": 2,
1168
- "points": false,
1169
- "pointradius": 5,
1170
- "bars": false,
1171
- "stack": false,
1172
- "spyable": true,
1173
- "zoomlinks": false,
1174
- "options": false,
1175
- "legend": false,
1176
- "show_query": false,
1177
- "interactive": true,
1178
- "legend_counts": true,
1179
- "timezone": "browser",
1180
- "percentage": false,
1181
- "zerofill": true,
1182
- "derivative": false,
1183
- "tooltip": {
1184
- "value_type": "cumulative",
1185
- "query_as_alias": true
1186
- },
1187
- "title": "vlan dst",
1188
- "scaleSeconds": true
1189
- },
1190
- {
1191
- "span": 3,
1192
- "editable": true,
1193
- "type": "histogram",
1194
- "loadingEditor": false,
1195
- "mode": "total",
1196
- "time_field": "@timestamp",
1197
- "value_field": "sflow_frame_length_multiplied",
1198
- "x-axis": true,
1199
- "y-axis": true,
1200
- "scale": 1,
1201
- "y_format": "bytes",
1202
- "grid": {
1203
- "max": null,
1204
- "min": 0
1205
- },
1206
- "queries": {
1207
- "mode": "selected",
1208
- "ids": [
1209
- 8
1210
- ]
1211
- },
1212
- "annotate": {
1213
- "enable": false,
1214
- "query": "*",
1215
- "size": 20,
1216
- "field": "_type",
1217
- "sort": [
1218
- "_score",
1219
- "desc"
1220
- ]
1221
- },
1222
- "auto_int": true,
1223
- "resolution": 100,
1224
- "interval": "1s",
1225
- "intervals": [
1226
- "auto",
1227
- "1s",
1228
- "1m",
1229
- "5m",
1230
- "10m",
1231
- "30m",
1232
- "1h",
1233
- "3h",
1234
- "12h",
1235
- "1d",
1236
- "1w",
1237
- "1y"
1238
- ],
1239
- "lines": true,
1240
- "fill": 1,
1241
- "linewidth": 2,
1242
- "points": false,
1243
- "pointradius": 5,
1244
- "bars": false,
1245
- "stack": false,
1246
- "spyable": true,
1247
- "zoomlinks": false,
1248
- "options": false,
1249
- "legend": false,
1250
- "show_query": false,
1251
- "interactive": true,
1252
- "legend_counts": true,
1253
- "timezone": "browser",
1254
- "percentage": false,
1255
- "zerofill": true,
1256
- "derivative": false,
1257
- "tooltip": {
1258
- "value_type": "cumulative",
1259
- "query_as_alias": true
1260
- },
1261
- "title": "ip dst",
1262
- "scaleSeconds": true
1263
- }
1264
- ],
1265
- "notice": false
1266
- },
1267
- {
1268
- "title": "table",
1269
- "height": "350px",
1270
- "editable": true,
1271
- "collapse": false,
1272
- "collapsable": true,
1273
- "panels": [],
1274
- "notice": false
1275
- }
1276
- ],
1277
- "editable": true,
1278
- "failover": false,
1279
- "index": {
1280
- "interval": "day",
1281
- "pattern": "[logstash-]YYYY.MM.DD",
1282
- "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
1283
- "warm_fields": true
1284
- },
1285
- "style": "light",
1286
- "panel_hints": true,
1287
- "loader": {
1288
- "save_gist": false,
1289
- "save_elasticsearch": true,
1290
- "save_local": true,
1291
- "save_default": true,
1292
- "save_temp": true,
1293
- "save_temp_ttl_enable": true,
1294
- "save_temp_ttl": "30d",
1295
- "load_gist": true,
1296
- "load_elasticsearch": true,
1297
- "load_elasticsearch_size": 20,
1298
- "load_local": true,
1299
- "hide": false
1300
- },
1301
- "pulldowns": [
1302
- {
1303
- "type": "query",
1304
- "collapse": false,
1305
- "notice": false,
1306
- "enable": true,
1307
- "query": "*",
1308
- "pinned": false,
1309
- "history": [
1310
- "*",
1311
- "syslog_severity:\"error\" AND (*)",
1312
- "syslog_severity:\"warning\" AND (*)",
1313
- "syslog_severity:\"critical\" AND (*)",
1314
- "syslog_severity:\"alert\" AND (*)",
1315
- "syslog_severity:\"notice\" AND (*)",
1316
- "syslog_severity:\"informational\" AND (*)",
1317
- "syslog_severity:\"debug\" AND (*)"
1318
- ],
1319
- "remember": 10
1320
- },
1321
- {
1322
- "type": "filtering",
1323
- "collapse": false,
1324
- "notice": true,
1325
- "enable": true
1326
- }
1327
- ],
1328
- "nav": [
1329
- {
1330
- "type": "timepicker",
1331
- "collapse": false,
1332
- "notice": false,
1333
- "enable": true,
1334
- "status": "Stable",
1335
- "time_options": [
1336
- "5m",
1337
- "15m",
1338
- "1h",
1339
- "6h",
1340
- "12h",
1341
- "24h",
1342
- "2d",
1343
- "7d",
1344
- "30d"
1345
- ],
1346
- "refresh_intervals": [
1347
- "5s",
1348
- "10s",
1349
- "30s",
1350
- "1m",
1351
- "5m",
1352
- "15m",
1353
- "30m",
1354
- "1h",
1355
- "2h",
1356
- "1d"
1357
- ],
1358
- "timefield": "@timestamp",
1359
- "now": true,
1360
- "filter_id": 0
1361
- }
1362
- ],
1363
- "refresh": false
1364
- }