fluent-plugin-sflow 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (40) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +9 -0
  3. data/.gitmodules +3 -0
  4. data/.travis.yml +5 -0
  5. data/Gemfile +4 -0
  6. data/LICENSE.txt +21 -0
  7. data/README.md +35 -0
  8. data/Rakefile +12 -0
  9. data/bin/console +14 -0
  10. data/bin/setup +8 -0
  11. data/example/fluentd.conf +9 -0
  12. data/fluent-plugin-sflow.gemspec +42 -0
  13. data/lib/fluent/plugin/in_sflow.rb +45 -0
  14. data/lib/sflow/Gemfile +8 -0
  15. data/lib/sflow/Gemfile.lock +38 -0
  16. data/lib/sflow/LICENSE.txt +22 -0
  17. data/lib/sflow/README.md +67 -0
  18. data/lib/sflow/Rakefile +12 -0
  19. data/lib/sflow/bin/bundler +16 -0
  20. data/lib/sflow/bin/rake +16 -0
  21. data/lib/sflow/bin/sflow.rb +7 -0
  22. data/lib/sflow/etc/config.yaml +10 -0
  23. data/lib/sflow/lib/sflow.rb +10 -0
  24. data/lib/sflow/lib/sflow/collector.rb +69 -0
  25. data/lib/sflow/lib/sflow/config.rb +15 -0
  26. data/lib/sflow/lib/sflow/models/binary_models.rb +176 -0
  27. data/lib/sflow/lib/sflow/models/ipv4header.rb +69 -0
  28. data/lib/sflow/lib/sflow/models/protocol.rb +47 -0
  29. data/lib/sflow/lib/sflow/models/tcpheader.rb +82 -0
  30. data/lib/sflow/lib/sflow/models/udpheader.rb +36 -0
  31. data/lib/sflow/lib/sflow/parsers/parsers.rb +68 -0
  32. data/lib/sflow/lib/sflow/snmp/iface_names.rb +40 -0
  33. data/lib/sflow/lib/sflow/storage/storage.rb +34 -0
  34. data/lib/sflow/lib/sflow/version.rb +3 -0
  35. data/lib/sflow/misc/kibana-schema.json +1364 -0
  36. data/lib/sflow/misc/screen1.png +0 -0
  37. data/lib/sflow/sflow.gemspec +23 -0
  38. data/lib/sflow/test/lib/sflow/version_test.rb +8 -0
  39. data/lib/sflow/test/test_helper.rb +4 -0
  40. metadata +180 -0
data/lib/sflow/lib/sflow/models/udpheader.rb ADDED
@@ -0,0 +1,36 @@
1
+ class UDPHeader
2
+
3
+ attr_reader :sndr_port,:dist_port,:packet_length,:checksum,
4
+ :data_length,:lower
5
+
6
+ def initialize(packet,offset=0,length=nil,lower=nil)
7
+ @packet = packet
8
+ @offset = offset
9
+ header = packet.unpack("x#{offset}n4")
10
+ @sndr_port = header[0]
11
+ @dist_port = header[1]
12
+ @packet_length = header[2]
13
+ @checksum = header[3]
14
+ @data_length = @packet_length - 8
15
+ @lower = lower
16
+ end
17
+
18
+ def data
19
+ if(@packet_length>8)
20
+ @packet[@offset+8..@offset+@packet_length]
21
+ else
22
+ ""
23
+ end
24
+ end
25
+
26
+ def to_s
27
+ "" <<
28
+ "UDP Header\n" <<
29
+ " Sender Port : #{@sndr_port}\n" <<
30
+ " Distication Port: #{@dist_port}\n" <<
31
+ " Packet Length : #{@packet_length}\n" <<
32
+ " Checksum : #{@checksum}\n" <<
33
+ " (Data Length) : #{@data_length}"
34
+ end
35
+
36
+ end
data/lib/sflow/lib/sflow/parsers/parsers.rb ADDED
@@ -0,0 +1,68 @@
1
+ class SflowParser
2
+ require 'ipaddr'
3
+ def self.parse_packet(data)
4
+ header = Header.read(data)
5
+ if header.version == 5
6
+ agent_address = IPAddr.new(header.agent_address, Socket::AF_INET).to_s
7
+ @sflow = {"agent_address" => $switch_hash[agent_address]}
8
+
9
+ header.flow_samples.each do |sample|
10
+ if sample.sflow_sample_type == 3 or sample.sflow_sample_type == 1
11
+ sampledata = Sflow5sampleheader3.read(sample.sample_data) if sample.sflow_sample_type == 3
12
+ sampledata = Sflow5sampleheader1.read(sample.sample_data) if sample.sflow_sample_type == 1
13
+ sflow_sample = {"sampling_rate" => sampledata.sampling_rate, "i_iface_value" => sampledata.i_iface_value.to_i, "o_iface_value" => sampledata.o_iface_value.to_i}
14
+ @sflow.merge!(sflow_sample)
15
+
16
+ sampledata.records.each do |record|
17
+ if record.format == 1001
18
+ extswitch = Sflow5extswitch.read(record.record_data)
19
+ sflow_switch = {"vlan_src" => extswitch.src_vlan.to_i, "vlan_dst" => extswitch.dst_vlan.to_i}
20
+ @sflow.merge!(sflow_switch)
21
+ elsif record.format == 1
22
+ rawpacket = Sflow5rawpacket.read(record.record_data)
23
+ if rawpacket.header_protocol == 1 # Ethernet
24
+ eth_header = Sflow5rawpacketheaderEthernet.read(rawpacket.rawpacket_data.to_ary.join)
25
+ ip_packet = eth_header.ethernetdata.to_ary.join
26
+ if eth_header.eth_type == 33024 #VLAN TAG
27
+ vlan_header = Sflow5rawpacketdataVLAN.read(eth_header.ethernetdata.to_ary.join)
28
+ ip_packet = vlan_header.vlandata.to_ary.join
29
+ end
30
+ end
31
+ ipv4 = IPv4Header.new(ip_packet)
32
+ sflow_ip = {"ipv4_src" => ipv4.sndr_addr,"ipv4_dst" => ipv4.dest_addr}
33
+ @sflow.merge!(sflow_ip)
34
+
35
+ if ipv4.protocol == 6
36
+ sflow_frame = {"frame_length" => rawpacket.frame_length.to_i, "frame_length_multiplied" => rawpacket.frame_length.to_i * sflow_sample["sampling_rate"].to_i}
