diff --git a/.ci/end2end.groovy b/.ci/end2end.groovy index 87b64437deafcd..f1095f8035b6c4 100644 --- a/.ci/end2end.groovy +++ b/.ci/end2end.groovy @@ -13,12 +13,12 @@ pipeline { BASE_DIR = 'src/github.com/elastic/kibana' HOME = "${env.WORKSPACE}" E2E_DIR = 'x-pack/plugins/apm/e2e' - PIPELINE_LOG_LEVEL = 'DEBUG' + PIPELINE_LOG_LEVEL = 'INFO' KBN_OPTIMIZER_THEMES = 'v7light' } options { timeout(time: 1, unit: 'HOURS') - buildDiscarder(logRotator(numToKeepStr: '40', artifactNumToKeepStr: '20', daysToKeepStr: '30')) + buildDiscarder(logRotator(numToKeepStr: '30', artifactNumToKeepStr: '10', daysToKeepStr: '30')) timestamps() ansiColor('xterm') disableResume() diff --git a/dev_docs/best_practices.mdx b/dev_docs/best_practices.mdx index 54aaaa6b9497ad..d87c6eb618993d 100644 --- a/dev_docs/best_practices.mdx +++ b/dev_docs/best_practices.mdx @@ -241,35 +241,136 @@ There are some exceptions where a separate repo makes sense. However, they are e It may be tempting to get caught up in the dream of writing the next package which is published to npm and downloaded millions of times a week. Knowing the quality of developers that are working on Kibana, this is a real possibility. However, knowing which packages will see mass adoption is impossible to predict. Instead of jumping directly to writing code in a separate repo and accepting all of the complications that come along with it, prefer keeping code inside the Kibana repo. A [Kibana package](https://github.com/elastic/kibana/tree/master/packages) can be used to publish a package to npm, while still keeping the code inside the Kibana repo. Move code to an external repo only when there is a good reason, for example to enable external contributions. -## Hardening - -Review the following items related to vulnerability and security risks. - -- XSS - - Check for usages of `dangerouslySetInnerHtml`, `Element.innerHTML`, `Element.outerHTML` - - Ensure all user input is properly escaped. - - Ensure any input in `$.html`, `$.append`, `$.appendTo`, $.prepend`, `$.prependTo`is escaped. Instead use`$.text`, or don't use jQuery at all. -- CSRF - - Ensure all APIs are running inside the Kibana HTTP service. -- RCE - - Ensure no usages of `eval` - - Ensure no usages of dynamic requires - - Check for template injection - - Check for usages of templating libraries, including `_.template`, and ensure that user provided input isn't influencing the template and is only used as data for rendering the template. - - Check for possible prototype pollution. -- Prototype Pollution - more info [here](https://docs.google.com/document/d/19V-d9sb6IF-fbzF4iyiPpAropQNydCnoJApzSX5FdcI/edit?usp=sharing) - - Check for instances of `anObject[a][b] = c` where a, b, and c are user defined. This includes code paths where the following logical code steps could be performed in separate files by completely different operations, or recursively using dynamic operations. - - Validate any user input, including API url-parameters/query-parameters/payloads, preferable against a schema which only allows specific keys/values. At a very minimum, black-list `__proto__` and `prototype.constructor` for use within keys - - When calling APIs which spawn new processes or potentially perform code generation from strings, defensively protect against Prototype Pollution by checking `Object.hasOwnProperty` if the arguments to the APIs originate from an Object. An example is the Code app's [spawnProcess](https://github.com/elastic/kibana/blob/b49192626a8528af5d888545fb14cd1ce66a72e7/x-pack/legacy/plugins/code/server/lsp/workspace_command.ts#L40-L44). - - Common Node.js offenders: `child_process.spawn`, `child_process.exec`, `eval`, `Function('some string')`, `vm.runIn*Context(x)` - - Common Client-side offenders: `eval`, `Function('some string')`, `setTimeout('some string', num)`, `setInterval('some string', num)` -- Check for accidental reveal of sensitive information - - The biggest culprit is errors which contain stack traces or other sensitive information which end up in the HTTP Response -- Checked for Mishandled API requests - - Ensure no sensitive cookies are forwarded to external resources. - - Ensure that all user controllable variables that are used in constructing a URL are escaped properly. This is relevant when using `transport.request` with the Elasticsearch client as no automatic escaping is performed. -- Reverse tabnabbing - https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTML5_Security_Cheat_Sheet.md#tabnabbing - - When there are user controllable links or hard-coded links to third-party domains that specify target="\_blank" or target="\_window", the `a` tag should have the rel="noreferrer noopener" attribute specified. - - Allowing users to input markdown is a common culprit, a custom link renderer should be used -- SSRF - https://www.owasp.org/index.php/Server_Side_Request_Forgery - - All network requests made from the Kibana server should use an explicit configuration or white-list specified in the `kibana.yml` +## Security best practices + +When writing code for Kibana, be sure to follow these best practices to avoid common vulnerabilities. Refer to the included Open Web +Application Security Project (OWASP) references to learn more about these types of attacks. + +### Cross-site Scripting (XSS) + +[_OWASP reference for XSS_](https://owasp.org/www-community/attacks/xss) + +XSS is a class of attacks where malicious scripts are injected into vulnerable websites. Kibana defends against this by using the React +framework to safely encode data that is rendered in pages, the EUI framework to [automatically sanitize +links](https://elastic.github.io/eui/#/navigation/link#link-validation), and a restrictive `Content-Security-Policy` header. + +**Best practices** + +* Check for dangerous functions or assignments that can result in unescaped user input in the browser DOM. Avoid using: + * **React:** [`dangerouslySetInnerHtml`](https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml). + * **Browser DOM:** `Element.innerHTML` and `Element.outerHTML`. +* If using the aforementioned unsafe functions or assignments is absolutely necessary, follow [these XSS prevention +rules](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#xss-prevention-rules) to ensure that +user input is not inserted into unsafe locations and that it is escaped properly. +* Use EUI components to build your UI, particularly when rendering `href` links. Otherwise, sanitize user input before rendering links to +ensure that they do not use the `javascript:` protocol. +* Don't use the `eval`, `Function`, and `_.template` functions -- these are restricted by ESLint rules. +* Be careful when using `setTimeout` and `setInterval` in client-side code. If an attacker can manipulate the arguments and pass a string to +one of these, it is evaluated dynamically, which is equivalent to the dangerous `eval` function. + +### Cross-Site Request Forgery (CSRF/XSRF) + +[_OWASP reference for CSRF_](https://owasp.org/www-community/attacks/csrf) + +CSRF is a class of attacks where a user is forced to execute an action on a vulnerable website that they're logged into, usually without +their knowledge. Kibana defends against this by requiring [custom request +headers](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#use-of-custom-request-headers) +for API endpoints. For more information, see [API Request +Headers](https://www.elastic.co/guide/en/kibana/master/api.html#api-request-headers). + +**Best practices** + +* Ensure all HTTP routes are registered with the [Kibana HTTP service](https://www.elastic.co/guide/en/kibana/master/http-service.html) to +take advantage of the custom request header security control. + * Note that HTTP GET requests do **not** require the custom request header; any routes that change data should [adhere to the HTTP +specification and use a different method (PUT, POST, etc.)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods) + +### Remote Code Execution (RCE) + +[_OWASP reference for Command Injection_](https://owasp.org/www-community/attacks/Command_Injection), +[_OWASP reference for Code Injection_](https://owasp.org/www-community/attacks/Code_Injection) + +RCE is a class of attacks where an attacker executes malicious code or commands on a vulnerable server. Kibana defends against this by using +ESLint rules to restrict vulnerable functions, and by hooking into or hardening usage of these in third-party dependencies. + +**Best practices** + +* Don't use the `eval`, `Function`, and `_.template` functions -- these are restricted by ESLint rules. +* Don't use dynamic `require`. +* Check for usages of templating libraries. Ensure that user-provided input doesn't influence the template and is used only as data for +rendering the template. +* Take extra caution when spawning child processes with any user input or parameters that are user-controlled. + +### Prototype Pollution + +Prototype Pollution is an attack that is unique to JavaScript environments. Attackers can abuse JavaScript's prototype inheritance to +"pollute" objects in the application, which is often used as a vector for XSS or RCE vulnerabilities. Kibana defends against this by +hardening sensitive functions (such as those exposed by `child_process`), and by requiring validation on all HTTP routes by default. + +**Best practices** + +* Check for instances of `anObject[a][b] = c` where `a`, `b`, and `c` are controlled by user input. This includes code paths where the +following logical code steps could be performed in separate files by completely different operations, or by recursively using dynamic +operations. +* Validate all user input, including API URL parameters, query parameters, and payloads. Preferably, use a schema that only allows specific +keys and values. At a minimum, implement a deny-list that prevents `__proto__` and `prototype.constructor` from being used within object +keys. +* When calling APIs that spawn new processes or perform code generation from strings, protect against Prototype Pollution by checking if +`Object.hasOwnProperty` has arguments to the APIs that originate from an Object. An example is the defunct Code app's +[`spawnProcess`](https://github.com/elastic/kibana/blob/b49192626a8528af5d888545fb14cd1ce66a72e7/x-pack/legacy/plugins/code/server/lsp/workspace_command.ts#L40-L44) +function. + * Common Node.js offenders: `child_process.spawn`, `child_process.exec`, `eval`, `Function('some string')`, `vm.runInContext(x)`, +`vm.runInNewContext(x)`, `vm.runInThisContext()` + * Common client-side offenders: `eval`, `Function('some string')`, `setTimeout('some string', num)`, `setInterval('some string', num)` + +See also: + +* [Prototype pollution: The dangerous and underrated vulnerability impacting JavaScript applications | +portswigger.net](https://portswigger.net/daily-swig/prototype-pollution-the-dangerous-and-underrated-vulnerability-impacting-javascript-applications) +* [Prototype pollution attack in NodeJS application | Olivier +Arteau](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf) + +### Server-Side Request Forgery (SSRF) + +[_OWASP reference for SSRF_](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery) + +SSRF is a class of attacks where a vulnerable server is forced to make an unintended request, usually to an HTTP API. This is often used as +a vector for information disclosure or injection attacks. + +**Best practices** + +* Ensure that all outbound requests from the Kibana server use hard-coded URLs. +* If user input is used to construct a URL for an outbound request, ensure that an allow-list is used to validate the endpoints and that +user input is escaped properly. Ideally, the allow-list should be set in `kibana.yml`, so only server administrators can change it. + * This is particularly relevant when using `transport.request` with the Elasticsearch client, as no automatic escaping is performed. + * Note that URLs are very hard to validate properly; exact match validation for user input is most preferable, while URL parsing or RegEx +validation should only be used if absolutely necessary. + +### Reverse tabnabbing + +[_OWASP reference for Reverse Tabnabbing_](https://owasp.org/www-community/attacks/Reverse_Tabnabbing) + +Reverse tabnabbing is an attack where a link to a malicious page is used to rewrite a vulnerable parent page. This is often used as a vector +for phishing attacks. Kibana defends against this by using the EUI framework, which automatically adds the `rel` attribute to anchor tags, +buttons, and other vulnerable DOM elements. + +**Best practices** + +* Use EUI components to build your UI whenever possible. Otherwise, ensure that any DOM elements that have an `href` attribute also have the +`rel="noreferrer noopener"` attribute specified. For more information, refer to the [OWASP HTML5 Security Cheat +Sheet](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTML5_Security_Cheat_Sheet.md#tabnabbing). +* If using a non-EUI markdown renderer, use a custom link renderer for rendered links. + +### Information disclosure + +Information disclosure is not an attack, but it describes whenever sensitive information is accidentally revealed. This can be configuration +info, stack traces, or other data that the user is not authorized to access. This concern cannot be addressed with a single security +control, but at a high level, Kibana relies on the hapi framework to automatically redact stack traces and detailed error messages in HTTP +5xx response payloads. + +**Best practices** + +* Look for instances where sensitive information might accidentally be revealed, particularly in error messages, in the UI, and URL +parameters that are exposed to users. +* Make sure that sensitive request data is not forwarded to external resources. For example, copying client request headers and using them +to make an another request could accidentally expose the user's credentials. diff --git a/docs/canvas/canvas-function-reference.asciidoc b/docs/canvas/canvas-function-reference.asciidoc index 272cd524c2c200..ac7cbba6e9933a 100644 --- a/docs/canvas/canvas-function-reference.asciidoc +++ b/docs/canvas/canvas-function-reference.asciidoc @@ -71,7 +71,7 @@ Alias: `condition` [[alterColumn_fn]] === `alterColumn` -Converts between core types, including `string`, `number`, `null`, `boolean`, and `date`, and renames columns. See also <> and <>. +Converts between core types, including `string`, `number`, `null`, `boolean`, and `date`, and renames columns. See also <>, <>, and <>. *Expression syntax* [source,js] @@ -1717,11 +1717,16 @@ Adds a column calculated as the result of other columns. Changes are made only w |=== |Argument |Type |Description +|`id` + +|`string`, `null` +|An optional id of the resulting column. When no id is provided, the id will be looked up from the existing column by the provided name argument. If no column with this name exists yet, a new column with this name and an identical id will be added to the table. + |_Unnamed_ *** Aliases: `column`, `name` |`string` -|The name of the resulting column. +|The name of the resulting column. Names are not required to be unique. |`expression` *** @@ -1729,11 +1734,6 @@ Aliases: `exp`, `fn`, `function` |`boolean`, `number`, `string`, `null` |A Canvas expression that is passed to each row as a single row `datatable`. -|`id` - -|`string`, `null` -|An optional id of the resulting column. When not specified or `null` the name argument is used as id. - |`copyMetaFrom` |`string`, `null` @@ -1808,6 +1808,47 @@ Default: `"throw"` *Returns:* `number` | `boolean` | `null` +[float] +[[mathColumn_fn]] +=== `mathColumn` + +Adds a column by evaluating `TinyMath` on each row. This function is optimized for math, so it performs better than the <> with a <>. +*Accepts:* `datatable` + +[cols="3*^<"] +|=== +|Argument |Type |Description + +|id *** +|`string` +|id of the resulting column. Must be unique. + +|name *** +|`string` +|The name of the resulting column. Names are not required to be unique. + +|_Unnamed_ + +Alias: `expression` +|`string` +|A `TinyMath` expression evaluated on each row. See https://www.elastic.co/guide/en/kibana/current/canvas-tinymath-functions.html. + +|`onError` + +|`string` +|In case the `TinyMath` evaluation fails or returns NaN, the return value is specified by onError. For example, `"null"`, `"zero"`, `"false"`, `"throw"`. When `"throw"`, it will throw an exception, terminating expression execution. + +Default: `"throw"` + +|`copyMetaFrom` + +|`string`, `null` +|If set, the meta object from the specified column id is copied over to the specified target column. Throws an exception if the column doesn't exist +|=== + +*Returns:* `datatable` + + [float] [[metric_fn]] === `metric` @@ -2581,7 +2622,7 @@ Default: `false` [[staticColumn_fn]] === `staticColumn` -Adds a column with the same static value in every row. See also <> and <>. +Adds a column with the same static value in every row. See also <>, <>, and <>. *Accepts:* `datatable` diff --git a/docs/developer/best-practices/security.asciidoc b/docs/developer/best-practices/security.asciidoc index 79ecb082950646..fd83aa1dff49fd 100644 --- a/docs/developer/best-practices/security.asciidoc +++ b/docs/developer/best-practices/security.asciidoc @@ -1,55 +1,135 @@ [[security-best-practices]] == Security best practices -* XSS -** Check for usages of `dangerouslySetInnerHtml`, `Element.innerHTML`, -`Element.outerHTML` -** Ensure all user input is properly escaped. -** Ensure any input in `$.html`, `$.append`, `$.appendTo`, -latexmath:[$.prepend`, `$].prependTo`is escaped. Instead use`$.text`, or -don’t use jQuery at all. -* CSRF -** Ensure all APIs are running inside the {kib} HTTP service. -* RCE -** Ensure no usages of `eval` -** Ensure no usages of dynamic requires -** Check for template injection -** Check for usages of templating libraries, including `_.template`, and -ensure that user provided input isn’t influencing the template and is -only used as data for rendering the template. -** Check for possible prototype pollution. -* Prototype Pollution -** Check for instances of `anObject[a][b] = c` where a, b, and c are -user defined. This includes code paths where the following logical code -steps could be performed in separate files by completely different -operations, or recursively using dynamic operations. -** Validate any user input, including API -url-parameters/query-parameters/payloads, preferable against a schema -which only allows specific keys/values. At a very minimum, black-list -`__proto__` and `prototype.constructor` for use within keys -** When calling APIs which spawn new processes or potentially perform -code generation from strings, defensively protect against Prototype -Pollution by checking `Object.hasOwnProperty` if the arguments to the -APIs originate from an Object. An example is the Code app’s -https://github.com/elastic/kibana/blob/b49192626a8528af5d888545fb14cd1ce66a72e7/x-pack/legacy/plugins/code/server/lsp/workspace_command.ts#L40-L44[spawnProcess]. -*** Common Node.js offenders: `child_process.spawn`, -`child_process.exec`, `eval`, `Function('some string')`, -`vm.runIn*Context(x)` -*** Common Client-side offenders: `eval`, `Function('some string')`, -`setTimeout('some string', num)`, `setInterval('some string', num)` -* Check for accidental reveal of sensitive information -** The biggest culprit is errors which contain stack traces or other -sensitive information which end up in the HTTP Response -* Checked for Mishandled API requests -** Ensure no sensitive cookies are forwarded to external resources. -** Ensure that all user controllable variables that are used in -constructing a URL are escaped properly. This is relevant when using -`transport.request` with the {es} client as no automatic -escaping is performed. -* Reverse tabnabbing - -https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTML5_Security_Cheat_Sheet.md#tabnabbing -** When there are user controllable links or hard-coded links to -third-party domains that specify target="_blank" or target="_window", the a tag should have the rel="noreferrer noopener" attribute specified. -Allowing users to input markdown is a common culprit, a custom link renderer should be used -* SSRF - https://www.owasp.org/index.php/Server_Side_Request_Forgery -All network requests made from the {kib} server should use an explicit configuration or white-list specified in the kibana.yml \ No newline at end of file +When writing code for {kib}, be sure to follow these best practices to avoid common vulnerabilities. Refer to the included Open Web +Application Security Project (OWASP) references to learn more about these types of attacks. + +=== Cross-site Scripting (XSS) === + +https://owasp.org/www-community/attacks/xss[_OWASP reference for XSS_] + +XSS is a class of attacks where malicious scripts are injected into vulnerable websites. {kib} defends against this by using the React +framework to safely encode data that is rendered in pages, the EUI framework to +https://elastic.github.io/eui/#/navigation/link#link-validation[automatically sanitize links], and a restrictive `Content-Security-Policy` +header. + +*Best practices* + +* Check for dangerous functions or assignments that can result in unescaped user input in the browser DOM. Avoid using: +** *React:* https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml[`dangerouslySetInnerHtml`]. +** *Browser DOM:* `Element.innerHTML` and `Element.outerHTML`. +* If using the aforementioned unsafe functions or assignments is absolutely necessary, follow +https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#xss-prevention-rules[these XSS prevention +rules] to ensure that user input is not inserted into unsafe locations and that it is escaped properly. +* Use EUI components to build your UI, particularly when rendering `href` links. Otherwise, sanitize user input before rendering links to +ensure that they do not use the `javascript:` protocol. +* Don't use the `eval`, `Function`, and `_.template` functions -- these are restricted by ESLint rules. +* Be careful when using `setTimeout` and `setInterval` in client-side code. If an attacker can manipulate the arguments and pass a string to +one of these, it is evaluated dynamically, which is equivalent to the dangerous `eval` function. + +=== Cross-Site Request Forgery (CSRF/XSRF) === + +https://owasp.org/www-community/attacks/csrf[_OWASP reference for CSRF_] + +CSRF is a class of attacks where a user is forced to execute an action on a vulnerable website that they're logged into, usually without +their knowledge. {kib} defends against this by requiring +https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#use-of-custom-request-headers[custom +request headers] for API endpoints. For more information, see <>. + +*Best practices* + +* Ensure all HTTP routes are registered with the <> to take advantage of the custom request header +security control. +** Note that HTTP GET requests do *not* require the custom request header; any routes that change data should +https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods[adhere to the HTTP specification and use a different method (PUT, POST, etc.)] + +=== Remote Code Execution (RCE) === + +https://owasp.org/www-community/attacks/Command_Injection[_OWASP reference for Command Injection_], +https://owasp.org/www-community/attacks/Code_Injection[_OWASP reference for Code Injection_] + +RCE is a class of attacks where an attacker executes malicious code or commands on a vulnerable server. {kib} defends against this by using +ESLint rules to restrict vulnerable functions, and by hooking into or hardening usage of these in third-party dependencies. + +*Best practices* + +* Don't use the `eval`, `Function`, and `_.template` functions -- these are restricted by ESLint rules. +* Don't use dynamic `require`. +* Check for usages of templating libraries. Ensure that user-provided input doesn't influence the template and is used only as data for +rendering the template. +* Take extra caution when spawning child processes with any user input or parameters that are user-controlled. + +=== Prototype Pollution === + +Prototype Pollution is an attack that is unique to JavaScript environments. Attackers can abuse JavaScript's prototype inheritance to +"pollute" objects in the application, which is often used as a vector for XSS or RCE vulnerabilities. {kib} defends against this by +hardening sensitive functions (such as those exposed by `child_process`), and by requiring validation on all HTTP routes by default. + +*Best practices* + +* Check for instances of `anObject[a][b] = c` where `a`, `b`, and `c` are controlled by user input. This includes code paths where the +following logical code steps could be performed in separate files by completely different operations, or by recursively using dynamic +operations. +* Validate all user input, including API URL parameters, query parameters, and payloads. Preferably, use a schema that only allows specific +keys and values. At a minimum, implement a deny-list that prevents `__proto__` and `prototype.constructor` from being used within object +keys. +* When calling APIs that spawn new processes or perform code generation from strings, protect against Prototype Pollution by checking if +`Object.hasOwnProperty` has arguments to the APIs that originate from an Object. An example is the defunct Code app's +https://github.com/elastic/kibana/blob/b49192626a8528af5d888545fb14cd1ce66a72e7/x-pack/legacy/plugins/code/server/lsp/workspace_command.ts#L40-L44[`spawnProcess`] +function. +** Common Node.js offenders: `child_process.spawn`, `child_process.exec`, `eval`, `Function('some string')`, `vm.runInContext(x)`, +`vm.runInNewContext(x)`, `vm.runInThisContext()` +** Common client-side offenders: `eval`, `Function('some string')`, `setTimeout('some string', num)`, `setInterval('some string', num)` + +See also: + +* https://portswigger.net/daily-swig/prototype-pollution-the-dangerous-and-underrated-vulnerability-impacting-javascript-applications[Prototype +pollution: The dangerous and underrated vulnerability impacting JavaScript applications | portswigger.net] +* https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf[Prototype +pollution attack in NodeJS application | Olivier Arteau] + +=== Server-Side Request Forgery (SSRF) === + +https://owasp.org/www-community/attacks/Server_Side_Request_Forgery[_OWASP reference for SSRF_] + +SSRF is a class of attacks where a vulnerable server is forced to make an unintended request, usually to an HTTP API. This is often used as +a vector for information disclosure or injection attacks. + +*Best practices* + +* Ensure that all outbound requests from the {kib} server use hard-coded URLs. +* If user input is used to construct a URL for an outbound request, ensure that an allow-list is used to validate the endpoints and that +user input is escaped properly. Ideally, the allow-list should be set in `kibana.yml`, so only server administrators can change it. +** This is particularly relevant when using `transport.request` with the {es} client, as no automatic escaping is performed. +** Note that URLs are very hard to validate properly; exact match validation for user input is most preferable, while URL parsing or RegEx +validation should only be used if absolutely necessary. + +=== Reverse tabnabbing === + +https://owasp.org/www-community/attacks/Reverse_Tabnabbing[_OWASP reference for Reverse Tabnabbing_] + +Reverse tabnabbing is an attack where a link to a malicious page is used to rewrite a vulnerable parent page. This is often used as a vector +for phishing attacks. {kib} defends against this by using the EUI framework, which automatically adds the `rel` attribute to anchor tags, +buttons, and other vulnerable DOM elements. + +*Best practices* + +* Use EUI components to build your UI whenever possible. Otherwise, ensure that any DOM elements that have an `href` attribute also have the +`rel="noreferrer noopener"` attribute specified. For more information, refer to the +https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTML5_Security_Cheat_Sheet.md#tabnabbing[OWASP HTML5 Security Cheat +Sheet]. +* If using a non-EUI markdown renderer, use a custom link renderer for rendered links. + +=== Information disclosure === + +Information disclosure is not an attack, but it describes whenever sensitive information is accidentally revealed. This can be configuration +info, stack traces, or other data that the user is not authorized to access. This concern cannot be addressed with a single security +control, but at a high level, {kib} relies on the hapi framework to automatically redact stack traces and detailed error messages in HTTP +5xx response payloads. + +*Best practices* + +* Look for instances where sensitive information might accidentally be revealed, particularly in error messages, in the UI, and URL +parameters that are exposed to users. +* Make sure that sensitive request data is not forwarded to external resources. For example, copying client request headers and using them +to make an another request could accidentally expose the user's credentials. diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin._constructor_.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin._constructor_.md similarity index 68% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin._constructor_.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin._constructor_.md index 64108a7c7be33a..3eaf2176edf261 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin._constructor_.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin._constructor_.md @@ -1,8 +1,8 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [Plugin](./kibana-plugin-plugins-data-public.plugin.md) > [(constructor)](./kibana-plugin-plugins-data-public.plugin._constructor_.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [DataPlugin](./kibana-plugin-plugins-data-public.dataplugin.md) > [(constructor)](./kibana-plugin-plugins-data-public.dataplugin._constructor_.md) -## Plugin.(constructor) +## DataPlugin.(constructor) Constructs a new instance of the `DataPublicPlugin` class diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.md new file mode 100644 index 00000000000000..4b2cad7b428821 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.md @@ -0,0 +1,26 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [DataPlugin](./kibana-plugin-plugins-data-public.dataplugin.md) + +## DataPlugin class + +Signature: + +```typescript +export declare class DataPublicPlugin implements Plugin +``` + +## Constructors + +| Constructor | Modifiers | Description | +| --- | --- | --- | +| [(constructor)(initializerContext)](./kibana-plugin-plugins-data-public.dataplugin._constructor_.md) | | Constructs a new instance of the DataPublicPlugin class | + +## Methods + +| Method | Modifiers | Description | +| --- | --- | --- | +| [setup(core, { bfetch, expressions, uiActions, usageCollection, inspector })](./kibana-plugin-plugins-data-public.dataplugin.setup.md) | | | +| [start(core, { uiActions })](./kibana-plugin-plugins-data-public.dataplugin.start.md) | | | +| [stop()](./kibana-plugin-plugins-data-public.dataplugin.stop.md) | | | + diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin.setup.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.setup.md similarity index 76% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin.setup.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.setup.md index 20181a5208b522..ab1f90c1ac1049 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin.setup.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.setup.md @@ -1,8 +1,8 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [Plugin](./kibana-plugin-plugins-data-public.plugin.md) > [setup](./kibana-plugin-plugins-data-public.plugin.setup.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [DataPlugin](./kibana-plugin-plugins-data-public.dataplugin.md) > [setup](./kibana-plugin-plugins-data-public.dataplugin.setup.md) -## Plugin.setup() method +## DataPlugin.setup() method Signature: diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin.start.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.start.md similarity index 70% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin.start.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.start.md index 56934e8a29edd0..4ea7ec8cd4f65f 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin.start.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.start.md @@ -1,8 +1,8 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [Plugin](./kibana-plugin-plugins-data-public.plugin.md) > [start](./kibana-plugin-plugins-data-public.plugin.start.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [DataPlugin](./kibana-plugin-plugins-data-public.dataplugin.md) > [start](./kibana-plugin-plugins-data-public.dataplugin.start.md) -## Plugin.start() method +## DataPlugin.start() method Signature: diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin.stop.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.stop.md similarity index 52% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin.stop.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.stop.md index 8b8b63db4e03a2..b7067a01b44679 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.plugin.stop.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.dataplugin.stop.md @@ -1,8 +1,8 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [Plugin](./kibana-plugin-plugins-data-public.plugin.md) > [stop](./kibana-plugin-plugins-data-public.plugin.stop.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [DataPlugin](./kibana-plugin-plugins-data-public.dataplugin.md) > [stop](./kibana-plugin-plugins-data-public.dataplugin.stop.md) -## Plugin.stop() method +## DataPlugin.stop() method Signature: diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.eskuery.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.eskuery.md index 5d92e348d62760..2cde2b74555851 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.eskuery.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.eskuery.md @@ -10,6 +10,6 @@ esKuery: { nodeTypes: import("../common/es_query/kuery/node_types").NodeTypes; fromKueryExpression: (expression: any, parseOptions?: Partial) => import("../common").KueryNode; - toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record | undefined, context?: Record | undefined) => import("../../kibana_utils/common").JsonObject; + toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record | undefined, context?: Record | undefined) => import("@kbn/common-utils").JsonObject; } ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md index 7f5a042e0ab818..7c023e756ebd5e 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md @@ -11,6 +11,7 @@ | [AggConfig](./kibana-plugin-plugins-data-public.aggconfig.md) | | | [AggConfigs](./kibana-plugin-plugins-data-public.aggconfigs.md) | | | [AggParamType](./kibana-plugin-plugins-data-public.aggparamtype.md) | | +| [DataPlugin](./kibana-plugin-plugins-data-public.dataplugin.md) | | | [DuplicateIndexPatternError](./kibana-plugin-plugins-data-public.duplicateindexpatternerror.md) | | | [FieldFormat](./kibana-plugin-plugins-data-public.fieldformat.md) | | | [FilterManager](./kibana-plugin-plugins-data-public.filtermanager.md) | | @@ -19,7 +20,6 @@ | [IndexPatternsService](./kibana-plugin-plugins-data-public.indexpatternsservice.md) | | | [OptionedParamType](./kibana-plugin-plugins-data-public.optionedparamtype.md) | | | [PainlessError](./kibana-plugin-plugins-data-public.painlesserror.md) | | -| [Plugin](./kibana-plugin-plugins-data-public.plugin.md) | | | [SearchInterceptor](./kibana-plugin-plugins-data-public.searchinterceptor.md) | | | [SearchSource](./kibana-plugin-plugins-data-public.searchsource.md) | \* | | [SearchTimeoutError](./kibana-plugin-plugins-data-public.searchtimeouterror.md) | Request Failure - When an entire multi request fails | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.eskuery.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.eskuery.md index 19cb742785e7b2..4b96d8af756f37 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.eskuery.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.eskuery.md @@ -10,6 +10,6 @@ esKuery: { nodeTypes: import("../common/es_query/kuery/node_types").NodeTypes; fromKueryExpression: (expression: any, parseOptions?: Partial) => import("../common").KueryNode; - toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record | undefined, context?: Record | undefined) => import("../../kibana_utils/common").JsonObject; + toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record | undefined, context?: Record | undefined) => import("@kbn/common-utils").JsonObject; } ``` diff --git a/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.addpanelaction._constructor_.md b/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.addpanelaction._constructor_.md index 388f0e064d8661..e51c465e912e68 100644 --- a/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.addpanelaction._constructor_.md +++ b/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.addpanelaction._constructor_.md @@ -9,7 +9,7 @@ Constructs a new instance of the `AddPanelAction` class Signature: ```typescript -constructor(getFactory: EmbeddableStart['getEmbeddableFactory'], getAllFactories: EmbeddableStart['getEmbeddableFactories'], overlays: OverlayStart, notifications: NotificationsStart, SavedObjectFinder: React.ComponentType); +constructor(getFactory: EmbeddableStart['getEmbeddableFactory'], getAllFactories: EmbeddableStart['getEmbeddableFactories'], overlays: OverlayStart, notifications: NotificationsStart, SavedObjectFinder: React.ComponentType, reportUiCounter?: ((appName: string, type: import("@kbn/analytics").UiCounterMetricType, eventNames: string | string[], count?: number | undefined) => void) | undefined); ``` ## Parameters @@ -21,4 +21,5 @@ constructor(getFactory: EmbeddableStart['getEmbeddableFactory'], getAllFactories | overlays | OverlayStart | | | notifications | NotificationsStart | | | SavedObjectFinder | React.ComponentType<any> | | +| reportUiCounter | ((appName: string, type: import("@kbn/analytics").UiCounterMetricType, eventNames: string | string[], count?: number | undefined) => void) | undefined | | diff --git a/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.addpanelaction.md b/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.addpanelaction.md index 74a6c2b2183a2e..947e506f72b435 100644 --- a/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.addpanelaction.md +++ b/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.addpanelaction.md @@ -14,7 +14,7 @@ export declare class AddPanelAction implements Action | Constructor | Modifiers | Description | | --- | --- | --- | -| [(constructor)(getFactory, getAllFactories, overlays, notifications, SavedObjectFinder)](./kibana-plugin-plugins-embeddable-public.addpanelaction._constructor_.md) | | Constructs a new instance of the AddPanelAction class | +| [(constructor)(getFactory, getAllFactories, overlays, notifications, SavedObjectFinder, reportUiCounter)](./kibana-plugin-plugins-embeddable-public.addpanelaction._constructor_.md) | | Constructs a new instance of the AddPanelAction class | ## Properties diff --git a/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.openaddpanelflyout.md b/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.openaddpanelflyout.md index 90caaa3035b348..db45b691b446eb 100644 --- a/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.openaddpanelflyout.md +++ b/docs/development/plugins/embeddable/public/kibana-plugin-plugins-embeddable-public.openaddpanelflyout.md @@ -15,6 +15,7 @@ export declare function openAddPanelFlyout(options: { notifications: NotificationsStart; SavedObjectFinder: React.ComponentType; showCreateNewMenu?: boolean; + reportUiCounter?: UsageCollectionStart['reportUiCounter']; }): OverlayRef; ``` @@ -22,7 +23,7 @@ export declare function openAddPanelFlyout(options: { | Parameter | Type | Description | | --- | --- | --- | -| options | {
embeddable: IContainer;
getFactory: EmbeddableStart['getEmbeddableFactory'];
getAllFactories: EmbeddableStart['getEmbeddableFactories'];
overlays: OverlayStart;
notifications: NotificationsStart;
SavedObjectFinder: React.ComponentType<any>;
showCreateNewMenu?: boolean;
} | | +| options | {
embeddable: IContainer;
getFactory: EmbeddableStart['getEmbeddableFactory'];
getAllFactories: EmbeddableStart['getEmbeddableFactories'];
overlays: OverlayStart;
notifications: NotificationsStart;
SavedObjectFinder: React.ComponentType<any>;
showCreateNewMenu?: boolean;
reportUiCounter?: UsageCollectionStart['reportUiCounter'];
} | | Returns: diff --git a/docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.md b/docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.md index c6e00842a31e6a..2c03db82ba683a 100644 --- a/docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.md +++ b/docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.md @@ -21,6 +21,7 @@ export interface ExpressionFunctionDefinitions | [derivative](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.derivative.md) | ExpressionFunctionDerivative | | | [font](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.font.md) | ExpressionFunctionFont | | | [moving\_average](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.moving_average.md) | ExpressionFunctionMovingAverage | | +| [overall\_metric](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.overall_metric.md) | ExpressionFunctionOverallMetric | | | [theme](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.theme.md) | ExpressionFunctionTheme | | | [var\_set](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.var_set.md) | ExpressionFunctionVarSet | | | [var](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.var.md) | ExpressionFunctionVar | | diff --git a/docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.overall_metric.md b/docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.overall_metric.md new file mode 100644 index 00000000000000..8685788a2f3512 --- /dev/null +++ b/docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.overall_metric.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-expressions-public](./kibana-plugin-plugins-expressions-public.md) > [ExpressionFunctionDefinitions](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.md) > [overall\_metric](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.overall_metric.md) + +## ExpressionFunctionDefinitions.overall\_metric property + +Signature: + +```typescript +overall_metric: ExpressionFunctionOverallMetric; +``` diff --git a/docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.md b/docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.md index 219678244951b4..f55fed99e1d3d4 100644 --- a/docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.md +++ b/docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.md @@ -21,6 +21,7 @@ export interface ExpressionFunctionDefinitions | [derivative](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.derivative.md) | ExpressionFunctionDerivative | | | [font](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.font.md) | ExpressionFunctionFont | | | [moving\_average](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.moving_average.md) | ExpressionFunctionMovingAverage | | +| [overall\_metric](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.overall_metric.md) | ExpressionFunctionOverallMetric | | | [theme](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.theme.md) | ExpressionFunctionTheme | | | [var\_set](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.var_set.md) | ExpressionFunctionVarSet | | | [var](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.var.md) | ExpressionFunctionVar | | diff --git a/docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.overall_metric.md b/docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.overall_metric.md new file mode 100644 index 00000000000000..b8564a696e6e48 --- /dev/null +++ b/docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.overall_metric.