37
+ @sflow.merge!(sflow_frame)
38
+ header = TCPHeader.new(ipv4.data)
39
+ sflow_header = {"tcp_src_port" => header.sndr_port.to_i, "tcp_dst_port" => header.dest_port.to_i}
40
+ @sflow.merge!(sflow_header)
41
+ elsif ipv4.protocol == 17
42
+ header = UDPHeader.new(ipv4.data)
43
+ sflow_header = {"udp_src_port" => header.sndr_port.to_i, "udp_dst_port" => header.dist_port.to_i}
44
+ @sflow.merge!(sflow_header)
45
+ end
46
+
47
+ end
48
+ end
49
+
50
+ elsif sample.sflow_sample_type == 4 or sample.sflow_sample_type == 2
51
+ sampledata = Sflow5counterheader4.read(sample.sample_data) if sample.sflow_sample_type == 4
52
+ sampledata = Sflow5counterheader2.read(sample.sample_data) if sample.sflow_sample_type == 2
53
+ sampledata.records.each do |record|
54
+ if record.format == 1
55
+ generic_int_counter = Sflow5genericcounter.read(record.record_data)
56
+ sflow_counter = {"i_octets" => generic_int_counter.input_octets.to_i, "o_octets" => generic_int_counter.output_octets.to_i, "interface" => generic_int_counter.int_index.to_i, "input_packets_error" => generic_int_counter.input_packets_error.to_i, "output_packets_error" => generic_int_counter.output_packets_error.to_i}
57
+ @sflow.merge!(sflow_counter)
58
+ elsif record.format == 2
59
+ eth_int_counter = Sflow5ethcounter.read(record.record_data)
60
+ @sflow
61
+ end
62
+ end
63
+ end
64
+ end
65
+ end
66
+ return @sflow
67
+ end
68
+ end
data/lib/sflow/lib/sflow/snmp/iface_names.rb ADDED
@@ -0,0 +1,40 @@
1
+ class SNMPwalk
2
+
3
+ attr_accessor :switchport
4
+ def initialize(switchips)
5
+ print "Getting switch interface names "
6
+ @switchport = {}
7
+ switchips.each do |switchip|
8
+ switch = Resolv.new.getname(switchip).split(/\./)[0]
9
+ ports = {}
10
+
11
+ snmpoutput = `snmpwalk -v2c -c public #{switchip} 1.3.6.1.2.1.2.2.1.2`
12
+ snmpoutput.each_line do |line|
13
+ split = line.split(/\s/)
14
+ port = split[0].split(/\./).last
15
+ if split[3] =~ /GigabitEthernet/
16
+ portname = split[3].scan(/\d+/).join('/')
17
+ else
18
+ portname = split[3]
19
+ end
20
+ hashp = { port => portname }
21
+ ports.merge!(hashp)
22
+ end
23
+
24
+ hashs = { switch => ports }
25
+ @switchport.merge!(hashs)
26
+ print "."
27
+ end
28
+ puts " done."
29
+ @switchport
30
+ end
31
+
32
+ def self.mapswitchportname(agent_address,iface)
33
+ if $switchportnames.switchport["#{agent_address}"]["#{iface}"]
34
+ $switchportnames.switchport["#{agent_address}"]["#{iface}"]
35
+ else
36
+ agent_address
37
+ end
38
+ end
39
+
40
+ end
data/lib/sflow/lib/sflow/storage/storage.rb ADDED
@@ -0,0 +1,34 @@
1
+ class SflowStorage
2
+ require 'json'
3
+
4
+ def self.send_udpjson(sflow)
5
+
6
+ #remap hash-keys with prefix "sflow_"
7
+ mappings = {"agent_address" => "sflow_agent_address",
8
+ "sampling_rate" => "sflow_sampling_rate",
9
+ "i_iface_value" => "sflow_i_iface_value",
10
+ "o_iface_value" => "sflow_o_iface_value",
11
+ "vlan_src" => "sflow_vlan_src",
12
+ "vlan_dst" => "sflow_vlan_dst",
13
+ "ipv4_src" => "sflow_ipv4_src",
14
+ "ipv4_dst" => "sflow_ipv4_dst",
15
+ "frame_length" => "sflow_frame_length",
16
+ "frame_length_multiplied" => "sflow_frame_length_multiplied",
17
+ "tcp_src_port" => "sflow_tcp_src_port",
18
+ "tcp_dst_port" => "sflow_tcp_dst_port"
19
+ }
20
+
21
+ prefixed_sflow = Hash[sflow.map {|k, v| [mappings[k], v] }]
22
+
23
+ if sflow['i_iface_value'] and sflow['o_iface_value']
24
+ i_iface_name = {"sflow_i_iface_name" => SNMPwalk.mapswitchportname(sflow['agent_address'],sflow['i_iface_value'])}
25
+ o_iface_name = {"sflow_o_iface_name" => SNMPwalk.mapswitchportname(sflow['agent_address'],sflow['o_iface_value'])}
26
+ prefixed_sflow.merge!(i_iface_name)
27
+ prefixed_sflow.merge!(o_iface_name)
28
+ end
29
+
30
+ $logstash.send(prefixed_sflow.to_json, 0)
31
+
32
+ end
33
+
34
+ end
data/lib/sflow/lib/sflow/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module Sflow
2
+ VERSION = "0.0.1"
3
+ end
data/lib/sflow/misc/kibana-schema.json ADDED
@@ -0,0 +1,1364 @@
1
+ {
2
+ "title": "sflow-ng",
3
+ "services": {
4
+ "query": {
5
+ "idQueue": [
6
+ 0,
7
+ 8,
8
+ 9,
9
+ 10,
10
+ 11,
11
+ 12,
12
+ 13
13
+ ],
14
+ "list": {
15
+ "0": {
16
+ "id": 0,
17
+ "type": "topN",
18
+ "query": "*",
19
+ "alias": "interface in",
20
+ "color": "#BF1B00",
21
+ "pin": true,
22
+ "enable": true,
23
+ "field": "sflow_o_iface_name.raw",
24
+ "size": 3,
25
+ "union": "AND"
26
+ },
27
+ "1": {
28
+ "id": 1,
29
+ "type": "topN",
30
+ "query": "*",
31
+ "alias": "interface out",
32
+ "color": "#BF1B00",
33
+ "pin": true,
34
+ "enable": true,
35
+ "field": "sflow_i_iface_name.raw",
36
+ "size": 3,
37
+ "union": "AND"
38
+ },
39
+ "2": {
40
+ "id": 2,
41
+ "type": "topN",
42
+ "query": "*",
43
+ "alias": "ip src",
44
+ "color": "#0A50A1",
45
+ "pin": true,
46
+ "enable": true,
47
+ "field": "sflow_ipv4_src.raw",
48
+ "size": 3,
49
+ "union": "AND"
50
+ },
51
+ "3": {
52
+ "id": 3,
53
+ "type": "topN",
54
+ "query": "*",
55
+ "alias": "ip dst",
56
+ "color": "#0A50A1",
57
+ "pin": true,
58
+ "enable": true,
59
+ "field": "sflow_ipv4_dst.raw",
60
+ "size": 3,
61
+ "union": "AND"
62
+ },
63
+ "4": {
64
+ "id": 4,
65
+ "type": "topN",
66
+ "query": "*",
67
+ "alias": "vlanc src",
68
+ "color": "#629E51",
69
+ "pin": true,
70
+ "enable": true,
71
+ "field": "sflow_vlan_src",
72
+ "size": 5,
73
+ "union": "AND"
74
+ },
75
+ "5": {
76
+ "id": 5,
77
+ "type": "topN",
78
+ "query": "*",
79
+ "alias": "vlan dst",
80
+ "color": "#629E51",
81
+ "pin": true,
82
+ "enable": true,
83
+ "field": "sflow_vlan_dst",
84
+ "size": 3,
85
+ "union": "AND"
86
+ },
87
+ "6": {
88
+ "id": 6,
89
+ "type": "topN",
90
+ "query": "*",
91
+ "alias": "port src",
92
+ "color": "#BA43A9",
93
+ "pin": true,
94
+ "enable": true,
95
+ "field": "sflow_tcp_src_port",
96
+ "size": 3,
97
+ "union": "AND"
98
+ },
99
+ "7": {
100
+ "id": 7,
101
+ "type": "lucene",
102
+ "query": "*",
103
+ "alias": "searchquery",
104
+ "color": "#052B51",
105
+ "pin": false,
106
+ "enable": true
107
+ },
108
+ "8": {
109
+ "id": 8,
110
+ "type": "topN",
111
+ "query": "*",
112
+ "alias": "port dst",
113
+ "color": "#BA43A9",
114
+ "pin": true,
115
+ "enable": true,
116
+ "field": "sflow_tcp_dst_port",
117
+ "size": 3,
118
+ "union": "AND"
119
+ }
120
+ },
121
+ "ids": [
122
+ 0,
123
+ 1,
124
+ 2,
125
+ 3,
126
+ 4,
127
+ 5,
128
+ 6,
129
+ 7,
130
+ 8
131
+ ]
132
+ },
133
+ "filter": {
134
+ "idQueue": [
135
+ 1
136
+ ],
137
+ "list": {
138
+ "0": {
139
+ "type": "time",
140
+ "field": "@timestamp",
141
+ "from": "now-5m",
142
+ "to": "now",
143
+ "mandate": "must",
144
+ "active": true,
145
+ "alias": "",
146
+ "id": 0
147
+ },
148
+ "1": {
149
+ "type": "querystring",
150
+ "query": "type:sflow",
151
+ "mandate": "must",
152
+ "active": true,
153
+ "alias": "",
154
+ "id": 1
155
+ }
156
+ },
157
+ "ids": [
158
+ 0,
159
+ 1
160
+ ]
161
+ }
162
+ },
163
+ "rows": [
164
+ {
165
+ "title": "Graph",
166
+ "height": "350px",
167
+ "editable": true,
168
+ "collapse": false,
169
+ "collapsable": true,
170
+ "panels": [
171
+ {
172
+ "span": 12,
173
+ "editable": true,
174
+ "group": [
175
+ "default"
176
+ ],
177
+ "type": "histogram",
178
+ "mode": "total",
179
+ "time_field": "@timestamp",
180
+ "value_field": "sflow_frame_length_multiplied",
181
+ "auto_int": true,
182
+ "resolution": 100,
183
+ "interval": "1s",
184
+ "fill": 4,
185
+ "linewidth": 2,
186
+ "timezone": "browser",
187
+ "spyable": true,
188
+ "zoomlinks": true,
189
+ "bars": false,
190
+ "stack": true,
191
+ "points": false,
192
+ "lines": true,
193
+ "legend": true,
194
+ "x-axis": true,
195
+ "y-axis": true,
196
+ "percentage": false,
197
+ "interactive": true,
198
+ "queries": {
199
+ "mode": "selected",
200
+ "ids": [
201
+ 7
202
+ ]
203
+ },
204
+ "title": "Events over time",
205
+ "intervals": [
206
+ "auto",
207
+ "1s",
208
+ "1m",
209
+ "5m",
210
+ "10m",
211
+ "30m",
212
+ "1h",
213
+ "3h",
214
+ "12h",
215
+ "1d",
216
+ "1w",
217
+ "1M",
218
+ "1y"
219
+ ],
220
+ "options": true,
221
+ "tooltip": {
222
+ "value_type": "cumulative",
223
+ "query_as_alias": true
224
+ },
225
+ "scale": "1",
226
+ "y_format": "bytes",
227
+ "grid": {
228
+ "max": null,
229
+ "min": 0
230
+ },
231
+ "annotate": {
232
+ "enable": false,
233
+ "query": "*",
234
+ "size": 20,
235
+ "field": "_type",
236
+ "sort": [
237
+ "_score",
238
+ "desc"
239
+ ]
240
+ },
241
+ "pointradius": 5,
242
+ "show_query": true,
243
+ "legend_counts": true,
244
+ "zerofill": true,
245
+ "derivative": false,
246
+ "scaleSeconds": true
247
+ }
248
+ ],
249
+ "notice": false
250
+ },
251
+ {
252
+ "title": "top 10s",
253
+ "height": "350px",
254
+ "editable": true,
255
+ "collapse": false,
256
+ "collapsable": true,
257
+ "panels": [
258
+ {
259
+ "error": false,
260
+ "span": 7,
261
+ "editable": true,
262
+ "type": "terms",
263
+ "loadingEditor": false,
264
+ "field": "sflow_agent_address",
265
+ "exclude": [],
266
+ "missing": false,
267
+ "other": false,
268
+ "size": 10,
269
+ "order": "total",
270
+ "style": {
271
+ "font-size": "10pt"
272
+ },
273
+ "donut": false,
274
+ "tilt": false,
275
+ "labels": true,