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-expressions-server](./kibana-plugin-plugins-expressions-server.md) > [ExpressionFunctionDefinitions](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.md) > [overall\_metric](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.overall_metric.md) + +## ExpressionFunctionDefinitions.overall\_metric property + +Signature: + +```typescript +overall_metric: ExpressionFunctionOverallMetric; +``` diff --git a/docs/settings/task-manager-settings.asciidoc b/docs/settings/task-manager-settings.asciidoc index 12c958c9e86838..87f5b700870ebf 100644 --- a/docs/settings/task-manager-settings.asciidoc +++ b/docs/settings/task-manager-settings.asciidoc @@ -28,6 +28,9 @@ Task Manager runs background tasks by polling for work on an interval. You can | `xpack.task_manager.max_workers` | The maximum number of tasks that this Kibana instance will run simultaneously. Defaults to 10. Starting in 8.0, it will not be possible to set the value greater than 100. + + | `xpack.task_manager.monitored_stats_warn_delayed_task_start_in_seconds` + | The amount of seconds we allow a task to delay before printing a warning server log. Defaults to 60. |=== [float] diff --git a/docs/siem/images/workflow.png b/docs/siem/images/workflow.png new file mode 100644 index 00000000000000..b71c7b0ace301e Binary files /dev/null and b/docs/siem/images/workflow.png differ diff --git a/docs/siem/siem-ui.asciidoc b/docs/siem/siem-ui.asciidoc index 98f8bc218aa76c..1d07e9038667b0 100644 --- a/docs/siem/siem-ui.asciidoc +++ b/docs/siem/siem-ui.asciidoc @@ -1,102 +1,160 @@ [role="xpack"] [[siem-ui]] -== Using Elastic Security +== Elastic Security Overview -Elastic Security is a highly interactive workspace designed for security -analysts. It provides a clear overview of events and alerts from your -environment, and you can use the interactive UI to drill down into areas of -interest. +Elastic Security combines SIEM threat detection features with endpoint +prevention and response capabilities in one solution. These analytical and +protection capabilities, leveraged by the speed and extensibility of +Elasticsearch, enable analysts to defend their organization from threats before +damage and loss occur. -[float] -[[hosts-ui]] -=== Hosts +Elastic Security provides the following security benefits and capabilities: -The Hosts page provides key metrics regarding host-related security events, and -data tables and histograms that let you interact with the Timeline Event Viewer. -You can drill down for deeper insights, and drag and drop items of interest from -the Hosts page to Timeline for further investigation. +* A detection engine to identify attacks and system misconfigurations +* A workspace for event triage and investigations +* Interactive visualizations to investigate process relationships +* Inbuilt case management with automated actions +* Detection of signatureless attacks with prebuilt machine learning anomaly jobs +and detection rules -[role="screenshot"] -image::siem/images/hosts-ui.png[] - - -[float] -[[network-ui]] -=== Network - -The Network page displays key network activity metrics in an interactive map, -and provides network event tables that enable interaction with Timeline. - -[role="screenshot"] -image::siem/images/network-ui.png[] - -[float] -[[detections-ui]] -=== Detections (beta) - -The Detections feature automatically searches for threats and creates -alerts when they are detected. Detection rules define the conditions -for when alerts are created. Elastic Security comes with prebuilt rules that -search for suspicious activity on your network and hosts. Additionally, you can -create your own rules. - -See {security-guide}/detection-engine-overview.html[Detections] for information -on managing detection rules and alerts. - -[role="screenshot"] -image::siem/images/detections-ui.png[] - -[float] -[[cases-ui]] -=== Cases (beta) - -Cases are used to open and track security issues directly in Elastic Security. -Cases list the original reporter and all users who contribute to a case -(`participants`). Case comments support Markdown syntax, and allow linking to -saved Timelines. Additionally, you can send cases to external systems from -within Elastic Security. +[discrete] +== Elastic Security components and workflow -For information about opening, updating, and closing cases, see -{security-guide}/cases-overview.html[Cases] in the Elastic Security Guide. +The following diagram provides a comprehensive illustration of the Elastic Security workflow. [role="screenshot"] -image::siem/images/cases-ui.png[] - -[float] -[[timelines-ui]] -=== Timeline - -Timeline is your workspace for threat hunting and alert investigations. - -[role="screenshot"] -image::siem/images/timeline-ui.png[Elastic Security Timeline] - -You can drag objects of interest into the Timeline Event Viewer to create -exactly the query filter you need. You can drag items from table widgets within -Hosts and Network pages, or even from within Timeline itself. - -A timeline is responsive and persists as you move through Elastic Security -collecting data. - -For detailed information about Timeline, see -{security-guide}/timelines-ui.html[Investigating events in Timeline]. - -[float] -[[sample-workflow]] -=== Sample workflow - -An analyst notices a suspicious user ID that warrants further investigation, and -clicks a URL that links to Elastic Security. - -The analyst uses the tables, histograms, and filtering and search capabilities in -Elastic Security to get to the bottom of the alert. The analyst can drag items of -interest to Timeline for further analysis. - -Within Timeline, the analyst can investigate further - drilling down, -searching, and filtering - and add notes and pin items of interest. - -The analyst can name the timeline, write summary notes, and share it with others -if appropriate. +image::../siem/images/workflow.png[Elastic Security workflow] + +Here's an overview of the flow and its components: + +* Data is shipped from your hosts to {es} via beat modules and the Elastic https://www.elastic.co/endpoint-security/[Endpoint Security agent integration]. This integration provides capabilities such as collecting events, detecting and preventing {security-guide}/detection-engine-overview.html#malware-prevention[malicious activity], and artifact delivery. The {fleet-guide}/fleet-overview.html[{fleet}] app is used to +install and manage agents and integrations on your hosts. ++ +The Endpoint Security integration ships the following data sets: ++ +*** *Windows*: Process, network, file, DNS, registry, DLL and driver loads, +malware security detections +*** *Linux/macOS*: Process, network, file ++ +* https://www.elastic.co/integrations?solution=security[Beat modules]: {beats} +are lightweight data shippers. Beat modules provide a way of collecting and +parsing specific data sets from common sources, such as cloud and OS events, +logs, and metrics. Common security-related modules are listed {security-guide}/ingest-data.html#enable-beat-modules[here]. +* The {security-app} in {kib} is used to manage the *Detection engine*, +*Cases*, and *Timeline*, as well as administer hosts running Endpoint Security: +** Detection engine: Automatically searches for suspicious host and network +activity via the following: +*** {security-guide}/detection-engine-overview.html#detection-engine-overview[Detection rules]: Periodically search the data +({es} indices) sent from your hosts for suspicious events. When a suspicious +event is discovered, a detection alert is generated. External systems, such as +Slack and email, can be used to send notifications when alerts are generated. +You can create your own rules and make use of our {security-guide}/prebuilt-rules.html[prebuilt ones]. +*** {security-guide}/detections-ui-exceptions.html[Exceptions]: Reduce noise and the number of +false positives. Exceptions are associated with rules and prevent alerts when +an exception's conditions are met. *Value lists* contain source event +values that can be used as part of an exception's conditions. When +Elastic {endpoint-sec} is installed on your hosts, you can add malware exceptions +directly to the endpoint from the Security app. +*** {security-guide}/machine-learning.html#included-jobs[{ml-cap} jobs]: Automatic anomaly detection of host and +network events. Anomaly scores are provided per host and can be used with +detection rules. +** {security-guide}/timelines-ui.html[Timeline]: Workspace for investigating alerts and events. +Timelines use queries and filters to drill down into events related to +a specific incident. Timeline templates are attached to rules and use predefined +queries when alerts are investigated. Timelines can be saved and shared with +others, as well as attached to Cases. +** {security-guide}/cases-overview.html[Cases]: An internal system for opening, tracking, and sharing +security issues directly in the Security app. Cases can be integrated with +external ticketing systems. +** {security-guide}/admin-page-ov.html[Administration]: View and manage hosts running {endpoint-sec}. + +{security-guide}/ingest-data.html[Ingest data to Elastic Security] and {security-guide}/install-endpoint.html[Configure and install the Elastic Endpoint integration] describe how to ship security-related +data to {es}. + + +For more background information, see: + +* https://www.elastic.co/products/elasticsearch[{es}]: A real-time, +distributed storage, search, and analytics engine. {es} excels at indexing +streams of semi-structured data, such as logs or metrics. +* https://www.elastic.co/products/kibana[{kib}]: An open-source analytics and +visualization platform designed to work with {es}. You use {kib} to search, +view, and interact with data stored in {es} indices. You can easily compile +advanced data analysis and visualize your data in a variety of charts, tables, +and maps. + +[discrete] +=== Compatibility with cold tier nodes + +Cold tier is a {ref}/data-tiers.html[data tier] that holds time series data that is accessed only occasionally. In {stack} version >=7.11.0, {elastic-sec} supports cold tier data for the following {es} indices: + +* Index patterns specified in `securitySolution:defaultIndex` +* Index patterns specified in the definitions of detection rules, except for indicator match rules +* Index patterns specified in the data sources selector on various {security-app} pages + +{elastic-sec} does NOT support cold tier data for the following {es} indices: + +* Index patterns controlled by {elastic-sec}, including signals and list indices +* Index patterns specified in indicator match rules + +Using cold tier data for unsupported indices may result in detection rule timeouts and overall performance degradation. + +[discrete] +[[self-protection]] +==== Elastic Endpoint self-protection + +Self-protection means that {elastic-endpoint} has guards against users and attackers that may try to interfere with its functionality. This protection feature is consistently enhanced to prevent attackers who may attempt to use newer, more sophisticated tactics to interfere with the {elastic-endpoint}. Self-protection is enabled by default when {elastic-endpoint} installs on supported platforms, listed below. + +Self-protection is enabled on the following 64-bit Windows versions: + +* Windows 8.1 +* Windows 10 +* Windows Server 2012 R2 +* Windows Server 2016 +* Windows Server 2019 + +And on the following macOS versions: + +* macOS 10.15 (Catalina) +* macOS 11 (Big Sur) + +NOTE: Other Windows and macOS variants (and all Linux distributions) do not have self-protection. + +For {stack} version >= 7.11.0, self-protection defines the following permissions: + +* Users -- even Administrator/root -- *cannot* delete {elastic-endpoint} files (located at `c:\Program Files\Elastic\Endpoint` on Windows, and `/Library/Elastic/Endpoint` on macOS). +* Users *cannot* terminate the {elastic-endpoint} program or service. +* Administrator/root users *can* read the endpoint's files. On Windows, the easiest way to read Endpoint files is to start an Administrator `cmd.exe` prompt. On macOS, an Administrator can use the `sudo` command. +* Administrator/root users *can* stop the {elastic-agent}'s service. On Windows, run the `sc stop "Elastic Agent"` command. On macOS, run the `sudo launchctl stop elastic-agent` command. + + +[discrete] +[[siem-integration]] +=== Integration with other Elastic products + +You can use {elastic-sec} with other Elastic products and features to help you +identify and investigate suspicious activity: + +* https://www.elastic.co/products/stack/machine-learning[{ml-cap}] +* https://www.elastic.co/products/stack/alerting[Alerting] +* https://www.elastic.co/products/stack/canvas[Canvas] + +[discrete] +[[data-sources]] +=== APM transaction data sources + +By default, {elastic-sec} monitors {apm-app-ref}/apm-getting-started.html[APM] +`apm-*-transaction*` indices. To add additional APM indices, update the +index patterns in the `securitySolution:defaultIndex` setting ({kib} -> Stack Management -> Advanced Settings -> `securitySolution:defaultIndex`). +[discrete] +[[ecs-compliant-reqs]] +=== ECS compliance data requirements +The {ecs-ref}[Elastic Common Schema (ECS)] defines a common set of fields to be used for +storing event data in Elasticsearch. ECS helps users normalize their event data +to better analyze, visualize, and correlate the data represented in their +events. {elastic-sec} supports events and indicator index data from any ECS-compliant data source. +IMPORTANT: {elastic-sec} requires {ecs-ref}[ECS-compliant data]. If you use third-party data collectors to ship data to {es}, the data must be mapped to ECS. +{security-guide}/siem-field-reference.html[Elastic Security ECS field reference] lists ECS fields used in {elastic-sec}. diff --git a/docs/user/dashboard/aggregation-reference.asciidoc b/docs/user/dashboard/aggregation-reference.asciidoc index 001114578a1cd0..cb5c484def3b9d 100644 --- a/docs/user/dashboard/aggregation-reference.asciidoc +++ b/docs/user/dashboard/aggregation-reference.asciidoc @@ -190,8 +190,8 @@ For information about {es} metrics aggregations, refer to {ref}/search-aggregati | Metrics with filters | -^| X | +^| X | | Average diff --git a/docs/user/production-considerations/production.asciidoc b/docs/user/production-considerations/production.asciidoc index 1ffca4b6ae6ab1..b75b556588cfd2 100644 --- a/docs/user/production-considerations/production.asciidoc +++ b/docs/user/production-considerations/production.asciidoc @@ -122,8 +122,6 @@ active in case of failure from the currently used instance. Kibana can be configured to connect to multiple Elasticsearch nodes in the same cluster. In situations where a node becomes unavailable, Kibana will transparently connect to an available node and continue operating. Requests to available hosts will be routed in a round robin fashion. -Currently the Console application is limited to connecting to the first node listed. - In kibana.yml: [source,js] -------- diff --git a/docs/user/reporting/reporting-troubleshooting.asciidoc b/docs/user/reporting/reporting-troubleshooting.asciidoc index 4305b39653f8dc..d6d6190c8504b9 100644 --- a/docs/user/reporting/reporting-troubleshooting.asciidoc +++ b/docs/user/reporting/reporting-troubleshooting.asciidoc @@ -92,6 +92,32 @@ the first time Kibana starts when verbose logging is enabled. Whenever possible, a Reporting error message tries to be as self-explanatory as possible. Here are some error messages you might encounter, along with the solution. +[float] +==== `StatusCodeError: [version_conflict_engine_exception]` +If you are running multiple instances of {kib} in a cluster, the instances share the work of executing report jobs to evenly distribute +the work load. Each instance searches the reporting index for "pending" jobs that the user has requested. It is possible for +multiple instances to find the same job in these searches. Only the instance that successfully updated the job status to +"processing" will actually execute the report job. The other instances that unsuccessfully tried to make the same update will log +something similar to this: + +[source] +-------------------------------------------------------------------------------- +StatusCodeError: [version_conflict_engine_exception] [...]: version conflict, required seqNo [6124], primary term [1]. current document has seqNo [6125] and primary term [1], with { ... } + status: 409, + displayName: 'Conflict', + path: '/.reporting-...', + body: { + error: { + type: 'version_conflict_engine_exception', + reason: '[...]: version conflict, required seqNo [6124], primary term [1]. current document has seqNo [6125] and primary term [1]', + }, + }, + statusCode: 409 +} +-------------------------------------------------------------------------------- + +These messages alone don't indicate a problem. They show normal events that happen in a healthy system. + [float] ==== Max attempts reached There are two primary causes of this error: diff --git a/package.json b/package.json index c9c6fa7f582c59..596bcff59797d8 100644 --- a/package.json +++ b/package.json @@ -156,6 +156,7 @@ "@kbn/ui-framework": "link:packages/kbn-ui-framework", "@kbn/ui-shared-deps": "link:packages/kbn-ui-shared-deps", "@kbn/utility-types": "link:bazel-bin/packages/kbn-utility-types", + "@kbn/common-utils": "link:bazel-bin/packages/kbn-common-utils", "@kbn/utils": "link:bazel-bin/packages/kbn-utils", "@loaders.gl/core": "^2.3.1", "@loaders.gl/json": "^2.3.1", diff --git a/packages/BUILD.bazel b/packages/BUILD.bazel index 3e17d471a3cac0..f2510a2386aa2c 100644 --- a/packages/BUILD.bazel +++ b/packages/BUILD.bazel @@ -12,6 +12,7 @@ filegroup( "//packages/kbn-apm-utils:build", "//packages/kbn-babel-code-parser:build", "//packages/kbn-babel-preset:build", + "//packages/kbn-common-utils:build", "//packages/kbn-config:build", "//packages/kbn-config-schema:build", "//packages/kbn-crypto:build", diff --git a/packages/kbn-common-utils/BUILD.bazel b/packages/kbn-common-utils/BUILD.bazel new file mode 100644 index 00000000000000..02446849733537 --- /dev/null +++ b/packages/kbn-common-utils/BUILD.bazel @@ -0,0 +1,82 @@ +load("@npm//@bazel/typescript:index.bzl", "ts_config", "ts_project") +load("@build_bazel_rules_nodejs//:index.bzl", "js_library", "pkg_npm") + +PKG_BASE_NAME = "kbn-common-utils" +PKG_REQUIRE_NAME = "@kbn/common-utils" + +SOURCE_FILES = glob( + [ + "src/**/*.ts", + ], + exclude = ["**/*.test.*"], +) + +SRCS = SOURCE_FILES + +filegroup( + name = "srcs", + srcs = SRCS, +) + +NPM_MODULE_EXTRA_FILES = [ + "package.json", + "README.md" +] + +SRC_DEPS = [ + "//packages/kbn-config-schema", + "@npm//load-json-file", + "@npm//tslib", +] + +TYPES_DEPS = [ + "@npm//@types/jest", + "@npm//@types/node", +] + +DEPS = SRC_DEPS + TYPES_DEPS + +ts_config( + name = "tsconfig", + src = "tsconfig.json", + deps = [ + "//:tsconfig.base.json", + ], +) + +ts_project( + name = "tsc", + args = ['--pretty'], + srcs = SRCS, + deps = DEPS, + declaration = True, + declaration_map = True, + incremental = True, + out_dir = "target", + source_map = True, + root_dir = "src", + tsconfig = ":tsconfig", +) + +js_library( + name = PKG_BASE_NAME, + srcs = NPM_MODULE_EXTRA_FILES, + deps = DEPS + [":tsc"], + package_name = PKG_REQUIRE_NAME, + visibility = ["//visibility:public"], +) + +pkg_npm( + name = "npm_module", + deps = [ + ":%s" % PKG_BASE_NAME, + ] +) + +filegroup( + name = "build", + srcs = [ + ":npm_module", + ], + visibility = ["//visibility:public"], +) diff --git a/packages/kbn-common-utils/README.md b/packages/kbn-common-utils/README.md new file mode 100644 index 00000000000000..7b64c9f18fe89d --- /dev/null +++ b/packages/kbn-common-utils/README.md @@ -0,0 +1,3 @@ +# @kbn/common-utils + +Shared common (client and server sie) utilities shared across packages and plugins. \ No newline at end of file diff --git a/packages/kbn-common-utils/jest.config.js b/packages/kbn-common-utils/jest.config.js new file mode 100644 index 00000000000000..08f1995c474236 --- /dev/null +++ b/packages/kbn-common-utils/jest.config.js @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../..', + roots: ['/packages/kbn-common-utils'], +}; diff --git a/packages/kbn-common-utils/package.json b/packages/kbn-common-utils/package.json new file mode 100644 index 00000000000000..db99f4d6afb985 --- /dev/null +++ b/packages/kbn-common-utils/package.json @@ -0,0 +1,9 @@ +{ + "name": "@kbn/common-utils", + "main": "./target/index.js", + "browser": "./target/index.js", + "types": "./target/index.d.ts", + "version": "1.0.0", + "license": "SSPL-1.0 OR Elastic License 2.0", + "private": true +} \ No newline at end of file diff --git a/src/plugins/index_pattern_management/public/service/creation/components/rollup_prompt/index.ts b/packages/kbn-common-utils/src/index.ts similarity index 88% rename from src/plugins/index_pattern_management/public/service/creation/components/rollup_prompt/index.ts rename to packages/kbn-common-utils/src/index.ts index d1fc2fa242eb1b..1b8bffe4bf1580 100644 --- a/src/plugins/index_pattern_management/public/service/creation/components/rollup_prompt/index.ts +++ b/packages/kbn-common-utils/src/index.ts @@ -6,4 +6,4 @@ * Side Public License, v 1. */ -export { RollupPrompt } from './rollup_prompt'; +export * from './json'; diff --git a/src/plugins/index_pattern_management/public/constants.ts b/packages/kbn-common-utils/src/json/index.ts similarity index 84% rename from src/plugins/index_pattern_management/public/constants.ts rename to packages/kbn-common-utils/src/json/index.ts index e5010d133f0f30..96c94df1bb48eb 100644 --- a/src/plugins/index_pattern_management/public/constants.ts +++ b/packages/kbn-common-utils/src/json/index.ts @@ -6,4 +6,4 @@ * Side Public License, v 1. */ -export const CONFIG_ROLLUPS = 'rollups:enableIndexPatterns'; +export { JsonArray, JsonValue, JsonObject } from './typed_json'; diff --git a/src/plugins/kibana_utils/common/typed_json.ts b/packages/kbn-common-utils/src/json/typed_json.ts similarity index 100% rename from src/plugins/kibana_utils/common/typed_json.ts rename to packages/kbn-common-utils/src/json/typed_json.ts diff --git a/packages/kbn-common-utils/tsconfig.json b/packages/kbn-common-utils/tsconfig.json new file mode 100644 index 00000000000000..98f1b30c0d7ff2 --- /dev/null +++ b/packages/kbn-common-utils/tsconfig.json @@ -0,0 +1,18 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "incremental": true, + "outDir": "target", + "declaration": true, + "declarationMap": true, + "sourceMap": true, + "sourceRoot": "../../../../packages/kbn-common-utils/src", + "types": [ + "jest", + "node" + ] + }, + "include": [ + "src/**/*" + ] +} diff --git a/packages/kbn-tinymath/src/index.js b/packages/kbn-tinymath/src/index.js index 9f1bb7b8514634..6fde4c202e2a77 100644 --- a/packages/kbn-tinymath/src/index.js +++ b/packages/kbn-tinymath/src/index.js @@ -7,12 +7,11 @@ */ const { get } = require('lodash'); +const memoizeOne = require('memoize-one'); // eslint-disable-next-line import/no-unresolved const { parse: parseFn } = require('../grammar'); const { functions: includedFunctions } = require('./functions'); -module.exports = { parse, evaluate, interpret }; - function parse(input, options) { if (input == null) { throw new Error('Missing expression'); @@ -29,9 +28,11 @@ function parse(input, options) { } } +const memoizedParse = memoizeOne(parse); + function evaluate(expression, scope = {}, injectedFunctions = {}) { scope = scope || {}; - return interpret(parse(expression), scope, injectedFunctions); + return interpret(memoizedParse(expression), scope, injectedFunctions); } function interpret(node, scope, injectedFunctions) { @@ -79,3 +80,5 @@ function isOperable(args) { return typeof arg === 'number' && !isNaN(arg); }); } + +module.exports = { parse: memoizedParse, evaluate, interpret }; diff --git a/renovate.json5 b/renovate.json5 index f533eac4796508..2a3b9d740ee93b 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -39,7 +39,7 @@ packageNames: ['@elastic/charts'], reviewers: ['markov00', 'nickofthyme'], matchBaseBranches: ['master'], - labels: ['release_note:skip', 'v8.0.0', 'v7.14.0'], + labels: ['release_note:skip', 'v8.0.0', 'v7.14.0', 'auto-backport'], enabled: true, }, { diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/8.0.0_oss_sample_saved_objects.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/8.0.0_oss_sample_saved_objects.zip deleted file mode 100644 index abb8dd2b6d491c..00000000000000 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/8.0.0_oss_sample_saved_objects.zip and /dev/null differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/8.0.0_v1_migrations_sample_data_saved_objects.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/8.0.0_v1_migrations_sample_data_saved_objects.zip new file mode 100644 index 00000000000000..ff02fcf204845d Binary files /dev/null and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/8.0.0_v1_migrations_sample_data_saved_objects.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/migration.test.ts b/src/core/server/saved_objects/migrationsv2/integration_tests/migration.test.ts index f9d8e7cc4fbaab..f4e0dd8fffcab1 100644 --- a/src/core/server/saved_objects/migrationsv2/integration_tests/migration.test.ts +++ b/src/core/server/saved_objects/migrationsv2/integration_tests/migration.test.ts @@ -21,13 +21,37 @@ import { Root } from '../../../root'; const kibanaVersion = Env.createDefault(REPO_ROOT, getEnvOptions()).packageInfo.version; -const logFilePath = Path.join(__dirname, 'migration_test_kibana.log'); +const logFilePath = Path.join(__dirname, 'migration_test_kibana_from_v1.log'); const asyncUnlink = Util.promisify(Fs.unlink); async function removeLogFile() { // ignore errors if it doesn't exist await asyncUnlink(logFilePath).catch(() => void 0); } +const assertMigratedDocuments = (arr: any[], target: any[]) => target.every((v) => arr.includes(v)); + +function sortByTypeAndId(a: { type: string; id: string }, b: { type: string; id: string }) { + return a.type.localeCompare(b.type) || a.id.localeCompare(b.id); +} + +async function fetchDocuments(esClient: ElasticsearchClient, index: string) { + const { body } = await esClient.search({ + index, + body: { + query: { + match_all: {}, + }, + _source: ['type', 'id'], + }, + }); + + return body.hits.hits + .map((h) => ({ + ...h._source, + id: h._id, + })) + .sort(sortByTypeAndId); +} describe('migration v2', () => { let esServer: kbnTestServer.TestElasticsearchUtils; @@ -40,7 +64,7 @@ describe('migration v2', () => { adjustTimeout: (t: number) => jest.setTimeout(t), settings: { es: { - license: 'trial', + license: 'basic', dataArchive, }, }, @@ -51,8 +75,8 @@ describe('migration v2', () => { migrations: { skip: false, enableV2: true, - // There are 53 docs in fixtures. Batch size configured to enforce 3 migration steps. - batchSize: 20, + // There are 40 docs in fixtures. Batch size configured to enforce 3 migration steps. + batchSize: 15, }, logging: { appenders: { @@ -85,8 +109,7 @@ describe('migration v2', () => { coreStart = start; esClient = coreStart.elasticsearch.client.asInternalUser; }); - - await Promise.all([startEsPromise, startKibanaPromise]); + return await Promise.all([startEsPromise, startKibanaPromise]); }; const getExpectedVersionPerType = () => @@ -192,15 +215,19 @@ describe('migration v2', () => { }); }); - // FLAKY: https://github.com/elastic/kibana/issues/91107 - describe.skip('migrating from the same Kibana version', () => { + describe('migrating from the same Kibana version that used v1 migrations', () => { + const originalIndex = `.kibana_1`; // v1 migrations index const migratedIndex = `.kibana_${kibanaVersion}_001`; beforeAll(async () => { await removeLogFile(); await startServers({ - oss: true, - dataArchive: Path.join(__dirname, 'archives', '8.0.0_oss_sample_saved_objects.zip'), + oss: false, + dataArchive: Path.join( + __dirname, + 'archives', + '8.0.0_v1_migrations_sample_data_saved_objects.zip' + ), }); }); @@ -215,7 +242,6 @@ describe('migration v2', () => { }, { ignore: [404] } ); - const response = body[migratedIndex]; expect(response).toBeDefined(); @@ -225,17 +251,23 @@ describe('migration v2', () => { ]); }); - it('copies all the document of the previous index to the new one', async () => { + it('copies the documents from the previous index to the new one', async () => { + // original assertion on document count comparison (how atteched are we to this assertion?) const migratedIndexResponse = await esClient.count({ index: migratedIndex, }); const oldIndexResponse = await esClient.count({ - index: '.kibana_1', + index: originalIndex, }); // Use a >= comparison since once Kibana has started it might create new // documents like telemetry tasks expect(migratedIndexResponse.body.count).toBeGreaterThanOrEqual(oldIndexResponse.body.count); + + // new assertion against a document array comparison + const originalDocs = await fetchDocuments(esClient, originalIndex); + const migratedDocs = await fetchDocuments(esClient, migratedIndex); + expect(assertMigratedDocuments(migratedDocs, originalDocs)); }); it('migrates the documents to the highest version', async () => { diff --git a/src/dev/build/tasks/os_packages/docker_generator/bundle_dockerfiles.ts b/src/dev/build/tasks/os_packages/docker_generator/bundle_dockerfiles.ts index a633e919cc5db2..5f0665692b46f6 100644 --- a/src/dev/build/tasks/os_packages/docker_generator/bundle_dockerfiles.ts +++ b/src/dev/build/tasks/os_packages/docker_generator/bundle_dockerfiles.ts @@ -42,7 +42,7 @@ export async function bundleDockerFiles(config: Config, log: ToolingLog, scope: await copyAll(resolve(scope.dockerBuildDir), resolve(dockerFilesBuildDir), { select: ['LICENSE'], }); - const templates = ['hardening_manifest.yml', 'README.md']; + const templates = ['hardening_manifest.yaml', 'README.md']; for (const template of templates) { const file = readFileSync(resolve(__dirname, 'templates/ironbank', template)); const output = Mustache.render(file.toString(), scope); diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker index a1838c571ea0be..f82a21c2f520cf 100755 --- a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker +++ b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker @@ -322,6 +322,7 @@ kibana_vars=( xpack.task_manager.monitored_aggregated_stats_refresh_rate xpack.task_manager.monitored_stats_required_freshness xpack.task_manager.monitored_stats_running_average_window + xpack.task_manager.monitored_stats_warn_delayed_task_start_in_seconds xpack.task_manager.monitored_task_execution_thresholds xpack.task_manager.poll_interval xpack.task_manager.request_capacity diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/Dockerfile b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/Dockerfile index 1654377b241d84..c1335f6c7a3969 100644 --- a/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/Dockerfile +++ b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/Dockerfile @@ -4,7 +4,7 @@ ################################################################################ ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=redhat/ubi/ubi8 -ARG BASE_TAG=8.3 +ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as prep_files @@ -59,7 +59,7 @@ COPY --chown=1000:0 config/kibana.yml /usr/share/kibana/config/kibana.yml # Add the launcher/wrapper script. It knows how to interpret environment # variables and translate them to Kibana CLI options. -COPY --chown=1000:0 scripts/kibana-docker /usr/local/bin/ +COPY --chown=1000:0 bin/kibana-docker /usr/local/bin/ # Remove the suid bit everywhere to mitigate "Stack Clash" RUN find / -xdev -perm -4000 -exec chmod u-s {} + diff --git a/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yml b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yaml similarity index 99% rename from src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yml rename to src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yaml index 8de5ac29733588..2e65e68bc28827 100644 --- a/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yml +++ b/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yaml @@ -14,7 +14,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: 'redhat/ubi/ubi8' - BASE_TAG: '8.3' + BASE_TAG: '8.4' # Docker image labels labels: diff --git a/src/dev/typescript/build_ts_refs.ts b/src/dev/typescript/build_ts_refs.ts index 2e25827996e453..26425b7a3e61df 100644 --- a/src/dev/typescript/build_ts_refs.ts +++ b/src/dev/typescript/build_ts_refs.ts @@ -13,12 +13,20 @@ import { ToolingLog, REPO_ROOT } from '@kbn/dev-utils'; export const REF_CONFIG_PATHS = [Path.resolve(REPO_ROOT, 'tsconfig.refs.json')]; -export async function buildAllTsRefs(log: ToolingLog) { +export async function buildAllTsRefs(log: ToolingLog): Promise<{ failed: boolean }> { for (const path of REF_CONFIG_PATHS) { const relative = Path.relative(REPO_ROOT, path); log.debug(`Building TypeScript projects refs for ${relative}...`); - await execa(require.resolve('typescript/bin/tsc'), ['-b', relative, '--pretty'], { - cwd: REPO_ROOT, - }); + const { failed, stdout } = await execa( + require.resolve('typescript/bin/tsc'), + ['-b', relative, '--pretty'], + { + cwd: REPO_ROOT, + reject: false, + } + ); + log.info(stdout); + if (failed) return { failed }; } + return { failed: false }; } diff --git a/src/dev/typescript/run_type_check_cli.ts b/src/dev/typescript/run_type_check_cli.ts index f95c230f44b9e4..d9e9eb036fe0f2 100644 --- a/src/dev/typescript/run_type_check_cli.ts +++ b/src/dev/typescript/run_type_check_cli.ts @@ -69,7 +69,11 @@ export async function runTypeCheckCli() { process.exit(); } - await buildAllTsRefs(log); + const { failed } = await buildAllTsRefs(log); + if (failed) { + log.error('Unable to build TS project refs'); + process.exit(1); + } const tscArgs = [ // composite project cannot be used with --noEmit diff --git a/src/plugins/dashboard/public/application/top_nav/dashboard_top_nav.tsx b/src/plugins/dashboard/public/application/top_nav/dashboard_top_nav.tsx index 1cfa39d5e0e79b..e5f89bd6a8e909 100644 --- a/src/plugins/dashboard/public/application/top_nav/dashboard_top_nav.tsx +++ b/src/plugins/dashboard/public/application/top_nav/dashboard_top_nav.tsx @@ -132,7 +132,7 @@ export function DashboardTopNav({ const trackUiMetric = usageCollection?.reportUiCounter.bind( usageCollection, - DashboardConstants.DASHBOARDS_ID + DashboardConstants.DASHBOARD_ID ); useEffect(() => { @@ -163,6 +163,7 @@ export function DashboardTopNav({ notifications: core.notifications, overlays: core.overlays, SavedObjectFinder: getSavedObjectFinder(core.savedObjects, uiSettings), + reportUiCounter: usageCollection?.reportUiCounter, }), })); } @@ -174,6 +175,7 @@ export function DashboardTopNav({ core.savedObjects, core.overlays, uiSettings, + usageCollection, ]); const createNewVisType = useCallback( @@ -183,7 +185,7 @@ export function DashboardTopNav({ if (visType) { if (trackUiMetric) { - trackUiMetric(METRIC_TYPE.CLICK, visType.name); + trackUiMetric(METRIC_TYPE.CLICK, `${visType.name}:create`); } if ('aliasPath' in visType) { diff --git a/src/plugins/dashboard/public/application/top_nav/editor_menu.tsx b/src/plugins/dashboard/public/application/top_nav/editor_menu.tsx index 90cf0fcd571a15..74d725bb4d1045 100644 --- a/src/plugins/dashboard/public/application/top_nav/editor_menu.tsx +++ b/src/plugins/dashboard/public/application/top_nav/editor_menu.tsx @@ -51,7 +51,7 @@ export const EditorMenu = ({ dashboardContainer, createNewVisType }: Props) => { const trackUiMetric = usageCollection?.reportUiCounter.bind( usageCollection, - DashboardConstants.DASHBOARDS_ID + DashboardConstants.DASHBOARD_ID ); const createNewAggsBasedVis = useCallback( diff --git a/src/plugins/data/common/es_query/kuery/ast/ast.ts b/src/plugins/data/common/es_query/kuery/ast/ast.ts index 5b22e3b3a3e0ea..be821289699689 100644 --- a/src/plugins/data/common/es_query/kuery/ast/ast.ts +++ b/src/plugins/data/common/es_query/kuery/ast/ast.ts @@ -6,6 +6,7 @@ * Side Public License, v 1. */ +import { JsonObject } from '@kbn/common-utils'; import { nodeTypes } from '../node_types/index'; import { KQLSyntaxError } from '../kuery_syntax_error'; import { KueryNode, DslQuery, KueryParseOptions } from '../types'; @@ -13,7 +14,6 @@ import { IIndexPattern } from '../../../index_patterns/types'; // @ts-ignore import { parse as parseKuery } from './_generated_/kuery'; -import { JsonObject } from '../../../../../kibana_utils/common'; const fromExpression = ( expression: string | DslQuery, diff --git a/src/plugins/data/common/es_query/kuery/node_types/named_arg.ts b/src/plugins/data/common/es_query/kuery/node_types/named_arg.ts index c65f195040b185..b1b202e4323af7 100644 --- a/src/plugins/data/common/es_query/kuery/node_types/named_arg.ts +++ b/src/plugins/data/common/es_query/kuery/node_types/named_arg.ts @@ -7,10 +7,10 @@ */ import _ from 'lodash'; +import { JsonObject } from '@kbn/common-utils'; import * as ast from '../ast'; import { nodeTypes } from '../node_types'; import { NamedArgTypeBuildNode } from './types'; -import { JsonObject } from '../../../../../kibana_utils/common'; export function buildNode(name: string, value: any): NamedArgTypeBuildNode { const argumentNode = diff --git a/src/plugins/data/common/es_query/kuery/node_types/types.ts b/src/plugins/data/common/es_query/kuery/node_types/types.ts index 196890ed0f7a3a..b3247a0ad8dc21 100644 --- a/src/plugins/data/common/es_query/kuery/node_types/types.ts +++ b/src/plugins/data/common/es_query/kuery/node_types/types.ts @@ -10,8 +10,8 @@ * WARNING: these typings are incomplete */ +import { JsonValue } from '@kbn/common-utils'; import { IIndexPattern } from '../../../index_patterns'; -import { JsonValue } from '../../../../../kibana_utils/common'; import { KueryNode } from '..'; export type FunctionName = diff --git a/src/plugins/data/common/search/aggs/buckets/_terms_other_bucket_helper.test.ts b/src/plugins/data/common/search/aggs/buckets/_terms_other_bucket_helper.test.ts index 2aa0d346afe343..523bbe1f010181 100644 --- a/src/plugins/data/common/search/aggs/buckets/_terms_other_bucket_helper.test.ts +++ b/src/plugins/data/common/search/aggs/buckets/_terms_other_bucket_helper.test.ts @@ -174,6 +174,57 @@ const nestedTermResponse = { status: 200, }; +const exhaustiveNestedTermResponse = { + took: 10, + timed_out: false, + _shards: { + total: 1, + successful: 1, + skipped: 0, + failed: 0, + }, + hits: { + total: 14005, + max_score: 0, + hits: [], + }, + aggregations: { + '1': { + doc_count_error_upper_bound: 0, + sum_other_doc_count: 8325, + buckets: [ + { + '2': { + doc_count_error_upper_bound: 0, + sum_other_doc_count: 0, + buckets: [ + { key: 'ios', doc_count: 2850 }, + { key: 'win xp', doc_count: 2830 }, + { key: '__missing__', doc_count: 1430 }, + ], + }, + key: 'US-with-dash', + doc_count: 2850, + }, + { + '2': { + doc_count_error_upper_bound: 0, + sum_other_doc_count: 0, + buckets: [ + { key: 'ios', doc_count: 1850 }, + { key: 'win xp', doc_count: 1830 }, + { key: '__missing__', doc_count: 130 }, + ], + }, + key: 'IN-with-dash', + doc_count: 2830, + }, + ], + }, + }, + status: 200, +}; + const nestedTermResponseNoResults = { took: 10, timed_out: false, @@ -326,6 +377,17 @@ describe('Terms Agg Other bucket helper', () => { } }); + test('does not build query if sum_other_doc_count is 0 (exhaustive terms)', () => { + const aggConfigs = getAggConfigs(nestedTerm.aggs); + expect( + buildOtherBucketAgg( + aggConfigs, + aggConfigs.aggs[1] as IBucketAggConfig, + exhaustiveNestedTermResponse + ) + ).toBeFalsy(); + }); + test('excludes exists filter for scripted fields', () => { const aggConfigs = getAggConfigs(nestedTerm.aggs); aggConfigs.aggs[1].params.field.scripted = true; diff --git a/src/plugins/data/common/search/aggs/buckets/_terms_other_bucket_helper.ts b/src/plugins/data/common/search/aggs/buckets/_terms_other_bucket_helper.ts index 372d487bcf7a39..2a1cd873f62822 100644 --- a/src/plugins/data/common/search/aggs/buckets/_terms_other_bucket_helper.ts +++ b/src/plugins/data/common/search/aggs/buckets/_terms_other_bucket_helper.ts @@ -156,6 +156,7 @@ export const buildOtherBucketAgg = ( }; let noAggBucketResults = false; + let exhaustiveBuckets = true; // recursively create filters for all parent aggregation buckets const walkBucketTree = ( @@ -175,6 +176,9 @@ export const buildOtherBucketAgg = ( const newAggIndex = aggIndex + 1; const newAgg = bucketAggs[newAggIndex]; const currentAgg = bucketAggs[aggIndex]; + if (aggIndex === index && agg && agg.sum_other_doc_count > 0) { + exhaustiveBuckets = false; + } if (aggIndex < index) { each(agg.buckets, (bucket: any, bucketObjKey) => { const bucketKey = currentAgg.getKey( @@ -223,7 +227,7 @@ export const buildOtherBucketAgg = ( walkBucketTree(0, response.aggregations, bucketAggs[0].id, [], ''); // bail if there were no bucket results - if (noAggBucketResults) { + if (noAggBucketResults || exhaustiveBuckets) { return false; } diff --git a/src/plugins/data/public/index.ts b/src/plugins/data/public/index.ts index ba873952c9841f..078dd3a9b7c5ab 100644 --- a/src/plugins/data/public/index.ts +++ b/src/plugins/data/public/index.ts @@ -276,9 +276,8 @@ export { DuplicateIndexPatternError } from '../common/index_patterns/errors'; * Autocomplete query suggestions: */ -export { +export type { QuerySuggestion, - QuerySuggestionTypes, QuerySuggestionGetFn, QuerySuggestionGetFnArgs, QuerySuggestionBasic, @@ -286,6 +285,7 @@ export { AutocompleteStart, } from './autocomplete'; +export { QuerySuggestionTypes } from './autocomplete'; /* * Search: */ @@ -320,25 +320,23 @@ import { tabifyGetColumns, } from '../common'; -export { +export { AggGroupLabels, AggGroupNames, METRIC_TYPES, BUCKET_TYPES } from '../common'; + +export type { // aggs AggConfigSerialized, - AggGroupLabels, AggGroupName, - AggGroupNames, AggFunctionsMapping, AggParam, AggParamOption, AggParamType, AggConfigOptions, - BUCKET_TYPES, EsaggsExpressionFunctionDefinition, IAggConfig, IAggConfigs, IAggType, IFieldParamType, IMetricAggType, - METRIC_TYPES, OptionedParamType, OptionedValueProp, ParsedInterval, @@ -352,30 +350,23 @@ export { export type { AggConfigs, AggConfig } from '../common'; -export { +export type { // search ES_SEARCH_STRATEGY, EsQuerySortValue, - extractSearchSourceReferences, - getEsPreference, - getSearchParamsFromRequest, IEsSearchRequest, IEsSearchResponse, IKibanaSearchRequest, IKibanaSearchResponse, - injectSearchSourceReferences, ISearchSetup, ISearchStart, ISearchStartSearchSource, ISearchGeneric, ISearchSource, - parseSearchSourceJSON, SearchInterceptor, SearchInterceptorDeps, SearchRequest, SearchSourceFields, - SortDirection, - SearchSessionState, // expression functions and types EsdslExpressionFunctionDefinition, EsRawResponseExpressionTypeDefinition, @@ -386,11 +377,21 @@ export { TimeoutErrorMode, PainlessError, Reason, + WaitUntilNextSessionCompletesOptions, +} from './search'; + +export { + parseSearchSourceJSON, + injectSearchSourceReferences, + extractSearchSourceReferences, + getEsPreference, + getSearchParamsFromRequest, noSearchSessionStorageCapabilityMessage, SEARCH_SESSIONS_MANAGEMENT_ID, waitUntilNextSessionCompletes$, - WaitUntilNextSessionCompletesOptions, isEsError, + SearchSessionState, + SortDirection, } from './search'; export type { @@ -438,33 +439,36 @@ export const search = { * UI components */ -export { - SearchBar, +export type { SearchBarProps, StatefulSearchBarProps, IndexPatternSelectProps, - QueryStringInput, QueryStringInputProps, } from './ui'; +export { QueryStringInput, SearchBar } from './ui'; + /** * Types to be shared externally * @public */ -export { Filter, Query, RefreshInterval, TimeRange } from '../common'; +export type { Filter, Query, RefreshInterval, TimeRange } from '../common'; export { createSavedQueryService, connectToQueryState, syncQueryStateWithUrl, - QueryState, getDefaultQuery, FilterManager, + TimeHistory, +} from './query'; + +export type { + QueryState, SavedQuery, SavedQueryService, SavedQueryTimeFilter, InputTimeRange, - TimeHistory, TimefilterContract, TimeHistoryContract, QueryStateChange, @@ -472,7 +476,7 @@ export { AutoRefreshDoneFn, } from './query'; -export { AggsStart } from './search/aggs'; +export type { AggsStart } from './search/aggs'; export { getTime, @@ -496,7 +500,7 @@ export function plugin(initializerContext: PluginInitializerContext>; -export type Start = jest.Mocked>; +export type Setup = jest.Mocked>; +export type Start = jest.Mocked>; const autocompleteSetupMock: jest.Mocked = { getQuerySuggestions: jest.fn(), diff --git a/src/plugins/data/public/public.api.md b/src/plugins/data/public/public.api.md index 67534577d99fcf..d56727b468da6f 100644 --- a/src/plugins/data/public/public.api.md +++ b/src/plugins/data/public/public.api.md @@ -53,6 +53,7 @@ import { ISearchOptions as ISearchOptions_2 } from 'src/plugins/data/public'; import { ISearchSource as ISearchSource_2 } from 'src/plugins/data/public'; import { IStorageWrapper } from 'src/plugins/kibana_utils/public'; import { IUiSettingsClient } from 'src/core/public'; +import { JsonValue } from '@kbn/common-utils'; import { KibanaClient } from '@elastic/elasticsearch/api/kibana'; import { Location } from 'history'; import { LocationDescriptorObject } from 'history'; @@ -67,7 +68,7 @@ import { Observable } from 'rxjs'; import { PackageInfo } from '@kbn/config'; import { Path } from 'history'; import { PeerCertificate } from 'tls'; -import { Plugin as Plugin_2 } from 'src/core/public'; +import { Plugin } from 'src/core/public'; import { PluginInitializerContext as PluginInitializerContext_2 } from 'src/core/public'; import { PluginInitializerContext as PluginInitializerContext_3 } from 'kibana/public'; import { PopoverAnchorPosition } from '@elastic/eui'; @@ -621,6 +622,22 @@ export type CustomFilter = Filter & { query: any; }; +// Warning: (ae-forgotten-export) The symbol "DataSetupDependencies" needs to be exported by the entry point index.d.ts +// Warning: (ae-forgotten-export) The symbol "DataStartDependencies" needs to be exported by the entry point index.d.ts +// Warning: (ae-missing-release-tag) "DataPublicPlugin" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) +// +// @public (undocumented) +export class DataPlugin implements Plugin { + // Warning: (ae-forgotten-export) The symbol "ConfigSchema" needs to be exported by the entry point index.d.ts + constructor(initializerContext: PluginInitializerContext_2); + // (undocumented) + setup(core: CoreSetup, { bfetch, expressions, uiActions, usageCollection, inspector }: DataSetupDependencies): DataPublicPluginSetup; + // (undocumented) + start(core: CoreStart_2, { uiActions }: DataStartDependencies): DataPublicPluginStart; + // (undocumented) + stop(): void; + } + // Warning: (ae-missing-release-tag) "DataPublicPluginSetup" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public @@ -840,7 +857,7 @@ export const esFilters: { export const esKuery: { nodeTypes: import("../common/es_query/kuery/node_types").NodeTypes; fromKueryExpression: (expression: any, parseOptions?: Partial) => import("../common").KueryNode; - toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record | undefined, context?: Record | undefined) => import("../../kibana_utils/common").JsonObject; + toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record | undefined, context?: Record | undefined) => import("@kbn/common-utils").JsonObject; }; // Warning: (ae-missing-release-tag) "esQuery" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) @@ -2004,27 +2021,11 @@ export type PhrasesFilter = Filter & { meta: PhrasesFilterMeta; }; -// Warning: (ae-forgotten-export) The symbol "DataSetupDependencies" needs to be exported by the entry point index.d.ts -// Warning: (ae-forgotten-export) The symbol "DataStartDependencies" needs to be exported by the entry point index.d.ts -// Warning: (ae-missing-release-tag) "DataPublicPlugin" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) -// -// @public (undocumented) -export class Plugin implements Plugin_2 { - // Warning: (ae-forgotten-export) The symbol "ConfigSchema" needs to be exported by the entry point index.d.ts - constructor(initializerContext: PluginInitializerContext_2); - // (undocumented) - setup(core: CoreSetup, { bfetch, expressions, uiActions, usageCollection, inspector }: DataSetupDependencies): DataPublicPluginSetup; - // (undocumented) - start(core: CoreStart_2, { uiActions }: DataStartDependencies): DataPublicPluginStart; - // (undocumented) - stop(): void; - } - // Warning: (ae-forgotten-export) The symbol "PluginInitializerContext" needs to be exported by the entry point index.d.ts // Warning: (ae-missing-release-tag) "plugin" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export function plugin(initializerContext: PluginInitializerContext): Plugin; +export function plugin(initializerContext: PluginInitializerContext): DataPlugin; // Warning: (ae-missing-release-tag) "Query" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -2772,20 +2773,20 @@ export interface WaitUntilNextSessionCompletesOptions { // src/plugins/data/public/index.ts:238:27 - (ae-forgotten-export) The symbol "validateIndexPattern" needs to be exported by the entry point index.d.ts // src/plugins/data/public/index.ts:238:27 - (ae-forgotten-export) The symbol "flattenHitWrapper" needs to be exported by the entry point index.d.ts // src/plugins/data/public/index.ts:238:27 - (ae-forgotten-export) The symbol "formatHitProvider" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:407:20 - (ae-forgotten-export) The symbol "getResponseInspectorStats" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:407:20 - (ae-forgotten-export) The symbol "tabifyAggResponse" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:407:20 - (ae-forgotten-export) The symbol "tabifyGetColumns" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:409:1 - (ae-forgotten-export) The symbol "CidrMask" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:410:1 - (ae-forgotten-export) The symbol "dateHistogramInterval" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:419:1 - (ae-forgotten-export) The symbol "InvalidEsCalendarIntervalError" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:420:1 - (ae-forgotten-export) The symbol "InvalidEsIntervalFormatError" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:421:1 - (ae-forgotten-export) The symbol "IpAddress" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:422:1 - (ae-forgotten-export) The symbol "isDateHistogramBucketAggConfig" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:426:1 - (ae-forgotten-export) The symbol "isValidEsInterval" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:427:1 - (ae-forgotten-export) The symbol "isValidInterval" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:430:1 - (ae-forgotten-export) The symbol "parseInterval" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:431:1 - (ae-forgotten-export) The symbol "propFilter" needs to be exported by the entry point index.d.ts -// src/plugins/data/public/index.ts:434:1 - (ae-forgotten-export) The symbol "toAbsoluteDates" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:408:20 - (ae-forgotten-export) The symbol "getResponseInspectorStats" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:408:20 - (ae-forgotten-export) The symbol "tabifyAggResponse" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:408:20 - (ae-forgotten-export) The symbol "tabifyGetColumns" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:410:1 - (ae-forgotten-export) The symbol "CidrMask" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:411:1 - (ae-forgotten-export) The symbol "dateHistogramInterval" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:420:1 - (ae-forgotten-export) The symbol "InvalidEsCalendarIntervalError" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:421:1 - (ae-forgotten-export) The symbol "InvalidEsIntervalFormatError" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:422:1 - (ae-forgotten-export) The symbol "IpAddress" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:423:1 - (ae-forgotten-export) The symbol "isDateHistogramBucketAggConfig" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:427:1 - (ae-forgotten-export) The symbol "isValidEsInterval" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:428:1 - (ae-forgotten-export) The symbol "isValidInterval" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:431:1 - (ae-forgotten-export) The symbol "parseInterval" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:432:1 - (ae-forgotten-export) The symbol "propFilter" needs to be exported by the entry point index.d.ts +// src/plugins/data/public/index.ts:435:1 - (ae-forgotten-export) The symbol "toAbsoluteDates" needs to be exported by the entry point index.d.ts // src/plugins/data/public/query/state_sync/connect_to_query_state.ts:34:5 - (ae-forgotten-export) The symbol "FilterStateStore" needs to be exported by the entry point index.d.ts // src/plugins/data/public/search/session/session_service.ts:56:5 - (ae-forgotten-export) The symbol "UrlGeneratorStateMapping" needs to be exported by the entry point index.d.ts diff --git a/src/plugins/data/server/server.api.md b/src/plugins/data/server/server.api.md index 783bd8d2fcd0e1..c2b533bc42dc6f 100644 --- a/src/plugins/data/server/server.api.md +++ b/src/plugins/data/server/server.api.md @@ -38,6 +38,7 @@ import { ISearchOptions as ISearchOptions_2 } from 'src/plugins/data/public'; import { ISearchSource } from 'src/plugins/data/public'; import { IUiSettingsClient } from 'src/core/server'; import { IUiSettingsClient as IUiSettingsClient_3 } from 'kibana/server'; +import { JsonValue } from '@kbn/common-utils'; import { KibanaRequest } from 'src/core/server'; import { KibanaRequest as KibanaRequest_2 } from 'kibana/server'; import { Logger } from 'src/core/server'; @@ -460,7 +461,7 @@ export const esFilters: { export const esKuery: { nodeTypes: import("../common/es_query/kuery/node_types").NodeTypes; fromKueryExpression: (expression: any, parseOptions?: Partial) => import("../common").KueryNode; - toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record | undefined, context?: Record | undefined) => import("../../kibana_utils/common").JsonObject; + toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record | undefined, context?: Record | undefined) => import("@kbn/common-utils").JsonObject; }; // Warning: (ae-missing-release-tag) "esQuery" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) diff --git a/src/plugins/embeddable/public/lib/panel/embeddable_panel.tsx b/src/plugins/embeddable/public/lib/panel/embeddable_panel.tsx index 1214625fe530f2..8cf2de8c807439 100644 --- a/src/plugins/embeddable/public/lib/panel/embeddable_panel.tsx +++ b/src/plugins/embeddable/public/lib/panel/embeddable_panel.tsx @@ -14,6 +14,7 @@ import deepEqual from 'fast-deep-equal'; import { buildContextMenuForActions, UiActionsService, Action } from '../ui_actions'; import { CoreStart, OverlayStart } from '../../../../../core/public'; import { toMountPoint } from '../../../../kibana_react/public'; +import { UsageCollectionStart } from '../../../../usage_collection/public'; import { Start as InspectorStartContract } from '../inspector'; import { @@ -62,6 +63,7 @@ interface Props { SavedObjectFinder: React.ComponentType; stateTransfer?: EmbeddableStateTransfer; hideHeader?: boolean; + reportUiCounter?: UsageCollectionStart['reportUiCounter']; } interface State { @@ -312,7 +314,8 @@ export class EmbeddablePanel extends React.Component { this.props.getAllEmbeddableFactories, this.props.overlays, this.props.notifications, - this.props.SavedObjectFinder + this.props.SavedObjectFinder, + this.props.reportUiCounter ), inspectPanel: new InspectPanelAction(this.props.inspector), removePanel: new RemovePanelAction(), diff --git a/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/add_panel_action.ts b/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/add_panel_action.ts index 8b6f81a199c445..49be1c3ce01233 100644 --- a/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/add_panel_action.ts +++ b/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/add_panel_action.ts @@ -13,6 +13,7 @@ import { EmbeddableStart } from 'src/plugins/embeddable/public/plugin'; import { ViewMode } from '../../../../types'; import { openAddPanelFlyout } from './open_add_panel_flyout'; import { IContainer } from '../../../../containers'; +import { UsageCollectionStart } from '../../../../../../../usage_collection/public'; export const ACTION_ADD_PANEL = 'ACTION_ADD_PANEL'; @@ -29,7 +30,8 @@ export class AddPanelAction implements Action { private readonly getAllFactories: EmbeddableStart['getEmbeddableFactories'], private readonly overlays: OverlayStart, private readonly notifications: NotificationsStart, - private readonly SavedObjectFinder: React.ComponentType + private readonly SavedObjectFinder: React.ComponentType, + private readonly reportUiCounter?: UsageCollectionStart['reportUiCounter'] ) {} public getDisplayName() { @@ -60,6 +62,7 @@ export class AddPanelAction implements Action { overlays: this.overlays, notifications: this.notifications, SavedObjectFinder: this.SavedObjectFinder, + reportUiCounter: this.reportUiCounter, }); } } diff --git a/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/add_panel_flyout.tsx b/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/add_panel_flyout.tsx index 6d6a68d7e5e2aa..eb4f0b30c51102 100644 --- a/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/add_panel_flyout.tsx +++ b/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/add_panel_flyout.tsx @@ -9,15 +9,17 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; import React, { ReactElement } from 'react'; -import { CoreSetup } from 'src/core/public'; +import { METRIC_TYPE } from '@kbn/analytics'; +import { CoreSetup, SavedObjectAttributes, SimpleSavedObject } from 'src/core/public'; import { EuiContextMenuItem, EuiFlyoutBody, EuiFlyoutHeader, EuiTitle } from '@elastic/eui'; -import { EmbeddableStart } from 'src/plugins/embeddable/public'; +import { EmbeddableFactory, EmbeddableStart } from 'src/plugins/embeddable/public'; import { IContainer } from '../../../../containers'; import { EmbeddableFactoryNotFoundError } from '../../../../errors'; import { SavedObjectFinderCreateNew } from './saved_object_finder_create_new'; import { SavedObjectEmbeddableInput } from '../../../../embeddables'; +import { UsageCollectionStart } from '../../../../../../../usage_collection/public'; interface Props { onClose: () => void; @@ -27,6 +29,7 @@ interface Props { notifications: CoreSetup['notifications']; SavedObjectFinder: React.ComponentType; showCreateNewMenu?: boolean; + reportUiCounter?: UsageCollectionStart['reportUiCounter']; } interface State { @@ -84,7 +87,12 @@ export class AddPanelFlyout extends React.Component { } }; - public onAddPanel = async (savedObjectId: string, savedObjectType: string, name: string) => { + public onAddPanel = async ( + savedObjectId: string, + savedObjectType: string, + name: string, + so: SimpleSavedObject + ) => { const factoryForSavedObjectType = [...this.props.getAllFactories()].find( (factory) => factory.savedObjectMetaData && factory.savedObjectMetaData.type === savedObjectType @@ -98,9 +106,27 @@ export class AddPanelFlyout extends React.Component { { savedObjectId } ); + this.doTelemetryForAddEvent(this.props.container.type, factoryForSavedObjectType, so); + this.showToast(name); }; + private doTelemetryForAddEvent( + appName: string, + factoryForSavedObjectType: EmbeddableFactory, + so: SimpleSavedObject + ) { + const { reportUiCounter } = this.props; + + if (reportUiCounter) { + const type = factoryForSavedObjectType.savedObjectMetaData?.getSavedObjectSubType + ? factoryForSavedObjectType.savedObjectMetaData.getSavedObjectSubType(so) + : factoryForSavedObjectType.type; + + reportUiCounter(appName, METRIC_TYPE.CLICK, `${type}:add`); + } + } + private getCreateMenuItems(): ReactElement[] { return [...this.props.getAllFactories()] .filter( diff --git a/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/open_add_panel_flyout.tsx b/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/open_add_panel_flyout.tsx index f0c6e81644b3d0..fe54b3d134aa0b 100644 --- a/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/open_add_panel_flyout.tsx +++ b/src/plugins/embeddable/public/lib/panel/panel_header/panel_actions/add_panel/open_add_panel_flyout.tsx @@ -12,6 +12,7 @@ import { EmbeddableStart } from '../../../../../plugin'; import { toMountPoint } from '../../../../../../../kibana_react/public'; import { IContainer } from '../../../../containers'; import { AddPanelFlyout } from './add_panel_flyout'; +import { UsageCollectionStart } from '../../../../../../../usage_collection/public'; export function openAddPanelFlyout(options: { embeddable: IContainer; @@ -21,6 +22,7 @@ export function openAddPanelFlyout(options: { notifications: NotificationsStart; SavedObjectFinder: React.ComponentType; showCreateNewMenu?: boolean; + reportUiCounter?: UsageCollectionStart['reportUiCounter']; }): OverlayRef { const { embeddable, @@ -30,6 +32,7 @@ export function openAddPanelFlyout(options: { notifications, SavedObjectFinder, showCreateNewMenu, + reportUiCounter, } = options; const flyoutSession = overlays.openFlyout( toMountPoint( @@ -43,6 +46,7 @@ export function openAddPanelFlyout(options: { getFactory={getFactory} getAllFactories={getAllFactories} notifications={notifications} + reportUiCounter={reportUiCounter} SavedObjectFinder={SavedObjectFinder} showCreateNewMenu={showCreateNewMenu} /> diff --git a/src/plugins/embeddable/public/public.api.md b/src/plugins/embeddable/public/public.api.md index 2a577e6167be5f..af708f9a5e6592 100644 --- a/src/plugins/embeddable/public/public.api.md +++ b/src/plugins/embeddable/public/public.api.md @@ -63,6 +63,7 @@ import { TransportRequestPromise } from '@elastic/elasticsearch/lib/Transport'; import { Type } from '@kbn/config-schema'; import { TypeOf } from '@kbn/config-schema'; import { UiComponent } from 'src/plugins/kibana_utils/public'; +import { UiCounterMetricType } from '@kbn/analytics'; import { UnregisterCallback } from 'history'; import { URL } from 'url'; import { UserProvidedValues } from 'src/core/server/types'; @@ -95,7 +96,7 @@ export interface Adapters { // @public (undocumented) export class AddPanelAction implements Action_3 { // Warning: (ae-forgotten-export) The symbol "React" needs to be exported by the entry point index.d.ts - constructor(getFactory: EmbeddableStart_2['getEmbeddableFactory'], getAllFactories: EmbeddableStart_2['getEmbeddableFactories'], overlays: OverlayStart_2, notifications: NotificationsStart_2, SavedObjectFinder: React_2.ComponentType); + constructor(getFactory: EmbeddableStart_2['getEmbeddableFactory'], getAllFactories: EmbeddableStart_2['getEmbeddableFactories'], overlays: OverlayStart_2, notifications: NotificationsStart_2, SavedObjectFinder: React_2.ComponentType, reportUiCounter?: ((appName: string, type: import("@kbn/analytics").UiCounterMetricType, eventNames: string | string[], count?: number | undefined) => void) | undefined); // (undocumented) execute(context: ActionExecutionContext_2): Promise; // (undocumented) @@ -729,6 +730,7 @@ export function openAddPanelFlyout(options: { notifications: NotificationsStart_2; SavedObjectFinder: React.ComponentType; showCreateNewMenu?: boolean; + reportUiCounter?: UsageCollectionStart['reportUiCounter']; }): OverlayRef_2; // Warning: (ae-missing-release-tag) "OutputSpec" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) @@ -890,6 +892,7 @@ export const withEmbeddableSubscription: = { + name: 'mathColumn', + type: 'datatable', + inputTypes: ['datatable'], + help: i18n.translate('expressions.functions.mathColumnHelpText', { + defaultMessage: + 'Adds a column calculated as the result of other columns. ' + + 'Changes are made only when you provide arguments.' + + 'See also {alterColumnFn} and {staticColumnFn}.', + values: { + alterColumnFn: '`alterColumn`', + staticColumnFn: '`staticColumn`', + }, + }), + args: { + ...math.args, + id: { + types: ['string'], + help: i18n.translate('expressions.functions.mathColumn.args.idHelpText', { + defaultMessage: 'id of the resulting column. Must be unique.', + }), + required: true, + }, + name: { + types: ['string'], + aliases: ['_', 'column'], + help: i18n.translate('expressions.functions.mathColumn.args.nameHelpText', { + defaultMessage: 'The name of the resulting column. Names are not required to be unique.', + }), + required: true, + }, + copyMetaFrom: { + types: ['string', 'null'], + help: i18n.translate('expressions.functions.mathColumn.args.copyMetaFromHelpText', { + defaultMessage: + "If set, the meta object from the specified column id is copied over to the specified target column. If the column doesn't exist it silently fails.", + }), + required: false, + default: null, + }, + }, + fn: (input, args, context) => { + const columns = [...input.columns]; + const existingColumnIndex = columns.findIndex(({ id }) => { + return id === args.id; + }); + if (existingColumnIndex > -1) { + throw new Error('ID must be unique'); + } + + const newRows = input.rows.map((row) => { + return { + ...row, + [args.id]: math.fn( + { + type: 'datatable', + columns: input.columns, + rows: [row], + }, + { + expression: args.expression, + onError: args.onError, + }, + context + ), + }; + }); + const type = newRows.length ? getType(newRows[0][args.id]) : 'null'; + const newColumn: DatatableColumn = { + id: args.id, + name: args.name ?? args.id, + meta: { type, params: { id: type } }, + }; + if (args.copyMetaFrom) { + const metaSourceFrom = columns.find(({ id }) => id === args.copyMetaFrom); + newColumn.meta = { ...newColumn.meta, ...(metaSourceFrom?.meta || {}) }; + } + + columns.push(newColumn); + + return { + type: 'datatable', + columns, + rows: newRows, + } as Datatable; + }, +}; diff --git a/src/plugins/expressions/common/expression_functions/specs/overall_metric.ts b/src/plugins/expressions/common/expression_functions/specs/overall_metric.ts new file mode 100644 index 00000000000000..e42112d3a23ed9 --- /dev/null +++ b/src/plugins/expressions/common/expression_functions/specs/overall_metric.ts @@ -0,0 +1,168 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { i18n } from '@kbn/i18n'; +import { ExpressionFunctionDefinition } from '../types'; +import { Datatable } from '../../expression_types'; +import { buildResultColumns, getBucketIdentifier } from '../series_calculation_helpers'; + +export interface OverallMetricArgs { + by?: string[]; + inputColumnId: string; + outputColumnId: string; + outputColumnName?: string; + metric: 'sum' | 'min' | 'max' | 'average'; +} + +export type ExpressionFunctionOverallMetric = ExpressionFunctionDefinition< + 'overall_metric', + Datatable, + OverallMetricArgs, + Datatable +>; + +function getValueAsNumberArray(value: unknown) { + if (Array.isArray(value)) { + return value.map((innerVal) => Number(innerVal)); + } else { + return [Number(value)]; + } +} + +/** + * Calculates the overall metric of a specified column in the data table. + * + * Also supports multiple series in a single data table - use the `by` argument + * to specify the columns to split the calculation by. + * For each unique combination of all `by` columns a separate overall metric will be calculated. + * The order of rows won't be changed - this function is not modifying any existing columns, it's only + * adding the specified `outputColumnId` column to every row of the table without adding or removing rows. + * + * Behavior: + * * Will write the overall metric of `inputColumnId` into `outputColumnId` + * * If provided will use `outputColumnName` as name for the newly created column. Otherwise falls back to `outputColumnId` + * * Each cell will contain the calculated metric based on the values of all cells belonging to the current series. + * + * Edge cases: + * * Will return the input table if `inputColumnId` does not exist + * * Will throw an error if `outputColumnId` exists already in provided data table + * * If the row value contains `null` or `undefined`, it will be ignored and overwritten with the overall metric of + * all cells of the same series. + * * For all values besides `null` and `undefined`, the value will be cast to a number before it's added to the + * overall metric of the current series - if this results in `NaN` (like in case of objects), all cells of the + * current series will be set to `NaN`. + * * To determine separate series defined by the `by` columns, the values of these columns will be cast to strings + * before comparison. If the values are objects, the return value of their `toString` method will be used for comparison. + * Missing values (`null` and `undefined`) will be treated as empty strings. + */ +export const overallMetric: ExpressionFunctionOverallMetric = { + name: 'overall_metric', + type: 'datatable', + + inputTypes: ['datatable'], + + help: i18n.translate('expressions.functions.overallMetric.help', { + defaultMessage: 'Calculates the overall sum, min, max or average of a column in a data table', + }), + + args: { + by: { + help: i18n.translate('expressions.functions.overallMetric.args.byHelpText', { + defaultMessage: 'Column to split the overall calculation by', + }), + multi: true, + types: ['string'], + required: false, + }, + metric: { + help: i18n.translate('expressions.functions.overallMetric.metricHelpText', { + defaultMessage: 'Metric to calculate', + }), + types: ['string'], + options: ['sum', 'min', 'max', 'average'], + }, + inputColumnId: { + help: i18n.translate('expressions.functions.overallMetric.args.inputColumnIdHelpText', { + defaultMessage: 'Column to calculate the overall metric of', + }), + types: ['string'], + required: true, + }, + outputColumnId: { + help: i18n.translate('expressions.functions.overallMetric.args.outputColumnIdHelpText', { + defaultMessage: 'Column to store the resulting overall metric in', + }), + types: ['string'], + required: true, + }, + outputColumnName: { + help: i18n.translate('expressions.functions.overallMetric.args.outputColumnNameHelpText', { + defaultMessage: 'Name of the column to store the resulting overall metric in', + }), + types: ['string'], + required: false, + }, + }, + + fn(input, { by, inputColumnId, outputColumnId, outputColumnName, metric }) { + const resultColumns = buildResultColumns( + input, + outputColumnId, + inputColumnId, + outputColumnName + ); + + if (!resultColumns) { + return input; + } + + const accumulators: Partial> = {}; + const valueCounter: Partial> = {}; + input.rows.forEach((row) => { + const bucketIdentifier = getBucketIdentifier(row, by); + const accumulatorValue = accumulators[bucketIdentifier] ?? 0; + + const currentValue = row[inputColumnId]; + if (currentValue != null) { + const currentNumberValues = getValueAsNumberArray(currentValue); + switch (metric) { + case 'average': + valueCounter[bucketIdentifier] = + (valueCounter[bucketIdentifier] ?? 0) + currentNumberValues.length; + case 'sum': + accumulators[bucketIdentifier] = + accumulatorValue + currentNumberValues.reduce((a, b) => a + b, 0); + break; + case 'min': + accumulators[bucketIdentifier] = Math.min(accumulatorValue, ...currentNumberValues); + break; + case 'max': + accumulators[bucketIdentifier] = Math.max(accumulatorValue, ...currentNumberValues); + break; + } + } + }); + if (metric === 'average') { + Object.keys(accumulators).forEach((bucketIdentifier) => { + accumulators[bucketIdentifier] = + accumulators[bucketIdentifier]! / valueCounter[bucketIdentifier]!; + }); + } + return { + ...input, + columns: resultColumns, + rows: input.rows.map((row) => { + const newRow = { ...row }; + const bucketIdentifier = getBucketIdentifier(row, by); + newRow[outputColumnId] = accumulators[bucketIdentifier]; + + return newRow; + }), + }; + }, +}; diff --git a/src/plugins/expressions/common/expression_functions/specs/tests/math_column.test.ts b/src/plugins/expressions/common/expression_functions/specs/tests/math_column.test.ts new file mode 100644 index 00000000000000..bc6699a2b689bf --- /dev/null +++ b/src/plugins/expressions/common/expression_functions/specs/tests/math_column.test.ts @@ -0,0 +1,74 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { mathColumn } from '../math_column'; +import { functionWrapper, testTable } from './utils'; + +describe('mathColumn', () => { + const fn = functionWrapper(mathColumn); + + it('throws if the id is used', () => { + expect(() => fn(testTable, { id: 'price', name: 'price', expression: 'price * 2' })).toThrow( + `ID must be unique` + ); + }); + + it('applies math to each row by id', () => { + const result = fn(testTable, { id: 'output', name: 'output', expression: 'quantity * price' }); + expect(result.columns).toEqual([ + ...testTable.columns, + { id: 'output', name: 'output', meta: { params: { id: 'number' }, type: 'number' } }, + ]); + expect(result.rows[0]).toEqual({ + in_stock: true, + name: 'product1', + output: 60500, + price: 605, + quantity: 100, + time: 1517842800950, + }); + }); + + it('handles onError', () => { + const args = { + id: 'output', + name: 'output', + expression: 'quantity / 0', + }; + expect(() => fn(testTable, args)).toThrowError(`Cannot divide by 0`); + expect(() => fn(testTable, { ...args, onError: 'throw' })).toThrow(); + expect(fn(testTable, { ...args, onError: 'zero' }).rows[0].output).toEqual(0); + expect(fn(testTable, { ...args, onError: 'false' }).rows[0].output).toEqual(false); + expect(fn(testTable, { ...args, onError: 'null' }).rows[0].output).toEqual(null); + }); + + it('should copy over the meta information from the specified column', async () => { + const result = await fn( + { + ...testTable, + columns: [ + ...testTable.columns, + { + id: 'myId', + name: 'myName', + meta: { type: 'date', params: { id: 'number', params: { digits: 2 } } }, + }, + ], + rows: testTable.rows.map((row) => ({ ...row, myId: Date.now() })), + }, + { id: 'output', name: 'name', copyMetaFrom: 'myId', expression: 'price + 2' } + ); + + expect(result.type).toBe('datatable'); + expect(result.columns[result.columns.length - 1]).toEqual({ + id: 'output', + name: 'name', + meta: { type: 'date', params: { id: 'number', params: { digits: 2 } } }, + }); + }); +}); diff --git a/src/plugins/expressions/common/expression_functions/specs/tests/overall_metric.test.ts b/src/plugins/expressions/common/expression_functions/specs/tests/overall_metric.test.ts new file mode 100644 index 00000000000000..30354c4e54dc76 --- /dev/null +++ b/src/plugins/expressions/common/expression_functions/specs/tests/overall_metric.test.ts @@ -0,0 +1,450 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { functionWrapper } from './utils'; +import { ExecutionContext } from '../../../execution/types'; +import { Datatable } from '../../../expression_types/specs/datatable'; +import { overallMetric, OverallMetricArgs } from '../overall_metric'; + +describe('interpreter/functions#overall_metric', () => { + const fn = functionWrapper(overallMetric); + const runFn = (input: Datatable, args: OverallMetricArgs) => + fn(input, args, {} as ExecutionContext) as Datatable; + + it('calculates overall sum', () => { + const result = runFn( + { + type: 'datatable', + columns: [{ id: 'val', name: 'val', meta: { type: 'number' } }], + rows: [{ val: 5 }, { val: 7 }, { val: 3 }, { val: 2 }], + }, + { inputColumnId: 'val', outputColumnId: 'output', metric: 'sum' } + ); + expect(result.columns).toContainEqual({ + id: 'output', + name: 'output', + meta: { type: 'number' }, + }); + expect(result.rows.map((row) => row.output)).toEqual([17, 17, 17, 17]); + }); + + it('ignores null or undefined', () => { + const result = runFn( + { + type: 'datatable', + columns: [{ id: 'val', name: 'val', meta: { type: 'number' } }], + rows: [{}, { val: null }, { val: undefined }, { val: 1 }, { val: 5 }], + }, + { inputColumnId: 'val', outputColumnId: 'output', metric: 'average' } + ); + expect(result.columns).toContainEqual({ + id: 'output', + name: 'output', + meta: { type: 'number' }, + }); + expect(result.rows.map((row) => row.output)).toEqual([3, 3, 3, 3, 3]); + }); + + it('calculates overall sum for multiple series', () => { + const result = runFn( + { + type: 'datatable', + columns: [ + { id: 'val', name: 'val', meta: { type: 'number' } }, + { id: 'split', name: 'split', meta: { type: 'string' } }, + ], + rows: [ + { val: 1, split: 'A' }, + { val: 2, split: 'B' }, + { val: 3, split: 'B' }, + { val: 4, split: 'A' }, + { val: 5, split: 'A' }, + { val: 6, split: 'A' }, + { val: 7, split: 'B' }, + { val: 8, split: 'B' }, + ], + }, + { inputColumnId: 'val', outputColumnId: 'output', by: ['split'], metric: 'sum' } + ); + + expect(result.rows.map((row) => row.output)).toEqual([ + 1 + 4 + 5 + 6, + 2 + 3 + 7 + 8, + 2 + 3 + 7 + 8, + 1 + 4 + 5 + 6, + 1 + 4 + 5 + 6, + 1 + 4 + 5 + 6, + 2 + 3 + 7 + 8, + 2 + 3 + 7 + 8, + ]); + }); + + it('treats missing split column as separate series', () => { + const result = runFn( + { + type: 'datatable', + columns: [ + { id: 'val', name: 'val', meta: { type: 'number' } }, + { id: 'split', name: 'split', meta: { type: 'string' } }, + ], + rows: [ + { val: 1, split: 'A' }, + { val: 2, split: 'B' }, + { val: 3 }, + { val: 4, split: 'A' }, + { val: 5 }, + { val: 6, split: 'A' }, + { val: 7, split: 'B' }, + { val: 8, split: 'B' }, + ], + }, + { inputColumnId: 'val', outputColumnId: 'output', by: ['split'], metric: 'sum' } + ); + expect(result.rows.map((row) => row.output)).toEqual([ + 1 + 4 + 6, + 2 + 7 + 8, + 3 + 5, + 1 + 4 + 6, + 3 + 5, + 1 + 4 + 6, + 2 + 7 + 8, + 2 + 7 + 8, + ]); + }); + + it('treats null like undefined and empty string for split columns', () => { + const table: Datatable = { + type: 'datatable', + columns: [ + { id: 'val', name: 'val', meta: { type: 'number' } }, + { id: 'split', name: 'split', meta: { type: 'string' } }, + ], + rows: [ + { val: 1, split: 'A' }, + { val: 2, split: 'B' }, + { val: 3 }, + { val: 4, split: 'A' }, + { val: 5 }, + { val: 6, split: 'A' }, + { val: 7, split: null }, + { val: 8, split: 'B' }, + { val: 9, split: '' }, + ], + }; + + const result = runFn(table, { + inputColumnId: 'val', + outputColumnId: 'output', + by: ['split'], + metric: 'sum', + }); + expect(result.rows.map((row) => row.output)).toEqual([ + 1 + 4 + 6, + 2 + 8, + 3 + 5 + 7 + 9, + 1 + 4 + 6, + 3 + 5 + 7 + 9, + 1 + 4 + 6, + 3 + 5 + 7 + 9, + 2 + 8, + 3 + 5 + 7 + 9, + ]); + + const result2 = runFn(table, { + inputColumnId: 'val', + outputColumnId: 'output', + by: ['split'], + metric: 'max', + }); + expect(result2.rows.map((row) => row.output)).toEqual([6, 8, 9, 6, 9, 6, 9, 8, 9]); + }); + + it('handles array values', () => { + const result = runFn( + { + type: 'datatable', + columns: [{ id: 'val', name: 'val', meta: { type: 'number' } }], + rows: [{ val: 5 }, { val: [7, 10] }, { val: [3, 1] }, { val: 2 }], + }, + { inputColumnId: 'val', outputColumnId: 'output', metric: 'sum' } + ); + expect(result.columns).toContainEqual({ + id: 'output', + name: 'output', + meta: { type: 'number' }, + }); + expect(result.rows.map((row) => row.output)).toEqual([28, 28, 28, 28]); + }); + + it('takes array values into account for average calculation', () => { + const result = runFn( + { + type: 'datatable', + columns: [{ id: 'val', name: 'val', meta: { type: 'number' } }], + rows: [{ val: [3, 4] }, { val: 2 }], + }, + { inputColumnId: 'val', outputColumnId: 'output', metric: 'average' } + ); + expect(result.columns).toContainEqual({ + id: 'output', + name: 'output', + meta: { type: 'number' }, + }); + expect(result.rows.map((row) => row.output)).toEqual([3, 3]); + }); + + it('handles array values for split columns', () => { + const table: Datatable = { + type: 'datatable', + columns: [ + { id: 'val', name: 'val', meta: { type: 'number' } }, + { id: 'split', name: 'split', meta: { type: 'string' } }, + ], + rows: [ + { val: 1, split: 'A' }, + { val: [2, 11], split: 'B' }, + { val: 3 }, + { val: 4, split: 'A' }, + { val: 5 }, + { val: 6, split: 'A' }, + { val: 7, split: null }, + { val: 8, split: 'B' }, + { val: [9, 99], split: '' }, + ], + }; + + const result = runFn(table, { + inputColumnId: 'val', + outputColumnId: 'output', + by: ['split'], + metric: 'sum', + }); + expect(result.rows.map((row) => row.output)).toEqual([ + 1 + 4 + 6, + 2 + 11 + 8, + 3 + 5 + 7 + 9 + 99, + 1 + 4 + 6, + 3 + 5 + 7 + 9 + 99, + 1 + 4 + 6, + 3 + 5 + 7 + 9 + 99, + 2 + 11 + 8, + 3 + 5 + 7 + 9 + 99, + ]); + + const result2 = runFn(table, { + inputColumnId: 'val', + outputColumnId: 'output', + by: ['split'], + metric: 'max', + }); + expect(result2.rows.map((row) => row.output)).toEqual([6, 11, 99, 6, 99, 6, 99, 11, 99]); + }); + + it('calculates cumulative sum for multiple series by multiple split columns', () => { + const result = runFn( + { + type: 'datatable', + columns: [ + { id: 'val', name: 'val', meta: { type: 'number' } }, + { id: 'split', name: 'split', meta: { type: 'string' } }, + { id: 'split2', name: 'split2', meta: { type: 'string' } }, + ], + rows: [ + { val: 1, split: 'A', split2: 'C' }, + { val: 2, split: 'B', split2: 'C' }, + { val: 3, split2: 'C' }, + { val: 4, split: 'A', split2: 'C' }, + { val: 5 }, + { val: 6, split: 'A', split2: 'D' }, + { val: 7, split: 'B', split2: 'D' }, + { val: 8, split: 'B', split2: 'D' }, + ], + }, + { inputColumnId: 'val', outputColumnId: 'output', by: ['split', 'split2'], metric: 'sum' } + ); + expect(result.rows.map((row) => row.output)).toEqual([1 + 4, 2, 3, 1 + 4, 5, 6, 7 + 8, 7 + 8]); + }); + + it('splits separate series by the string representation of the cell values', () => { + const result = runFn( + { + type: 'datatable', + columns: [ + { id: 'val', name: 'val', meta: { type: 'number' } }, + { id: 'split', name: 'split', meta: { type: 'string' } }, + ], + rows: [ + { val: 1, split: { anObj: 3 } }, + { val: 2, split: { anotherObj: 5 } }, + { val: 10, split: 5 }, + { val: 11, split: '5' }, + ], + }, + { inputColumnId: 'val', outputColumnId: 'output', by: ['split'], metric: 'sum' } + ); + + expect(result.rows.map((row) => row.output)).toEqual([1 + 2, 1 + 2, 10 + 11, 10 + 11]); + }); + + it('casts values to number before calculating cumulative sum', () => { + const result = runFn( + { + type: 'datatable', + columns: [{ id: 'val', name: 'val', meta: { type: 'number' } }], + rows: [{ val: 5 }, { val: '7' }, { val: '3' }, { val: 2 }], + }, + { inputColumnId: 'val', outputColumnId: 'output', metric: 'max' } + ); + expect(result.rows.map((row) => row.output)).toEqual([7, 7, 7, 7]); + }); + + it('casts values to number before calculating metric for NaN like values', () => { + const result = runFn( + { + type: 'datatable', + columns: [{ id: 'val', name: 'val', meta: { type: 'number' } }], + rows: [{ val: 5 }, { val: '7' }, { val: {} }, { val: 2 }], + }, + { inputColumnId: 'val', outputColumnId: 'output', metric: 'min' } + ); + expect(result.rows.map((row) => row.output)).toEqual([NaN, NaN, NaN, NaN]); + }); + + it('skips undefined and null values', () => { + const result = runFn( + { + type: 'datatable', + columns: [{ id: 'val', name: 'val', meta: { type: 'number' } }], + rows: [ + { val: null }, + { val: 7 }, + { val: undefined }, + { val: undefined }, + { val: undefined }, + { val: undefined }, + { val: '3' }, + { val: 2 }, + { val: null }, + ], + }, + { inputColumnId: 'val', outputColumnId: 'output', metric: 'average' } + ); + expect(result.rows.map((row) => row.output)).toEqual([4, 4, 4, 4, 4, 4, 4, 4, 4]); + }); + + it('copies over meta information from the source column', () => { + const result = runFn( + { + type: 'datatable', + columns: [ + { + id: 'val', + name: 'val', + meta: { + type: 'number', + + field: 'afield', + index: 'anindex', + params: { id: 'number', params: { pattern: '000' } }, + source: 'synthetic', + sourceParams: { + some: 'params', + }, + }, + }, + ], + rows: [{ val: 5 }], + }, + { inputColumnId: 'val', outputColumnId: 'output', metric: 'sum' } + ); + expect(result.columns).toContainEqual({ + id: 'output', + name: 'output', + meta: { + type: 'number', + + field: 'afield', + index: 'anindex', + params: { id: 'number', params: { pattern: '000' } }, + source: 'synthetic', + sourceParams: { + some: 'params', + }, + }, + }); + }); + + it('sets output name on output column if specified', () => { + const result = runFn( + { + type: 'datatable', + columns: [ + { + id: 'val', + name: 'val', + meta: { + type: 'number', + }, + }, + ], + rows: [{ val: 5 }], + }, + { + inputColumnId: 'val', + outputColumnId: 'output', + outputColumnName: 'Output name', + metric: 'min', + } + ); + expect(result.columns).toContainEqual({ + id: 'output', + name: 'Output name', + meta: { type: 'number' }, + }); + }); + + it('returns source table if input column does not exist', () => { + const input: Datatable = { + type: 'datatable', + columns: [ + { + id: 'val', + name: 'val', + meta: { + type: 'number', + }, + }, + ], + rows: [{ val: 5 }], + }; + expect( + runFn(input, { inputColumnId: 'nonexisting', outputColumnId: 'output', metric: 'sum' }) + ).toBe(input); + }); + + it('throws an error if output column exists already', () => { + expect(() => + runFn( + { + type: 'datatable', + columns: [ + { + id: 'val', + name: 'val', + meta: { + type: 'number', + }, + }, + ], + rows: [{ val: 5 }], + }, + { inputColumnId: 'val', outputColumnId: 'val', metric: 'max' } + ) + ).toThrow(); + }); +}); diff --git a/src/plugins/expressions/common/expression_functions/types.ts b/src/plugins/expressions/common/expression_functions/types.ts index e1378a27bdfc29..0ec61b39608a05 100644 --- a/src/plugins/expressions/common/expression_functions/types.ts +++ b/src/plugins/expressions/common/expression_functions/types.ts @@ -18,6 +18,7 @@ import { ExpressionFunctionCumulativeSum, ExpressionFunctionDerivative, ExpressionFunctionMovingAverage, + ExpressionFunctionOverallMetric, } from './specs'; import { ExpressionAstFunction } from '../ast'; import { PersistableStateDefinition } from '../../../kibana_utils/common'; @@ -119,6 +120,7 @@ export interface ExpressionFunctionDefinitions { var: ExpressionFunctionVar; theme: ExpressionFunctionTheme; cumulative_sum: ExpressionFunctionCumulativeSum; + overall_metric: ExpressionFunctionOverallMetric; derivative: ExpressionFunctionDerivative; moving_average: ExpressionFunctionMovingAverage; } diff --git a/src/plugins/expressions/common/service/expressions_services.ts b/src/plugins/expressions/common/service/expressions_services.ts index a8839c9b0d71e1..b3c01672626614 100644 --- a/src/plugins/expressions/common/service/expressions_services.ts +++ b/src/plugins/expressions/common/service/expressions_services.ts @@ -29,7 +29,9 @@ import { derivative, movingAverage, mapColumn, + overallMetric, math, + mathColumn, } from '../expression_functions'; /** @@ -340,8 +342,10 @@ export class ExpressionsService implements PersistableStateService {}; +const createSetupContract = (): IndexPatternManagementSetup => ({ + creation: { + addCreationConfig: jest.fn(), + } as any, + list: { + addListConfig: jest.fn(), + } as any, +}); const createStartContract = (): IndexPatternManagementStart => ({ creation: { diff --git a/src/plugins/index_pattern_management/public/plugin.ts b/src/plugins/index_pattern_management/public/plugin.ts index 610b3541620b00..e3c156927bface 100644 --- a/src/plugins/index_pattern_management/public/plugin.ts +++ b/src/plugins/index_pattern_management/public/plugin.ts @@ -81,10 +81,7 @@ export class IndexPatternManagementPlugin }, }); - return this.indexPatternManagementService.setup({ - httpClient: core.http, - uiSettings: core.uiSettings, - }); + return this.indexPatternManagementService.setup({ httpClient: core.http }); } public start(core: CoreStart, plugins: IndexPatternManagementStartDependencies) { diff --git a/src/plugins/index_pattern_management/public/service/creation/index.ts b/src/plugins/index_pattern_management/public/service/creation/index.ts index e1f464b01e5505..51610bc83e371b 100644 --- a/src/plugins/index_pattern_management/public/service/creation/index.ts +++ b/src/plugins/index_pattern_management/public/service/creation/index.ts @@ -8,5 +8,3 @@ export { IndexPatternCreationConfig, IndexPatternCreationOption } from './config'; export { IndexPatternCreationManager } from './manager'; -// @ts-ignore -export { RollupIndexPatternCreationConfig } from './rollup_creation_config'; diff --git a/src/plugins/index_pattern_management/public/service/index_pattern_management_service.ts b/src/plugins/index_pattern_management/public/service/index_pattern_management_service.ts index 19346dbf31d185..f30ccfcb9f3ed7 100644 --- a/src/plugins/index_pattern_management/public/service/index_pattern_management_service.ts +++ b/src/plugins/index_pattern_management/public/service/index_pattern_management_service.ts @@ -6,22 +6,11 @@ * Side Public License, v 1. */ -import { HttpSetup, CoreSetup } from '../../../../core/public'; -import { - IndexPatternCreationManager, - IndexPatternCreationConfig, - RollupIndexPatternCreationConfig, -} from './creation'; -import { - IndexPatternListManager, - IndexPatternListConfig, - RollupIndexPatternListConfig, -} from './list'; - -import { CONFIG_ROLLUPS } from '../constants'; +import { HttpSetup } from '../../../../core/public'; +import { IndexPatternCreationManager, IndexPatternCreationConfig } from './creation'; +import { IndexPatternListManager, IndexPatternListConfig } from './list'; interface SetupDependencies { httpClient: HttpSetup; - uiSettings: CoreSetup['uiSettings']; } /** @@ -38,17 +27,17 @@ export class IndexPatternManagementService { this.indexPatternListConfig = new IndexPatternListManager(); } - public setup({ httpClient, uiSettings }: SetupDependencies) { + public setup({ httpClient }: SetupDependencies) { const creationManagerSetup = this.indexPatternCreationManager.setup(httpClient); creationManagerSetup.addCreationConfig(IndexPatternCreationConfig); const indexPatternListConfigSetup = this.indexPatternListConfig.setup(); indexPatternListConfigSetup.addListConfig(IndexPatternListConfig); - if (uiSettings.get(CONFIG_ROLLUPS)) { - creationManagerSetup.addCreationConfig(RollupIndexPatternCreationConfig); - indexPatternListConfigSetup.addListConfig(RollupIndexPatternListConfig); - } + return { + creation: creationManagerSetup, + list: indexPatternListConfigSetup, + }; } public start() { diff --git a/src/plugins/index_pattern_management/public/service/list/index.ts b/src/plugins/index_pattern_management/public/service/list/index.ts index 738b807ac76246..620d4c7600733b 100644 --- a/src/plugins/index_pattern_management/public/service/list/index.ts +++ b/src/plugins/index_pattern_management/public/service/list/index.ts @@ -8,5 +8,3 @@ export { IndexPatternListConfig } from './config'; export { IndexPatternListManager } from './manager'; -// @ts-ignore -export { RollupIndexPatternListConfig } from './rollup_list_config'; diff --git a/src/plugins/kibana_utils/common/index.ts b/src/plugins/kibana_utils/common/index.ts index 76a7cb2855c6e0..773c0b96d64136 100644 --- a/src/plugins/kibana_utils/common/index.ts +++ b/src/plugins/kibana_utils/common/index.ts @@ -11,7 +11,6 @@ export * from './field_wildcard'; export * from './of'; export * from './ui'; export * from './state_containers'; -export * from './typed_json'; export * from './errors'; export { AbortError, abortSignalToPromise } from './abort_utils'; export { createGetterSetter, Get, Set } from './create_getter_setter'; diff --git a/src/plugins/kibana_utils/public/index.ts b/src/plugins/kibana_utils/public/index.ts index 75c52e1301ea57..3d9b5db0629558 100644 --- a/src/plugins/kibana_utils/public/index.ts +++ b/src/plugins/kibana_utils/public/index.ts @@ -15,9 +15,6 @@ export { fieldWildcardFilter, fieldWildcardMatcher, Get, - JsonArray, - JsonObject, - JsonValue, of, Set, UiComponent, diff --git a/src/plugins/presentation_util/public/mocks.ts b/src/plugins/presentation_util/public/mocks.ts new file mode 100644 index 00000000000000..91c461646c280c --- /dev/null +++ b/src/plugins/presentation_util/public/mocks.ts @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { CoreStart } from 'kibana/public'; +import { PresentationUtilPluginStart } from './types'; +import { pluginServices } from './services'; +import { registry } from './services/kibana'; + +const createStartContract = (coreStart: CoreStart): PresentationUtilPluginStart => { + pluginServices.setRegistry(registry.start({ coreStart, startPlugins: {} as any })); + + const startContract: PresentationUtilPluginStart = { + ContextProvider: pluginServices.getContextProvider(), + labsService: pluginServices.getServices().labs, + }; + return startContract; +}; + +export const presentationUtilPluginMock = { + createStartContract, +}; diff --git a/src/plugins/saved_objects/public/finder/saved_object_finder.tsx b/src/plugins/saved_objects/public/finder/saved_object_finder.tsx index 8d5e89664212ca..da65b5b9fdda8c 100644 --- a/src/plugins/saved_objects/public/finder/saved_object_finder.tsx +++ b/src/plugins/saved_objects/public/finder/saved_object_finder.tsx @@ -46,6 +46,7 @@ export interface SavedObjectMetaData { getIconForSavedObject(savedObject: SimpleSavedObject): IconType; getTooltipForSavedObject?(savedObject: SimpleSavedObject): string; showSavedObject?(savedObject: SimpleSavedObject): boolean; + getSavedObjectSubType?(savedObject: SimpleSavedObject): string; includeFields?: string[]; } diff --git a/src/plugins/visualizations/public/embeddable/visualize_embeddable_factory.tsx b/src/plugins/visualizations/public/embeddable/visualize_embeddable_factory.tsx index 3ccdfb7e47d70b..872132416352f5 100644 --- a/src/plugins/visualizations/public/embeddable/visualize_embeddable_factory.tsx +++ b/src/plugins/visualizations/public/embeddable/visualize_embeddable_factory.tsx @@ -104,6 +104,9 @@ export class VisualizeEmbeddableFactory } return visType.stage !== 'experimental'; }, + getSavedObjectSubType: (savedObject) => { + return JSON.parse(savedObject.attributes.visState).type; + }, }; constructor(private readonly deps: VisualizeEmbeddableFactoryDeps) {} diff --git a/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts b/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts index 2be9358e28d1ac..a8b00b15a1ede1 100644 --- a/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts +++ b/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts @@ -7,6 +7,7 @@ */ import { SavedObject } from '../../../../core/types/saved_objects'; +import { BaseVisType } from './base_vis_type'; export type VisualizationStage = 'experimental' | 'beta' | 'production'; @@ -23,6 +24,7 @@ export interface VisualizationListItem { getSupportedTriggers?: () => string[]; typeTitle: string; image?: string; + type?: BaseVisType | string; } export interface VisualizationsAppExtension { diff --git a/src/plugins/visualizations/public/wizard/new_vis_modal.tsx b/src/plugins/visualizations/public/wizard/new_vis_modal.tsx index 317f9d1bb363db..2620ae01aa15a7 100644 --- a/src/plugins/visualizations/public/wizard/new_vis_modal.tsx +++ b/src/plugins/visualizations/public/wizard/new_vis_modal.tsx @@ -153,7 +153,7 @@ class NewVisModal extends React.Component { + const usageCollection = getUsageCollector(); + + if (usageCollection && visType) { + usageCollection.reportUiCounter(APP_NAME, METRIC_TYPE.CLICK, `${visType}:add`); + } +}; const getBadge = (item: VisualizationListItem) => { if (item.stage === 'beta') { @@ -82,12 +93,16 @@ export const getTableColumns = ( defaultMessage: 'Title', }), sortable: true, - render: (field: string, { editApp, editUrl, title, error }: VisualizationListItem) => + render: (field: string, { editApp, editUrl, title, error, type }: VisualizationListItem) => // In case an error occurs i.e. the vis has wrong type, we render the vis but without the link !error ? ( + {/* eslint-disable-next-line @elastic/eui/href-or-on-click */} { + doTelemetryForAddEvent(typeof type === 'string' ? type : type?.name); + }} data-test-subj={`visListingTitleLink-${title.split(' ').join('-')}`} > {field} diff --git a/src/plugins/visualize/public/application/utils/get_top_nav_config.tsx b/src/plugins/visualize/public/application/utils/get_top_nav_config.tsx index b7c7d63cef98fc..da01f9d44879bb 100644 --- a/src/plugins/visualize/public/application/utils/get_top_nav_config.tsx +++ b/src/plugins/visualize/public/application/utils/get_top_nav_config.tsx @@ -8,6 +8,7 @@ import React from 'react'; import { i18n } from '@kbn/i18n'; +import { METRIC_TYPE } from '@kbn/analytics'; import { Capabilities } from 'src/core/public'; import { TopNavMenuData } from 'src/plugins/navigation/public'; @@ -29,7 +30,7 @@ import { VisualizeAppStateContainer, VisualizeEditorVisInstance, } from '../types'; -import { VisualizeConstants } from '../visualize_constants'; +import { APP_NAME, VisualizeConstants } from '../visualize_constants'; import { getEditBreadcrumbs } from './breadcrumbs'; import { EmbeddableStateTransfer } from '../../../../embeddable/public'; @@ -92,10 +93,22 @@ export const getTopNavConfig = ( dashboard, savedObjectsTagging, presentationUtil, + usageCollection, }: VisualizeServices ) => { const { vis, embeddableHandler } = visInstance; const savedVis = visInstance.savedVis; + + const doTelemetryForSaveEvent = (visType: string) => { + if (usageCollection) { + usageCollection.reportUiCounter( + originatingApp ?? APP_NAME, + METRIC_TYPE.CLICK, + `${visType}:save` + ); + } + }; + /** * Called when the user clicks "Save" button. */ @@ -394,6 +407,8 @@ export const getTopNavConfig = ( return { id: true }; } + doTelemetryForSaveEvent(vis.type.name); + // We're adding the viz to a library so we need to save it and then // add to a dashboard if necessary const response = await doSave(saveOptions); @@ -503,6 +518,8 @@ export const getTopNavConfig = ( } }, run: async () => { + doTelemetryForSaveEvent(vis.type.name); + if (!savedVis?.id) { return createVisReference(); } diff --git a/src/plugins/visualize/public/plugin.ts b/src/plugins/visualize/public/plugin.ts index 4b369e8be86eee..b5ddbdf6d10a3c 100644 --- a/src/plugins/visualize/public/plugin.ts +++ b/src/plugins/visualize/public/plugin.ts @@ -6,10 +6,11 @@ * Side Public License, v 1. */ -import { BehaviorSubject } from 'rxjs'; import { i18n } from '@kbn/i18n'; -import { filter, map } from 'rxjs/operators'; import { createHashHistory } from 'history'; +import { BehaviorSubject } from 'rxjs'; +import { filter, map } from 'rxjs/operators'; + import { AppMountParameters, AppUpdater, @@ -18,29 +19,33 @@ import { Plugin, PluginInitializerContext, ScopedHistory, -} from 'kibana/public'; + DEFAULT_APP_CATEGORIES, +} from '../../../core/public'; -import { PresentationUtilPluginStart } from '../../../../src/plugins/presentation_util/public'; import { Storage, createKbnUrlTracker, createKbnUrlStateStorage, withNotifyOnErrors, } from '../../kibana_utils/public'; -import { DataPublicPluginStart, DataPublicPluginSetup, esFilters } from '../../data/public'; -import { NavigationPublicPluginStart as NavigationStart } from '../../navigation/public'; -import { SharePluginStart, SharePluginSetup } from '../../share/public'; -import { UrlForwardingSetup, UrlForwardingStart } from '../../url_forwarding/public'; -import { VisualizationsStart } from '../../visualizations/public'; + import { VisualizeConstants } from './application/visualize_constants'; +import { DataPublicPluginStart, DataPublicPluginSetup, esFilters } from '../../data/public'; import { FeatureCatalogueCategory, HomePublicPluginSetup } from '../../home/public'; -import { VisualizeServices } from './application/types'; -import { DEFAULT_APP_CATEGORIES } from '../../../core/public'; -import { SavedObjectsStart } from '../../saved_objects/public'; -import { EmbeddableStart } from '../../embeddable/public'; -import { DashboardStart } from '../../dashboard/public'; + +import type { PresentationUtilPluginStart } from '../../../../src/plugins/presentation_util/public'; +import type { NavigationPublicPluginStart as NavigationStart } from '../../navigation/public'; +import type { SharePluginStart, SharePluginSetup } from '../../share/public'; +import type { UrlForwardingSetup, UrlForwardingStart } from '../../url_forwarding/public'; +import type { VisualizationsStart } from '../../visualizations/public'; +import type { VisualizeServices } from './application/types'; +import type { SavedObjectsStart } from '../../saved_objects/public'; +import type { EmbeddableStart } from '../../embeddable/public'; +import type { DashboardStart } from '../../dashboard/public'; import type { SavedObjectTaggingOssPluginStart } from '../../saved_objects_tagging_oss/public'; -import { setVisEditorsRegistry, setUISettings } from './services'; +import type { UsageCollectionStart } from '../../usage_collection/public'; + +import { setVisEditorsRegistry, setUISettings, setUsageCollector } from './services'; import { createVisEditorsRegistry, VisEditorsRegistry } from './vis_editors_registry'; export interface VisualizePluginStartDependencies { @@ -54,6 +59,7 @@ export interface VisualizePluginStartDependencies { dashboard: DashboardStart; savedObjectsTaggingOss?: SavedObjectTaggingOssPluginStart; presentationUtil: PresentationUtilPluginStart; + usageCollection?: UsageCollectionStart; } export interface VisualizePluginSetupDependencies { @@ -202,6 +208,7 @@ export class VisualizePlugin setHeaderActionMenu: params.setHeaderActionMenu, savedObjectsTagging: pluginsStart.savedObjectsTaggingOss?.getTaggingApi(), presentationUtil: pluginsStart.presentationUtil, + usageCollection: pluginsStart.usageCollection, }; params.element.classList.add('visAppWrapper'); @@ -238,8 +245,12 @@ export class VisualizePlugin } as VisualizePluginSetup; } - public start(core: CoreStart, plugins: VisualizePluginStartDependencies) { + public start(core: CoreStart, { usageCollection }: VisualizePluginStartDependencies) { setVisEditorsRegistry(this.visEditorsRegistry); + + if (usageCollection) { + setUsageCollector(usageCollection); + } } stop() { diff --git a/src/plugins/visualize/public/services.ts b/src/plugins/visualize/public/services.ts index 192aac3547eb27..97ff7923379b72 100644 --- a/src/plugins/visualize/public/services.ts +++ b/src/plugins/visualize/public/services.ts @@ -6,12 +6,18 @@ * Side Public License, v 1. */ -import { IUiSettingsClient } from '../../../core/public'; import { createGetterSetter } from '../../../plugins/kibana_utils/public'; -import { VisEditorsRegistry } from './vis_editors_registry'; + +import type { IUiSettingsClient } from '../../../core/public'; +import type { VisEditorsRegistry } from './vis_editors_registry'; +import type { UsageCollectionStart } from '../../usage_collection/public'; export const [getUISettings, setUISettings] = createGetterSetter('UISettings'); +export const [getUsageCollector, setUsageCollector] = createGetterSetter( + 'UsageCollection' +); + export const [ getVisEditorsRegistry, setVisEditorsRegistry, diff --git a/x-pack/examples/embedded_lens_example/public/app.tsx b/x-pack/examples/embedded_lens_example/public/app.tsx index 33bb1f06d045c7..6a39951ad49583 100644 --- a/x-pack/examples/embedded_lens_example/public/app.tsx +++ b/x-pack/examples/embedded_lens_example/public/app.tsx @@ -24,6 +24,7 @@ import { TypedLensByValueInput, PersistedIndexPatternLayer, XYState, + LensEmbeddableInput, } from '../../../plugins/lens/public'; import { StartDependencies } from './plugin'; @@ -112,12 +113,15 @@ export const App = (props: { }) => { const [color, setColor] = useState('green'); const [isLoading, setIsLoading] = useState(false); + const [isSaveModalVisible, setIsSaveModalVisible] = useState(false); const LensComponent = props.plugins.lens.EmbeddableComponent; + const LensSaveModalComponent = props.plugins.lens.SaveModalComponent; const [time, setTime] = useState({ from: 'now-5d', to: 'now', }); + return ( @@ -172,7 +176,18 @@ export const App = (props: { setColor(newColor); }} > - Edit + Edit in Lens + + + + { + setIsSaveModalVisible(true); + }} + > + Save Visualization @@ -197,6 +212,19 @@ export const App = (props: { // call back event for on table row click event }} /> + {isSaveModalVisible && ( + {}} + onClose={() => setIsSaveModalVisible(false)} + /> + )} ) : (