276
+ "arrangement": "horizontal",
277
+ "chart": "bar",
278
+ "counter_pos": "above",
279
+ "spyable": true,
280
+ "queries": {
281
+ "mode": "selected",
282
+ "ids": [
283
+ 7
284
+ ]
285
+ },
286
+ "tmode": "terms_stats",
287
+ "tstat": "total",
288
+ "valuefield": "sflow_frame_length_multiplied",
289
+ "title": "Switch"
290
+ },
291
+ {
292
+ "error": false,
293
+ "span": 1,
294
+ "editable": true,
295
+ "type": "stats",
296
+ "loadingEditor": false,
297
+ "queries": {
298
+ "mode": "selected",
299
+ "ids": [
300
+ 7
301
+ ]
302
+ },
303
+ "style": {
304
+ "font-size": "24pt"
305
+ },
306
+ "format": "bytes",
307
+ "mode": "total",
308
+ "display_breakdown": "yes",
309
+ "sort_field": "variance",
310
+ "sort_reverse": true,
311
+ "label_name": "Query",
312
+ "value_name": "Value",
313
+ "spyable": true,
314
+ "show": {
315
+ "count": true,
316
+ "min": true,
317
+ "max": true,
318
+ "mean": true,
319
+ "std_deviation": true,
320
+ "sum_of_squares": true,
321
+ "total": true,
322
+ "variance": true
323
+ },
324
+ "field": "sflow_frame_length_multiplied"
325
+ }
326
+ ],
327
+ "notice": false
328
+ },
329
+ {
330
+ "title": "src traffic header",
331
+ "height": "10px",
332
+ "editable": true,
333
+ "collapse": false,
334
+ "collapsable": true,
335
+ "panels": [
336
+ {
337
+ "error": false,
338
+ "span": 12,
339
+ "editable": true,
340
+ "type": "text",
341
+ "loadingEditor": false,
342
+ "mode": "html",
343
+ "content": "<center><h1>Traffic by Source</h1></center>",
344
+ "style": {},
345
+ "title": "Traffic by Source"
346
+ }
347
+ ],
348
+ "notice": false
349
+ },
350
+ {
351
+ "title": "top 10s src",
352
+ "height": "250px",
353
+ "editable": true,
354
+ "collapse": false,
355
+ "collapsable": true,
356
+ "panels": [
357
+ {
358
+ "error": false,
359
+ "span": 3,
360
+ "editable": true,
361
+ "type": "terms",
362
+ "loadingEditor": false,
363
+ "field": "sflow_o_iface_name",
364
+ "exclude": [],
365
+ "missing": false,
366
+ "other": false,
367
+ "size": 10,
368
+ "order": "total",
369
+ "style": {
370
+ "font-size": "10pt"
371
+ },
372
+ "donut": false,
373
+ "tilt": false,
374
+ "labels": true,
375
+ "arrangement": "horizontal",
376
+ "chart": "pie",
377
+ "counter_pos": "none",
378
+ "spyable": true,
379
+ "queries": {
380
+ "mode": "selected",
381
+ "ids": [
382
+ 7
383
+ ]
384
+ },
385
+ "tmode": "terms_stats",
386
+ "tstat": "total",
387
+ "valuefield": "sflow_frame_length_multiplied",
388
+ "title": "Interface outgoing"
389
+ },
390
+ {
391
+ "error": false,
392
+ "span": 3,
393
+ "editable": true,
394
+ "type": "terms",
395
+ "loadingEditor": false,
396
+ "field": "sflow_ipv4_src",
397
+ "exclude": [],
398
+ "missing": false,
399
+ "other": false,
400
+ "size": 10,
401
+ "order": "total",
402
+ "style": {
403
+ "font-size": "10pt"
404
+ },
405
+ "donut": false,
406
+ "tilt": false,
407
+ "labels": true,
408
+ "arrangement": "horizontal",
409
+ "chart": "pie",
410
+ "counter_pos": "none",
411
+ "spyable": true,
412
+ "queries": {
413
+ "mode": "selected",
414
+ "ids": [
415
+ 7
416
+ ]
417
+ },
418
+ "tmode": "terms_stats",
419
+ "tstat": "total",
420
+ "valuefield": "sflow_frame_length_multiplied",
421
+ "title": "IP src"
422
+ },
423
+ {
424
+ "error": false,
425
+ "span": 3,
426
+ "editable": true,
427
+ "type": "terms",
428
+ "loadingEditor": false,
429
+ "field": "sflow_vlan_src",
430
+ "exclude": [],
431
+ "missing": false,
432
+ "other": false,
433
+ "size": 10,
434
+ "order": "total",
435
+ "style": {
436
+ "font-size": "10pt"
437
+ },
438
+ "donut": false,
439
+ "tilt": false,
440
+ "labels": true,
441
+ "arrangement": "horizontal",
442
+ "chart": "pie",
443
+ "counter_pos": "none",
444
+ "spyable": true,
445
+ "queries": {
446
+ "mode": "selected",
447
+ "ids": [
448
+ 7
449
+ ]
450
+ },
451
+ "tmode": "terms_stats",
452
+ "tstat": "total",
453
+ "valuefield": "sflow_frame_length_multiplied",
454
+ "title": "vlan src"
455
+ },
456
+ {
457
+ "error": false,
458
+ "span": 3,
459
+ "editable": true,
460
+ "type": "terms",
461
+ "loadingEditor": false,
462
+ "field": "sflow_tcp_dst_port",
463
+ "exclude": [],
464
+ "missing": false,
465
+ "other": false,
466
+ "size": 10,
467
+ "order": "total",
468
+ "style": {
469
+ "font-size": "10pt"
470
+ },
471
+ "donut": false,
472
+ "tilt": false,
473
+ "labels": true,
474
+ "arrangement": "horizontal",
475
+ "chart": "pie",
476
+ "counter_pos": "none",
477
+ "spyable": true,
478
+ "queries": {
479
+ "mode": "selected",
480
+ "ids": [
481
+ 7
482
+ ]
483
+ },
484
+ "tmode": "terms_stats",
485
+ "tstat": "total",