This demo only works if your default index pattern is set and time based

diff --git a/x-pack/examples/embedded_lens_example/public/mount.tsx b/x-pack/examples/embedded_lens_example/public/mount.tsx index 5cf7c25fbf160e..ff1e6ef8818f05 100644 --- a/x-pack/examples/embedded_lens_example/public/mount.tsx +++ b/x-pack/examples/embedded_lens_example/public/mount.tsx @@ -23,7 +23,13 @@ export const mount = (coreSetup: CoreSetup) => async ({ const defaultIndexPattern = await plugins.data.indexPatterns.getDefault(); - const reactElement = ; + const i18nCore = core.i18n; + + const reactElement = ( + + + + ); render(reactElement, element); return () => unmountComponentAtNode(element); }; diff --git a/x-pack/plugins/alerting/common/alert_navigation.ts b/x-pack/plugins/alerting/common/alert_navigation.ts index d26afff9e8243f..7c9e428f9a09ee 100644 --- a/x-pack/plugins/alerting/common/alert_navigation.ts +++ b/x-pack/plugins/alerting/common/alert_navigation.ts @@ -5,8 +5,7 @@ * 2.0. */ -import { JsonObject } from '../../../../src/plugins/kibana_utils/common'; - +import { JsonObject } from '@kbn/common-utils'; export interface AlertUrlNavigation { path: string; } diff --git a/x-pack/plugins/alerting/public/alert_navigation_registry/types.ts b/x-pack/plugins/alerting/public/alert_navigation_registry/types.ts index 53540facd9652e..12ac9061426475 100644 --- a/x-pack/plugins/alerting/public/alert_navigation_registry/types.ts +++ b/x-pack/plugins/alerting/public/alert_navigation_registry/types.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { JsonObject } from '../../../../../src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { SanitizedAlert } from '../../common'; /** diff --git a/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts b/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts index 7506accd8b88ea..52cef9a402e352 100644 --- a/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts +++ b/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts @@ -8,6 +8,7 @@ import Boom from '@hapi/boom'; import { map, mapValues, fromPairs, has } from 'lodash'; import { KibanaRequest } from 'src/core/server'; +import { JsonObject } from '@kbn/common-utils'; import { AlertTypeRegistry } from '../types'; import { SecurityPluginSetup } from '../../../security/server'; import { RegistryAlertType } from '../alert_type_registry'; @@ -19,7 +20,6 @@ import { AlertingAuthorizationFilterOpts, } from './alerting_authorization_kuery'; import { KueryNode } from '../../../../../src/plugins/data/server'; -import { JsonObject } from '../../../../../src/plugins/kibana_utils/common'; export enum AlertingAuthorizationEntity { Rule = 'rule', diff --git a/x-pack/plugins/alerting/server/authorization/alerting_authorization_kuery.ts b/x-pack/plugins/alerting/server/authorization/alerting_authorization_kuery.ts index eb6f1605f2ba5a..5205e6afdf29f3 100644 --- a/x-pack/plugins/alerting/server/authorization/alerting_authorization_kuery.ts +++ b/x-pack/plugins/alerting/server/authorization/alerting_authorization_kuery.ts @@ -6,7 +6,7 @@ */ import { remove } from 'lodash'; -import { JsonObject } from '../../../../../src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { nodeBuilder, EsQueryConfig } from '../../../../../src/plugins/data/common'; import { toElasticsearchQuery } from '../../../../../src/plugins/data/common/es_query'; import { KueryNode } from '../../../../../src/plugins/data/server'; diff --git a/x-pack/plugins/alerting/server/routes/lib/rewrite_request_case.ts b/x-pack/plugins/alerting/server/routes/lib/rewrite_request_case.ts index 361ba5ff5e55de..f5455d1a630934 100644 --- a/x-pack/plugins/alerting/server/routes/lib/rewrite_request_case.ts +++ b/x-pack/plugins/alerting/server/routes/lib/rewrite_request_case.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { JsonValue } from '../../../../../../src/plugins/kibana_utils/common'; +import { JsonValue } from '@kbn/common-utils'; type RenameAlertToRule = K extends `alertTypeId` ? `ruleTypeId` diff --git a/x-pack/plugins/apm/public/components/app/ErrorGroupDetails/Distribution/index.tsx b/x-pack/plugins/apm/public/components/app/ErrorGroupDetails/Distribution/index.tsx index a38e3b2a3d7c65..643653c24aeb3a 100644 --- a/x-pack/plugins/apm/public/components/app/ErrorGroupDetails/Distribution/index.tsx +++ b/x-pack/plugins/apm/public/components/app/ErrorGroupDetails/Distribution/index.tsx @@ -18,7 +18,7 @@ import { } from '@elastic/charts'; import { EuiTitle } from '@elastic/eui'; import d3 from 'd3'; -import React from 'react'; +import React, { Suspense, useState } from 'react'; import { RULE_ID } from '@kbn/rule-data-utils/target/technical_field_names'; import { useApmServiceContext } from '../../../../context/apm_service/use_apm_service_context'; import { APIReturnType } from '../../../../services/rest/createCallApmApi'; @@ -27,6 +27,7 @@ import { useTheme } from '../../../../hooks/use_theme'; import { AlertType } from '../../../../../common/alert_types'; import { getAlertAnnotations } from '../../../shared/charts/helper/get_alert_annotations'; import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plugin_context'; +import { LazyAlertsFlyout } from '../../../../../../observability/public'; type ErrorDistributionAPIResponse = APIReturnType<'GET /api/apm/services/{serviceName}/errors/distribution'>; @@ -68,6 +69,9 @@ export function ErrorDistribution({ distribution, title }: Props) { const { observabilityRuleTypeRegistry } = useApmPluginContext(); const { alerts } = useApmServiceContext(); const { getFormatter } = observabilityRuleTypeRegistry; + const [selectedAlertId, setSelectedAlertId] = useState( + undefined + ); const tooltipProps: SettingsSpec['tooltip'] = { headerFormatter: (tooltip: TooltipValue) => { @@ -122,8 +126,21 @@ export function ErrorDistribution({ distribution, title }: Props) { ), chartStartTime: buckets[0].x0, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })} + + { + setSelectedAlertId(undefined); + }} + selectedAlertId={selectedAlertId} + /> + diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/ActionMenu/index.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/ActionMenu/index.tsx index 6d04996b5f24c5..20d930d28599f9 100644 --- a/x-pack/plugins/apm/public/components/app/RumDashboard/ActionMenu/index.tsx +++ b/x-pack/plugins/apm/public/components/app/RumDashboard/ActionMenu/index.tsx @@ -55,26 +55,43 @@ export function UXActionMenu({ http?.basePath.get() ); + const kibana = useKibana(); + return ( {ANALYZE_MESSAGE}

}> {ANALYZE_DATA} + + + {i18n.translate('xpack.apm.addDataButtonLabel', { + defaultMessage: 'Add data', + })} + + ); diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/ClientMetrics/index.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/ClientMetrics/index.tsx index add6ac1b08b281..c525a71ea45891 100644 --- a/x-pack/plugins/apm/public/components/app/RumDashboard/ClientMetrics/index.tsx +++ b/x-pack/plugins/apm/public/components/app/RumDashboard/ClientMetrics/index.tsx @@ -24,7 +24,7 @@ export function ClientMetrics() { } = useUrlParams(); return ( - + diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/ImpactfulMetrics/index.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/ImpactfulMetrics/index.tsx index 175b40f85d64b0..b696a46f59bd12 100644 --- a/x-pack/plugins/apm/public/components/app/RumDashboard/ImpactfulMetrics/index.tsx +++ b/x-pack/plugins/apm/public/components/app/RumDashboard/ImpactfulMetrics/index.tsx @@ -11,7 +11,7 @@ import { JSErrors } from './JSErrors'; export function ImpactfulMetrics() { return ( - + diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/Panels/PageLoadAndViews.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/Panels/PageLoadAndViews.tsx index b51e2559b7f15d..9dd83fd1c8fd1f 100644 --- a/x-pack/plugins/apm/public/components/app/RumDashboard/Panels/PageLoadAndViews.tsx +++ b/x-pack/plugins/apm/public/components/app/RumDashboard/Panels/PageLoadAndViews.tsx @@ -14,12 +14,12 @@ export function PageLoadAndViews() { return ( - + - + diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/Panels/VisitorBreakdowns.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/Panels/VisitorBreakdowns.tsx index 0433988ecfa21a..ff79feaa924f37 100644 --- a/x-pack/plugins/apm/public/components/app/RumDashboard/Panels/VisitorBreakdowns.tsx +++ b/x-pack/plugins/apm/public/components/app/RumDashboard/Panels/VisitorBreakdowns.tsx @@ -14,12 +14,12 @@ export function VisitorBreakdownsPanel() { return ( - + - + diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/UXMetrics/index.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/UXMetrics/index.tsx index 44212fed989876..a665b6560c7e95 100644 --- a/x-pack/plugins/apm/public/components/app/RumDashboard/UXMetrics/index.tsx +++ b/x-pack/plugins/apm/public/components/app/RumDashboard/UXMetrics/index.tsx @@ -62,7 +62,7 @@ export function UXMetrics() { ); return ( - + diff --git a/x-pack/plugins/apm/public/components/app/service_map/index.tsx b/x-pack/plugins/apm/public/components/app/service_map/index.tsx index df8438c5c80a4a..582eafe7553af7 100644 --- a/x-pack/plugins/apm/public/components/app/service_map/index.tsx +++ b/x-pack/plugins/apm/public/components/app/service_map/index.tsx @@ -146,7 +146,7 @@ export function ServiceMap({ return ( <> - +
{data.charts.map((chart) => ( - + ) : ( - + + + )} @@ -171,7 +173,7 @@ export function ServiceNodeMetrics({ {data.charts.map((chart) => ( - + - + @@ -63,7 +63,7 @@ export function ServiceOverview({ serviceName }: ServiceOverviewProps) { - + @@ -84,7 +84,7 @@ export function ServiceOverview({ serviceName }: ServiceOverviewProps) { )} - + @@ -101,7 +101,7 @@ export function ServiceOverview({ serviceName }: ServiceOverviewProps) { {!isRumAgent && ( - + diff --git a/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_chart_and_table.tsx b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_chart_and_table.tsx index 8513e0835d373b..719409b0f97ffe 100644 --- a/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_chart_and_table.tsx +++ b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_chart_and_table.tsx @@ -228,7 +228,7 @@ export function ServiceOverviewInstancesChartAndTable({ /> - + +

{i18n.translate('xpack.apm.serviceOverview.throughtputChartTitle', { diff --git a/x-pack/plugins/apm/public/components/app/transaction_details/WaterfallWithSummmary/index.tsx b/x-pack/plugins/apm/public/components/app/transaction_details/WaterfallWithSummmary/index.tsx index 3d3ce3262f13b5..6f5b95b103f6b7 100644 --- a/x-pack/plugins/apm/public/components/app/transaction_details/WaterfallWithSummmary/index.tsx +++ b/x-pack/plugins/apm/public/components/app/transaction_details/WaterfallWithSummmary/index.tsx @@ -83,13 +83,13 @@ export function WaterfallWithSummmary({ /> ); - return {content}; + return {content}; } const entryTransaction = entryWaterfallTransaction.doc; return ( - + diff --git a/x-pack/plugins/apm/public/components/app/transaction_details/index.tsx b/x-pack/plugins/apm/public/components/app/transaction_details/index.tsx index b9508b2d303a26..3cac05ba2d96a8 100644 --- a/x-pack/plugins/apm/public/components/app/transaction_details/index.tsx +++ b/x-pack/plugins/apm/public/components/app/transaction_details/index.tsx @@ -76,11 +76,13 @@ export function TransactionDetails() { return ( <> + +

{transactionName}

 - + @@ -88,7 +90,7 @@ export function TransactionDetails() { - + - +

Transactions

 diff --git a/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/alerting_popover_flyout.tsx b/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/alerting_popover_flyout.tsx index 95acc55196c543..5b4f4e24af44d5 100644 --- a/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/alerting_popover_flyout.tsx +++ b/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/alerting_popover_flyout.tsx @@ -66,7 +66,8 @@ export function AlertingPopoverAndFlyout({ const button = ( setPopoverOpen((prevState) => !prevState)} diff --git a/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/anomaly_detection_setup_link.tsx b/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/anomaly_detection_setup_link.tsx index ade49bc7e3aa4f..28c000310346d5 100644 --- a/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/anomaly_detection_setup_link.tsx +++ b/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/anomaly_detection_setup_link.tsx @@ -42,14 +42,15 @@ export function AnomalyDetectionSetupLink() { return ( {canGetJobs && hasValidLicense ? ( ) : ( - + )} {ANOMALY_DETECTION_LINK_LABEL} @@ -64,7 +65,7 @@ export function MissingJobsAlert({ environment }: { environment?: string }) { anomalyDetectionJobsStatus, } = useAnomalyDetectionJobsContext(); - const defaultIcon = ; + const defaultIcon = ; if (anomalyDetectionJobsStatus === FETCH_STATUS.LOADING) { return ; @@ -92,7 +93,7 @@ export function MissingJobsAlert({ environment }: { environment?: string }) { return ( - + ); } diff --git a/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/index.tsx b/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/index.tsx index 134941990a0f4c..86f0d3fde1cd5d 100644 --- a/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/apm_header_action_menu/index.tsx @@ -40,16 +40,13 @@ export function ApmHeaderActionMenu() { } return ( - - + + {i18n.translate('xpack.apm.settingsLinkLabel', { defaultMessage: 'Settings', })} + {canAccessML && } {isAlertingAvailable && ( )} - {canAccessML && } () => link: '/', reason: 'a good reason', }); +const selectedAlertId = undefined; +const setSelectedAlertId = jest.fn(); describe('getAlertAnnotations', () => { describe('with no alerts', () => { it('returns an empty array', () => { expect( - getAlertAnnotations({ alerts: [], chartStartTime, getFormatter, theme }) + getAlertAnnotations({ + alerts: [], + chartStartTime, + getFormatter, + selectedAlertId, + setSelectedAlertId, + theme, + }) ).toEqual([]); }); }); @@ -66,6 +75,8 @@ describe('getAlertAnnotations', () => { alerts: [alert], chartStartTime, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })![0].props.style.line.stroke ).toEqual(euiColorDanger); @@ -77,6 +88,8 @@ describe('getAlertAnnotations', () => { alerts: [alert], chartStartTime, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })![0].props.dataValues[0].header ).toEqual('Alert'); @@ -88,6 +101,8 @@ describe('getAlertAnnotations', () => { alerts: [alert], chartStartTime, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })![0].props.dataValues[0].details ).toEqual('a good reason'); @@ -103,6 +118,8 @@ describe('getAlertAnnotations', () => { alerts: [alert], chartStartTime, getFormatter: getNoFormatter, + selectedAlertId, + setSelectedAlertId, theme, })![0].props.dataValues[0].details ).toEqual(alert['rule.name']![0]); @@ -118,6 +135,8 @@ describe('getAlertAnnotations', () => { alerts: [alert], chartStartTime: beforeChartStartTime, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })![0].props.dataValues[0].dataValue ).toEqual(beforeChartStartTime); @@ -137,6 +156,8 @@ describe('getAlertAnnotations', () => { alerts: [warningAlert], chartStartTime, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })![0].props.style.line.stroke ).toEqual(euiColorWarning); @@ -148,6 +169,8 @@ describe('getAlertAnnotations', () => { alerts: [warningAlert], chartStartTime, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })![0].props.dataValues[0].header ).toEqual('Warning Alert'); @@ -166,6 +189,8 @@ describe('getAlertAnnotations', () => { alerts: [criticalAlert], chartStartTime, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })![0].props.style.line.stroke ).toEqual(euiColorDanger); @@ -177,6 +202,8 @@ describe('getAlertAnnotations', () => { alerts: [criticalAlert], chartStartTime, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })![0].props.dataValues[0].header ).toEqual('Critical Alert'); diff --git a/x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.tsx b/x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.tsx index 2a2268b598efa6..fa0725018f783b 100644 --- a/x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.tsx +++ b/x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.tsx @@ -10,7 +10,7 @@ import { Position, RectAnnotation, } from '@elastic/charts'; -import { EuiIcon } from '@elastic/eui'; +import { EuiButtonIcon } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { ALERT_DURATION, @@ -20,7 +20,7 @@ import { RULE_ID, RULE_NAME, } from '@kbn/rule-data-utils/target/technical_field_names'; -import React from 'react'; +import React, { Dispatch, SetStateAction } from 'react'; import { EuiTheme } from 'src/plugins/kibana_react/common'; import { ValuesType } from 'utility-types'; import type { ObservabilityRuleTypeRegistry } from '../../../../../../observability/public'; @@ -68,15 +68,30 @@ function getAlertHeader({ } } +/** + * Get the components needed to render alert annotations. + * + * You might be thinking, "Hey, this is a function that returns DOM. + * This should not be a function but a component." + * + * You would be correct, except for https://github.com/elastic/elastic-charts/issues/914, + * which makes it so if you construct a chart with its elements broken into + * different components it makes the whole chart disappear, which is not what + * we want. + */ export function getAlertAnnotations({ alerts, chartStartTime, getFormatter, + selectedAlertId, + setSelectedAlertId, theme, }: { alerts?: Alert[]; chartStartTime: number; getFormatter: ObservabilityRuleTypeRegistry['getFormatter']; + selectedAlertId?: string; + setSelectedAlertId: Dispatch>; theme: EuiTheme; }) { return alerts?.flatMap((alert) => { @@ -100,6 +115,7 @@ export function getAlertAnnotations({ formatters: { asDuration, asPercent }, }) ?? {}), }; + const isSelected = uuid === selectedAlertId; return [ } + marker={ + { + if (selectedAlertId === uuid) { + setSelectedAlertId(undefined); + } else { + setSelectedAlertId(uuid); + } + }} + iconSize={isSelected ? 'l' : 'm'} + iconType="alert" + size="xs" + /> + } markerPosition={Position.Top} - style={{ line: { opacity: 1, strokeWidth: 2, stroke: color } }} + style={{ + line: { opacity: 1, strokeWidth: isSelected ? 6 : 2, stroke: color }, + }} />, , ]; }); diff --git a/x-pack/plugins/apm/public/components/shared/charts/instances_latency_distribution_chart/index.tsx b/x-pack/plugins/apm/public/components/shared/charts/instances_latency_distribution_chart/index.tsx index ce4f36ced79038..0ad4be17e35cbd 100644 --- a/x-pack/plugins/apm/public/components/shared/charts/instances_latency_distribution_chart/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/charts/instances_latency_distribution_chart/index.tsx @@ -104,7 +104,7 @@ export function InstancesLatencyDistributionChart({ }; return ( - +

{i18n.translate('xpack.apm.instancesLatencyDistributionChartTitle', { diff --git a/x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx b/x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx index 0dd7da02001d78..d1dcd831eadd7d 100644 --- a/x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx +++ b/x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx @@ -9,6 +9,7 @@ import { StoryContext } from '@storybook/react'; import React, { ComponentType } from 'react'; import { MemoryRouter, Route } from 'react-router-dom'; import { EuiThemeProvider } from '../../../../../../../../src/plugins/kibana_react/common'; +import { KibanaContextProvider } from '../../../../../../../../src/plugins/kibana_react/public'; import { LatencyAggregationType } from '../../../../../common/latency_aggregation_types'; import { ApmPluginContext, @@ -48,6 +49,7 @@ export default { toasts: { addWarning: () => {}, addDanger: () => {} }, }, http: { + basePath: { prepend: () => {} }, get: (endpoint: string) => { switch (endpoint) { case '/api/apm/services/test-service/transactions/charts/latency': @@ -59,7 +61,7 @@ export default { } }, }, - uiSettings: { get: () => true }, + uiSettings: { get: () => '' }, }, plugins: { observability: { isAlertingExperienceEnabled: () => true } }, observabilityRuleTypeRegistry: { getFormatter: () => undefined }, @@ -71,20 +73,24 @@ export default { - - - - - - - - - + + + + + + + + + + + diff --git a/x-pack/plugins/apm/public/components/shared/charts/timeseries_chart.tsx b/x-pack/plugins/apm/public/components/shared/charts/timeseries_chart.tsx index 49ef146f4b5117..9e7a3ac744ffe6 100644 --- a/x-pack/plugins/apm/public/components/shared/charts/timeseries_chart.tsx +++ b/x-pack/plugins/apm/public/components/shared/charts/timeseries_chart.tsx @@ -24,9 +24,12 @@ import { } from '@elastic/charts'; import { EuiIcon } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import React from 'react'; +import React, { Suspense, useState } from 'react'; import { useHistory } from 'react-router-dom'; -import { useChartTheme } from '../../../../../observability/public'; +import { + LazyAlertsFlyout, + useChartTheme, +} from '../../../../../observability/public'; import { asAbsoluteDateTime } from '../../../../common/utils/formatters'; import { Coordinate, @@ -88,6 +91,9 @@ export function TimeseriesChart({ const { setPointerEvent, chartRef } = useChartPointerEventContext(); const theme = useTheme(); const chartTheme = useChartTheme(); + const [selectedAlertId, setSelectedAlertId] = useState( + undefined + ); const xValues = timeseries.flatMap(({ data }) => data.map(({ x }) => x)); @@ -208,8 +214,21 @@ export function TimeseriesChart({ alerts, chartStartTime: xValues[0], getFormatter, + selectedAlertId, + setSelectedAlertId, theme, })} + + { + setSelectedAlertId(undefined); + }} + selectedAlertId={selectedAlertId} + /> + ); diff --git a/x-pack/plugins/apm/public/components/shared/charts/transaction_breakdown_chart/index.tsx b/x-pack/plugins/apm/public/components/shared/charts/transaction_breakdown_chart/index.tsx index 978604c4c96ece..40c5e39589fb1f 100644 --- a/x-pack/plugins/apm/public/components/shared/charts/transaction_breakdown_chart/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/charts/transaction_breakdown_chart/index.tsx @@ -22,7 +22,7 @@ export function TransactionBreakdownChart({ const { timeseries } = data; return ( - + diff --git a/x-pack/plugins/apm/public/components/shared/charts/transaction_charts/index.tsx b/x-pack/plugins/apm/public/components/shared/charts/transaction_charts/index.tsx index 3f868ae272e3a1..019a25b1e9ed37 100644 --- a/x-pack/plugins/apm/public/components/shared/charts/transaction_charts/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/charts/transaction_charts/index.tsx @@ -37,13 +37,13 @@ export function TransactionCharts() { - + - + {i18n.translate( diff --git a/x-pack/plugins/apm/public/components/shared/charts/transaction_error_rate_chart/index.tsx b/x-pack/plugins/apm/public/components/shared/charts/transaction_error_rate_chart/index.tsx index 7eceaf5ca8e5da..96cb7c49a67104 100644 --- a/x-pack/plugins/apm/public/components/shared/charts/transaction_error_rate_chart/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/charts/transaction_error_rate_chart/index.tsx @@ -135,7 +135,7 @@ export function TransactionErrorRateChart({ ]; return ( - +