486
+ "valuefield": "sflow_frame_length_multiplied",
487
+ "title": "Port src"
488
+ }
489
+ ],
490
+ "notice": false
491
+ },
492
+ {
493
+ "title": "top 10s src histogram",
494
+ "height": "150px",
495
+ "editable": true,
496
+ "collapse": false,
497
+ "collapsable": true,
498
+ "panels": [
499
+ {
500
+ "span": 3,
501
+ "editable": true,
502
+ "type": "histogram",
503
+ "loadingEditor": false,
504
+ "mode": "total",
505
+ "time_field": "@timestamp",
506
+ "value_field": "sflow_frame_length_multiplied",
507
+ "x-axis": true,
508
+ "y-axis": true,
509
+ "scale": 1,
510
+ "y_format": "bytes",
511
+ "grid": {
512
+ "max": null,
513
+ "min": 3
514
+ },
515
+ "queries": {
516
+ "mode": "selected",
517
+ "ids": [
518
+ 1
519
+ ]
520
+ },
521
+ "annotate": {
522
+ "enable": false,
523
+ "query": "*",
524
+ "size": 20,
525
+ "field": "_type",
526
+ "sort": [
527
+ "_score",
528
+ "desc"
529
+ ]
530
+ },
531
+ "auto_int": true,
532
+ "resolution": 100,
533
+ "interval": "1s",
534
+ "intervals": [
535
+ "auto",
536
+ "1s",
537
+ "1m",
538
+ "5m",
539
+ "10m",
540
+ "30m",
541
+ "1h",
542
+ "3h",
543
+ "12h",
544
+ "1d",
545
+ "1w",
546
+ "1y"
547
+ ],
548
+ "lines": true,
549
+ "fill": 1,
550
+ "linewidth": 2,
551
+ "points": false,
552
+ "pointradius": 5,
553
+ "bars": false,
554
+ "stack": false,
555
+ "spyable": true,
556
+ "zoomlinks": false,
557
+ "options": false,
558
+ "legend": false,
559
+ "show_query": false,
560
+ "interactive": true,
561
+ "legend_counts": true,
562
+ "timezone": "browser",
563
+ "percentage": false,
564
+ "zerofill": true,
565
+ "derivative": false,
566
+ "tooltip": {
567
+ "value_type": "cumulative",
568
+ "query_as_alias": true
569
+ },
570
+ "title": "interface src",
571
+ "scaleSeconds": true
572
+ },
573
+ {
574
+ "span": 3,
575
+ "editable": true,
576
+ "type": "histogram",
577
+ "loadingEditor": false,
578
+ "mode": "total",
579
+ "time_field": "@timestamp",
580
+ "value_field": "sflow_frame_length_multiplied",
581
+ "x-axis": true,
582
+ "y-axis": true,
583
+ "scale": 1,
584
+ "y_format": "bytes",
585
+ "grid": {
586
+ "max": null,
587
+ "min": 0
588
+ },
589
+ "queries": {
590
+ "mode": "selected",
591
+ "ids": [
592
+ 2
593
+ ]
594
+ },
595
+ "annotate": {
596
+ "enable": false,
597
+ "query": "*",
598
+ "size": 20,
599
+ "field": "_type",
600
+ "sort": [
601
+ "_score",
602
+ "desc"
603
+ ]
604
+ },
605
+ "auto_int": true,
606
+ "resolution": 100,
607
+ "interval": "1s",
608
+ "intervals": [
609
+ "auto",
610
+ "1s",
611
+ "1m",
612
+ "5m",
613
+ "10m",
614
+ "30m",
615
+ "1h",
616
+ "3h",
617
+ "12h",
618
+ "1d",
619
+ "1w",
620
+ "1y"
621
+ ],
622
+ "lines": true,
623
+ "fill": 1,
624
+ "linewidth": 2,
625
+ "points": false,
626
+ "pointradius": 5,
627
+ "bars": false,
628
+ "stack": false,
629
+ "spyable": true,
630
+ "zoomlinks": false,
631
+ "options": false,
632
+ "legend": false,
633
+ "show_query": false,
634
+ "interactive": true,
635
+ "legend_counts": true,
636
+ "timezone": "browser",
637
+ "percentage": false,
638
+ "zerofill": true,
639
+ "derivative": false,
640
+ "tooltip": {
641
+ "value_type": "cumulative",
642
+ "query_as_alias": true
643
+ },
644
+ "scaleSeconds": true,
645
+ "title": "ip src"
646
+ },
647
+ {
648
+ "span": 3,
649
+ "editable": true,
650
+ "type": "histogram",
651
+ "loadingEditor": false,
652
+ "mode": "total",
653
+ "time_field": "@timestamp",
654
+ "value_field": "sflow_frame_length_multiplied",
655
+ "x-axis": true,
656
+ "y-axis": true,
657
+ "scale": 1,
658
+ "y_format": "bytes",
659
+ "grid": {
660
+ "max": null,
661
+ "min": 0
662
+ },
663
+ "queries": {
664
+ "mode": "selected",
665
+ "ids": [
666
+ 4
667
+ ]
668
+ },
669
+ "annotate": {
670
+ "enable": false,
671
+ "query": "*",
672
+ "size": 20,
673
+ "field": "_type",
674
+ "sort": [
675
+ "_score",
676
+ "desc"
677
+ ]
678
+ },
679
+ "auto_int": true,
680
+ "resolution": 100,
681
+ "interval": "1s",
682
+ "intervals": [
683
+ "auto",
684
+ "1s",
685
+ "1m",
686
+ "5m",
687
+ "10m",
688
+ "30m",
689
+ "1h",
690
+ "3h",
691
+ "12h",
692
+ "1d",
693
+ "1w",
694
+ "1y"
695
+ ],
696
+ "lines": true,
697
+ "fill": 1,
698
+ "linewidth": 2,
699
+ "points": false,
700
+ "pointradius": 5,
701
+ "bars": false,
702
+ "stack": false,
703
+ "spyable": true,
704
+ "zoomlinks": false,
705
+ "options": false,
706
+ "legend": false,
707
+ "show_query": false,
708
+ "interactive": true,
709
+ "legend_counts": true,
710
+ "timezone": "browser",
711
+ "percentage": false,
712
+ "zerofill": true,
713
+ "derivative": false,
714
+ "tooltip": {
715
+ "value_type": "cumulative",