{i18n.translate('xpack.apm.errorRate', { diff --git a/x-pack/plugins/apm/public/components/shared/service_icons/alert_details.tsx b/x-pack/plugins/apm/public/components/shared/service_icons/alert_details.tsx deleted file mode 100644 index 9f6378ccb44971..00000000000000 --- a/x-pack/plugins/apm/public/components/shared/service_icons/alert_details.tsx +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import React from 'react'; -import { EuiFlexGroup, EuiFlexItem, EuiLink } from '@elastic/eui'; -import { parse, format } from 'url'; -import { uniqBy } from 'lodash'; -import { - ALERT_ID, - ALERT_START, - RULE_ID, - RULE_NAME, -} from '@kbn/rule-data-utils/target/technical_field_names'; -import { parseTechnicalFields } from '../../../../../rule_registry/common'; -import { useUrlParams } from '../../../context/url_params_context/use_url_params'; -import { useApmPluginContext } from '../../../context/apm_plugin/use_apm_plugin_context'; -import { APIReturnType } from '../../../services/rest/createCallApmApi'; -import { asPercent, asDuration } from '../../../../common/utils/formatters'; -import { TimestampTooltip } from '../TimestampTooltip'; - -interface AlertDetailProps { - alerts: APIReturnType<'GET /api/apm/services/{serviceName}/alerts'>['alerts']; -} - -export function AlertDetails({ alerts }: AlertDetailProps) { - const { - observabilityRuleTypeRegistry, - core: { - http: { - basePath: { prepend }, - }, - }, - } = useApmPluginContext(); - - const { - urlParams: { rangeFrom, rangeTo }, - } = useUrlParams(); - - const collapsedAlerts = uniqBy(alerts, (alert) => alert[ALERT_ID]![0]!).map( - (alert) => { - return parseTechnicalFields(alert); - } - ); - - return ( - - {collapsedAlerts.map((alert) => { - const formatter = observabilityRuleTypeRegistry.getFormatter( - alert[RULE_ID]! - ); - const formatted = { - link: undefined, - reason: alert[RULE_NAME], - ...(formatter?.({ - fields: alert, - formatters: { asDuration, asPercent }, - }) ?? {}), - }; - - const parsedLink = formatted.link - ? parse(formatted.link, true) - : undefined; - - return ( - - - - {parsedLink ? ( - - {formatted.reason} - - ) : ( - formatted.reason - )} - - - - - - - ); - })} - - ); -} diff --git a/x-pack/plugins/apm/public/components/shared/service_icons/index.tsx b/x-pack/plugins/apm/public/components/shared/service_icons/index.tsx index d64605da2bc3f9..7889320342902e 100644 --- a/x-pack/plugins/apm/public/components/shared/service_icons/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/service_icons/index.tsx @@ -8,7 +8,6 @@ import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import React, { ReactChild, useState } from 'react'; -import { useApmServiceContext } from '../../../context/apm_service/use_apm_service_context'; import { useTheme } from '../../../hooks/use_theme'; import { ContainerType } from '../../../../common/service_metadata'; import { useUrlParams } from '../../../context/url_params_context/use_url_params'; @@ -18,7 +17,6 @@ import { CloudDetails } from './cloud_details'; import { ContainerDetails } from './container_details'; import { IconPopover } from './icon_popover'; import { ServiceDetails } from './service_details'; -import { AlertDetails } from './alert_details'; interface Props { serviceName: string; @@ -73,8 +71,6 @@ export function ServiceIcons({ serviceName }: Props) { const theme = useTheme(); - const { alerts } = useApmServiceContext(); - const { data: icons, status: iconsFetchStatus } = useFetcher( (callApmApi) => { if (serviceName && start && end) { @@ -146,19 +142,6 @@ export function ServiceIcons({ serviceName }: Props) { }), component: , }, - { - key: 'alerts', - icon: { - type: 'bell', - color: theme.eui.euiColorDanger, - size: 'm', - }, - isVisible: alerts.length > 0, - title: i18n.translate('xpack.apm.serviceIcons.alerts', { - defaultMessage: 'Alerts', - }), - component: , - }, ]; return ( diff --git a/x-pack/plugins/apm/public/components/shared/time_comparison/index.test.tsx b/x-pack/plugins/apm/public/components/shared/time_comparison/index.test.tsx index a4f44290fe777f..dd87c23908cbc5 100644 --- a/x-pack/plugins/apm/public/components/shared/time_comparison/index.test.tsx +++ b/x-pack/plugins/apm/public/components/shared/time_comparison/index.test.tsx @@ -15,7 +15,7 @@ import { expectTextsInDocument, expectTextsNotInDocument, } from '../../../utils/testHelpers'; -import { TimeComparison } from './'; +import { getComparisonTypes, getSelectOptions, TimeComparison } from './'; import * as urlHelpers from '../../shared/Links/url_helpers'; import moment from 'moment'; import { TimeRangeComparisonType } from './get_time_range_comparison'; @@ -37,188 +37,248 @@ describe('TimeComparison', () => { moment.tz.setDefault('Europe/Amsterdam'); }); afterAll(() => moment.tz.setDefault('')); - const spy = jest.spyOn(urlHelpers, 'replace'); - beforeEach(() => { - jest.resetAllMocks(); - }); - describe('Time range is between 0 - 24 hours', () => { - it('sets default values', () => { - const Wrapper = getWrapper({ - start: '2021-01-28T14:45:00.000Z', - end: '2021-01-28T15:00:00.000Z', - rangeTo: 'now', - }); - render(, { - wrapper: Wrapper, - }); - expect(spy).toHaveBeenCalledWith(expect.anything(), { - query: { - comparisonEnabled: 'true', - comparisonType: TimeRangeComparisonType.DayBefore, - }, - }); + + describe('getComparisonTypes', () => { + it('shows week and day before when 15 minutes is selected', () => { + expect( + getComparisonTypes({ + start: '2021-06-04T16:17:02.335Z', + end: '2021-06-04T16:32:02.335Z', + }) + ).toEqual([ + TimeRangeComparisonType.DayBefore.valueOf(), + TimeRangeComparisonType.WeekBefore.valueOf(), + ]); }); - it('selects day before and enables comparison', () => { - const Wrapper = getWrapper({ - start: '2021-01-28T14:45:00.000Z', - end: '2021-01-28T15:00:00.000Z', - comparisonEnabled: true, - comparisonType: TimeRangeComparisonType.DayBefore, - rangeTo: 'now', - }); - const component = render(, { - wrapper: Wrapper, - }); - expectTextsInDocument(component, ['Day before', 'Week before']); + + it('shows week and day before when Today is selected', () => { expect( - (component.getByTestId('comparisonSelect') as HTMLSelectElement) - .selectedIndex - ).toEqual(0); + getComparisonTypes({ + start: '2021-06-04T04:00:00.000Z', + end: '2021-06-05T03:59:59.999Z', + }) + ).toEqual([ + TimeRangeComparisonType.DayBefore.valueOf(), + TimeRangeComparisonType.WeekBefore.valueOf(), + ]); }); - it('enables yesterday option when date difference is equal to 24 hours', () => { - const Wrapper = getWrapper({ - start: '2021-01-28T10:00:00.000Z', - end: '2021-01-29T10:00:00.000Z', - comparisonEnabled: true, - comparisonType: TimeRangeComparisonType.DayBefore, - rangeTo: 'now', - }); - const component = render(, { - wrapper: Wrapper, - }); - expectTextsInDocument(component, ['Day before', 'Week before']); + it('shows week and day before when 24 hours is selected', () => { + expect( + getComparisonTypes({ + start: '2021-06-03T16:31:35.748Z', + end: '2021-06-04T16:31:35.748Z', + }) + ).toEqual([ + TimeRangeComparisonType.DayBefore.valueOf(), + TimeRangeComparisonType.WeekBefore.valueOf(), + ]); + }); + it('shows week before when 25 hours is selected', () => { expect( - (component.getByTestId('comparisonSelect') as HTMLSelectElement) - .selectedIndex - ).toEqual(0); + getComparisonTypes({ + start: '2021-06-02T12:32:00.000Z', + end: '2021-06-03T13:32:09.079Z', + }) + ).toEqual([TimeRangeComparisonType.WeekBefore.valueOf()]); }); - it('selects previous period when rangeTo is different than now', () => { - const Wrapper = getWrapper({ - start: '2021-01-28T10:00:00.000Z', - end: '2021-01-29T10:00:00.000Z', - comparisonEnabled: true, - comparisonType: TimeRangeComparisonType.PeriodBefore, - rangeTo: 'now-15m', - }); - const component = render(, { - wrapper: Wrapper, - }); - expectTextsInDocument(component, ['27/01 11:00 - 28/01 11:00']); + it('shows week before when 7 days is selected', () => { + expect( + getComparisonTypes({ + start: '2021-05-28T16:32:17.520Z', + end: '2021-06-04T16:32:17.520Z', + }) + ).toEqual([TimeRangeComparisonType.WeekBefore.valueOf()]); + }); + it('shows period before when 8 days is selected', () => { expect( - (component.getByTestId('comparisonSelect') as HTMLSelectElement) - .selectedIndex - ).toEqual(0); + getComparisonTypes({ + start: '2021-05-27T16:32:46.747Z', + end: '2021-06-04T16:32:46.747Z', + }) + ).toEqual([TimeRangeComparisonType.PeriodBefore.valueOf()]); }); }); - describe('Time range is between 24 hours - 1 week', () => { - it("doesn't show yesterday option when date difference is greater than 24 hours", () => { - const Wrapper = getWrapper({ - start: '2021-01-28T10:00:00.000Z', - end: '2021-01-29T11:00:00.000Z', - comparisonEnabled: true, - comparisonType: TimeRangeComparisonType.WeekBefore, - rangeTo: 'now', - }); - const component = render(, { - wrapper: Wrapper, - }); - expectTextsNotInDocument(component, ['Day before']); - expectTextsInDocument(component, ['Week before']); - }); - it('sets default values', () => { - const Wrapper = getWrapper({ - start: '2021-01-26T15:00:00.000Z', - end: '2021-01-28T15:00:00.000Z', - rangeTo: 'now', - }); - render(, { - wrapper: Wrapper, - }); - expect(spy).toHaveBeenCalledWith(expect.anything(), { - query: { - comparisonEnabled: 'true', - comparisonType: TimeRangeComparisonType.WeekBefore, + describe('getSelectOptions', () => { + it('returns formatted text based on comparison type', () => { + expect( + getSelectOptions({ + comparisonTypes: [ + TimeRangeComparisonType.DayBefore, + TimeRangeComparisonType.WeekBefore, + TimeRangeComparisonType.PeriodBefore, + ], + start: '2021-05-27T16:32:46.747Z', + end: '2021-06-04T16:32:46.747Z', + }) + ).toEqual([ + { + value: TimeRangeComparisonType.DayBefore.valueOf(), + text: 'Day before', }, - }); + { + value: TimeRangeComparisonType.WeekBefore.valueOf(), + text: 'Week before', + }, + { + value: TimeRangeComparisonType.PeriodBefore.valueOf(), + text: '19/05 18:32 - 27/05 18:32', + }, + ]); }); - it('selects week and enables comparison', () => { - const Wrapper = getWrapper({ - start: '2021-01-26T15:00:00.000Z', - end: '2021-01-28T15:00:00.000Z', - comparisonEnabled: true, - comparisonType: TimeRangeComparisonType.WeekBefore, - rangeTo: 'now', - }); - const component = render(, { - wrapper: Wrapper, - }); - expectTextsNotInDocument(component, ['Day before']); - expectTextsInDocument(component, ['Week before']); + + it('formats period before as DD/MM/YY HH:mm when range years are different', () => { expect( - (component.getByTestId('comparisonSelect') as HTMLSelectElement) - .selectedIndex - ).toEqual(0); + getSelectOptions({ + comparisonTypes: [TimeRangeComparisonType.PeriodBefore], + start: '2020-05-27T16:32:46.747Z', + end: '2021-06-04T16:32:46.747Z', + }) + ).toEqual([ + { + value: TimeRangeComparisonType.PeriodBefore.valueOf(), + text: '20/05/19 18:32 - 27/05/20 18:32', + }, + ]); }); + }); - it('selects previous period when rangeTo is different than now', () => { - const Wrapper = getWrapper({ - start: '2021-01-26T15:00:00.000Z', - end: '2021-01-28T15:00:00.000Z', - comparisonEnabled: true, - comparisonType: TimeRangeComparisonType.PeriodBefore, - rangeTo: '2021-01-28T15:00:00.000Z', + describe('TimeComparison component', () => { + const spy = jest.spyOn(urlHelpers, 'replace'); + beforeEach(() => { + jest.resetAllMocks(); + }); + describe('Time range is between 0 - 24 hours', () => { + it('sets default values', () => { + const Wrapper = getWrapper({ + exactStart: '2021-06-04T16:17:02.335Z', + exactEnd: '2021-06-04T16:32:02.335Z', + }); + render(, { wrapper: Wrapper }); + expect(spy).toHaveBeenCalledWith(expect.anything(), { + query: { + comparisonEnabled: 'true', + comparisonType: TimeRangeComparisonType.DayBefore, + }, + }); }); - const component = render(, { - wrapper: Wrapper, + it('selects day before and enables comparison', () => { + const Wrapper = getWrapper({ + exactStart: '2021-06-04T16:17:02.335Z', + exactEnd: '2021-06-04T16:32:02.335Z', + comparisonEnabled: true, + comparisonType: TimeRangeComparisonType.DayBefore, + }); + const component = render(, { wrapper: Wrapper }); + expectTextsInDocument(component, ['Day before', 'Week before']); + expect( + (component.getByTestId('comparisonSelect') as HTMLSelectElement) + .selectedIndex + ).toEqual(0); + }); + + it('enables day before option when date difference is equal to 24 hours', () => { + const Wrapper = getWrapper({ + exactStart: '2021-06-03T16:31:35.748Z', + exactEnd: '2021-06-04T16:31:35.748Z', + comparisonEnabled: true, + comparisonType: TimeRangeComparisonType.DayBefore, + }); + const component = render(, { wrapper: Wrapper }); + expectTextsInDocument(component, ['Day before', 'Week before']); + expect( + (component.getByTestId('comparisonSelect') as HTMLSelectElement) + .selectedIndex + ).toEqual(0); }); - expectTextsInDocument(component, ['24/01 16:00 - 26/01 16:00']); - expect( - (component.getByTestId('comparisonSelect') as HTMLSelectElement) - .selectedIndex - ).toEqual(0); }); - }); - describe('Time range is greater than 7 days', () => { - it('Shows absolute times without year when within the same year', () => { - const Wrapper = getWrapper({ - start: '2021-01-20T15:00:00.000Z', - end: '2021-01-28T15:00:00.000Z', - comparisonEnabled: true, - comparisonType: TimeRangeComparisonType.PeriodBefore, - rangeTo: 'now', + describe('Time range is between 24 hours - 1 week', () => { + it("doesn't show day before option when date difference is greater than 24 hours", () => { + const Wrapper = getWrapper({ + exactStart: '2021-06-02T12:32:00.000Z', + exactEnd: '2021-06-03T13:32:09.079Z', + comparisonEnabled: true, + comparisonType: TimeRangeComparisonType.WeekBefore, + }); + const component = render(, { + wrapper: Wrapper, + }); + expectTextsNotInDocument(component, ['Day before']); + expectTextsInDocument(component, ['Week before']); }); - const component = render(, { - wrapper: Wrapper, + it('sets default values', () => { + const Wrapper = getWrapper({ + exactStart: '2021-06-02T12:32:00.000Z', + exactEnd: '2021-06-03T13:32:09.079Z', + }); + render(, { + wrapper: Wrapper, + }); + expect(spy).toHaveBeenCalledWith(expect.anything(), { + query: { + comparisonEnabled: 'true', + comparisonType: TimeRangeComparisonType.WeekBefore, + }, + }); + }); + it('selects week before and enables comparison', () => { + const Wrapper = getWrapper({ + exactStart: '2021-06-02T12:32:00.000Z', + exactEnd: '2021-06-03T13:32:09.079Z', + comparisonEnabled: true, + comparisonType: TimeRangeComparisonType.WeekBefore, + }); + const component = render(, { + wrapper: Wrapper, + }); + expectTextsNotInDocument(component, ['Day before']); + expectTextsInDocument(component, ['Week before']); + expect( + (component.getByTestId('comparisonSelect') as HTMLSelectElement) + .selectedIndex + ).toEqual(0); }); - expect(spy).not.toHaveBeenCalled(); - expectTextsInDocument(component, ['12/01 16:00 - 20/01 16:00']); - expect( - (component.getByTestId('comparisonSelect') as HTMLSelectElement) - .selectedIndex - ).toEqual(0); }); - it('Shows absolute times with year when on different year', () => { - const Wrapper = getWrapper({ - start: '2020-12-20T15:00:00.000Z', - end: '2021-01-28T15:00:00.000Z', - comparisonEnabled: true, - comparisonType: TimeRangeComparisonType.PeriodBefore, - rangeTo: 'now', + describe('Time range is greater than 7 days', () => { + it('Shows absolute times without year when within the same year', () => { + const Wrapper = getWrapper({ + exactStart: '2021-05-27T16:32:46.747Z', + exactEnd: '2021-06-04T16:32:46.747Z', + comparisonEnabled: true, + comparisonType: TimeRangeComparisonType.PeriodBefore, + }); + const component = render(, { + wrapper: Wrapper, + }); + expect(spy).not.toHaveBeenCalled(); + expectTextsInDocument(component, ['19/05 18:32 - 27/05 18:32']); + expect( + (component.getByTestId('comparisonSelect') as HTMLSelectElement) + .selectedIndex + ).toEqual(0); }); - const component = render(, { - wrapper: Wrapper, + + it('Shows absolute times with year when on different year', () => { + const Wrapper = getWrapper({ + exactStart: '2020-05-27T16:32:46.747Z', + exactEnd: '2021-06-04T16:32:46.747Z', + comparisonEnabled: true, + comparisonType: TimeRangeComparisonType.PeriodBefore, + }); + const component = render(, { + wrapper: Wrapper, + }); + expect(spy).not.toHaveBeenCalled(); + expectTextsInDocument(component, ['20/05/19 18:32 - 27/05/20 18:32']); + expect( + (component.getByTestId('comparisonSelect') as HTMLSelectElement) + .selectedIndex + ).toEqual(0); }); - expect(spy).not.toHaveBeenCalled(); - expectTextsInDocument(component, ['11/11/20 16:00 - 20/12/20 16:00']); - expect( - (component.getByTestId('comparisonSelect') as HTMLSelectElement) - .selectedIndex - ).toEqual(0); }); }); }); diff --git a/x-pack/plugins/apm/public/components/shared/time_comparison/index.tsx b/x-pack/plugins/apm/public/components/shared/time_comparison/index.tsx index 98fbd4f399d980..cbe7b81486a64d 100644 --- a/x-pack/plugins/apm/public/components/shared/time_comparison/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/time_comparison/index.tsx @@ -59,80 +59,92 @@ function formatDate({ return `${momentStart.format(dateFormat)} - ${momentEnd.format(dateFormat)}`; } -function getSelectOptions({ +export function getComparisonTypes({ start, end, - rangeTo, - comparisonEnabled, }: { start?: string; end?: string; - rangeTo?: string; - comparisonEnabled?: boolean; }) { const momentStart = moment(start); const momentEnd = moment(end); - const dayBeforeOption = { - value: TimeRangeComparisonType.DayBefore, - text: i18n.translate('xpack.apm.timeComparison.select.dayBefore', { - defaultMessage: 'Day before', - }), - }; - - const weekBeforeOption = { - value: TimeRangeComparisonType.WeekBefore, - text: i18n.translate('xpack.apm.timeComparison.select.weekBefore', { - defaultMessage: 'Week before', - }), - }; - - const dateDiff = Number( - getDateDifference({ - start: momentStart, - end: momentEnd, - unitOfTime: 'days', - precise: true, - }).toFixed(2) - ); - - const isRangeToNow = rangeTo === 'now'; + const dateDiff = getDateDifference({ + start: momentStart, + end: momentEnd, + unitOfTime: 'days', + precise: true, + }); - if (isRangeToNow) { - // Less than or equals to one day - if (dateDiff <= 1) { - return [dayBeforeOption, weekBeforeOption]; - } + // Less than or equals to one day + if (dateDiff <= 1) { + return [ + TimeRangeComparisonType.DayBefore, + TimeRangeComparisonType.WeekBefore, + ]; + } - // Less than or equals to one week - if (dateDiff <= 7) { - return [weekBeforeOption]; - } + // Less than or equals to one week + if (dateDiff <= 7) { + return [TimeRangeComparisonType.WeekBefore]; } + // } - const { comparisonStart, comparisonEnd } = getTimeRangeComparison({ - comparisonType: TimeRangeComparisonType.PeriodBefore, - start, - end, - comparisonEnabled, - }); + // above one week or when rangeTo is not "now" + return [TimeRangeComparisonType.PeriodBefore]; +} - const dateFormat = getDateFormat({ - previousPeriodStart: comparisonStart, - currentPeriodEnd: end, - }); +export function getSelectOptions({ + comparisonTypes, + start, + end, +}: { + comparisonTypes: TimeRangeComparisonType[]; + start?: string; + end?: string; +}) { + return comparisonTypes.map((value) => { + switch (value) { + case TimeRangeComparisonType.DayBefore: { + return { + value, + text: i18n.translate('xpack.apm.timeComparison.select.dayBefore', { + defaultMessage: 'Day before', + }), + }; + } + case TimeRangeComparisonType.WeekBefore: { + return { + value, + text: i18n.translate('xpack.apm.timeComparison.select.weekBefore', { + defaultMessage: 'Week before', + }), + }; + } + case TimeRangeComparisonType.PeriodBefore: { + const { comparisonStart, comparisonEnd } = getTimeRangeComparison({ + comparisonType: TimeRangeComparisonType.PeriodBefore, + start, + end, + comparisonEnabled: true, + }); - const prevPeriodOption = { - value: TimeRangeComparisonType.PeriodBefore, - text: formatDate({ - dateFormat, - previousPeriodStart: comparisonStart, - previousPeriodEnd: comparisonEnd, - }), - }; + const dateFormat = getDateFormat({ + previousPeriodStart: comparisonStart, + currentPeriodEnd: end, + }); - // above one week or when rangeTo is not "now" - return [prevPeriodOption]; + return { + value, + text: formatDate({ + dateFormat, + previousPeriodStart: comparisonStart, + previousPeriodEnd: comparisonEnd, + }), + }; + } + } + }); } export function TimeComparison() { @@ -140,14 +152,12 @@ export function TimeComparison() { const history = useHistory(); const { isMedium, isLarge } = useBreakPoints(); const { - urlParams: { start, end, comparisonEnabled, comparisonType, rangeTo }, + urlParams: { comparisonEnabled, comparisonType, exactStart, exactEnd }, } = useUrlParams(); - const selectOptions = getSelectOptions({ - start, - end, - rangeTo, - comparisonEnabled, + const comparisonTypes = getComparisonTypes({ + start: exactStart, + end: exactEnd, }); // Sets default values @@ -155,14 +165,18 @@ export function TimeComparison() { urlHelpers.replace(history, { query: { comparisonEnabled: comparisonEnabled === false ? 'false' : 'true', - comparisonType: comparisonType - ? comparisonType - : selectOptions[0].value, + comparisonType: comparisonType ? comparisonType : comparisonTypes[0], }, }); return null; } + const selectOptions = getSelectOptions({ + comparisonTypes, + start: exactStart, + end: exactEnd, + }); + const isSelectedComparisonTypeAvailable = selectOptions.some( ({ value }) => value === comparisonType ); diff --git a/x-pack/plugins/apm/public/context/url_params_context/helpers.test.ts b/x-pack/plugins/apm/public/context/url_params_context/helpers.test.ts index 4de68a5bc20362..784b10b3f3ee1e 100644 --- a/x-pack/plugins/apm/public/context/url_params_context/helpers.test.ts +++ b/x-pack/plugins/apm/public/context/url_params_context/helpers.test.ts @@ -10,6 +10,9 @@ import moment from 'moment-timezone'; import * as helpers from './helpers'; describe('url_params_context helpers', () => { + beforeEach(() => { + jest.restoreAllMocks(); + }); describe('getDateRange', () => { describe('with non-rounded dates', () => { describe('one minute', () => { @@ -23,6 +26,8 @@ describe('url_params_context helpers', () => { ).toEqual({ start: '2021-01-28T05:47:00.000Z', end: '2021-01-28T05:48:55.304Z', + exactStart: '2021-01-28T05:47:52.134Z', + exactEnd: '2021-01-28T05:48:55.304Z', }); }); }); @@ -37,6 +42,8 @@ describe('url_params_context helpers', () => { ).toEqual({ start: '2021-01-27T05:46:00.000Z', end: '2021-01-28T05:46:13.367Z', + exactStart: '2021-01-27T05:46:07.377Z', + exactEnd: '2021-01-28T05:46:13.367Z', }); }); }); @@ -52,6 +59,8 @@ describe('url_params_context helpers', () => { ).toEqual({ start: '2020-01-28T05:52:00.000Z', end: '2021-01-28T05:52:39.741Z', + exactStart: '2020-01-28T05:52:36.290Z', + exactEnd: '2021-01-28T05:52:39.741Z', }); }); }); @@ -66,6 +75,8 @@ describe('url_params_context helpers', () => { rangeTo: 'now', start: '1970-01-01T00:00:00.000Z', end: '1971-01-01T00:00:00.000Z', + exactStart: '1970-01-01T00:00:00.000Z', + exactEnd: '1971-01-01T00:00:00.000Z', }, rangeFrom: 'now-1m', rangeTo: 'now', @@ -73,6 +84,8 @@ describe('url_params_context helpers', () => { ).toEqual({ start: '1970-01-01T00:00:00.000Z', end: '1971-01-01T00:00:00.000Z', + exactStart: '1970-01-01T00:00:00.000Z', + exactEnd: '1971-01-01T00:00:00.000Z', }); }); }); @@ -94,24 +107,37 @@ describe('url_params_context helpers', () => { ).toEqual({ start: '1972-01-01T00:00:00.000Z', end: '1973-01-01T00:00:00.000Z', + exactStart: undefined, + exactEnd: undefined, }); }); }); describe('when the start or end are invalid', () => { it('returns the previous state', () => { + const endDate = moment('2021-06-04T18:03:24.211Z'); + jest + .spyOn(datemath, 'parse') + .mockReturnValueOnce(undefined) + .mockReturnValueOnce(endDate) + .mockReturnValueOnce(undefined) + .mockReturnValueOnce(endDate); expect( helpers.getDateRange({ state: { start: '1972-01-01T00:00:00.000Z', end: '1973-01-01T00:00:00.000Z', + exactStart: '1972-01-01T00:00:00.000Z', + exactEnd: '1973-01-01T00:00:00.000Z', }, rangeFrom: 'nope', rangeTo: 'now', }) ).toEqual({ start: '1972-01-01T00:00:00.000Z', + exactStart: '1972-01-01T00:00:00.000Z', end: '1973-01-01T00:00:00.000Z', + exactEnd: '1973-01-01T00:00:00.000Z', }); }); }); @@ -134,8 +160,38 @@ describe('url_params_context helpers', () => { ).toEqual({ start: '1970-01-01T00:00:00.000Z', end: '1970-01-01T00:00:00.000Z', + exactStart: '1970-01-01T00:00:00.000Z', + exactEnd: '1970-01-01T00:00:00.000Z', }); }); }); }); + + describe('getExactDate', () => { + it('returns date when it is not not relative', () => { + expect(helpers.getExactDate('2021-01-28T05:47:52.134Z')).toEqual( + new Date('2021-01-28T05:47:52.134Z') + ); + }); + + ['s', 'm', 'h', 'd', 'w'].map((roundingOption) => + it(`removes /${roundingOption} rounding option from relative time`, () => { + const spy = jest.spyOn(datemath, 'parse'); + helpers.getExactDate(`now/${roundingOption}`); + expect(spy).toHaveBeenCalledWith('now', {}); + }) + ); + + it('removes rounding option but keeps subtracting time', () => { + const spy = jest.spyOn(datemath, 'parse'); + helpers.getExactDate('now-24h/h'); + expect(spy).toHaveBeenCalledWith('now-24h', {}); + }); + + it('removes rounding option but keeps adding time', () => { + const spy = jest.spyOn(datemath, 'parse'); + helpers.getExactDate('now+15m/h'); + expect(spy).toHaveBeenCalledWith('now+15m', {}); + }); + }); }); diff --git a/x-pack/plugins/apm/public/context/url_params_context/helpers.ts b/x-pack/plugins/apm/public/context/url_params_context/helpers.ts index eae9eba8b3ddad..902456bf4ebc07 100644 --- a/x-pack/plugins/apm/public/context/url_params_context/helpers.ts +++ b/x-pack/plugins/apm/public/context/url_params_context/helpers.ts @@ -19,6 +19,16 @@ function getParsedDate(rawDate?: string, options = {}) { } } +export function getExactDate(rawDate: string) { + const isRelativeDate = rawDate.startsWith('now'); + if (isRelativeDate) { + // remove rounding from relative dates "Today" (now/d) and "This week" (now/w) + const rawDateWithouRounding = rawDate.replace(/\/([smhdw])$/, ''); + return getParsedDate(rawDateWithouRounding); + } + return getParsedDate(rawDate); +} + export function getDateRange({ state, rangeFrom, @@ -30,16 +40,28 @@ export function getDateRange({ }) { // If the previous state had the same range, just return that instead of calculating a new range. if (state.rangeFrom === rangeFrom && state.rangeTo === rangeTo) { - return { start: state.start, end: state.end }; + return { + start: state.start, + end: state.end, + exactStart: state.exactStart, + exactEnd: state.exactEnd, + }; } - const start = getParsedDate(rangeFrom); const end = getParsedDate(rangeTo, { roundUp: true }); + const exactStart = rangeFrom ? getExactDate(rangeFrom) : undefined; + const exactEnd = rangeTo ? getExactDate(rangeTo) : undefined; + // `getParsedDate` will return undefined for invalid or empty dates. We return // the previous state if either date is undefined. if (!start || !end) { - return { start: state.start, end: state.end }; + return { + start: state.start, + end: state.end, + exactStart: state.exactStart, + exactEnd: state.exactEnd, + }; } // rounds down start to minute @@ -48,6 +70,8 @@ export function getDateRange({ return { start: roundedStart.toISOString(), end: end.toISOString(), + exactStart: exactStart?.toISOString(), + exactEnd: exactEnd?.toISOString(), }; } diff --git a/x-pack/plugins/apm/public/context/url_params_context/resolve_url_params.ts b/x-pack/plugins/apm/public/context/url_params_context/resolve_url_params.ts index b6e7330be30cbd..134f65bbf0f405 100644 --- a/x-pack/plugins/apm/public/context/url_params_context/resolve_url_params.ts +++ b/x-pack/plugins/apm/public/context/url_params_context/resolve_url_params.ts @@ -24,7 +24,7 @@ import { IUrlParams } from './types'; type TimeUrlParams = Pick< IUrlParams, - 'start' | 'end' | 'rangeFrom' | 'rangeTo' + 'start' | 'end' | 'rangeFrom' | 'rangeTo' | 'exactStart' | 'exactEnd' >; export function resolveUrlParams(location: Location, state: TimeUrlParams) { diff --git a/x-pack/plugins/apm/public/context/url_params_context/types.ts b/x-pack/plugins/apm/public/context/url_params_context/types.ts index 4332019d1a1c9e..5e9e4bd257b87b 100644 --- a/x-pack/plugins/apm/public/context/url_params_context/types.ts +++ b/x-pack/plugins/apm/public/context/url_params_context/types.ts @@ -17,6 +17,8 @@ export type IUrlParams = { environment?: string; rangeFrom?: string; rangeTo?: string; + exactStart?: string; + exactEnd?: string; refreshInterval?: number; refreshPaused?: boolean; sortDirection?: string; diff --git a/x-pack/plugins/apm/public/context/url_params_context/url_params_context.tsx b/x-pack/plugins/apm/public/context/url_params_context/url_params_context.tsx index 1da57ac10a20c8..f3969745b6ea76 100644 --- a/x-pack/plugins/apm/public/context/url_params_context/url_params_context.tsx +++ b/x-pack/plugins/apm/public/context/url_params_context/url_params_context.tsx @@ -54,7 +54,14 @@ const UrlParamsProvider: React.ComponentClass<{}> = withRouter( ({ location, children }) => { const refUrlParams = useRef(resolveUrlParams(location, {})); - const { start, end, rangeFrom, rangeTo } = refUrlParams.current; + const { + start, + end, + rangeFrom, + rangeTo, + exactStart, + exactEnd, + } = refUrlParams.current; // Counter to force an update in useFetcher when the refresh button is clicked. const [rangeId, setRangeId] = useState(0); @@ -66,8 +73,10 @@ const UrlParamsProvider: React.ComponentClass<{}> = withRouter( end, rangeFrom, rangeTo, + exactStart, + exactEnd, }), - [location, start, end, rangeFrom, rangeTo] + [location, start, end, rangeFrom, rangeTo, exactStart, exactEnd] ); refUrlParams.current = urlParams; diff --git a/x-pack/plugins/apm/server/lib/services/get_service_alerts.ts b/x-pack/plugins/apm/server/lib/services/get_service_alerts.ts index f58452ce4d9160..2141570f521c01 100644 --- a/x-pack/plugins/apm/server/lib/services/get_service_alerts.ts +++ b/x-pack/plugins/apm/server/lib/services/get_service_alerts.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { ALERT_UUID } from '@kbn/rule-data-utils/target/technical_field_names'; +import { EVENT_KIND } from '@kbn/rule-data-utils/target/technical_field_names'; import { RuleDataClient } from '../../../../rule_registry/server'; import { SERVICE_NAME, @@ -36,6 +36,7 @@ export async function getServiceAlerts({ ...rangeQuery(start, end), ...environmentQuery(environment), { term: { [SERVICE_NAME]: serviceName } }, + { term: { [EVENT_KIND]: 'signal' } }, ], should: [ { @@ -64,9 +65,6 @@ export async function getServiceAlerts({ }, size: 100, fields: ['*'], - collapse: { - field: ALERT_UUID, - }, sort: { '@timestamp': 'desc', }, diff --git a/x-pack/plugins/cases/common/ui/types.ts b/x-pack/plugins/cases/common/ui/types.ts index 284f5e706292cc..1dbb633e32adf0 100644 --- a/x-pack/plugins/cases/common/ui/types.ts +++ b/x-pack/plugins/cases/common/ui/types.ts @@ -153,7 +153,7 @@ export interface ActionLicense { export interface DeleteCase { id: string; type: CaseType | null; - title?: string; + title: string; } export interface FieldMappings { diff --git a/x-pack/plugins/cases/public/common/translations.ts b/x-pack/plugins/cases/public/common/translations.ts index 85cfb60b1d6b81..f1bfde4cc44851 100644 --- a/x-pack/plugins/cases/public/common/translations.ts +++ b/x-pack/plugins/cases/public/common/translations.ts @@ -30,13 +30,11 @@ export const CANCEL = i18n.translate('xpack.cases.caseView.cancel', { defaultMessage: 'Cancel', }); -export const DELETE_CASE = i18n.translate('xpack.cases.confirmDeleteCase.deleteCase', { - defaultMessage: 'Delete case', -}); - -export const DELETE_CASES = i18n.translate('xpack.cases.confirmDeleteCase.deleteCases', { - defaultMessage: 'Delete cases', -}); +export const DELETE_CASE = (quantity: number = 1) => + i18n.translate('xpack.cases.confirmDeleteCase.deleteCase', { + values: { quantity }, + defaultMessage: `Delete {quantity, plural, =1 {case} other {cases}}`, + }); export const NAME = i18n.translate('xpack.cases.caseView.name', { defaultMessage: 'Name', diff --git a/x-pack/plugins/cases/public/components/all_cases/actions.tsx b/x-pack/plugins/cases/public/components/all_cases/actions.tsx index 8742b8fea23a42..4820b10308934f 100644 --- a/x-pack/plugins/cases/public/components/all_cases/actions.tsx +++ b/x-pack/plugins/cases/public/components/all_cases/actions.tsx @@ -80,9 +80,9 @@ export const getActions = ({ makeInProgressAction, closeCaseAction, { - description: i18n.DELETE_CASE, + description: i18n.DELETE_CASE(), icon: 'trash', - name: i18n.DELETE_CASE, + name: i18n.DELETE_CASE(), onClick: deleteCaseOnClick, type: 'icon', 'data-test-subj': 'action-delete', diff --git a/x-pack/plugins/cases/public/components/all_cases/columns.tsx b/x-pack/plugins/cases/public/components/all_cases/columns.tsx index 947d405d188cf0..a5a299851d975a 100644 --- a/x-pack/plugins/cases/public/components/all_cases/columns.tsx +++ b/x-pack/plugins/cases/public/components/all_cases/columns.tsx @@ -306,7 +306,6 @@ export const useCasesColumns = ({ diff --git a/x-pack/plugins/cases/public/components/all_cases/utility_bar.tsx b/x-pack/plugins/cases/public/components/all_cases/utility_bar.tsx index d0981c38385e96..a2b4c14c0278a8 100644 --- a/x-pack/plugins/cases/public/components/all_cases/utility_bar.tsx +++ b/x-pack/plugins/cases/public/components/all_cases/utility_bar.tsx @@ -41,12 +41,8 @@ export const CasesTableUtilityBar: FunctionComponent = ({ refreshCases, selectedCases, }) => { - const [deleteBulk, setDeleteBulk] = useState([]); - const [deleteThisCase, setDeleteThisCase] = useState({ - title: '', - id: '', - type: null, - }); + const [deleteCases, setDeleteCases] = useState([]); + // Delete case const { dispatchResetIsDeleted, @@ -86,24 +82,15 @@ export const CasesTableUtilityBar: FunctionComponent = ({ const toggleBulkDeleteModal = useCallback( (cases: Case[]) => { handleToggleModal(); - if (cases.length === 1) { - const singleCase = cases[0]; - if (singleCase) { - return setDeleteThisCase({ - id: singleCase.id, - title: singleCase.title, - type: singleCase.type, - }); - } - } + const convertToDeleteCases: DeleteCase[] = cases.map(({ id, title, type }) => ({ id, title, type, })); - setDeleteBulk(convertToDeleteCases); + setDeleteCases(convertToDeleteCases); }, - [setDeleteBulk, handleToggleModal] + [setDeleteCases, handleToggleModal] ); const handleUpdateCaseStatus = useCallback( @@ -128,6 +115,7 @@ export const CasesTableUtilityBar: FunctionComponent = ({ ), [selectedCases, filterOptions.status, toggleBulkDeleteModal, handleUpdateCaseStatus] ); + return ( @@ -159,14 +147,11 @@ export const CasesTableUtilityBar: FunctionComponent = ({ 0} + caseQuantity={deleteCases.length} onCancel={handleToggleModal} - onConfirm={handleOnDeleteConfirm.bind( - null, - deleteBulk.length > 0 ? deleteBulk : [deleteThisCase] - )} + onConfirm={handleOnDeleteConfirm.bind(null, deleteCases)} /> ); diff --git a/x-pack/plugins/cases/public/components/case_action_bar/actions.tsx b/x-pack/plugins/cases/public/components/case_action_bar/actions.tsx index 922ffd09aaac9d..c2578dc3debdb6 100644 --- a/x-pack/plugins/cases/public/components/case_action_bar/actions.tsx +++ b/x-pack/plugins/cases/public/components/case_action_bar/actions.tsx @@ -41,7 +41,7 @@ const ActionsComponent: React.FC = ({ { disabled, iconType: 'trash', - label: i18n.DELETE_CASE, + label: i18n.DELETE_CASE(), onClick: handleToggleModal, }, ...(currentExternalIncident != null && !isEmpty(currentExternalIncident?.externalUrl) @@ -67,7 +67,6 @@ const ActionsComponent: React.FC = ({ void; onConfirm: () => void; } @@ -20,7 +20,7 @@ interface ConfirmDeleteCaseModalProps { const ConfirmDeleteCaseModalComp: React.FC = ({ caseTitle, isModalVisible, - isPlural, + caseQuantity = 1, onCancel, onConfirm, }) => { @@ -31,20 +31,14 @@ const ConfirmDeleteCaseModalComp: React.FC = ({ - {isPlural ? i18n.CONFIRM_QUESTION_PLURAL : i18n.CONFIRM_QUESTION} + {i18n.CONFIRM_QUESTION(caseQuantity)} ); }; diff --git a/x-pack/plugins/cases/public/components/confirm_delete_case/translations.ts b/x-pack/plugins/cases/public/components/confirm_delete_case/translations.ts index 0400c4c7fef413..f8e4ab2a83a738 100644 --- a/x-pack/plugins/cases/public/components/confirm_delete_case/translations.ts +++ b/x-pack/plugins/cases/public/components/confirm_delete_case/translations.ts @@ -14,23 +14,15 @@ export const DELETE_TITLE = (caseTitle: string) => defaultMessage: 'Delete "{caseTitle}"', }); -export const DELETE_THIS_CASE = (caseTitle: string) => - i18n.translate('xpack.cases.confirmDeleteCase.deleteThisCase', { - defaultMessage: 'Delete this case', +export const DELETE_SELECTED_CASES = (quantity: number, title: string) => + i18n.translate('xpack.cases.confirmDeleteCase.selectedCases', { + values: { quantity, title }, + defaultMessage: 'Delete "{quantity, plural, =1 {{title}} other {Selected {quantity} cases}}"', }); -export const CONFIRM_QUESTION = i18n.translate('xpack.cases.confirmDeleteCase.confirmQuestion', { - defaultMessage: - 'By deleting this case, all related case data will be permanently removed and you will no longer be able to push data to an external incident management system. Are you sure you wish to proceed?', -}); -export const DELETE_SELECTED_CASES = i18n.translate('xpack.cases.confirmDeleteCase.selectedCases', { - defaultMessage: 'Delete selected cases', -}); - -export const CONFIRM_QUESTION_PLURAL = i18n.translate( - 'xpack.cases.confirmDeleteCase.confirmQuestionPlural', - { +export const CONFIRM_QUESTION = (quantity: number) => + i18n.translate('xpack.cases.confirmDeleteCase.confirmQuestion', { + values: { quantity }, defaultMessage: - 'By deleting these cases, all related case data will be permanently removed and you will no longer be able to push data to an external incident management system. Are you sure you wish to proceed?', - } -); + 'By deleting {quantity, plural, =1 {this case} other {these cases}}, all related case data will be permanently removed and you will no longer be able to push data to an external incident management system. Are you sure you wish to proceed?', + }); diff --git a/x-pack/plugins/cases/public/containers/use_delete_cases.test.tsx b/x-pack/plugins/cases/public/containers/use_delete_cases.test.tsx index e86ed0c036974a..691af580b333a8 100644 --- a/x-pack/plugins/cases/public/containers/use_delete_cases.test.tsx +++ b/x-pack/plugins/cases/public/containers/use_delete_cases.test.tsx @@ -17,9 +17,9 @@ jest.mock('../common/lib/kibana'); describe('useDeleteCases', () => { const abortCtrl = new AbortController(); const deleteObj = [ - { id: '1', type: CaseType.individual }, - { id: '2', type: CaseType.individual }, - { id: '3', type: CaseType.individual }, + { id: '1', type: CaseType.individual, title: 'case 1' }, + { id: '2', type: CaseType.individual, title: 'case 2' }, + { id: '3', type: CaseType.individual, title: 'case 3' }, ]; const deleteArr = ['1', '2', '3']; it('init', async () => { diff --git a/x-pack/plugins/enterprise_search/kibana.json b/x-pack/plugins/enterprise_search/kibana.json index a7b29a1e6b457f..f8b4261114a22d 100644 --- a/x-pack/plugins/enterprise_search/kibana.json +++ b/x-pack/plugins/enterprise_search/kibana.json @@ -7,7 +7,7 @@ "optionalPlugins": ["usageCollection", "security", "home", "spaces", "cloud"], "server": true, "ui": true, - "requiredBundles": ["home"], + "requiredBundles": ["home", "kibanaReact"], "owner": { "name": "Enterprise Search", "githubTeam": "enterprise-search-frontend" diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/index.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/index.ts new file mode 100644 index 00000000000000..a7699848831b25 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/index.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { AppSearchPageTemplate } from './page_template'; +export { useAppSearchNav } from './nav'; +export { KibanaHeaderActions } from './kibana_header_actions'; diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.test.tsx new file mode 100644 index 00000000000000..8b06f4b26835d4 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.test.tsx @@ -0,0 +1,107 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { setMockValues } from '../../../__mocks__/kea_logic'; + +jest.mock('../../../shared/layout', () => ({ + generateNavLink: jest.fn(({ to }) => ({ href: to })), +})); + +import { useAppSearchNav } from './nav'; + +describe('useAppSearchNav', () => { + it('always generates a default engines nav item', () => { + setMockValues({ myRole: {} }); + + expect(useAppSearchNav()).toEqual([ + { + id: '', + name: '', + items: [ + { + id: 'engines', + name: 'Engines', + href: '/engines', + items: [], + }, + ], + }, + ]); + }); + + it('generates a settings nav item if the user can view settings', () => { + setMockValues({ myRole: { canViewSettings: true } }); + + expect(useAppSearchNav()).toEqual([ + { + id: '', + name: '', + items: [ + { + id: 'engines', + name: 'Engines', + href: '/engines', + items: [], + }, + { + id: 'settings', + name: 'Settings', + href: '/settings', + }, + ], + }, + ]); + }); + + it('generates a credentials nav item if the user can view credentials', () => { + setMockValues({ myRole: { canViewAccountCredentials: true } }); + + expect(useAppSearchNav()).toEqual([ + { + id: '', + name: '', + items: [ + { + id: 'engines', + name: 'Engines', + href: '/engines', + items: [], + }, + { + id: 'credentials', + name: 'Credentials', + href: '/credentials', + }, + ], + }, + ]); + }); + + it('generates a users & roles nav item if the user can view role mappings', () => { + setMockValues({ myRole: { canViewRoleMappings: true } }); + + expect(useAppSearchNav()).toEqual([ + { + id: '', + name: '', + items: [ + { + id: 'engines', + name: 'Engines', + href: '/engines', + items: [], + }, + { + id: 'usersRoles', + name: 'Users & roles', + href: '/role_mappings', + }, + ], + }, + ]); + }); +}); diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.tsx new file mode 100644 index 00000000000000..57fa740caebec2 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.tsx @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { useValues } from 'kea'; + +import { EuiSideNavItemType } from '@elastic/eui'; + +import { generateNavLink } from '../../../shared/layout'; +import { ROLE_MAPPINGS_TITLE } from '../../../shared/role_mapping/constants'; + +import { AppLogic } from '../../app_logic'; +import { ENGINES_PATH, SETTINGS_PATH, CREDENTIALS_PATH, ROLE_MAPPINGS_PATH } from '../../routes'; +import { CREDENTIALS_TITLE } from '../credentials'; +import { ENGINES_TITLE } from '../engines'; +import { SETTINGS_TITLE } from '../settings'; + +export const useAppSearchNav = () => { + const { + myRole: { canViewSettings, canViewAccountCredentials, canViewRoleMappings }, + } = useValues(AppLogic); + + const navItems: Array> = [ + { + id: 'engines', + name: ENGINES_TITLE, + ...generateNavLink({ to: ENGINES_PATH, isRoot: true }), + items: [], // TODO: Engine nav + }, + ]; + + if (canViewSettings) { + navItems.push({ + id: 'settings', + name: SETTINGS_TITLE, + ...generateNavLink({ to: SETTINGS_PATH }), + }); + } + + if (canViewAccountCredentials) { + navItems.push({ + id: 'credentials', + name: CREDENTIALS_TITLE, + ...generateNavLink({ to: CREDENTIALS_PATH }), + }); + } + + if (canViewRoleMappings) { + navItems.push({ + id: 'usersRoles', + name: ROLE_MAPPINGS_TITLE, + ...generateNavLink({ to: ROLE_MAPPINGS_PATH }), + }); + } + + // Root level items are meant to be section headers, but the AS nav (currently) + // isn't organized this way. So we create a fake empty parent item here + // to cause all our navItems to properly render as nav links. + return [{ id: '', name: '', items: navItems }]; +}; diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/page_template.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/page_template.test.tsx new file mode 100644 index 00000000000000..8f47d5f1c46444 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/page_template.test.tsx @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +jest.mock('./nav', () => ({ + useAppSearchNav: () => [], +})); + +import React from 'react'; + +import { shallow } from 'enzyme'; + +import { SetAppSearchChrome } from '../../../shared/kibana_chrome'; +import { EnterpriseSearchPageTemplate } from '../../../shared/layout'; +import { SendAppSearchTelemetry } from '../../../shared/telemetry'; + +import { AppSearchPageTemplate } from './page_template'; + +describe('AppSearchPageTemplate', () => { + it('renders', () => { + const wrapper = shallow( + +
world
+ + ); + + expect(wrapper.type()).toEqual(EnterpriseSearchPageTemplate); + expect(wrapper.prop('solutionNav')).toEqual({ name: 'App Search', items: [] }); + expect(wrapper.find('.hello').text()).toEqual('world'); + }); + + describe('page chrome', () => { + it('takes a breadcrumb array & renders a product-specific page chrome', () => { + const wrapper = shallow(); + const setPageChrome = wrapper.find(EnterpriseSearchPageTemplate).prop('setPageChrome') as any; + + expect(setPageChrome.type).toEqual(SetAppSearchChrome); + expect(setPageChrome.props.trail).toEqual(['Some page']); + }); + }); + + describe('page telemetry', () => { + it('takes a metric & renders product-specific telemetry viewed event', () => { + const wrapper = shallow(); + + expect(wrapper.find(SendAppSearchTelemetry).prop('action')).toEqual('viewed'); + expect(wrapper.find(SendAppSearchTelemetry).prop('metric')).toEqual('some_page'); + }); + }); + + it('passes down any ...pageTemplateProps that EnterpriseSearchPageTemplate accepts', () => { + const wrapper = shallow( + } + /> + ); + + expect(wrapper.find(EnterpriseSearchPageTemplate).prop('pageHeader')!.pageTitle).toEqual( + 'hello world' + ); + expect(wrapper.find(EnterpriseSearchPageTemplate).prop('isLoading')).toEqual(false); + expect(wrapper.find(EnterpriseSearchPageTemplate).prop('emptyState')).toEqual(
); + }); +}); diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/page_template.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/page_template.tsx new file mode 100644 index 00000000000000..31f2eb3215e05a --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/page_template.tsx @@ -0,0 +1,36 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; + +import { APP_SEARCH_PLUGIN } from '../../../../../common/constants'; +import { SetAppSearchChrome } from '../../../shared/kibana_chrome'; +import { EnterpriseSearchPageTemplate, PageTemplateProps } from '../../../shared/layout'; +import { SendAppSearchTelemetry } from '../../../shared/telemetry'; + +import { useAppSearchNav } from './nav'; + +export const AppSearchPageTemplate: React.FC = ({ + children, + pageChrome, + pageViewTelemetry, + ...pageTemplateProps +}) => { + return ( + } + > + {pageViewTelemetry && } + {children} + + ); +}; diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.test.tsx index d7ce8053c71f02..308022ccb2e5a7 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.test.tsx @@ -12,7 +12,6 @@ import React from 'react'; import { shallow } from 'enzyme'; -import { Loading } from '../../../shared/loading'; import { RoleMappingsTable, RoleMappingsHeading } from '../../../shared/role_mapping'; import { wsRoleMapping } from '../../../shared/role_mapping/__mocks__/roles'; @@ -44,13 +43,6 @@ describe('RoleMappings', () => { expect(wrapper.find(RoleMappingsTable)).toHaveLength(1); }); - it('returns Loading when loading', () => { - setMockValues({ ...mockValues, dataLoading: true }); - const wrapper = shallow(); - - expect(wrapper.find(Loading)).toHaveLength(1); - }); - it('renders RoleMapping flyout', () => { setMockValues({ ...mockValues, roleMappingFlyoutOpen: true }); const wrapper = shallow(); diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.tsx index 78d0a5cbc8638e..db0e6e6dead111 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.tsx @@ -9,11 +9,10 @@ import React, { useEffect } from 'react'; import { useActions, useValues } from 'kea'; -import { FlashMessages } from '../../../shared/flash_messages'; -import { SetAppSearchChrome as SetPageChrome } from '../../../shared/kibana_chrome'; -import { Loading } from '../../../shared/loading'; +import { APP_SEARCH_PLUGIN } from '../../../../../common/constants'; import { RoleMappingsTable, RoleMappingsHeading } from '../../../shared/role_mapping'; import { ROLE_MAPPINGS_TITLE } from '../../../shared/role_mapping/constants'; +import { AppSearchPageTemplate } from '../layout'; import { ROLE_MAPPINGS_ENGINE_ACCESS_HEADING } from './constants'; import { RoleMapping } from './role_mapping'; @@ -38,11 +37,12 @@ export const RoleMappings: React.FC = () => { return resetState; }, []); - if (dataLoading) return ; - const roleMappingsSection = ( - <> - initializeRoleMapping()} /> +
+ initializeRoleMapping()} + /> { shouldShowAuthProvider={multipleAuthProvidersConfig} handleDeleteMapping={handleDeleteMapping} /> - +