716
+ "query_as_alias": true
717
+ },
718
+ "title": "vlan src",
719
+ "scaleSeconds": true
720
+ },
721
+ {
722
+ "span": 3,
723
+ "editable": true,
724
+ "type": "histogram",
725
+ "loadingEditor": false,
726
+ "mode": "total",
727
+ "time_field": "@timestamp",
728
+ "value_field": "sflow_frame_length_multiplied",
729
+ "x-axis": true,
730
+ "y-axis": true,
731
+ "scale": 1,
732
+ "y_format": "bytes",
733
+ "grid": {
734
+ "max": null,
735
+ "min": 0
736
+ },
737
+ "queries": {
738
+ "mode": "selected",
739
+ "ids": [
740
+ 6
741
+ ]
742
+ },
743
+ "annotate": {
744
+ "enable": false,
745
+ "query": "*",
746
+ "size": 20,
747
+ "field": "_type",
748
+ "sort": [
749
+ "_score",
750
+ "desc"
751
+ ]
752
+ },
753
+ "auto_int": true,
754
+ "resolution": 100,
755
+ "interval": "1s",
756
+ "intervals": [
757
+ "auto",
758
+ "1s",
759
+ "1m",
760
+ "5m",
761
+ "10m",
762
+ "30m",
763
+ "1h",
764
+ "3h",
765
+ "12h",
766
+ "1d",
767
+ "1w",
768
+ "1y"
769
+ ],
770
+ "lines": true,
771
+ "fill": 1,
772
+ "linewidth": 2,
773
+ "points": false,
774
+ "pointradius": 5,
775
+ "bars": false,
776
+ "stack": false,
777
+ "spyable": true,
778
+ "zoomlinks": false,
779
+ "options": false,
780
+ "legend": false,
781
+ "show_query": false,
782
+ "interactive": true,
783
+ "legend_counts": true,
784
+ "timezone": "browser",
785
+ "percentage": false,
786
+ "zerofill": true,
787
+ "derivative": false,
788
+ "tooltip": {
789
+ "value_type": "cumulative",
790
+ "query_as_alias": true
791
+ },
792
+ "title": "port src",
793
+ "scaleSeconds": true
794
+ }
795
+ ],
796
+ "notice": false
797
+ },
798
+ {
799
+ "title": "dst traffic header",
800
+ "height": "100px",
801
+ "editable": true,
802
+ "collapse": false,
803
+ "collapsable": true,
804
+ "panels": [
805
+ {
806
+ "error": false,
807
+ "span": 12,
808
+ "editable": true,
809
+ "type": "text",
810
+ "loadingEditor": false,
811
+ "mode": "html",
812
+ "content": "<center><h1>Traffic by Destination</h1></center>",
813
+ "style": {},
814
+ "title": "Traffic by Destination"
815
+ }
816
+ ],
817
+ "notice": false
818
+ },
819
+ {
820
+ "title": "top 10s dst",
821
+ "height": "250px",
822
+ "editable": true,
823
+ "collapse": false,
824
+ "collapsable": true,
825
+ "panels": [
826
+ {
827
+ "error": false,
828
+ "span": 3,
829
+ "editable": true,
830
+ "type": "terms",
831
+ "loadingEditor": false,
832
+ "field": "sflow_i_iface_name",
833
+ "exclude": [],
834
+ "missing": false,
835
+ "other": false,
836
+ "size": 10,
837
+ "order": "total",
838
+ "style": {
839
+ "font-size": "10pt"
840
+ },
841
+ "donut": false,
842
+ "tilt": false,
843
+ "labels": true,
844
+ "arrangement": "horizontal",
845
+ "chart": "pie",
846
+ "counter_pos": "none",
847
+ "spyable": true,
848
+ "queries": {
849
+ "mode": "selected",
850
+ "ids": [
851
+ 7
852
+ ]
853
+ },
854
+ "tmode": "terms_stats",
855
+ "tstat": "total",
856
+ "valuefield": "sflow_frame_length_multiplied",
857
+ "title": "Interface incoming"
858
+ },
859
+ {
860
+ "error": false,
861
+ "span": 3,
862
+ "editable": true,
863
+ "type": "terms",
864
+ "loadingEditor": false,
865
+ "field": "sflow_ipv4_dst",
866
+ "exclude": [],
867
+ "missing": false,
868
+ "other": false,
869
+ "size": 10,
870
+ "order": "total",
871
+ "style": {
872
+ "font-size": "10pt"
873
+ },
874
+ "donut": false,
875
+ "tilt": false,
876
+ "labels": true,
877
+ "arrangement": "horizontal",
878
+ "chart": "pie",
879
+ "counter_pos": "none",
880
+ "spyable": true,
881
+ "queries": {
882
+ "mode": "selected",
883
+ "ids": [
884
+ 7
885
+ ]
886
+ },
887
+ "tmode": "terms_stats",
888
+ "tstat": "total",
889
+ "valuefield": "sflow_frame_length_multiplied",
890
+ "title": "IP dst"
891
+ },
892
+ {
893
+ "error": false,
894
+ "span": 3,
895
+ "editable": true,
896
+ "type": "terms",
897
+ "loadingEditor": false,
898
+ "field": "sflow_vlan_dst",
899
+ "exclude": [],
900
+ "missing": false,
901
+ "other": false,
902
+ "size": 10,
903
+ "order": "total",
904
+ "style": {
905
+ "font-size": "10pt"
906
+ },
907
+ "donut": false,
908
+ "tilt": false,
909
+ "labels": true,
910
+ "arrangement": "horizontal",
911
+ "chart": "pie",
912
+ "counter_pos": "none",
913
+ "spyable": true,
914
+ "queries": {
915
+ "mode": "selected",
916
+ "ids": [
917
+ 7
918
+ ]
919
+ },
920
+ "tmode": "terms_stats",
921
+ "tstat": "total",
922
+ "valuefield": "sflow_frame_length_multiplied",
923
+ "title": "VLAN dst"
924
+ },
925
+ {
926
+ "error": false,
927
+ "span": 3,
928
+ "editable": true,
929
+ "type": "terms",
930
+ "loadingEditor": false,
931
+ "field": "sflow_tcp_dst_port",
932
+ "exclude": [],
933
+ "missing": false,
934
+ "other": false,
935
+ "size": 10,
936
+ "order": "count",
937
+ "style": {
938
+ "font-size": "10pt"
939
+ },
940
+ "donut": false,
941
+ "tilt": false,
942
+ "labels": true,
943
+ "arrangement": "horizontal",
944
+ "chart": "pie",
945
+ "counter_pos": "none",
946
+ "spyable": true,
947
+ "queries": {
948
+ "mode": "selected",
949
+ "ids": [
950
+ 7
951
+ ]
952
+ },
953
+ "tmode": "terms_stats",
954
+ "tstat": "total",
955
+ "valuefield": "sflow_frame_length_multiplied",
956
+ "title": "ports dst"
957
+ }
958
+ ],
959
+ "notice": false
960
+ },
961
+ {
962
+ "title": "top 10s dst histogram",
963
+ "height": "150px",
964
+ "editable": true,
965
+ "collapse": false,
966
+ "collapsable": true,
967
+ "panels": [
968
+ {
969
+ "span": 3,
970
+ "editable": true,
971
+ "type": "histogram",
972
+ "loadingEditor": false,
973
+ "mode": "total",
974
+ "time_field": "@timestamp",
975
+ "value_field": "sflow_frame_length_multiplied",
976
+ "x-axis": true,
977
+ "y-axis": true,
978
+ "scale": 1,
979
+ "y_format": "bytes",
980
+ "grid": {
981
+ "max": null,
982
+ "min": 0
983
+ },
984
+ "queries": {
985
+ "mode": "selected",
986
+ "ids": [
987
+ 0
988
+ ]
989
+ },
990
+ "annotate": {
991
+ "enable": false,
992
+ "query": "*",
993
+ "size": 20,
994
+ "field": "_type",
995
+ "sort": [
996
+ "_score",
997
+ "desc"
998
+ ]
999
+ },
1000
+ "auto_int": true,
1001
+ "resolution": 100,
1002
+ "interval": "1s",
1003
+ "intervals": [
1004
+ "auto",
1005
+ "1s",
1006
+ "1m",
1007
+ "5m",
1008
+ "10m",
1009
+ "30m",
1010
+ "1h",
1011
+ "3h",
1012
+ "12h",
1013
+ "1d",
1014
+ "1w",
1015
+ "1y"
1016
+ ],
1017
+ "lines": true,
1018
+ "fill": 1,
1019
+ "linewidth": 2,
1020
+ "points": false,
1021
+ "pointradius": 5,
1022
+ "bars": false,
1023
+ "stack": false,
1024
+ "spyable": true,
1025
+ "zoomlinks": false,
1026
+ "options": false,
1027
+ "legend": false,
1028
+ "show_query": false,
1029
+ "interactive": true,
1030
+ "legend_counts": true,
1031
+ "timezone": "browser",
1032
+ "percentage": false,
1033
+ "zerofill": true,
1034
+ "derivative": false,
1035
+ "tooltip": {
1036
+ "value_type": "cumulative",
1037
+ "query_as_alias": true
1038
+ },
1039
+ "title": "Interface dst",
1040
+ "scaleSeconds": true
1041
+ },
1042
+ {
1043
+ "span": 3,
1044
+ "editable": true,
1045
+ "type": "histogram",
1046
+ "loadingEditor": false,
1047
+ "mode": "total",
1048
+ "time_field": "@timestamp",
1049
+ "value_field": "sflow_frame_length_multiplied",
1050
+ "x-axis": true,
1051
+ "y-axis": true,
1052
+ "scale": 1,
1053
+ "y_format": "bytes",
1054
+ "grid": {
1055
+ "max": null,
1056
+ "min": 0
1057
+ },
1058
+ "queries": {
1059
+ "mode": "selected",
1060
+ "ids": [
1061
+ 3
1062
+ ]
1063
+ },
1064
+ "annotate": {
1065
+ "enable": false,
1066
+ "query": "*",
1067
+ "size": 20,
1068
+ "field": "_type",
1069
+ "sort": [
1070
+ "_score",
1071
+ "desc"
1072
+ ]
1073
+ },
1074
+ "auto_int": true,
1075
+ "resolution": 100,
1076
+ "interval": "1s",
1077
+ "intervals": [
1078
+ "auto",
1079
+ "1s",
1080
+ "1m",
1081
+ "5m",
1082
+ "10m",
1083
+ "30m",
1084
+ "1h",
1085
+ "3h",
1086
+ "12h",
1087
+ "1d",
1088
+ "1w",
1089
+ "1y"
1090
+ ],
1091
+ "lines": true,
1092
+ "fill": 1,
1093
+ "linewidth": 2,
1094
+ "points": false,
1095
+ "pointradius": 5,
1096
+ "bars": false,
1097
+ "stack": false,
1098
+ "spyable": true,
1099
+ "zoomlinks": false,
1100
+ "options": false,
1101
+ "legend": false,
1102
+ "show_query": false,
1103
+ "interactive": true,
1104
+ "legend_counts": true,
1105
+ "timezone": "browser",
1106
+ "percentage": false,
1107
+ "zerofill": true,
1108
+ "derivative": false,
1109
+ "tooltip": {
1110
+ "value_type": "cumulative",
1111
+ "query_as_alias": true
1112
+ },
1113
+ "title": "ip dst",
1114
+ "scaleSeconds": true
1115
+ },
1116
+ {
1117
+ "span": 3,
1118
+ "editable": true,
1119
+ "type": "histogram",
1120
+ "loadingEditor": false,
1121
+ "mode": "total",
1122
+ "time_field": "@timestamp",
1123
+ "value_field": "sflow_frame_length_multiplied",
1124
+ "x-axis": true,
1125
+ "y-axis": true,
1126
+ "scale": 1,
1127
+ "y_format": "bytes",
1128
+ "grid": {
1129
+ "max": null,
1130
+ "min": 0
1131
+ },
1132
+ "queries": {
1133
+ "mode": "selected",
1134
+ "ids": [
1135
+ 5
1136
+ ]
1137
+ },
1138
+ "annotate": {
1139
+ "enable": false,
1140
+ "query": "*",
1141
+ "size": 20,
1142
+ "field": "_type",
1143
+ "sort": [
1144
+ "_score",
1145
+ "desc"
1146
+ ]
1147
+ },
1148
+ "auto_int": true,
1149
+ "resolution": 100,
1150
+ "interval": "1s",
1151