); return ( - <> - + {roleMappingFlyoutOpen && } - {roleMappingsSection} - + ); }; diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/index.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/index.tsx index a491efcb234dca..caf0f805e8ca7e 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/index.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/index.tsx @@ -25,7 +25,7 @@ import { EngineNav, EngineRouter } from './components/engine'; import { EngineCreation } from './components/engine_creation'; import { EnginesOverview, ENGINES_TITLE } from './components/engines'; import { ErrorConnecting } from './components/error_connecting'; -import { KibanaHeaderActions } from './components/layout/kibana_header_actions'; +import { KibanaHeaderActions } from './components/layout'; import { Library } from './components/library'; import { MetaEngineCreation } from './components/meta_engine_creation'; import { RoleMappings } from './components/role_mappings'; @@ -92,6 +92,11 @@ export const AppSearchConfigured: React.FC> = (props) = )} + {canViewRoleMappings && ( + + + + )} } readOnlyMode={readOnlyMode}> @@ -110,11 +115,6 @@ export const AppSearchConfigured: React.FC> = (props) = - {canViewRoleMappings && ( - - - - )} {canManageEngines && ( diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/layout/index.ts b/x-pack/plugins/enterprise_search/public/applications/shared/layout/index.ts index 2dd5254cee7f1e..856d483e174a69 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/layout/index.ts +++ b/x-pack/plugins/enterprise_search/public/applications/shared/layout/index.ts @@ -5,5 +5,9 @@ * 2.0. */ +export { EnterpriseSearchPageTemplate, PageTemplateProps } from './page_template'; +export { generateNavLink } from './nav_link_helpers'; + +// TODO: Delete these once KibanaPageTemplate migration is done export { Layout } from './layout'; export { SideNav, SideNavLink, SideNavItem } from './side_nav'; diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav_link_helpers.test.ts b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav_link_helpers.test.ts new file mode 100644 index 00000000000000..b51416ac76ca78 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav_link_helpers.test.ts @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { mockKibanaValues } from '../../__mocks__/kea_logic'; + +jest.mock('../react_router_helpers', () => ({ + generateReactRouterProps: ({ to }: { to: string }) => ({ + href: `/app/enterprise_search${to}`, + onClick: () => mockKibanaValues.navigateToUrl(to), + }), +})); + +import { generateNavLink, getNavLinkActive } from './nav_link_helpers'; + +describe('generateNavLink', () => { + beforeEach(() => { + jest.clearAllMocks(); + mockKibanaValues.history.location.pathname = '/current_page'; + }); + + it('generates React Router props & isSelected (active) state for use within an EuiSideNavItem obj', () => { + const navItem = generateNavLink({ to: '/test' }); + + expect(navItem.href).toEqual('/app/enterprise_search/test'); + + navItem.onClick({} as any); + expect(mockKibanaValues.navigateToUrl).toHaveBeenCalledWith('/test'); + + expect(navItem.isSelected).toEqual(false); + }); + + describe('getNavLinkActive', () => { + it('returns true when the current path matches the link path', () => { + mockKibanaValues.history.location.pathname = '/test'; + const isSelected = getNavLinkActive({ to: '/test' }); + + expect(isSelected).toEqual(true); + }); + + describe('isRoot', () => { + it('returns true if the current path is "/"', () => { + mockKibanaValues.history.location.pathname = '/'; + const isSelected = getNavLinkActive({ to: '/overview', isRoot: true }); + + expect(isSelected).toEqual(true); + }); + }); + + describe('shouldShowActiveForSubroutes', () => { + it('returns true if the current path is a subroute of the passed path', () => { + mockKibanaValues.history.location.pathname = '/hello/world'; + const isSelected = getNavLinkActive({ to: '/hello', shouldShowActiveForSubroutes: true }); + + expect(isSelected).toEqual(true); + }); + + it('returns false if not', () => { + mockKibanaValues.history.location.pathname = '/hello/world'; + const isSelected = getNavLinkActive({ to: '/hello' }); + + expect(isSelected).toEqual(false); + }); + }); + }); +}); diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav_link_helpers.ts b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav_link_helpers.ts new file mode 100644 index 00000000000000..6124636af3f992 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav_link_helpers.ts @@ -0,0 +1,40 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { stripTrailingSlash } from '../../../../common/strip_slashes'; + +import { KibanaLogic } from '../kibana'; +import { generateReactRouterProps, ReactRouterProps } from '../react_router_helpers'; + +interface Params { + to: string; + isRoot?: boolean; + shouldShowActiveForSubroutes?: boolean; +} + +export const generateNavLink = ({ to, ...rest }: Params & ReactRouterProps) => { + return { + ...generateReactRouterProps({ to, ...rest }), + isSelected: getNavLinkActive({ to, ...rest }), + }; +}; + +export const getNavLinkActive = ({ + to, + isRoot = false, + shouldShowActiveForSubroutes = false, +}: Params): boolean => { + const { pathname } = KibanaLogic.values.history.location; + const currentPath = stripTrailingSlash(pathname); + + const isActive = + currentPath === to || + (shouldShowActiveForSubroutes && currentPath.startsWith(to)) || + (isRoot && currentPath === ''); + + return isActive; +}; diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/layout/page_template.scss b/x-pack/plugins/enterprise_search/public/applications/shared/layout/page_template.scss new file mode 100644 index 00000000000000..9ddd68277c9bc9 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/shared/layout/page_template.scss @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +.enterpriseSearchPageTemplate { + position: relative; + + &__content { + // Note: relative positioning is required for our centered Loading component + position: relative; + } +} diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/layout/page_template.test.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/layout/page_template.test.tsx new file mode 100644 index 00000000000000..5b02756e44b524 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/shared/layout/page_template.test.tsx @@ -0,0 +1,213 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { setMockValues } from '../../__mocks__/kea_logic'; + +import React from 'react'; + +import { shallow } from 'enzyme'; + +import { EuiCallOut } from '@elastic/eui'; + +import { KibanaPageTemplate } from '../../../../../../../src/plugins/kibana_react/public'; +import { FlashMessages } from '../flash_messages'; +import { Loading } from '../loading'; + +import { EnterpriseSearchPageTemplate } from './page_template'; + +describe('EnterpriseSearchPageTemplate', () => { + beforeEach(() => { + jest.clearAllMocks(); + setMockValues({ readOnlyMode: false }); + }); + + it('renders', () => { + const wrapper = shallow(); + + expect(wrapper.type()).toEqual(KibanaPageTemplate); + }); + + it('renders children', () => { + const wrapper = shallow( + +
world
+ + ); + + expect(wrapper.find('.hello').text()).toEqual('world'); + }); + + describe('loading state', () => { + it('renders a loading icon in place of children', () => { + const wrapper = shallow( + +
+ + ); + + expect(wrapper.find(Loading).exists()).toBe(true); + expect(wrapper.find('.test').exists()).toBe(false); + }); + + it('renders children & does not render a loading icon when the page is done loading', () => { + const wrapper = shallow( + +
+ + ); + + expect(wrapper.find(Loading).exists()).toBe(false); + expect(wrapper.find('.test').exists()).toBe(true); + }); + }); + + describe('empty state', () => { + it('renders a custom empty state in place of children', () => { + const wrapper = shallow( + Nothing here yet!
} + > +
+ + ); + + expect(wrapper.find('.emptyState').exists()).toBe(true); + expect(wrapper.find('.test').exists()).toBe(false); + + // @see https://github.com/elastic/kibana/blob/master/dev_docs/tutorials/kibana_page_template.mdx#isemptystate + // if you want to use KibanaPageTemplate's `isEmptyState` without a custom emptyState + }); + + it('does not render the custom empty state if the page is not empty', () => { + const wrapper = shallow( + Nothing here yet!
} + > +
+ + ); + + expect(wrapper.find('.emptyState').exists()).toBe(false); + expect(wrapper.find('.test').exists()).toBe(true); + }); + + it('does not render an empty state if the page is still loading', () => { + const wrapper = shallow( + } + /> + ); + + expect(wrapper.find(Loading).exists()).toBe(true); + expect(wrapper.find('.emptyState').exists()).toBe(false); + }); + }); + + describe('read-only mode', () => { + it('renders a callout if in read-only mode', () => { + setMockValues({ readOnlyMode: true }); + const wrapper = shallow(); + + expect(wrapper.find(EuiCallOut).exists()).toBe(true); + }); + + it('does not render a callout if not in read-only mode', () => { + setMockValues({ readOnlyMode: false }); + const wrapper = shallow(); + + expect(wrapper.find(EuiCallOut).exists()).toBe(false); + }); + }); + + describe('flash messages', () => { + it('renders FlashMessages by default', () => { + const wrapper = shallow(); + + expect(wrapper.find(FlashMessages).exists()).toBe(true); + }); + + it('does not render FlashMessages if hidden', () => { + // Example use case: manually showing flash messages in an open flyout or modal + // and not wanting to duplicate flash messages on the overlayed page + const wrapper = shallow(); + + expect(wrapper.find(FlashMessages).exists()).toBe(false); + }); + }); + + describe('page chrome', () => { + const SetPageChrome = () =>
; + + it('renders a product-specific ', () => { + const wrapper = shallow(} />); + + expect(wrapper.find(SetPageChrome).exists()).toBe(true); + }); + + it('invokes page chrome immediately (without waiting for isLoading to be finished)', () => { + const wrapper = shallow( + } isLoading /> + ); + + expect(wrapper.find(SetPageChrome).exists()).toBe(true); + + // This behavior is in contrast to page view telemetry, which is invoked after isLoading finishes + // In addition to the pageHeader prop also changing immediately, this makes navigation feel much snappier + }); + }); + + describe('EuiPageTemplate props', () => { + it('overrides the restrictWidth prop', () => { + const wrapper = shallow(); + + expect(wrapper.find(KibanaPageTemplate).prop('restrictWidth')).toEqual(true); + }); + + it('passes down any ...pageTemplateProps that EuiPageTemplate accepts', () => { + const wrapper = shallow( + + ); + + expect(wrapper.find(KibanaPageTemplate).prop('template')).toEqual('empty'); + expect(wrapper.find(KibanaPageTemplate).prop('paddingSize')).toEqual('s'); + expect(wrapper.find(KibanaPageTemplate).prop('pageHeader')!.pageTitle).toEqual('hello world'); + }); + + it('sets enterpriseSearchPageTemplate classNames while still accepting custom classNames', () => { + const wrapper = shallow( + + ); + + expect(wrapper.find(KibanaPageTemplate).prop('className')).toEqual( + 'enterpriseSearchPageTemplate hello' + ); + expect(wrapper.find(KibanaPageTemplate).prop('pageContentProps')!.className).toEqual( + 'enterpriseSearchPageTemplate__content world' + ); + }); + + it('automatically sets the Enterprise Search logo onto passed solution navs', () => { + const wrapper = shallow( + + ); + + expect(wrapper.find(KibanaPageTemplate).prop('solutionNav')).toEqual({ + icon: 'logoEnterpriseSearch', + name: 'Enterprise Search', + items: [], + }); + }); + }); +}); diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/layout/page_template.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/layout/page_template.tsx new file mode 100644 index 00000000000000..affec119215455 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/shared/layout/page_template.tsx @@ -0,0 +1,97 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; + +import classNames from 'classnames'; +import { useValues } from 'kea'; + +import { EuiCallOut, EuiSpacer } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; + +import { + KibanaPageTemplate, + KibanaPageTemplateProps, +} from '../../../../../../../src/plugins/kibana_react/public'; + +import { FlashMessages } from '../flash_messages'; +import { HttpLogic } from '../http'; +import { BreadcrumbTrail } from '../kibana_chrome/generate_breadcrumbs'; +import { Loading } from '../loading'; + +import './page_template.scss'; + +/* + * EnterpriseSearchPageTemplate is a light wrapper for KibanaPageTemplate (which + * is a light wrapper for EuiPageTemplate). It should contain only concerns shared + * between both AS & WS, which should have their own AppSearchPageTemplate & + * WorkplaceSearchPageTemplate sitting on top of this template (:nesting_dolls:), + * which in turn manages individual product-specific concerns (e.g. side navs, telemetry, etc.) + * + * @see https://github.com/elastic/kibana/tree/master/src/plugins/kibana_react/public/page_template + * @see https://elastic.github.io/eui/#/layout/page + */ + +export type PageTemplateProps = KibanaPageTemplateProps & { + hideFlashMessages?: boolean; + isLoading?: boolean; + emptyState?: React.ReactNode; + setPageChrome?: React.ReactNode; + // Used by product-specific page templates + pageChrome?: BreadcrumbTrail; + pageViewTelemetry?: string; +}; + +export const EnterpriseSearchPageTemplate: React.FC = ({ + children, + className, + hideFlashMessages, + isLoading, + isEmptyState, + emptyState, + setPageChrome, + solutionNav, + ...pageTemplateProps +}) => { + const { readOnlyMode } = useValues(HttpLogic); + const hasCustomEmptyState = !!emptyState; + const showCustomEmptyState = hasCustomEmptyState && isEmptyState; + + return ( + + {setPageChrome} + {readOnlyMode && ( + <> + + + + )} + {!hideFlashMessages && } + {isLoading ? : showCustomEmptyState ? emptyState : children} + + ); +}; diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/eui_components.test.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/eui_components.test.tsx index 7fded20cdd87e6..a04e628e0c4f9c 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/eui_components.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/eui_components.test.tsx @@ -5,22 +5,22 @@ * 2.0. */ -import { mockKibanaValues } from '../../__mocks__/kea_logic'; -import { mockHistory } from '../../__mocks__/react_router'; +jest.mock('./', () => ({ + generateReactRouterProps: ({ to }: { to: string }) => ({ + href: `/app/enterprise_search${to}`, + onClick: () => {}, + }), +})); import React from 'react'; -import { shallow, mount } from 'enzyme'; +import { shallow } from 'enzyme'; import { EuiLink, EuiButton, EuiButtonEmpty, EuiPanel, EuiCard } from '@elastic/eui'; import { EuiLinkTo, EuiButtonTo, EuiButtonEmptyTo, EuiPanelTo, EuiCardTo } from './eui_components'; -describe('EUI & React Router Component Helpers', () => { - beforeEach(() => { - jest.clearAllMocks(); - }); - +describe('React Router EUI component helpers', () => { it('renders an EuiLink', () => { const wrapper = shallow(); @@ -54,64 +54,18 @@ describe('EUI & React Router Component Helpers', () => { }); it('passes down all ...rest props', () => { - const wrapper = shallow(); + const wrapper = shallow(); const link = wrapper.find(EuiLink); expect(link.prop('external')).toEqual(true); - expect(link.prop('data-test-subj')).toEqual('foo'); + expect(link.prop('data-test-subj')).toEqual('test'); }); - it('renders with the correct href and onClick props', () => { - const wrapper = mount(); + it('renders with generated href and onClick props', () => { + const wrapper = shallow(); const link = wrapper.find(EuiLink); expect(link.prop('onClick')).toBeInstanceOf(Function); - expect(link.prop('href')).toEqual('/app/enterprise_search/foo/bar'); - expect(mockHistory.createHref).toHaveBeenCalled(); - }); - - it('renders with the correct non-basenamed href when shouldNotCreateHref is passed', () => { - const wrapper = mount(); - const link = wrapper.find(EuiLink); - - expect(link.prop('href')).toEqual('/foo/bar'); - expect(mockHistory.createHref).not.toHaveBeenCalled(); - }); - - describe('onClick', () => { - it('prevents default navigation and uses React Router history', () => { - const wrapper = mount(); - - const simulatedEvent = { - button: 0, - target: { getAttribute: () => '_self' }, - preventDefault: jest.fn(), - }; - wrapper.find(EuiLink).simulate('click', simulatedEvent); - - expect(simulatedEvent.preventDefault).toHaveBeenCalled(); - expect(mockKibanaValues.navigateToUrl).toHaveBeenCalled(); - }); - - it('does not prevent default browser behavior on new tab/window clicks', () => { - const wrapper = mount(); - - const simulatedEvent = { - shiftKey: true, - target: { getAttribute: () => '_blank' }, - }; - wrapper.find(EuiLink).simulate('click', simulatedEvent); - - expect(mockKibanaValues.navigateToUrl).not.toHaveBeenCalled(); - }); - - it('calls inherited onClick actions in addition to default navigation', () => { - const customOnClick = jest.fn(); // Can be anything from telemetry to a state reset - const wrapper = mount(); - - wrapper.find(EuiLink).simulate('click', { shiftKey: true }); - - expect(customOnClick).toHaveBeenCalled(); - }); + expect(link.prop('href')).toEqual('/app/enterprise_search/hello/world'); }); }); diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/eui_components.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/eui_components.tsx index b9fee9d16273b8..e7eb36f279fc75 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/eui_components.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/eui_components.tsx @@ -7,8 +7,6 @@ import React from 'react'; -import { useValues } from 'kea'; - import { EuiLink, EuiButton, @@ -22,55 +20,10 @@ import { } from '@elastic/eui'; import { EuiPanelProps } from '@elastic/eui/src/components/panel/panel'; -import { HttpLogic } from '../http'; -import { KibanaLogic } from '../kibana'; - -import { letBrowserHandleEvent, createHref } from './'; +import { generateReactRouterProps, ReactRouterProps } from './'; /** - * Generates EUI components with React-Router-ified links - * - * Based off of EUI's recommendations for handling React Router: - * https://github.com/elastic/eui/blob/master/wiki/react-router.md#react-router-51 - */ - -interface ReactRouterProps { - to: string; - onClick?(): void; - // Used to navigate outside of the React Router plugin basename but still within Kibana, - // e.g. if we need to go from Enterprise Search to App Search - shouldNotCreateHref?: boolean; -} - -export const ReactRouterHelper: React.FC = ({ - to, - onClick, - shouldNotCreateHref, - children, -}) => { - const { navigateToUrl, history } = useValues(KibanaLogic); - const { http } = useValues(HttpLogic); - - // Generate the correct link href (with basename etc. accounted for) - const href = createHref(to, { history, http }, { shouldNotCreateHref }); - - const reactRouterLinkClick = (event: React.MouseEvent) => { - if (onClick) onClick(); // Run any passed click events (e.g. telemetry) - if (letBrowserHandleEvent(event)) return; // Return early if the link behavior shouldn't be handled by React Router - - // Prevent regular link behavior, which causes a browser refresh. - event.preventDefault(); - - // Perform SPA navigation. - navigateToUrl(to, { shouldNotCreateHref }); - }; - - const reactRouterProps = { href, onClick: reactRouterLinkClick }; - return React.cloneElement(children as React.ReactElement, reactRouterProps); -}; - -/** - * Component helpers + * Correctly typed component helpers with React-Router-friendly `href` and `onClick` props */ type ReactRouterEuiLinkProps = ReactRouterProps & EuiLinkAnchorProps; @@ -79,11 +32,7 @@ export const EuiLinkTo: React.FC = ({ onClick, shouldNotCreateHref, ...rest -}) => ( - - - -); +}) => ; type ReactRouterEuiButtonProps = ReactRouterProps & EuiButtonProps; export const EuiButtonTo: React.FC = ({ @@ -91,11 +40,7 @@ export const EuiButtonTo: React.FC = ({ onClick, shouldNotCreateHref, ...rest -}) => ( - - - -); +}) => ; type ReactRouterEuiButtonEmptyProps = ReactRouterProps & EuiButtonEmptyProps; export const EuiButtonEmptyTo: React.FC = ({ @@ -104,9 +49,7 @@ export const EuiButtonEmptyTo: React.FC = ({ shouldNotCreateHref, ...rest }) => ( - - - + ); type ReactRouterEuiPanelProps = ReactRouterProps & EuiPanelProps; @@ -115,11 +58,7 @@ export const EuiPanelTo: React.FC = ({ onClick, shouldNotCreateHref, ...rest -}) => ( - - - -); +}) => ; type ReactRouterEuiCardProps = ReactRouterProps & EuiCardProps; export const EuiCardTo: React.FC = ({ @@ -127,8 +66,4 @@ export const EuiCardTo: React.FC = ({ onClick, shouldNotCreateHref, ...rest -}) => ( - - - -); +}) => ; diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/generate_react_router_props.test.ts b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/generate_react_router_props.test.ts new file mode 100644 index 00000000000000..dc8bf28a444071 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/generate_react_router_props.test.ts @@ -0,0 +1,70 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { mockKibanaValues } from '../../__mocks__/kea_logic'; +import { mockHistory } from '../../__mocks__/react_router'; + +import { generateReactRouterProps } from './'; + +describe('generateReactRouterProps', () => { + beforeEach(() => { + jest.clearAllMocks(); + }); + + it('generates React-Router-friendly href and onClick props', () => { + expect(generateReactRouterProps({ to: '/hello/world' })).toEqual({ + href: '/app/enterprise_search/hello/world', + onClick: expect.any(Function), + }); + expect(mockHistory.createHref).toHaveBeenCalled(); + }); + + it('renders with the correct non-basenamed href when shouldNotCreateHref is passed', () => { + expect(generateReactRouterProps({ to: '/hello/world', shouldNotCreateHref: true })).toEqual({ + href: '/hello/world', + onClick: expect.any(Function), + }); + }); + + describe('onClick', () => { + it('prevents default navigation and uses React Router history', () => { + const mockEvent = { + button: 0, + target: { getAttribute: () => '_self' }, + preventDefault: jest.fn(), + } as any; + + const { onClick } = generateReactRouterProps({ to: '/test' }); + onClick(mockEvent); + + expect(mockEvent.preventDefault).toHaveBeenCalled(); + expect(mockKibanaValues.navigateToUrl).toHaveBeenCalled(); + }); + + it('does not prevent default browser behavior on new tab/window clicks', () => { + const mockEvent = { + shiftKey: true, + target: { getAttribute: () => '_blank' }, + } as any; + + const { onClick } = generateReactRouterProps({ to: '/test' }); + onClick(mockEvent); + + expect(mockKibanaValues.navigateToUrl).not.toHaveBeenCalled(); + }); + + it('calls inherited onClick actions in addition to default navigation', () => { + const mockEvent = { preventDefault: jest.fn() } as any; + const customOnClick = jest.fn(); // Can be anything from telemetry to a state reset + + const { onClick } = generateReactRouterProps({ to: '/test', onClick: customOnClick }); + onClick(mockEvent); + + expect(customOnClick).toHaveBeenCalled(); + }); + }); +}); diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/generate_react_router_props.ts b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/generate_react_router_props.ts new file mode 100644 index 00000000000000..d80eca19207bd5 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/generate_react_router_props.ts @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; + +import { HttpLogic } from '../http'; +import { KibanaLogic } from '../kibana'; + +import { letBrowserHandleEvent, createHref } from './'; + +/** + * Generates the `href` and `onClick` props for React-Router-friendly links + * + * Based off of EUI's recommendations for handling React Router: + * https://github.com/elastic/eui/blob/master/wiki/react-router.md#react-router-51 + * + * but separated out from EuiLink portion as we use this for multiple EUI components + */ + +export interface ReactRouterProps { + to: string; + onClick?(): void; + // Used to navigate outside of the React Router plugin basename but still within Kibana, + // e.g. if we need to go from Enterprise Search to App Search + shouldNotCreateHref?: boolean; +} + +export const generateReactRouterProps = ({ + to, + onClick, + shouldNotCreateHref, +}: ReactRouterProps) => { + const { navigateToUrl, history } = KibanaLogic.values; + const { http } = HttpLogic.values; + + // Generate the correct link href (with basename etc. accounted for) + const href = createHref(to, { history, http }, { shouldNotCreateHref }); + + const reactRouterLinkClick = (event: React.MouseEvent) => { + if (onClick) onClick(); // Run any passed click events (e.g. telemetry) + if (letBrowserHandleEvent(event)) return; // Return early if the link behavior shouldn't be handled by React Router + + // Prevent regular link behavior, which causes a browser refresh. + event.preventDefault(); + + // Perform SPA navigation. + navigateToUrl(to, { shouldNotCreateHref }); + }; + + return { href, onClick: reactRouterLinkClick }; +}; diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/index.ts b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/index.ts index 1a73c9c281b21f..17827b02302377 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/index.ts +++ b/x-pack/plugins/enterprise_search/public/applications/shared/react_router_helpers/index.ts @@ -7,4 +7,5 @@ export { letBrowserHandleEvent } from './link_events'; export { createHref, CreateHrefOptions } from './create_href'; +export { generateReactRouterProps, ReactRouterProps } from './generate_react_router_props'; export { EuiLinkTo, EuiButtonTo, EuiButtonEmptyTo, EuiPanelTo, EuiCardTo } from './eui_components'; diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts index 47d481630510e2..9f40844e52470a 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts +++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts @@ -193,7 +193,7 @@ export const ROLE_MAPPINGS_HEADING_DESCRIPTION = (productName: ProductName) => export const ROLE_MAPPINGS_HEADING_DOCS_LINK = i18n.translate( 'xpack.enterpriseSearch.roleMapping.roleMappingsHeadingDocsLink', - { defaultMessage: 'Learn more about role mappings' } + { defaultMessage: 'Learn more about role mappings.' } ); export const ROLE_MAPPINGS_HEADING_BUTTON = i18n.translate( diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_heading.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_heading.tsx index b2143c6ff44028..eee8b180d32819 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_heading.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_heading.tsx @@ -35,7 +35,7 @@ interface Props { const ROLE_MAPPINGS_DOCS_HREF = '#TODO'; export const RoleMappingsHeading: React.FC = ({ productName, onClick }) => ( - <> +
@@ -58,5 +58,5 @@ export const RoleMappingsHeading: React.FC = ({ productName, onClick }) = - +
); diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/types.ts b/x-pack/plugins/enterprise_search/public/applications/shared/types.ts index f450ca556ebe25..67208c63ddf4cc 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/types.ts +++ b/x-pack/plugins/enterprise_search/public/applications/shared/types.ts @@ -5,6 +5,8 @@ * 2.0. */ +import { APP_SEARCH_PLUGIN, WORKPLACE_SEARCH_PLUGIN } from '../../../common/constants'; + import { ADD, UPDATE } from './constants/operations'; export type TOperation = typeof ADD | typeof UPDATE; @@ -36,4 +38,5 @@ export interface RoleMapping { }; } -export type ProductName = 'App Search' | 'Workplace Search'; +const productNames = [APP_SEARCH_PLUGIN.NAME, WORKPLACE_SEARCH_PLUGIN.NAME] as const; +export type ProductName = typeof productNames[number]; diff --git a/x-pack/plugins/enterprise_search/public/applications/test_helpers/get_page_header.tsx b/x-pack/plugins/enterprise_search/public/applications/test_helpers/get_page_header.tsx new file mode 100644 index 00000000000000..6e89274dca5703 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/test_helpers/get_page_header.tsx @@ -0,0 +1,43 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { Fragment } from 'react'; + +import { shallow, ShallowWrapper } from 'enzyme'; + +import { EuiPageHeaderProps } from '@elastic/eui'; + +/* + * Given an AppSearchPageTemplate or WorkplaceSearchPageTemplate, these + * helpers dive into various parts of the EuiPageHeader to make assertions + * slightly less of a pain in shallow renders + */ + +export const getPageHeader = (wrapper: ShallowWrapper) => { + const pageHeader = wrapper.prop('pageHeader') as EuiPageHeaderProps; + return pageHeader || {}; +}; + +export const getPageTitle = (wrapper: ShallowWrapper) => { + return getPageHeader(wrapper).pageTitle; +}; + +export const getPageDescription = (wrapper: ShallowWrapper) => { + return getPageHeader(wrapper).description; +}; + +export const getPageHeaderActions = (wrapper: ShallowWrapper) => { + const actions = getPageHeader(wrapper).rightSideItems || []; + + return shallow( +
+ {actions.map((action: React.ReactNode, i) => ( + {action} + ))} +
+ ); +}; diff --git a/x-pack/plugins/enterprise_search/public/applications/test_helpers/index.ts b/x-pack/plugins/enterprise_search/public/applications/test_helpers/index.ts index e34ff763637b5a..ed5c3f85a888ee 100644 --- a/x-pack/plugins/enterprise_search/public/applications/test_helpers/index.ts +++ b/x-pack/plugins/enterprise_search/public/applications/test_helpers/index.ts @@ -10,6 +10,12 @@ export { mountAsync } from './mount_async'; export { mountWithIntl } from './mount_with_i18n'; export { shallowWithIntl } from './shallow_with_i18n'; export { rerender } from './enzyme_rerender'; +export { + getPageHeader, + getPageTitle, + getPageDescription, + getPageHeaderActions, +} from './get_page_header'; // Misc export { expectedAsyncError } from './expected_async_error'; diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/index.ts b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/index.ts index e1c2a3b76e3ff1..8cdc1336817629 100644 --- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/index.ts +++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/index.ts @@ -5,7 +5,8 @@ * 2.0. */ -export { WorkplaceSearchNav } from './nav'; +export { WorkplaceSearchPageTemplate } from './page_template'; +export { useWorkplaceSearchNav, WorkplaceSearchNav } from './nav'; export { WorkplaceSearchHeaderActions } from './kibana_header_actions'; export { AccountHeader } from './account_header'; export { PersonalDashboardLayout } from './personal_dashboard_layout'; diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.test.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.test.tsx index 8f37f608f4e282..90da5b3163ecfc 100644 --- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.test.tsx @@ -5,7 +5,10 @@ * 2.0. */ -import '../../../__mocks__/enterprise_search_url.mock'; +jest.mock('../../../shared/layout', () => ({ + ...jest.requireActual('../../../shared/layout'), + generateNavLink: jest.fn(({ to }) => ({ href: to })), +})); import React from 'react'; @@ -13,7 +16,55 @@ import { shallow } from 'enzyme'; import { SideNav, SideNavLink } from '../../../shared/layout'; -import { WorkplaceSearchNav } from './'; +import { useWorkplaceSearchNav, WorkplaceSearchNav } from './'; + +describe('useWorkplaceSearchNav', () => { + it('returns an array of top-level Workplace Search nav items', () => { + expect(useWorkplaceSearchNav()).toEqual([ + { + id: '', + name: '', + items: [ + { + id: 'root', + name: 'Overview', + href: '/', + }, + { + id: 'sources', + name: 'Sources', + href: '/sources', + items: [], + }, + { + id: 'groups', + name: 'Groups', + href: '/groups', + items: [], + }, + { + id: 'usersRoles', + name: 'Users & roles', + href: '/role_mappings', + }, + { + id: 'security', + name: 'Security', + href: '/security', + }, + { + id: 'settings', + name: 'Settings', + href: '/settings', + items: [], + }, + ], + }, + ]); + }); +}); + +// TODO: Delete below once fully migrated to KibanaPageTemplate describe('WorkplaceSearchNav', () => { it('renders', () => { diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.tsx index fb3c8556029b25..8e7b13a6218214 100644 --- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.tsx @@ -7,10 +7,10 @@ import React from 'react'; -import { EuiSpacer } from '@elastic/eui'; +import { EuiSideNavItemType, EuiSpacer } from '@elastic/eui'; import { WORKPLACE_SEARCH_PLUGIN } from '../../../../../common/constants'; -import { SideNav, SideNavLink } from '../../../shared/layout'; +import { generateNavLink, SideNav, SideNavLink } from '../../../shared/layout'; import { NAV } from '../../constants'; import { SOURCES_PATH, @@ -20,6 +20,51 @@ import { ORG_SETTINGS_PATH, } from '../../routes'; +export const useWorkplaceSearchNav = () => { + const navItems: Array> = [ + { + id: 'root', + name: NAV.OVERVIEW, + ...generateNavLink({ to: '/', isRoot: true }), + }, + { + id: 'sources', + name: NAV.SOURCES, + ...generateNavLink({ to: SOURCES_PATH }), + items: [], // TODO: Source subnav + }, + { + id: 'groups', + name: NAV.GROUPS, + ...generateNavLink({ to: GROUPS_PATH }), + items: [], // TODO: Group subnav + }, + { + id: 'usersRoles', + name: NAV.ROLE_MAPPINGS, + ...generateNavLink({ to: ROLE_MAPPINGS_PATH }), + }, + { + id: 'security', + name: NAV.SECURITY, + ...generateNavLink({ to: SECURITY_PATH }), + }, + { + id: 'settings', + name: NAV.SETTINGS, + ...generateNavLink({ to: ORG_SETTINGS_PATH }), + items: [], // TODO: Settings subnav + }, + ]; + + // Root level items are meant to be section headers, but the WS nav (currently) + // isn't organized this way. So we crate a fake empty parent item here + // to cause all our navItems to properly render as nav links. + return [{ id: '', name: '', items: navItems }]; +}; + +// TODO: Delete below once fully migrated to KibanaPageTemplate + interface Props { sourcesSubNav?: React.ReactNode; groupsSubNav?: React.ReactNode; diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/page_template.test.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/page_template.test.tsx new file mode 100644 index 00000000000000..622fddc449ca7d --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/page_template.test.tsx @@ -0,0 +1,79 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +jest.mock('./nav', () => ({ + useWorkplaceSearchNav: () => [], +})); + +import React from 'react'; + +import { shallow } from 'enzyme'; + +import { SetWorkplaceSearchChrome } from '../../../shared/kibana_chrome'; +import { EnterpriseSearchPageTemplate } from '../../../shared/layout'; +import { SendWorkplaceSearchTelemetry } from '../../../shared/telemetry'; + +import { WorkplaceSearchPageTemplate } from './page_template'; + +describe('WorkplaceSearchPageTemplate', () => { + it('renders', () => { + const wrapper = shallow( + +
world
+ + ); + + expect(wrapper.type()).toEqual(EnterpriseSearchPageTemplate); + expect(wrapper.prop('solutionNav')).toEqual({ name: 'Workplace Search', items: [] }); + expect(wrapper.find('.hello').text()).toEqual('world'); + }); + + describe('page chrome', () => { + it('takes a breadcrumb array & renders a product-specific page chrome', () => { + const wrapper = shallow(); + const setPageChrome = wrapper.find(EnterpriseSearchPageTemplate).prop('setPageChrome') as any; + + expect(setPageChrome.type).toEqual(SetWorkplaceSearchChrome); + expect(setPageChrome.props.trail).toEqual(['Some page']); + }); + }); + + describe('page telemetry', () => { + it('takes a metric & renders product-specific telemetry viewed event', () => { + const wrapper = shallow(); + + expect(wrapper.find(SendWorkplaceSearchTelemetry).prop('action')).toEqual('viewed'); + expect(wrapper.find(SendWorkplaceSearchTelemetry).prop('metric')).toEqual('some_page'); + }); + }); + + describe('props', () => { + it('allows overriding the restrictWidth default', () => { + const wrapper = shallow(); + expect(wrapper.find(EnterpriseSearchPageTemplate).prop('restrictWidth')).toEqual(true); + + wrapper.setProps({ restrictWidth: false }); + expect(wrapper.find(EnterpriseSearchPageTemplate).prop('restrictWidth')).toEqual(false); + }); + + it('passes down any ...pageTemplateProps that EnterpriseSearchPageTemplate accepts', () => { + const wrapper = shallow( + } + /> + ); + + expect(wrapper.find(EnterpriseSearchPageTemplate).prop('pageHeader')!.pageTitle).toEqual( + 'hello world' + ); + expect(wrapper.find(EnterpriseSearchPageTemplate).prop('isLoading')).toEqual(false); + expect(wrapper.find(EnterpriseSearchPageTemplate).prop('emptyState')).toEqual(
); + }); + }); +}); diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/page_template.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/page_template.tsx new file mode 100644 index 00000000000000..4a6e0d9c6e2ddc --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/page_template.tsx @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; + +import { WORKPLACE_SEARCH_PLUGIN } from '../../../../../common/constants'; +import { SetWorkplaceSearchChrome } from '../../../shared/kibana_chrome'; +import { EnterpriseSearchPageTemplate, PageTemplateProps } from '../../../shared/layout'; +import { SendWorkplaceSearchTelemetry } from '../../../shared/telemetry'; + +import { useWorkplaceSearchNav } from './nav'; + +export const WorkplaceSearchPageTemplate: React.FC = ({ + children, + pageChrome, + pageViewTelemetry, + ...pageTemplateProps +}) => { + return ( + } + > + {pageViewTelemetry && ( + + )} + {children} + + ); +}; diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/index.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/index.tsx index 7e911b31c516b7..dd263c3bd69f5d 100644 --- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/index.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/index.tsx @@ -141,9 +141,7 @@ export const WorkplaceSearchConfigured: React.FC = (props) => { - } restrictWidth readOnlyMode={readOnlyMode}> - - + } restrictWidth readOnlyMode={readOnlyMode}> diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.test.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.test.tsx index d7ce8053c71f02..308022ccb2e5a7 100644 --- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.test.tsx @@ -12,7 +12,6 @@ import React from 'react'; import { shallow } from 'enzyme'; -import { Loading } from '../../../shared/loading'; import { RoleMappingsTable, RoleMappingsHeading } from '../../../shared/role_mapping'; import { wsRoleMapping } from '../../../shared/role_mapping/__mocks__/roles'; @@ -44,13 +43,6 @@ describe('RoleMappings', () => { expect(wrapper.find(RoleMappingsTable)).toHaveLength(1); }); - it('returns Loading when loading', () => { - setMockValues({ ...mockValues, dataLoading: true }); - const wrapper = shallow(); - - expect(wrapper.find(Loading)).toHaveLength(1); - }); - it('renders RoleMapping flyout', () => { setMockValues({ ...mockValues, roleMappingFlyoutOpen: true }); const wrapper = shallow(); diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.tsx index 46c426c3dad2a5..b153d012241939 100644 --- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.tsx @@ -9,11 +9,10 @@ import React, { useEffect } from 'react'; import { useActions, useValues } from 'kea'; -import { FlashMessages } from '../../../shared/flash_messages'; -import { SetWorkplaceSearchChrome as SetPageChrome } from '../../../shared/kibana_chrome'; -import { Loading } from '../../../shared/loading'; +import { WORKPLACE_SEARCH_PLUGIN } from '../../../../../common/constants'; import { RoleMappingsTable, RoleMappingsHeading } from '../../../shared/role_mapping'; import { ROLE_MAPPINGS_TITLE } from '../../../shared/role_mapping/constants'; +import { WorkplaceSearchPageTemplate } from '../../components/layout'; import { ROLE_MAPPINGS_TABLE_HEADER } from './constants'; @@ -36,11 +35,12 @@ export const RoleMappings: React.FC = () => { initializeRoleMappings(); }, []); - if (dataLoading) return ; - const roleMappingsSection = ( - <> - initializeRoleMapping()} /> +
+ initializeRoleMapping()} + /> { initializeRoleMapping={initializeRoleMapping} handleDeleteMapping={handleDeleteMapping} /> - +
); return ( - <> - + {roleMappingFlyoutOpen && } - {roleMappingsSection} - + ); }; diff --git a/x-pack/plugins/fleet/kibana.json b/x-pack/plugins/fleet/kibana.json index 4a4019e3e9e47f..ca1407be2008a1 100644 --- a/x-pack/plugins/fleet/kibana.json +++ b/x-pack/plugins/fleet/kibana.json @@ -4,14 +4,8 @@ "server": true, "ui": true, "configPath": ["xpack", "fleet"], - "requiredPlugins": ["licensing", "data", "encryptedSavedObjects"], - "optionalPlugins": [ - "security", - "features", - "cloud", - "usageCollection", - "home" - ], + "requiredPlugins": ["licensing", "data", "encryptedSavedObjects", "navigation"], + "optionalPlugins": ["security", "features", "cloud", "usageCollection", "home"], "extraPublicDirs": ["common"], "requiredBundles": ["kibanaReact", "esUiShared", "home", "infra", "kibanaUtils"] } diff --git a/x-pack/plugins/fleet/public/applications/fleet/app.tsx b/x-pack/plugins/fleet/public/applications/fleet/app.tsx index 1398e121c68700..1072a6b66419eb 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/app.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/app.tsx @@ -7,7 +7,7 @@ import React, { memo, useEffect, useState } from 'react'; import type { AppMountParameters } from 'kibana/public'; -import { EuiCode, EuiEmptyPrompt, EuiErrorBoundary, EuiPanel } from '@elastic/eui'; +import { EuiCode, EuiEmptyPrompt, EuiErrorBoundary, EuiPanel, EuiPortal } from '@elastic/eui'; import type { History } from 'history'; import { createHashHistory } from 'history'; import { Router, Redirect, Route, Switch } from 'react-router-dom'; @@ -16,11 +16,13 @@ import { i18n } from '@kbn/i18n'; import styled from 'styled-components'; import useObservable from 'react-use/lib/useObservable'; +import type { TopNavMenuData } from 'src/plugins/navigation/public'; + import type { FleetConfigType, FleetStartServices } from '../../plugin'; import { KibanaContextProvider } from '../../../../../../src/plugins/kibana_react/public'; import { EuiThemeProvider } from '../../../../../../src/plugins/kibana_react/common'; -import { PackageInstallProvider } from '../integrations/hooks'; +import { PackageInstallProvider, useUrlModal } from '../integrations/hooks'; import { ConfigContext, @@ -30,25 +32,25 @@ import { sendGetPermissionsCheck, sendSetup, useBreadcrumbs, - useConfig, useStartServices, UIExtensionsContext, } from './hooks'; -import { Error, Loading } from './components'; +import { Error, Loading, SettingFlyout } from './components'; import type { UIExtensionsStorage } from './types'; import { FLEET_ROUTING_PATHS } from './constants'; import { DefaultLayout, WithoutHeaderLayout } from './layouts'; import { AgentPolicyApp } from './sections/agent_policy'; import { DataStreamApp } from './sections/data_stream'; -import { FleetApp } from './sections/agents'; -import { IngestManagerOverview } from './sections/overview'; -import { ProtectedRoute } from './index'; +import { AgentsApp } from './sections/agents'; import { CreatePackagePolicyPage } from './sections/agent_policy/create_package_policy_page'; +import { EnrollmentTokenListPage } from './sections/agents/enrollment_token_list_page'; + +const FEEDBACK_URL = 'https://ela.st/fleet-feedback'; const ErrorLayout = ({ children }: { children: JSX.Element }) => ( - + {children} @@ -233,37 +235,82 @@ export const FleetAppContext: React.FC<{ } ); -export const AppRoutes = memo(() => { - const { agents } = useConfig(); +const FleetTopNav = memo( + ({ setHeaderActionMenu }: { setHeaderActionMenu: AppMountParameters['setHeaderActionMenu'] }) => { + const { getModalHref } = useUrlModal(); + const services = useStartServices(); - return ( - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ); -}); + const { TopNavMenu } = services.navigation.ui; + + const topNavConfig: TopNavMenuData[] = [ + { + label: i18n.translate('xpack.fleet.appNavigation.sendFeedbackButton', { + defaultMessage: 'Send Feedback', + }), + iconType: 'popout', + run: () => window.open(FEEDBACK_URL), + }, + + { + label: i18n.translate('xpack.fleet.appNavigation.settingsButton', { + defaultMessage: 'Fleet settings', + }), + iconType: 'gear', + run: () => (window.location.href = getModalHref('settings')), + }, + ]; + return ( + + ); + } +); + +export const AppRoutes = memo( + ({ setHeaderActionMenu }: { setHeaderActionMenu: AppMountParameters['setHeaderActionMenu'] }) => { + const { modal, setModal } = useUrlModal(); + + return ( + <> + + + {modal === 'settings' && ( + + { + setModal(null); + }} + /> + + )} + + + + + + + + + + + + + + + + {/* TODO: Move this route to the Integrations app */} + + + + + + + + + + ); + } +); diff --git a/x-pack/plugins/fleet/public/applications/fleet/hooks/use_breadcrumbs.tsx b/x-pack/plugins/fleet/public/applications/fleet/hooks/use_breadcrumbs.tsx index fd980475dc9194..254885ea71b1e4 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/hooks/use_breadcrumbs.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/hooks/use_breadcrumbs.tsx @@ -20,7 +20,7 @@ interface AdditionalBreadcrumbOptions { type Breadcrumb = ChromeBreadcrumb & Partial; const BASE_BREADCRUMB: Breadcrumb = { - href: pagePathGetters.overview()[1], + href: pagePathGetters.base()[1], text: i18n.translate('xpack.fleet.breadcrumbs.appTitle', { defaultMessage: 'Fleet', }), @@ -38,15 +38,6 @@ const breadcrumbGetters: { [key in Page]?: (values: DynamicPagePathValues) => Breadcrumb[]; } = { base: () => [BASE_BREADCRUMB], - overview: () => [ - BASE_BREADCRUMB, - { - text: i18n.translate('xpack.fleet.breadcrumbs.overviewPageTitle', { - defaultMessage: 'Overview', - }), - }, - ], - policies: () => [ BASE_BREADCRUMB, { @@ -122,15 +113,7 @@ const breadcrumbGetters: { }), }, ], - fleet: () => [ - BASE_BREADCRUMB, - { - text: i18n.translate('xpack.fleet.breadcrumbs.agentsPageTitle', { - defaultMessage: 'Agents', - }), - }, - ], - fleet_agent_list: () => [ + agent_list: () => [ BASE_BREADCRUMB, { text: i18n.translate('xpack.fleet.breadcrumbs.agentsPageTitle', { @@ -138,24 +121,18 @@ const breadcrumbGetters: { }), }, ], - fleet_agent_details: ({ agentHost }) => [ + agent_details: ({ agentHost }) => [ BASE_BREADCRUMB, { - href: pagePathGetters.fleet()[1], + href: pagePathGetters.agent_list({})[1], text: i18n.translate('xpack.fleet.breadcrumbs.agentsPageTitle', { defaultMessage: 'Agents', }), }, { text: agentHost }, ], - fleet_enrollment_tokens: () => [ + enrollment_tokens: () => [ BASE_BREADCRUMB, - { - href: pagePathGetters.fleet()[1], - text: i18n.translate('xpack.fleet.breadcrumbs.agentsPageTitle', { - defaultMessage: 'Agents', - }), - }, { text: i18n.translate('xpack.fleet.breadcrumbs.enrollmentTokensPageTitle', { defaultMessage: 'Enrollment tokens', diff --git a/x-pack/plugins/fleet/public/applications/fleet/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/index.tsx index 7d31fb31b36a43..8942c13a0a69db 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/index.tsx @@ -37,6 +37,7 @@ interface FleetAppProps { history: AppMountParameters['history']; kibanaVersion: string; extensions: UIExtensionsStorage; + setHeaderActionMenu: AppMountParameters['setHeaderActionMenu']; } const FleetApp = ({ basepath, @@ -45,6 +46,7 @@ const FleetApp = ({ history, kibanaVersion, extensions, + setHeaderActionMenu, }: FleetAppProps) => { return ( - + ); @@ -64,7 +66,7 @@ const FleetApp = ({ export function renderApp( startServices: FleetStartServices, - { element, appBasePath, history }: AppMountParameters, + { element, appBasePath, history, setHeaderActionMenu }: AppMountParameters, config: FleetConfigType, kibanaVersion: string, extensions: UIExtensionsStorage @@ -77,6 +79,7 @@ export function renderApp( history={history} kibanaVersion={kibanaVersion} extensions={extensions} + setHeaderActionMenu={setHeaderActionMenu} />, element ); diff --git a/x-pack/plugins/fleet/public/applications/fleet/layouts/default.tsx b/x-pack/plugins/fleet/public/applications/fleet/layouts/default.tsx index d707fd162ae020..f312ff374d792c 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/layouts/default.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/layouts/default.tsx @@ -6,145 +6,98 @@ */ import React from 'react'; -import styled from 'styled-components'; -import { - EuiTabs, - EuiTab, - EuiFlexGroup, - EuiFlexItem, - EuiButtonEmpty, - EuiPortal, -} from '@elastic/eui'; +import { EuiText, EuiFlexGroup, EuiFlexItem, EuiTitle } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import type { Section } from '../sections'; -import { SettingFlyout } from '../components'; -import { useLink, useConfig, useUrlModal } from '../hooks'; +import { useLink, useConfig } from '../hooks'; +import { WithHeaderLayout } from '../../../layouts'; interface Props { - showNav?: boolean; - showSettings?: boolean; section?: Section; children?: React.ReactNode; } -const Container = styled.div` - min-height: calc( - 100vh - ${(props) => parseFloat(props.theme.eui.euiHeaderHeightCompensation) * 2}px - ); - background: ${(props) => props.theme.eui.euiColorEmptyShade}; - display: flex; - flex-direction: column; -`; - -const Wrapper = styled.div` - display: flex; - flex-direction: column; - flex: 1; -`; - -const Nav = styled.nav` - background: ${(props) => props.theme.eui.euiColorEmptyShade}; - border-bottom: ${(props) => props.theme.eui.euiBorderThin}; - padding: ${(props) => - `${props.theme.eui.euiSize} ${props.theme.eui.euiSizeL} ${props.theme.eui.euiSize} ${props.theme.eui.euiSizeL}`}; - .euiTabs { - padding-left: 3px; - margin-left: -3px; - } -`; - -export const DefaultLayout: React.FunctionComponent = ({ - showNav = true, - showSettings = true, - section, - children, -}) => { +export const DefaultLayout: React.FunctionComponent = ({ section, children }) => { const { getHref } = useLink(); const { agents } = useConfig(); - const { modal, setModal, getModalHref } = useUrlModal(); return ( - <> - {modal === 'settings' && ( - - { - setModal(null); - }} - /> - - )} - - - - {showNav ? ( - - ) : null} - {children} - - - + + + + + +

+ +

+ + + + + + +

+ +

+ + + + } + tabs={[ + { + name: ( + + ), + isSelected: section === 'agents', + href: getHref('agent_list'), + disabled: !agents?.enabled, + 'data-test-subj': 'fleet-agents-tab', + }, + { + name: ( + + ), + isSelected: section === 'agent_policies', + href: getHref('policies_list'), + 'data-test-subj': 'fleet-agent-policies-tab', + }, + { + name: ( + + ), + isSelected: section === 'enrollment_tokens', + href: getHref('enrollment_tokens'), + 'data-test-subj': 'fleet-enrollment-tokens-tab', + }, + { + name: ( + + ), + isSelected: section === 'data_streams', + href: getHref('data_streams'), + 'data-test-subj': 'fleet-datastreams-tab', + }, + ]} + > + {children} + ); }; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/index.tsx index c0ec811ce2bcd5..d8db44e28e4af9 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/index.tsx @@ -11,6 +11,8 @@ import { HashRouter as Router, Switch, Route } from 'react-router-dom'; import { FLEET_ROUTING_PATHS } from '../../constants'; import { useBreadcrumbs } from '../../hooks'; +import { DefaultLayout } from '../../layouts'; + import { AgentPolicyListPage } from './list_page'; import { AgentPolicyDetailsPage } from './details_page'; import { CreatePackagePolicyPage } from './create_package_policy_page'; @@ -32,7 +34,9 @@ export const AgentPolicyApp: React.FunctionComponent = () => { - + + + diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/list_page/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/list_page/index.tsx index 48b9118d115666..10859e32f00805 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/list_page/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/list_page/index.tsx @@ -9,7 +9,6 @@ import React, { useCallback, useMemo, useState } from 'react'; import type { EuiTableActionsColumnType, EuiTableFieldDataColumnType } from '@elastic/eui'; import { EuiSpacer, - EuiText, EuiFlexGroup, EuiFlexItem, EuiButton, @@ -25,7 +24,6 @@ import { useHistory } from 'react-router-dom'; import type { AgentPolicy } from '../../../types'; import { AGENT_POLICY_SAVED_OBJECT_TYPE } from '../../../constants'; -import { WithHeaderLayout } from '../../../layouts'; import { useCapabilities, useGetAgentPolicies, @@ -41,37 +39,6 @@ import { LinkedAgentCount, AgentPolicyActionMenu } from '../components'; import { CreateAgentPolicyFlyout } from './components'; -const AgentPolicyListPageLayout: React.FunctionComponent = ({ children }) => ( - - - -

- -

- - - - -

- -

- - - - } - > - {children} - -); - export const AgentPolicyListPage: React.FunctionComponent<{}> = () => { useBreadcrumbs('policies_list'); const { getPath } = useLink(); @@ -246,7 +213,7 @@ export const AgentPolicyListPage: React.FunctionComponent<{}> = () => { }; return ( - + <> {isCreateAgentPolicyFlyoutOpen ? ( { @@ -322,6 +289,6 @@ export const AgentPolicyListPage: React.FunctionComponent<{}> = () => { sorting={{ sort: sorting }} onChange={onTableChange} /> - + ); }; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_details/agent_details_integrations.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_details/agent_details_integrations.tsx index 6e0206603a458e..a599d726cedefe 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_details/agent_details_integrations.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_details/agent_details_integrations.tsx @@ -101,7 +101,7 @@ export const AgentDetailsIntegration: React.FunctionComponent<{ })} > { () => ( - + { name: i18n.translate('xpack.fleet.agentDetails.subTabs.detailsTab', { defaultMessage: 'Agent details', }), - href: getHref('fleet_agent_details', { agentId, tabId: 'details' }), + href: getHref('agent_details', { agentId, tabId: 'details' }), isSelected: !tabId || tabId === 'details', }, { @@ -240,7 +235,7 @@ export const AgentDetailsPage: React.FunctionComponent = () => { name: i18n.translate('xpack.fleet.agentDetails.subTabs.logsTab', { defaultMessage: 'Logs', }), - href: getHref('fleet_agent_details', { agentId, tabId: 'logs' }), + href: getHref('agent_details_logs', { agentId, tabId: 'logs' }), isSelected: tabId === 'logs', }, ]; @@ -299,7 +294,7 @@ const AgentDetailsPageContent: React.FunctionComponent<{ agent: Agent; agentPolicy?: AgentPolicy; }> = ({ agent, agentPolicy }) => { - useBreadcrumbs('fleet_agent_details', { + useBreadcrumbs('agent_list', { agentHost: typeof agent.local_metadata.host === 'object' && typeof agent.local_metadata.host.hostname === 'string' @@ -309,13 +304,13 @@ const AgentDetailsPageContent: React.FunctionComponent<{ return ( { return ; }} /> { return ; }} diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx index 1beaf437ceb0e9..1d7b44ceefb7c6 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx @@ -7,18 +7,20 @@ import React, { useState } from 'react'; import { + EuiButton, EuiFilterButton, EuiFilterGroup, EuiFilterSelectItem, EuiFlexGroup, EuiFlexItem, EuiPopover, + EuiPortal, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; import type { AgentPolicy } from '../../../../types'; -import { SearchBar } from '../../../../components'; +import { AgentEnrollmentFlyout, SearchBar } from '../../../../components'; import { AGENTS_INDEX } from '../../../../constants'; const statusFilters = [ @@ -77,6 +79,8 @@ export const SearchAndFilterBar: React.FunctionComponent<{ showUpgradeable, onShowUpgradeableChange, }) => { + const [isEnrollmentFlyoutOpen, setIsEnrollmentFlyoutOpen] = useState(false); + // Policies state for filtering const [isAgentPoliciesFilterOpen, setIsAgentPoliciesFilterOpen] = useState(false); @@ -97,6 +101,15 @@ export const SearchAndFilterBar: React.FunctionComponent<{ return ( <> + {isEnrollmentFlyoutOpen ? ( + + setIsEnrollmentFlyoutOpen(false)} + /> + + ) : null} + {/* Search and filter bar */} @@ -207,6 +220,15 @@ export const SearchAndFilterBar: React.FunctionComponent<{ + + setIsEnrollmentFlyoutOpen(true)} + > + + + diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/index.tsx index 672b8718c9cbe7..431c4da3efb5b2 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/index.tsx @@ -73,7 +73,7 @@ const RowActions = React.memo<{ const menuItems = [ @@ -146,7 +146,7 @@ function safeMetadata(val: any) { export const AgentListPage: React.FunctionComponent<{}> = () => { const { notifications } = useStartServices(); - useBreadcrumbs('fleet_agent_list'); + useBreadcrumbs('agent_list'); const { getHref } = useLink(); const defaultKuery: string = (useUrlParams().urlParams.kuery as string) || ''; const hasWriteCapabilites = useCapabilities().write; @@ -358,7 +358,7 @@ export const AgentListPage: React.FunctionComponent<{}> = () => { defaultMessage: 'Host', }), render: (host: string, agent: Agent) => ( - + {safeMetadata(host)} ), diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/list_layout.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/list_layout.tsx deleted file mode 100644 index 67758282521b79..00000000000000 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/list_layout.tsx +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { FormattedMessage } from '@kbn/i18n/react'; -import { EuiText, EuiFlexGroup, EuiFlexItem, EuiButton, EuiPortal } from '@elastic/eui'; -import type { Props as EuiTabProps } from '@elastic/eui/src/components/tabs/tab'; -import { useRouteMatch } from 'react-router-dom'; - -import { FLEET_ROUTING_PATHS } from '../../../constants'; -import { WithHeaderLayout } from '../../../layouts'; -import { useCapabilities, useLink, useGetAgentPolicies } from '../../../hooks'; -import { AgentEnrollmentFlyout } from '../../../components'; - -export const ListLayout: React.FunctionComponent<{}> = ({ children }) => { - const { getHref } = useLink(); - const hasWriteCapabilites = useCapabilities().write; - - // Agent enrollment flyout state - const [isEnrollmentFlyoutOpen, setIsEnrollmentFlyoutOpen] = React.useState(false); - - const headerRightColumn = hasWriteCapabilites ? ( - - - setIsEnrollmentFlyoutOpen(true)}> - - - - - ) : undefined; - const headerLeftColumn = ( - - - -

- -

- - - - -

- -

- - - - ); - - const agentPoliciesRequest = useGetAgentPolicies({ - page: 1, - perPage: 1000, - }); - - const agentPolicies = agentPoliciesRequest.data ? agentPoliciesRequest.data.items : []; - - const routeMatch = useRouteMatch(); - - return ( - , - isSelected: routeMatch.path === FLEET_ROUTING_PATHS.fleet_agent_list, - href: getHref('fleet_agent_list'), - }, - { - name: ( - - ), - isSelected: routeMatch.path === FLEET_ROUTING_PATHS.fleet_enrollment_tokens, - href: getHref('fleet_enrollment_tokens'), - }, - ] as unknown) as EuiTabProps[] - } - > - {isEnrollmentFlyoutOpen ? ( - - setIsEnrollmentFlyoutOpen(false)} - /> - - ) : null} - {children} - - ); -}; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/enrollment_token_list_page/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/enrollment_token_list_page/index.tsx index 8dc9ad33962e0d..666d0887fe5103 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/enrollment_token_list_page/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/enrollment_token_list_page/index.tsx @@ -34,6 +34,7 @@ import { } from '../../../hooks'; import type { EnrollmentAPIKey, GetAgentPoliciesResponseItem } from '../../../types'; import { SearchBar } from '../../../components/search_bar'; +import { DefaultLayout } from '../../../layouts'; import { ConfirmEnrollmentTokenDelete } from './components/confirm_delete_modal'; @@ -155,7 +156,7 @@ const DeleteButton: React.FunctionComponent<{ apiKey: EnrollmentAPIKey; refresh: }; export const EnrollmentTokenListPage: React.FunctionComponent<{}> = () => { - useBreadcrumbs('fleet_enrollment_tokens'); + useBreadcrumbs('enrollment_tokens'); const [isModalOpen, setModalOpen] = useState(false); const [search, setSearch] = useState(''); const { pagination, setPagination, pageSizeOptions } = usePagination(); @@ -269,7 +270,7 @@ export const EnrollmentTokenListPage: React.FunctionComponent<{}> = () => { ]; return ( - <> + {isModalOpen && ( = () => { setPagination(newPagination); }} /> - + ); }; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/index.tsx index dcb33e7662dc45..79b19b443cca14 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/index.tsx @@ -7,7 +7,7 @@ import React, { useCallback, useEffect, useState } from 'react'; import { FormattedMessage } from '@kbn/i18n/react'; -import { HashRouter as Router, Route, Switch, Redirect } from 'react-router-dom'; +import { HashRouter as Router, Route, Switch } from 'react-router-dom'; import { FLEET_ROUTING_PATHS } from '../../constants'; import { Loading, Error } from '../../components'; @@ -18,20 +18,18 @@ import { useCapabilities, useGetSettings, } from '../../hooks'; -import { WithoutHeaderLayout } from '../../layouts'; +import { DefaultLayout, WithoutHeaderLayout } from '../../layouts'; import { AgentListPage } from './agent_list_page'; import { FleetServerRequirementPage, MissingESRequirementsPage } from './agent_requirements_page'; import { AgentDetailsPage } from './agent_details_page'; import { NoAccessPage } from './error_pages/no_access'; -import { EnrollmentTokenListPage } from './enrollment_token_list_page'; -import { ListLayout } from './components/list_layout'; import { FleetServerUpgradeModal } from './components/fleet_server_upgrade_modal'; const REFRESH_INTERVAL_MS = 30000; -export const FleetApp: React.FunctionComponent = () => { - useBreadcrumbs('fleet'); +export const AgentsApp: React.FunctionComponent = () => { + useBreadcrumbs('agent_list'); const { agents } = useConfig(); const capabilities = useCapabilities(); @@ -110,16 +108,11 @@ export const FleetApp: React.FunctionComponent = () => { return ( - } - /> - + - - + + {fleetServerModalVisible && ( )} @@ -128,12 +121,7 @@ export const FleetApp: React.FunctionComponent = () => { ) : ( )} - - - - - - + diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/data_stream/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/data_stream/index.tsx index bc3a0229284dbd..c660d3ed297672 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/data_stream/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/data_stream/index.tsx @@ -9,6 +9,7 @@ import React from 'react'; import { HashRouter as Router, Route, Switch } from 'react-router-dom'; import { FLEET_ROUTING_PATHS } from '../../constants'; +import { DefaultLayout } from '../../layouts'; import { DataStreamListPage } from './list_page'; @@ -17,7 +18,9 @@ export const DataStreamApp: React.FunctionComponent = () => { - + + + diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/data_stream/list_page/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/data_stream/list_page/index.tsx index e805fb8f6f64ef..ac236578e6f58d 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/data_stream/list_page/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/data_stream/list_page/index.tsx @@ -10,7 +10,6 @@ import type { EuiTableActionsColumnType, EuiTableFieldDataColumnType } from '@el import { EuiBadge, EuiButton, - EuiText, EuiFlexGroup, EuiFlexItem, EuiEmptyPrompt, @@ -20,43 +19,11 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage, FormattedDate } from '@kbn/i18n/react'; import type { DataStream } from '../../../types'; -import { WithHeaderLayout } from '../../../layouts'; import { useGetDataStreams, useStartServices, usePagination, useBreadcrumbs } from '../../../hooks'; import { PackageIcon } from '../../../components'; import { DataStreamRowActions } from './components/data_stream_row_actions'; -const DataStreamListPageLayout: React.FunctionComponent = ({ children }) => ( - - - -

- -

- - - - -

- -

- - - - } - > - {children} - -); - export const DataStreamListPage: React.FunctionComponent<{}> = () => { useBreadcrumbs('data_streams'); @@ -232,97 +199,95 @@ export const DataStreamListPage: React.FunctionComponent<{}> = () => { } return ( - - - ) : dataStreamsData && !dataStreamsData.data_streams.length ? ( - emptyPrompt - ) : ( + + ) : dataStreamsData && !dataStreamsData.data_streams.length ? ( + emptyPrompt + ) : ( + + ) + } + items={dataStreamsData ? dataStreamsData.data_streams : []} + itemId="index" + columns={columns} + pagination={{ + initialPageSize: pagination.pageSize, + pageSizeOptions, + }} + sorting={true} + search={{ + toolsRight: [ + resendRequest()} + > - ) - } - items={dataStreamsData ? dataStreamsData.data_streams : []} - itemId="index" - columns={columns} - pagination={{ - initialPageSize: pagination.pageSize, - pageSizeOptions, - }} - sorting={true} - search={{ - toolsRight: [ - resendRequest()} - > - - , - ], - box: { - placeholder: i18n.translate('xpack.fleet.dataStreamList.searchPlaceholderTitle', { - defaultMessage: 'Filter data streams', + , + ], + box: { + placeholder: i18n.translate('xpack.fleet.dataStreamList.searchPlaceholderTitle', { + defaultMessage: 'Filter data streams', + }), + incremental: true, + }, + filters: [ + { + type: 'field_value_selection', + field: 'dataset', + name: i18n.translate('xpack.fleet.dataStreamList.datasetColumnTitle', { + defaultMessage: 'Dataset', }), - incremental: true, + multiSelect: 'or', + operator: 'exact', + options: filterOptions.dataset, }, - filters: [ - { - type: 'field_value_selection', - field: 'dataset', - name: i18n.translate('xpack.fleet.dataStreamList.datasetColumnTitle', { - defaultMessage: 'Dataset', - }), - multiSelect: 'or', - operator: 'exact', - options: filterOptions.dataset, - }, - { - type: 'field_value_selection', - field: 'type', - name: i18n.translate('xpack.fleet.dataStreamList.typeColumnTitle', { - defaultMessage: 'Type', - }), - multiSelect: 'or', - operator: 'exact', - options: filterOptions.type, - }, - { - type: 'field_value_selection', - field: 'namespace', - name: i18n.translate('xpack.fleet.dataStreamList.namespaceColumnTitle', { - defaultMessage: 'Namespace', - }), - multiSelect: 'or', - operator: 'exact', - options: filterOptions.namespace, - }, - { - type: 'field_value_selection', - field: 'package', - name: i18n.translate('xpack.fleet.dataStreamList.integrationColumnTitle', { - defaultMessage: 'Integration', - }), - multiSelect: 'or', - operator: 'exact', - options: filterOptions.package, - }, - ], - }} - /> - + { + type: 'field_value_selection', + field: 'type', + name: i18n.translate('xpack.fleet.dataStreamList.typeColumnTitle', { + defaultMessage: 'Type', + }), + multiSelect: 'or', + operator: 'exact', + options: filterOptions.type, + }, + { + type: 'field_value_selection', + field: 'namespace', + name: i18n.translate('xpack.fleet.dataStreamList.namespaceColumnTitle', { + defaultMessage: 'Namespace', + }), + multiSelect: 'or', + operator: 'exact', + options: filterOptions.namespace, + }, + { + type: 'field_value_selection', + field: 'package', + name: i18n.translate('xpack.fleet.dataStreamList.integrationColumnTitle', { + defaultMessage: 'Integration', + }), + multiSelect: 'or', + operator: 'exact', + options: filterOptions.package, + }, + ], + }} + /> ); }; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/index.tsx index 810334e2df9ce6..b36fbf4bb815e7 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/index.tsx @@ -5,9 +5,8 @@ * 2.0. */ -export { IngestManagerOverview } from './overview'; export { AgentPolicyApp } from './agent_policy'; export { DataStreamApp } from './data_stream'; -export { FleetApp } from './agents'; +export { AgentsApp } from './agents'; -export type Section = 'overview' | 'agent_policy' | 'fleet' | 'data_stream'; +export type Section = 'agents' | 'agent_policies' | 'enrollment_tokens' | 'data_streams'; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/agent_policy_section.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/agent_policy_section.tsx deleted file mode 100644 index 79a4f08faa7522..00000000000000 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/agent_policy_section.tsx +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { FormattedMessage } from '@kbn/i18n/react'; -import { i18n } from '@kbn/i18n'; -import { - EuiFlexItem, - EuiI18nNumber, - EuiDescriptionListTitle, - EuiDescriptionListDescription, -} from '@elastic/eui'; - -import { SO_SEARCH_LIMIT } from '../../../constants'; -import { useLink, useGetPackagePolicies } from '../../../hooks'; -import type { AgentPolicy } from '../../../types'; -import { Loading } from '../../agents/components'; - -import { OverviewStats } from './overview_stats'; -import { OverviewPanel } from './overview_panel'; - -export const OverviewPolicySection: React.FC<{ agentPolicies: AgentPolicy[] }> = ({ - agentPolicies, -}) => { - const { getHref } = useLink(); - const packagePoliciesRequest = useGetPackagePolicies({ - page: 1, - perPage: SO_SEARCH_LIMIT, - }); - - return ( - - - - {packagePoliciesRequest.isLoading ? ( - - ) : ( - <> - - - - - - - - - - - - - - )} - - - - ); -}; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/agent_section.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/agent_section.tsx deleted file mode 100644 index d69306969c78c3..00000000000000 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/agent_section.tsx +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { FormattedMessage } from '@kbn/i18n/react'; -import { i18n } from '@kbn/i18n'; -import { - EuiI18nNumber, - EuiDescriptionListTitle, - EuiDescriptionListDescription, - EuiFlexItem, -} from '@elastic/eui'; - -import { useLink, useGetAgentStatus } from '../../../hooks'; -import { Loading } from '../../agents/components'; - -import { OverviewPanel } from './overview_panel'; -import { OverviewStats } from './overview_stats'; - -export const OverviewAgentSection = () => { - const { getHref } = useLink(); - const agentStatusRequest = useGetAgentStatus({}); - - return ( - - - - {agentStatusRequest.isLoading ? ( - - ) : ( - <> - - - - - - - - - - - - - - - - - - - - - - - - - - )} - - - - ); -}; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/datastream_section.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/datastream_section.tsx deleted file mode 100644 index b51be3fdd20e56..00000000000000 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/datastream_section.tsx +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { FormattedMessage } from '@kbn/i18n/react'; -import { i18n } from '@kbn/i18n'; -import { - EuiFlexItem, - EuiI18nNumber, - EuiDescriptionListTitle, - EuiDescriptionListDescription, -} from '@elastic/eui'; - -import { useLink, useGetDataStreams, useStartServices } from '../../../hooks'; -import { Loading } from '../../agents/components'; - -import { OverviewPanel } from './overview_panel'; -import { OverviewStats } from './overview_stats'; - -export const OverviewDatastreamSection: React.FC = () => { - const { getHref } = useLink(); - const datastreamRequest = useGetDataStreams(); - const { - data: { fieldFormats }, - } = useStartServices(); - - const total = datastreamRequest.data?.data_streams?.length ?? 0; - let sizeBytes = 0; - const namespaces = new Set(); - if (datastreamRequest.data) { - datastreamRequest.data.data_streams.forEach((val) => { - namespaces.add(val.namespace); - sizeBytes += val.size_in_bytes; - }); - } - - let size: string; - try { - const formatter = fieldFormats.getInstance('bytes'); - size = formatter.convert(sizeBytes); - } catch (e) { - size = `${sizeBytes}b`; - } - - return ( - - - - {datastreamRequest.isLoading ? ( - - ) : ( - <> - - - - - - - - - - - - - - - - {size} - - )} - - - - ); -}; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/integration_section.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/integration_section.tsx deleted file mode 100644 index 5ada8e298507cb..00000000000000 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/integration_section.tsx +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { FormattedMessage } from '@kbn/i18n/react'; -import { i18n } from '@kbn/i18n'; -import { - EuiFlexItem, - EuiI18nNumber, - EuiDescriptionListTitle, - EuiDescriptionListDescription, -} from '@elastic/eui'; - -import { useLink, useGetPackages } from '../../../hooks'; -import { Loading } from '../../agents/components'; -import { installationStatuses } from '../../../../../../common/constants'; - -import { OverviewStats } from './overview_stats'; -import { OverviewPanel } from './overview_panel'; - -export const OverviewIntegrationSection: React.FC = () => { - const { getHref } = useLink(); - const packagesRequest = useGetPackages(); - const res = packagesRequest.data?.response; - const total = res?.length ?? 0; - const installed = res?.filter((p) => p.status === installationStatuses.Installed)?.length ?? 0; - const updatablePackages = - res?.filter( - (item) => 'savedObject' in item && item.version > item.savedObject.attributes.version - )?.length ?? 0; - return ( - - - - {packagesRequest.isLoading ? ( - - ) : ( - <> - - - - - - - - - - - - - - - - - - - - )} - - - - ); -}; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/overview_panel.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/overview_panel.tsx deleted file mode 100644 index c402bc15f7b026..00000000000000 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/overview_panel.tsx +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import styled from 'styled-components'; -import { - EuiPanel, - EuiFlexGroup, - EuiFlexItem, - EuiTitle, - EuiIconTip, - EuiButtonEmpty, -} from '@elastic/eui'; - -const StyledPanel = styled(EuiPanel).attrs((props) => ({ - paddingSize: 'm', -}))` - header { - display: flex; - align-items: center; - justify-content: space-between; - border-bottom: 1px solid ${(props) => props.theme.eui.euiColorLightShade}; - margin: -${(props) => props.theme.eui.paddingSizes.m} -${(props) => - props.theme.eui.paddingSizes.m} - ${(props) => props.theme.eui.paddingSizes.m}; - padding: ${(props) => props.theme.eui.paddingSizes.s} - ${(props) => props.theme.eui.paddingSizes.m}; - } - - h2 { - padding: ${(props) => props.theme.eui.paddingSizes.xs} 0; - } -`; - -interface OverviewPanelProps { - title: string; - tooltip: string; - linkToText: string; - linkTo: string; - children: React.ReactNode; -} - -export const OverviewPanel = ({ - title, - tooltip, - linkToText, - linkTo, - children, -}: OverviewPanelProps) => { - return ( - -
- - - -