+ "intervals": [
1152
+ "auto",
1153
+ "1s",
1154
+ "1m",
1155
+ "5m",
1156
+ "10m",
1157
+ "30m",
1158
+ "1h",
1159
+ "3h",
1160
+ "12h",
1161
+ "1d",
1162
+ "1w",
1163
+ "1y"
1164
+ ],
1165
+ "lines": true,
1166
+ "fill": 1,
1167
+ "linewidth": 2,
1168
+ "points": false,
1169
+ "pointradius": 5,
1170
+ "bars": false,
1171
+ "stack": false,
1172
+ "spyable": true,
1173
+ "zoomlinks": false,
1174
+ "options": false,
1175
+ "legend": false,
1176
+ "show_query": false,
1177
+ "interactive": true,
1178
+ "legend_counts": true,
1179
+ "timezone": "browser",
1180
+ "percentage": false,
1181
+ "zerofill": true,
1182
+ "derivative": false,
1183
+ "tooltip": {
1184
+ "value_type": "cumulative",
1185
+ "query_as_alias": true
1186
+ },
1187
+ "title": "vlan dst",
1188
+ "scaleSeconds": true
1189
+ },
1190
+ {
1191
+ "span": 3,
1192
+ "editable": true,
1193
+ "type": "histogram",
1194
+ "loadingEditor": false,
1195
+ "mode": "total",
1196
+ "time_field": "@timestamp",
1197
+ "value_field": "sflow_frame_length_multiplied",
1198
+ "x-axis": true,
1199
+ "y-axis": true,
1200
+ "scale": 1,
1201
+ "y_format": "bytes",
1202
+ "grid": {
1203
+ "max": null,
1204
+ "min": 0
1205
+ },
1206
+ "queries": {
1207
+ "mode": "selected",
1208
+ "ids": [
1209
+ 8
1210
+ ]
1211
+ },
1212
+ "annotate": {
1213
+ "enable": false,
1214
+ "query": "*",
1215
+ "size": 20,
1216
+ "field": "_type",
1217
+ "sort": [
1218
+ "_score",
1219
+ "desc"
1220
+ ]
1221
+ },
1222
+ "auto_int": true,
1223
+ "resolution": 100,
1224
+ "interval": "1s",
1225
+ "intervals": [
1226
+ "auto",
1227
+ "1s",
1228
+ "1m",
1229
+ "5m",
1230
+ "10m",
1231
+ "30m",
1232
+ "1h",
1233
+ "3h",
1234
+ "12h",
1235
+ "1d",
1236
+ "1w",
1237
+ "1y"
1238
+ ],
1239
+ "lines": true,
1240
+ "fill": 1,
1241
+ "linewidth": 2,
1242
+ "points": false,
1243
+ "pointradius": 5,
1244
+ "bars": false,
1245
+ "stack": false,
1246
+ "spyable": true,
1247
+ "zoomlinks": false,
1248
+ "options": false,
1249
+ "legend": false,
1250
+ "show_query": false,
1251
+ "interactive": true,
1252
+ "legend_counts": true,
1253
+ "timezone": "browser",
1254
+ "percentage": false,
1255
+ "zerofill": true,
1256
+ "derivative": false,
1257
+ "tooltip": {
1258
+ "value_type": "cumulative",
1259
+ "query_as_alias": true
1260
+ },
1261
+ "title": "ip dst",
1262
+ "scaleSeconds": true
1263
+ }
1264
+ ],
1265
+ "notice": false
1266
+ },
1267
+ {
1268
+ "title": "table",
1269
+ "height": "350px",
1270
+ "editable": true,
1271
+ "collapse": false,
1272
+ "collapsable": true,
1273
+ "panels": [],
1274
+ "notice": false
1275
+ }
1276
+ ],
1277
+ "editable": true,
1278
+ "failover": false,
1279
+ "index": {
1280
+ "interval": "day",
1281
+ "pattern": "[logstash-]YYYY.MM.DD",
1282
+ "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
1283
+ "warm_fields": true
1284
+ },
1285
+ "style": "light",
1286
+ "panel_hints": true,
1287
+ "loader": {
1288
+ "save_gist": false,
1289
+ "save_elasticsearch": true,
1290
+ "save_local": true,
1291
+ "save_default": true,
1292
+ "save_temp": true,
1293
+ "save_temp_ttl_enable": true,
1294
+ "save_temp_ttl": "30d",
1295
+ "load_gist": true,
1296
+ "load_elasticsearch": true,
1297
+ "load_elasticsearch_size": 20,
1298
+ "load_local": true,
1299
+ "hide": false
1300
+ },
1301
+ "pulldowns": [
1302
+ {
1303
+ "type": "query",
1304
+ "collapse": false,
1305
+ "notice": false,
1306
+ "enable": true,
1307
+ "query": "*",
1308
+ "pinned": false,
1309
+ "history": [
1310
+ "*",
1311
+ "syslog_severity:\"error\" AND (*)",
1312
+ "syslog_severity:\"warning\" AND (*)",
1313
+ "syslog_severity:\"critical\" AND (*)",
1314
+ "syslog_severity:\"alert\" AND (*)",
1315
+ "syslog_severity:\"notice\" AND (*)",
1316
+ "syslog_severity:\"informational\" AND (*)",
1317
+ "syslog_severity:\"debug\" AND (*)"
1318
+ ],
1319
+ "remember": 10
1320
+ },
1321
+ {
1322
+ "type": "filtering",
1323
+ "collapse": false,
1324
+ "notice": true,
1325
+ "enable": true
1326
+ }
1327
+ ],
1328
+ "nav": [
1329
+ {
1330
+ "type": "timepicker",
1331
+ "collapse": false,
1332
+ "notice": false,
1333
+ "enable": true,
1334
+ "status": "Stable",
1335
+ "time_options": [
1336
+ "5m",
1337
+ "15m",
1338
+ "1h",
1339
+ "6h",
1340
+ "12h",
1341
+ "24h",
1342
+ "2d",
1343
+ "7d",
1344
+ "30d"
1345
+ ],
1346
+ "refresh_intervals": [
1347
+ "5s",
1348
+ "10s",
1349
+ "30s",
1350
+ "1m",
1351
+ "5m",
1352
+ "15m",
1353
+ "30m",
1354
+ "1h",
1355
+ "2h",
1356
+ "1d"
1357
+ ],
1358
+ "timefield": "@timestamp",
1359
+ "now": true,
1360
+ "filter_id": 0
1361
+ }
1362
+ ],
1363
+ "refresh": false
1364
+ }