{title}

- - - - - - - - {linkToText} - -
- {children} - - ); -}; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/overview_stats.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/overview_stats.tsx deleted file mode 100644 index acb94e4b05695d..00000000000000 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/components/overview_stats.tsx +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import styled from 'styled-components'; -import { EuiDescriptionList } from '@elastic/eui'; - -export const OverviewStats = styled(EuiDescriptionList).attrs((props) => ({ - compressed: true, - textStyle: 'reverse', - type: 'column', -}))` - & > * { - margin-top: ${(props) => props.theme.eui.paddingSizes.s} !important; - - &:first-child, - &:nth-child(2) { - margin-top: 0 !important; - } - } -`; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/overview/index.tsx deleted file mode 100644 index f905fd1c89da27..00000000000000 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/overview/index.tsx +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React, { useState } from 'react'; -import { - EuiButton, - EuiBetaBadge, - EuiText, - EuiTitle, - EuiFlexGrid, - EuiFlexGroup, - EuiFlexItem, -} from '@elastic/eui'; -import { FormattedMessage } from '@kbn/i18n/react'; -import { i18n } from '@kbn/i18n'; - -import { WithHeaderLayout } from '../../layouts'; -import { useGetAgentPolicies, useBreadcrumbs } from '../../hooks'; -import { AgentEnrollmentFlyout } from '../../components'; - -import { OverviewAgentSection } from './components/agent_section'; -import { OverviewPolicySection } from './components/agent_policy_section'; -import { OverviewIntegrationSection } from './components/integration_section'; -import { OverviewDatastreamSection } from './components/datastream_section'; - -export const IngestManagerOverview: React.FunctionComponent = () => { - useBreadcrumbs('overview'); - - // Agent enrollment flyout state - const [isEnrollmentFlyoutOpen, setIsEnrollmentFlyoutOpen] = useState(false); - - // Agent policies required for enrollment flyout - const agentPoliciesRequest = useGetAgentPolicies({ - page: 1, - perPage: 1000, - }); - const agentPolicies = agentPoliciesRequest.data ? agentPoliciesRequest.data.items : []; - - return ( - - - - - -

- -

- - - - - - - - - - -

- -

- - - - } - rightColumn={ - - - setIsEnrollmentFlyoutOpen(true)}> - - - - - } - > - {isEnrollmentFlyoutOpen && ( - setIsEnrollmentFlyoutOpen(false)} - /> - )} - - - - - - - - - ); -}; diff --git a/x-pack/plugins/fleet/public/applications/integrations/hooks/use_breadcrumbs.tsx b/x-pack/plugins/fleet/public/applications/integrations/hooks/use_breadcrumbs.tsx index 5c1745be0c9e48..19f72fdc69bba5 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/hooks/use_breadcrumbs.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/hooks/use_breadcrumbs.tsx @@ -22,14 +22,7 @@ const BASE_BREADCRUMB: ChromeBreadcrumb = { const breadcrumbGetters: { [key in Page]?: (values: DynamicPagePathValues) => ChromeBreadcrumb[]; } = { - integrations: () => [ - BASE_BREADCRUMB, - { - text: i18n.translate('xpack.fleet.breadcrumbs.integrationsPageTitle', { - defaultMessage: 'Integrations', - }), - }, - ], + integrations: () => [BASE_BREADCRUMB], integrations_all: () => [ BASE_BREADCRUMB, { diff --git a/x-pack/plugins/fleet/public/applications/integrations/layouts/default.tsx b/x-pack/plugins/fleet/public/applications/integrations/layouts/default.tsx index 4c1ff4972b89e2..98b8e9515e689c 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/layouts/default.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/layouts/default.tsx @@ -5,7 +5,7 @@ * 2.0. */ import React, { memo } from 'react'; -import { EuiText, EuiBetaBadge } from '@elastic/eui'; +import { EuiText } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import { useLink } from '../../../hooks'; @@ -30,15 +30,6 @@ export const DefaultLayout: React.FunctionComponent = memo(({ section, ch

{' '} - } - tooltipContent={ - - } - />

} diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/index.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/index.tsx index 6c635d5d0c9c00..fbd6e07e07bbdb 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/index.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/index.tsx @@ -22,16 +22,18 @@ import { CategoryFacets } from './category_facets'; export const EPMHomePage: React.FC = memo(() => { return ( - - - + + + - - + + + + - - - + + + ); }); diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/managed_instructions.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/managed_instructions.tsx index 2bb8586a11503d..e7045173f1257e 100644 --- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/managed_instructions.tsx +++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/managed_instructions.tsx @@ -36,7 +36,7 @@ const DefaultMissingRequirements = () => { defaultMessage="Before enrolling agents, {link}." values={{ link: ( - + 0 ? ( diff --git a/x-pack/plugins/fleet/public/constants/page_paths.ts b/x-pack/plugins/fleet/public/constants/page_paths.ts index 3c9c0e57596151..326cfd804bd570 100644 --- a/x-pack/plugins/fleet/public/constants/page_paths.ts +++ b/x-pack/plugins/fleet/public/constants/page_paths.ts @@ -13,8 +13,7 @@ export type StaticPage = | 'integrations_installed' | 'policies' | 'policies_list' - | 'fleet' - | 'fleet_enrollment_tokens' + | 'enrollment_tokens' | 'data_streams'; export type DynamicPage = @@ -27,8 +26,9 @@ export type DynamicPage = | 'add_integration_from_policy' | 'add_integration_to_policy' | 'edit_integration' - | 'fleet_agent_list' - | 'fleet_agent_details'; + | 'agent_list' + | 'agent_details' + | 'agent_details_logs'; export type Page = StaticPage | DynamicPage; @@ -42,20 +42,21 @@ export const INTEGRATIONS_BASE_PATH = '/app/integrations'; // If routing paths are changed here, please also check to see if // `pagePathGetters()`, below, needs any modifications export const FLEET_ROUTING_PATHS = { - overview: '/', + fleet: '/:tabId', + agents: '/agents', + agent_details: '/agents/:agentId/:tabId?', + agent_details_logs: '/agents/:agentId/logs', policies: '/policies', policies_list: '/policies', policy_details: '/policies/:policyId/:tabId?', policy_details_settings: '/policies/:policyId/settings', - add_integration_from_policy: '/policies/:policyId/add-integration', - add_integration_to_policy: '/integrations/:pkgkey/add-integration/:integration?', edit_integration: '/policies/:policyId/edit-integration/:packagePolicyId', - fleet: '/fleet', - fleet_agent_list: '/fleet/agents', - fleet_agent_details: '/fleet/agents/:agentId/:tabId?', - fleet_agent_details_logs: '/fleet/agents/:agentId/logs', - fleet_enrollment_tokens: '/fleet/enrollment-tokens', + add_integration_from_policy: '/policies/:policyId/add-integration', + enrollment_tokens: '/enrollment-tokens', data_streams: '/data-streams', + + // TODO: Move this to the integrations app + add_integration_to_policy: '/integrations/:pkgkey/add-integration/:integration?', }; export const INTEGRATIONS_ROUTING_PATHS = { @@ -120,15 +121,12 @@ export const pagePathGetters: { FLEET_BASE_PATH, `/policies/${policyId}/edit-integration/${packagePolicyId}`, ], - fleet: () => [FLEET_BASE_PATH, '/fleet'], - fleet_agent_list: ({ kuery }) => [ - FLEET_BASE_PATH, - `/fleet/agents${kuery ? `?kuery=${kuery}` : ''}`, - ], - fleet_agent_details: ({ agentId, tabId, logQuery }) => [ + agent_list: ({ kuery }) => [FLEET_BASE_PATH, `/agents${kuery ? `?kuery=${kuery}` : ''}`], + agent_details: ({ agentId, tabId, logQuery }) => [ FLEET_BASE_PATH, - `/fleet/agents/${agentId}${tabId ? `/${tabId}` : ''}${logQuery ? `?_q=${logQuery}` : ''}`, + `/agents/${agentId}${tabId ? `/${tabId}` : ''}${logQuery ? `?_q=${logQuery}` : ''}`, ], - fleet_enrollment_tokens: () => [FLEET_BASE_PATH, '/fleet/enrollment-tokens'], + agent_details_logs: ({ agentId }) => [FLEET_BASE_PATH, `/agents/${agentId}/logs`], + enrollment_tokens: () => [FLEET_BASE_PATH, '/enrollment-tokens'], data_streams: () => [FLEET_BASE_PATH, '/data-streams'], }; diff --git a/x-pack/plugins/fleet/public/layouts/without_header.tsx b/x-pack/plugins/fleet/public/layouts/without_header.tsx index 220ee592d7d07a..d9481d44359c25 100644 --- a/x-pack/plugins/fleet/public/layouts/without_header.tsx +++ b/x-pack/plugins/fleet/public/layouts/without_header.tsx @@ -11,6 +11,13 @@ import { EuiPage, EuiPageBody, EuiSpacer } from '@elastic/eui'; export const Wrapper = styled.div` background-color: ${(props) => props.theme.eui.euiColorEmptyShade}; + + // HACK: Kibana introduces a div element around the app component that results in us + // being unable to stretch this Wrapper to full height via flex: 1. This calc sets + // the min height to the viewport size minus the height of the two global Kibana headers. + min-height: calc( + 100vh - ${(props) => parseFloat(props.theme.eui.euiHeaderHeightCompensation) * 2}px + ); `; export const Page = styled(EuiPage)` diff --git a/x-pack/plugins/fleet/public/mock/plugin_dependencies.ts b/x-pack/plugins/fleet/public/mock/plugin_dependencies.ts index 16fa34e2d0b3d7..5d1567936bcb00 100644 --- a/x-pack/plugins/fleet/public/mock/plugin_dependencies.ts +++ b/x-pack/plugins/fleet/public/mock/plugin_dependencies.ts @@ -8,6 +8,7 @@ import { dataPluginMock } from '../../../../../src/plugins/data/public/mocks'; import { licensingMock } from '../../../licensing/public/mocks'; import { homePluginMock } from '../../../../../src/plugins/home/public/mocks'; +import { navigationPluginMock } from '../../../../../src/plugins/navigation/public/mocks'; import type { MockedFleetSetupDeps, MockedFleetStartDeps } from './types'; @@ -22,5 +23,6 @@ export const createSetupDepsMock = (): MockedFleetSetupDeps => { export const createStartDepsMock = (): MockedFleetStartDeps => { return { data: dataPluginMock.createStartContract(), + navigation: navigationPluginMock.createStartContract(), }; }; diff --git a/x-pack/plugins/fleet/public/plugin.ts b/x-pack/plugins/fleet/public/plugin.ts index f9515ca925a4ab..7b71b210068648 100644 --- a/x-pack/plugins/fleet/public/plugin.ts +++ b/x-pack/plugins/fleet/public/plugin.ts @@ -14,6 +14,8 @@ import type { } from 'src/core/public'; import { i18n } from '@kbn/i18n'; +import type { NavigationPublicPluginStart } from 'src/plugins/navigation/public'; + import { DEFAULT_APP_CATEGORIES, AppNavLinkStatus } from '../../../../src/core/public'; import type { DataPublicPluginSetup, @@ -64,6 +66,7 @@ export interface FleetSetupDeps { export interface FleetStartDeps { data: DataPublicPluginStart; + navigation: NavigationPublicPluginStart; } export interface FleetStartServices extends CoreStart, FleetStartDeps { diff --git a/x-pack/plugins/graph/public/application.ts b/x-pack/plugins/graph/public/application.ts index 0b80e18f3fdb27..26e86bbc3d886b 100644 --- a/x-pack/plugins/graph/public/application.ts +++ b/x-pack/plugins/graph/public/application.ts @@ -31,7 +31,7 @@ import { } from 'kibana/public'; // @ts-ignore import { initGraphApp } from './app'; -import { Plugin as DataPlugin, IndexPatternsContract } from '../../../../src/plugins/data/public'; +import { DataPlugin, IndexPatternsContract } from '../../../../src/plugins/data/public'; import { LicensingPluginStart } from '../../licensing/public'; import { checkLicense } from '../common/check_license'; import { NavigationPublicPluginStart as NavigationStart } from '../../../../src/plugins/navigation/public'; diff --git a/x-pack/plugins/graph/public/types/workspace_state.ts b/x-pack/plugins/graph/public/types/workspace_state.ts index 73d76cfd9cc572..e511a2eb5c7798 100644 --- a/x-pack/plugins/graph/public/types/workspace_state.ts +++ b/x-pack/plugins/graph/public/types/workspace_state.ts @@ -5,9 +5,9 @@ * 2.0. */ +import { JsonObject } from '@kbn/common-utils'; import { FontawesomeIcon } from '../helpers/style_choices'; import { WorkspaceField, AdvancedSettings } from './app_state'; -import { JsonObject } from '../../../../../src/plugins/kibana_utils/public'; export interface WorkspaceNode { x: number; diff --git a/x-pack/plugins/infra/common/typed_json.ts b/x-pack/plugins/infra/common/typed_json.ts index 5b7bbdcfbc07bd..44409ab433a601 100644 --- a/x-pack/plugins/infra/common/typed_json.ts +++ b/x-pack/plugins/infra/common/typed_json.ts @@ -6,7 +6,7 @@ */ import * as rt from 'io-ts'; -import { JsonArray, JsonObject, JsonValue } from '../../../../src/plugins/kibana_utils/common'; +import { JsonArray, JsonObject, JsonValue } from '@kbn/common-utils'; export { JsonArray, JsonObject, JsonValue }; diff --git a/x-pack/plugins/infra/public/alerting/common/components/metrics_alert_dropdown.tsx b/x-pack/plugins/infra/public/alerting/common/components/metrics_alert_dropdown.tsx index 3b9193db65e1d0..41867053c3a0fa 100644 --- a/x-pack/plugins/infra/public/alerting/common/components/metrics_alert_dropdown.tsx +++ b/x-pack/plugins/infra/public/alerting/common/components/metrics_alert_dropdown.tsx @@ -134,7 +134,13 @@ export const MetricsAlertDropdown = () => { panelPaddingSize="none" anchorPosition="downLeft" button={ - + } diff --git a/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_dropdown.tsx b/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_dropdown.tsx index 7cd6295cdcf408..66c77fbf875a45 100644 --- a/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_dropdown.tsx +++ b/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_dropdown.tsx @@ -83,7 +83,13 @@ export const AlertDropdown = () => { + } diff --git a/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx b/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx index 44d78591fbf2f3..0087d559a42e60 100644 --- a/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx +++ b/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx @@ -7,6 +7,7 @@ import React, { useMemo, useCallback, useEffect } from 'react'; import { noop } from 'lodash'; +import { JsonValue } from '@kbn/common-utils'; import { DataPublicPluginStart, esQuery, Filter } from '../../../../../../src/plugins/data/public'; import { euiStyled } from '../../../../../../src/plugins/kibana_react/common'; import { LogEntryCursor } from '../../../common/log_entry'; @@ -17,7 +18,6 @@ import { BuiltEsQuery, useLogStream } from '../../containers/logs/log_stream'; import { ScrollableLogTextStreamView } from '../logging/log_text_stream'; import { LogColumnRenderConfiguration } from '../../utils/log_column_render_configuration'; -import { JsonValue } from '../../../../../../src/plugins/kibana_utils/common'; import { Query } from '../../../../../../src/plugins/data/common'; import { LogStreamErrorBoundary } from './log_stream_error_boundary'; diff --git a/x-pack/plugins/infra/public/components/logging/log_datepicker.tsx b/x-pack/plugins/infra/public/components/logging/log_datepicker.tsx index b146da53caf6f6..4f396ca7da4951 100644 --- a/x-pack/plugins/infra/public/components/logging/log_datepicker.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_datepicker.tsx @@ -6,7 +6,7 @@ */ import React, { useCallback } from 'react'; -import { EuiFlexGroup, EuiFlexItem, EuiSuperDatePicker, EuiButtonEmpty } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiSuperDatePicker, EuiButton } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; interface LogDatepickerProps { @@ -49,24 +49,19 @@ export const LogDatepicker: React.FC = ({ {isStreaming ? ( - + - + ) : ( - + - + )} diff --git a/x-pack/plugins/infra/public/components/logging/log_text_stream/field_value.tsx b/x-pack/plugins/infra/public/components/logging/log_text_stream/field_value.tsx index 29e511b2467e10..9cffef270219e4 100644 --- a/x-pack/plugins/infra/public/components/logging/log_text_stream/field_value.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_text_stream/field_value.tsx @@ -7,8 +7,8 @@ import stringify from 'json-stable-stringify'; import React from 'react'; +import { JsonArray, JsonValue } from '@kbn/common-utils'; import { euiStyled } from '../../../../../../../src/plugins/kibana_react/common'; -import { JsonArray, JsonValue } from '../../../../../../../src/plugins/kibana_utils/common'; import { ActiveHighlightMarker, highlightFieldValue, HighlightMarker } from './highlighting'; export const FieldValue: React.FC<{ diff --git a/x-pack/plugins/infra/public/components/logging/log_text_stream/log_entry_field_column.tsx b/x-pack/plugins/infra/public/components/logging/log_text_stream/log_entry_field_column.tsx index 4fffa8eb0ee021..33e81756552d8e 100644 --- a/x-pack/plugins/infra/public/components/logging/log_text_stream/log_entry_field_column.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_text_stream/log_entry_field_column.tsx @@ -6,7 +6,7 @@ */ import React from 'react'; -import { JsonValue } from '../../../../../../../src/plugins/kibana_utils/common'; +import { JsonValue } from '@kbn/common-utils'; import { euiStyled } from '../../../../../../../src/plugins/kibana_react/common'; import { LogColumn } from '../../../../common/log_entry'; import { isFieldColumn, isHighlightFieldColumn } from '../../../utils/log_entry'; diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_setup_module_api.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_setup_module_api.ts index ea1567d6056f1d..6304471e818fa9 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_setup_module_api.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_setup_module_api.ts @@ -21,6 +21,7 @@ interface RequestArgs { jobOverrides?: SetupMlModuleJobOverrides[]; datafeedOverrides?: SetupMlModuleDatafeedOverrides[]; query?: object; + useDedicatedIndex?: boolean; } export const callSetupMlModuleAPI = async (requestArgs: RequestArgs, fetch: HttpHandler) => { @@ -34,6 +35,7 @@ export const callSetupMlModuleAPI = async (requestArgs: RequestArgs, fetch: Http jobOverrides = [], datafeedOverrides = [], query, + useDedicatedIndex = false, } = requestArgs; const response = await fetch(`/api/ml/modules/setup/${moduleId}`, { @@ -48,6 +50,7 @@ export const callSetupMlModuleAPI = async (requestArgs: RequestArgs, fetch: Http jobOverrides, datafeedOverrides, query, + useDedicatedIndex, }) ), }); @@ -78,6 +81,7 @@ const setupMlModuleRequestParamsRT = rt.intersection([ startDatafeed: rt.boolean, jobOverrides: rt.array(setupMlModuleJobOverridesRT), datafeedOverrides: rt.array(setupMlModuleDatafeedOverridesRT), + useDedicatedIndex: rt.boolean, }), rt.exact( rt.partial({ diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts index af2bd1802042a4..6823ed173a740c 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts @@ -124,6 +124,7 @@ const setUpModule = async ( jobOverrides, datafeedOverrides, query, + useDedicatedIndex: true, }, fetch ); diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts index 9704afd80e9ea6..c4c939d0ebb9d5 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts @@ -116,6 +116,7 @@ const setUpModule = async ( jobOverrides, datafeedOverrides, query, + useDedicatedIndex: true, }, fetch ); diff --git a/x-pack/plugins/infra/public/pages/logs/page_content.tsx b/x-pack/plugins/infra/public/pages/logs/page_content.tsx index 35e24700619f8d..c7b145b4b01431 100644 --- a/x-pack/plugins/infra/public/pages/logs/page_content.tsx +++ b/x-pack/plugins/infra/public/pages/logs/page_content.tsx @@ -76,9 +76,9 @@ export const LogsPageContent: React.FunctionComponent = () => { {setHeaderActionMenu && ( - + - + {settingsTabTitle} diff --git a/x-pack/plugins/infra/public/pages/metrics/index.tsx b/x-pack/plugins/infra/public/pages/metrics/index.tsx index cda72e96012fe4..e52d1e90d7efd2 100644 --- a/x-pack/plugins/infra/public/pages/metrics/index.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/index.tsx @@ -84,9 +84,9 @@ export const InfrastructurePage = ({ match }: RouteComponentProps) => { {setHeaderActionMenu && ( - + - + {settingsTabTitle} diff --git a/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/ml/anomaly_detection/anomaly_detection_flyout.tsx b/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/ml/anomaly_detection/anomaly_detection_flyout.tsx index 5438209ae9c6b5..d2cd4f87a53422 100644 --- a/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/ml/anomaly_detection/anomaly_detection_flyout.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/inventory_view/components/ml/anomaly_detection/anomaly_detection_flyout.tsx @@ -51,6 +51,8 @@ export const AnomalyDetectionFlyout = () => { return ( <> { + let onUpdate: jest.Mock; + let testBed: SetupResult; + + beforeAll(() => { + jest.useFakeTimers(); + }); + + afterAll(() => { + jest.useRealTimers(); + }); + + beforeEach(async () => { + onUpdate = jest.fn(); + + await act(async () => { + testBed = await setup({ + value: { + processors: [], + }, + onFlyoutOpen: jest.fn(), + onUpdate, + }); + }); + testBed.component.update(); + const { + actions: { addProcessor, addProcessorType }, + } = testBed; + // Open the processor flyout + addProcessor(); + + // Add type (the other fields are not visible until a type is selected) + await addProcessorType(CIRCLE_TYPE); + }); + + test('prevents form submission if required fields are not provided', async () => { + const { + actions: { saveNewProcessor }, + form, + } = testBed; + + // Click submit button with only the type defined + await saveNewProcessor(); + + // Expect form error as "field" and "shape_type" are required parameters + expect(form.getErrorsMessages()).toEqual([ + 'A field value is required.', + 'A shape type value is required.', + ]); + }); + + test('saves with required parameter values', async () => { + const { + actions: { saveNewProcessor }, + form, + } = testBed; + + // Add "field" value (required) + form.setInputValue('fieldNameField.input', 'field_1'); + // Save the field + form.setSelectValue('shapeSelectorField', 'shape'); + // Set the error distance + form.setInputValue('errorDistanceField.input', '10'); + + await saveNewProcessor(); + + const processors = getProcessorValue(onUpdate, CIRCLE_TYPE); + + expect(processors[0].circle).toEqual({ + field: 'field_1', + error_distance: 10, + shape_type: 'shape', + }); + }); + + test('allows optional parameters to be set', async () => { + const { + actions: { saveNewProcessor }, + form, + } = testBed; + + // Add "field" value (required) + form.setInputValue('fieldNameField.input', 'field_1'); + // Select the shape + form.setSelectValue('shapeSelectorField', 'geo_shape'); + // Add "target_field" value + form.setInputValue('targetField.input', 'target_field'); + + form.setInputValue('errorDistanceField.input', '10'); + + // Save the field with new changes + await saveNewProcessor(); + + const processors = getProcessorValue(onUpdate, CIRCLE_TYPE); + expect(processors[0].circle).toEqual({ + field: 'field_1', + error_distance: 10, + shape_type: 'geo_shape', + target_field: 'target_field', + }); + }); +}); diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/processor.helpers.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/processor.helpers.tsx index c00f09b2d2b06c..15e8c323b1308e 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/processor.helpers.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/processor.helpers.tsx @@ -151,6 +151,8 @@ type TestSubject = | 'keepOriginalField.input' | 'removeIfSuccessfulField.input' | 'targetFieldsField.input' + | 'shapeSelectorField' + | 'errorDistanceField.input' | 'separatorValueField.input' | 'quoteValueField.input' | 'emptyValueField.input' diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/circle.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/circle.tsx index acb480df6d35f0..74a7f37d841aee 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/circle.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/circle.tsx @@ -97,6 +97,7 @@ export const Circle: FunctionComponent = () => { /> { & { + returnToOrigin: boolean; + dashboardId?: string | null; + onTitleDuplicate?: OnSaveProps['onTitleDuplicate']; + newDescription?: string; + newTags?: string[]; +}; export function App({ history, @@ -48,26 +53,23 @@ export function App({ initialInput, incomingState, redirectToOrigin, - redirectToDashboard, setHeaderActionMenu, initialContext, }: LensAppProps) { + const lensAppServices = useKibana().services; + const { data, chrome, - overlays, uiSettings, application, - stateTransfer, notifications, - attributeService, - savedObjectsClient, savedObjectsTagging, getOriginatingAppName, // Temporarily required until the 'by value' paradigm is default. dashboardFeatureFlag, - } = useKibana().services; + } = lensAppServices; const dispatch = useLensDispatch(); const dispatchSetState: DispatchSetState = useCallback( @@ -205,150 +207,40 @@ export function App({ getIsByValueMode, application, chrome, - initialInput, appState.isLinkedToOriginatingApp, appState.persistedDoc, ]); - const tagsIds = - appState.persistedDoc && savedObjectsTagging - ? savedObjectsTagging.ui.getTagIdsFromReferences(appState.persistedDoc.references) - : []; - - const runSave: RunSave = async (saveProps, options) => { - if (!lastKnownDoc) { - return; - } - - let references = lastKnownDoc.references; - if (savedObjectsTagging) { - references = savedObjectsTagging.ui.updateTagsReferences( - references, - saveProps.newTags || tagsIds - ); - } - - const docToSave = { - ...getLastKnownDocWithoutPinnedFilters(lastKnownDoc)!, - description: saveProps.newDescription, - title: saveProps.newTitle, - references, - }; - - // Required to serialize filters in by value mode until - // https://github.com/elastic/kibana/issues/77588 is fixed - if (getIsByValueMode()) { - docToSave.state.filters.forEach((filter) => { - if (typeof filter.meta.value === 'function') { - delete filter.meta.value; + const runSave = (saveProps: SaveProps, options: { saveToLibrary: boolean }) => { + return runSaveLensVisualization( + { + lastKnownDoc, + getIsByValueMode, + savedObjectsTagging, + initialInput, + redirectToOrigin, + persistedDoc: appState.persistedDoc, + onAppLeave, + redirectTo, + originatingApp: incomingState?.originatingApp, + ...lensAppServices, + }, + saveProps, + options + ).then( + (newState) => { + if (newState) { + dispatchSetState(newState); + setIsSaveModalVisible(false); } - }); - } - - const originalInput = saveProps.newCopyOnSave ? undefined : initialInput; - const originalSavedObjectId = (originalInput as LensByReferenceInput)?.savedObjectId; - if (options.saveToLibrary) { - try { - await checkForDuplicateTitle( - { - id: originalSavedObjectId, - title: docToSave.title, - copyOnSave: saveProps.newCopyOnSave, - lastSavedTitle: lastKnownDoc.title, - getEsType: () => 'lens', - getDisplayName: () => - i18n.translate('xpack.lens.app.saveModalType', { - defaultMessage: 'Lens visualization', - }), - }, - saveProps.isTitleDuplicateConfirmed, - saveProps.onTitleDuplicate, - { - savedObjectsClient, - overlays, - } - ); - } catch (e) { - // ignore duplicate title failure, user notified in save modal - return; - } - } - try { - const newInput = (await attributeService.wrapAttributes( - docToSave, - options.saveToLibrary, - originalInput - )) as LensEmbeddableInput; - - if (saveProps.returnToOrigin && redirectToOrigin) { - // disabling the validation on app leave because the document has been saved. - onAppLeave((actions) => { - return actions.default(); - }); - redirectToOrigin({ input: newInput, isCopied: saveProps.newCopyOnSave }); - return; - } else if (saveProps.dashboardId && redirectToDashboard) { - // disabling the validation on app leave because the document has been saved. - onAppLeave((actions) => { - return actions.default(); - }); - redirectToDashboard(newInput, saveProps.dashboardId); - return; - } - - notifications.toasts.addSuccess( - i18n.translate('xpack.lens.app.saveVisualization.successNotificationText', { - defaultMessage: `Saved '{visTitle}'`, - values: { - visTitle: docToSave.title, - }, - }) - ); - - if ( - attributeService.inputIsRefType(newInput) && - newInput.savedObjectId !== originalSavedObjectId - ) { - chrome.recentlyAccessed.add( - getFullPath(newInput.savedObjectId), - docToSave.title, - newInput.savedObjectId - ); - - dispatchSetState({ isLinkedToOriginatingApp: false }); - - setIsSaveModalVisible(false); - // remove editor state so the connection is still broken after reload - stateTransfer.clearEditorState(APP_ID); - - redirectTo(newInput.savedObjectId); - return; + }, + () => { + // error is handled inside the modal + // so ignoring it here } - - const newDoc = { - ...docToSave, - ...newInput, - }; - - dispatchSetState({ - isLinkedToOriginatingApp: false, - persistedDoc: newDoc, - lastKnownDoc: newDoc, - }); - - setIsSaveModalVisible(false); - } catch (e) { - // eslint-disable-next-line no-console - console.dir(e); - trackUiEvent('save_failed'); - setIsSaveModalVisible(false); - } + ); }; - const savingToLibraryPermitted = Boolean( - appState.isSaveable && application.capabilities.visualize.save - ); - return ( <>
@@ -371,21 +263,24 @@ export function App({ /> )}
- { setIsSaveModalVisible(false); }} getAppNameFromId={() => getOriginatingAppName()} lastKnownDoc={lastKnownDoc} + onAppLeave={onAppLeave} + persistedDoc={appState.persistedDoc} + initialInput={initialInput} + redirectTo={redirectTo} + redirectToOrigin={redirectToOrigin} returnToOriginSwitchLabel={ getIsByValueMode() && initialInput ? i18n.translate('xpack.lens.app.updatePanel', { @@ -419,20 +314,3 @@ const MemoizedEditorFrameWrapper = React.memo(function EditorFrameWrapper({ /> ); }); - -function getLastKnownDocWithoutPinnedFilters(doc?: Document) { - if (!doc) return undefined; - const [pinnedFilters, appFilters] = partition( - injectFilterReferences(doc.state?.filters || [], doc.references), - esFilters.isFilterPinned - ); - return pinnedFilters?.length - ? { - ...doc, - state: { - ...doc.state, - filters: appFilters, - }, - } - : doc; -} diff --git a/x-pack/plugins/lens/public/app_plugin/mounter.tsx b/x-pack/plugins/lens/public/app_plugin/mounter.tsx index 3e56fbb2003cb4..8e59f90c958f91 100644 --- a/x-pack/plugins/lens/public/app_plugin/mounter.tsx +++ b/x-pack/plugins/lens/public/app_plugin/mounter.tsx @@ -7,7 +7,7 @@ import React, { FC, useCallback } from 'react'; -import { AppMountParameters, CoreSetup } from 'kibana/public'; +import { AppMountParameters, CoreSetup, CoreStart } from 'kibana/public'; import { FormattedMessage, I18nProvider } from '@kbn/i18n/react'; import { HashRouter, Route, RouteComponentProps, Switch } from 'react-router-dom'; import { History } from 'history'; @@ -16,7 +16,7 @@ import { i18n } from '@kbn/i18n'; import { DashboardFeatureFlagConfig } from 'src/plugins/dashboard/public'; import { Provider } from 'react-redux'; -import { uniq, isEqual } from 'lodash'; +import { isEqual } from 'lodash'; import { EmbeddableEditorState } from 'src/plugins/embeddable/public'; import { Storage } from '../../../../../src/plugins/kibana_utils/public'; @@ -26,7 +26,7 @@ import { App } from './app'; import { EditorFrameStart } from '../types'; import { addHelpMenuToAppChrome } from '../help_menu_util'; import { LensPluginStartDependencies } from '../plugin'; -import { LENS_EMBEDDABLE_TYPE, LENS_EDIT_BY_VALUE, APP_ID, getFullPath } from '../../common'; +import { LENS_EMBEDDABLE_TYPE, LENS_EDIT_BY_VALUE, APP_ID } from '../../common'; import { LensEmbeddableInput, LensByReferenceInput, @@ -44,41 +44,26 @@ import { LensRootStore, setState, } from '../state_management'; -import { getAllIndexPatterns, getResolvedDateRange } from '../utils'; -import { injectFilterReferences } from '../persistence'; +import { getResolvedDateRange } from '../utils'; +import { getLastKnownDoc } from './save_modal_container'; -export async function mountApp( - core: CoreSetup, - params: AppMountParameters, - mountProps: { - createEditorFrame: EditorFrameStart['createInstance']; - getByValueFeatureFlag: () => Promise; - attributeService: () => Promise; - getPresentationUtilContext: () => Promise; - } -) { - const { - createEditorFrame, - getByValueFeatureFlag, - attributeService, - getPresentationUtilContext, - } = mountProps; - const [coreStart, startDependencies] = await core.getStartServices(); - const { data, navigation, embeddable, savedObjectsTagging } = startDependencies; +export async function getLensServices( + coreStart: CoreStart, + startDependencies: LensPluginStartDependencies, + attributeService: () => Promise +): Promise { + const { data, navigation, embeddable, savedObjectsTagging, usageCollection } = startDependencies; - const instance = await createEditorFrame(); const storage = new Storage(localStorage); const stateTransfer = embeddable?.getStateTransfer(); - const historyLocationState = params.history.location.state as HistoryLocationState; const embeddableEditorIncomingState = stateTransfer?.getIncomingEditorState(APP_ID); - const dashboardFeatureFlag = await getByValueFeatureFlag(); - - const lensServices: LensAppServices = { + return { data, storage, navigation, stateTransfer, + usageCollection, savedObjectsTagging, attributeService: await attributeService(), http: coreStart.http, @@ -88,6 +73,8 @@ export async function mountApp( application: coreStart.application, notifications: coreStart.notifications, savedObjectsClient: coreStart.savedObjects.client, + presentationUtil: startDependencies.presentationUtil, + dashboard: startDependencies.dashboard, getOriginatingAppName: () => { return embeddableEditorIncomingState?.originatingApp ? stateTransfer?.getAppNameFromId(embeddableEditorIncomingState.originatingApp) @@ -95,8 +82,29 @@ export async function mountApp( }, // Temporarily required until the 'by value' paradigm is default. - dashboardFeatureFlag, + dashboardFeatureFlag: startDependencies.dashboard.dashboardFeatureFlagConfig, }; +} + +export async function mountApp( + core: CoreSetup, + params: AppMountParameters, + mountProps: { + createEditorFrame: EditorFrameStart['createInstance']; + attributeService: () => Promise; + getPresentationUtilContext: () => Promise; + } +) { + const { createEditorFrame, attributeService, getPresentationUtilContext } = mountProps; + const [coreStart, startDependencies] = await core.getStartServices(); + const instance = await createEditorFrame(); + const historyLocationState = params.history.location.state as HistoryLocationState; + + const lensServices = await getLensServices(coreStart, startDependencies, attributeService); + + const { stateTransfer, data, storage, dashboardFeatureFlag } = lensServices; + + const embeddableEditorIncomingState = stateTransfer?.getIncomingEditorState(APP_ID); addHelpMenuToAppChrome(coreStart.chrome, coreStart.docLinks); coreStart.chrome.docTitle.change( @@ -130,23 +138,6 @@ export async function mountApp( } }; - const redirectToDashboard = (embeddableInput: LensEmbeddableInput, dashboardId: string) => { - if (!lensServices.dashboardFeatureFlag.allowByValueEmbeddables) { - throw new Error('redirectToDashboard called with by-value embeddables disabled'); - } - - const state = { - input: embeddableInput, - type: LENS_EMBEDDABLE_TYPE, - }; - - const path = dashboardId === 'new' ? '#/create' : `#/view/${dashboardId}`; - stateTransfer.navigateToWithEmbeddablePackage('dashboards', { - state, - path, - }); - }; - const redirectToOrigin = (props?: RedirectToOriginProps) => { if (!embeddableEditorIncomingState?.originatingApp) { throw new Error('redirectToOrigin called without an originating app'); @@ -215,7 +206,6 @@ export async function mountApp( initialInput={initialInput} redirectTo={redirectCallback} redirectToOrigin={redirectToOrigin} - redirectToDashboard={redirectToDashboard} onAppLeave={params.onAppLeave} setHeaderActionMenu={params.setHeaderActionMenu} history={props.history} @@ -299,73 +289,45 @@ export function loadDocument( } lensStore.dispatch(setState({ isAppLoading: true })); - attributeService - .unwrapAttributes(initialInput) - .then((attributes) => { - if (!initialInput) { - return; - } - const doc = { - ...initialInput, - ...attributes, - type: LENS_EMBEDDABLE_TYPE, - }; - - if (attributeService.inputIsRefType(initialInput)) { - chrome.recentlyAccessed.add( - getFullPath(initialInput.savedObjectId), - attributes.title, - initialInput.savedObjectId + getLastKnownDoc({ + initialInput, + attributeService, + data, + chrome, + notifications, + }).then( + (newState) => { + if (newState) { + const { doc, indexPatterns } = newState; + const currentSessionId = data.search.session.getSessionId(); + lensStore.dispatch( + setState({ + query: doc.state.query, + isAppLoading: false, + indexPatternsForTopNav: indexPatterns, + lastKnownDoc: doc, + searchSessionId: + dashboardFeatureFlag.allowByValueEmbeddables && + Boolean(embeddableEditorIncomingState?.originatingApp) && + !(initialInput as LensByReferenceInput)?.savedObjectId && + currentSessionId + ? currentSessionId + : data.search.session.start(), + ...(!isEqual(persistedDoc, doc) ? { persistedDoc: doc } : null), + }) ); + } else { + redirectCallback(); } - const indexPatternIds = uniq( - doc.references.filter(({ type }) => type === 'index-pattern').map(({ id }) => id) - ); - getAllIndexPatterns(indexPatternIds, data.indexPatterns) - .then(({ indexPatterns }) => { - // Don't overwrite any pinned filters - data.query.filterManager.setAppFilters( - injectFilterReferences(doc.state.filters, doc.references) - ); - const currentSessionId = data.search.session.getSessionId(); - lensStore.dispatch( - setState({ - query: doc.state.query, - isAppLoading: false, - indexPatternsForTopNav: indexPatterns, - lastKnownDoc: doc, - searchSessionId: - dashboardFeatureFlag.allowByValueEmbeddables && - Boolean(embeddableEditorIncomingState?.originatingApp) && - !(initialInput as LensByReferenceInput)?.savedObjectId && - currentSessionId - ? currentSessionId - : data.search.session.start(), - ...(!isEqual(persistedDoc, doc) ? { persistedDoc: doc } : null), - }) - ); - }) - .catch((e) => { - lensStore.dispatch( - setState({ - isAppLoading: false, - }) - ); - redirectCallback(); - }); - }) - .catch((e) => { + }, + () => { lensStore.dispatch( setState({ isAppLoading: false, }) ); - notifications.toasts.addDanger( - i18n.translate('xpack.lens.app.docLoadingError', { - defaultMessage: 'Error loading saved document', - }) - ); redirectCallback(); - }); + } + ); } diff --git a/x-pack/plugins/lens/public/app_plugin/save_modal_container.tsx b/x-pack/plugins/lens/public/app_plugin/save_modal_container.tsx new file mode 100644 index 00000000000000..a65c8e6732e448 --- /dev/null +++ b/x-pack/plugins/lens/public/app_plugin/save_modal_container.tsx @@ -0,0 +1,413 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { useEffect, useState } from 'react'; +import { ChromeStart, NotificationsStart } from 'kibana/public'; +import { i18n } from '@kbn/i18n'; +import { partition, uniq } from 'lodash'; +import { METRIC_TYPE } from '@kbn/analytics'; +import { SaveModal } from './save_modal'; +import { LensAppProps, LensAppServices } from './types'; +import type { SaveProps } from './app'; +import { Document, injectFilterReferences } from '../persistence'; +import { LensByReferenceInput, LensEmbeddableInput } from '../editor_frame_service/embeddable'; +import { LensAttributeService } from '../lens_attribute_service'; +import { + DataPublicPluginStart, + esFilters, + IndexPattern, +} from '../../../../../src/plugins/data/public'; +import { APP_ID, getFullPath, LENS_EMBEDDABLE_TYPE } from '../../common'; +import { getAllIndexPatterns } from '../utils'; +import { trackUiEvent } from '../lens_ui_telemetry'; +import { checkForDuplicateTitle } from '../../../../../src/plugins/saved_objects/public'; +import { LensAppState } from '../state_management'; + +type ExtraProps = Pick & + Partial>; + +export type SaveModalContainerProps = { + isVisible: boolean; + originatingApp?: string; + persistedDoc?: Document; + lastKnownDoc?: Document; + returnToOriginSwitchLabel?: string; + onClose: () => void; + onSave?: () => void; + runSave?: (saveProps: SaveProps, options: { saveToLibrary: boolean }) => void; + isSaveable?: boolean; + getAppNameFromId?: () => string | undefined; + lensServices: LensAppServices; +} & ExtraProps; + +export function SaveModalContainer({ + returnToOriginSwitchLabel, + onClose, + onSave, + runSave, + isVisible, + persistedDoc, + originatingApp, + initialInput, + redirectTo, + redirectToOrigin, + getAppNameFromId = () => undefined, + isSaveable = true, + lastKnownDoc: initLastKnowDoc, + lensServices, +}: SaveModalContainerProps) { + const [lastKnownDoc, setLastKnownDoc] = useState(initLastKnowDoc); + + const { + attributeService, + notifications, + data, + chrome, + savedObjectsTagging, + application, + dashboardFeatureFlag, + } = lensServices; + + useEffect(() => { + setLastKnownDoc(initLastKnowDoc); + }, [initLastKnowDoc]); + + useEffect(() => { + async function loadLastKnownDoc() { + if (initialInput && isVisible) { + getLastKnownDoc({ + data, + initialInput, + chrome, + notifications, + attributeService, + }).then((result) => { + if (result) setLastKnownDoc(result.doc); + }); + } + } + + loadLastKnownDoc(); + }, [chrome, data, initialInput, notifications, attributeService, isVisible]); + + const tagsIds = + persistedDoc && savedObjectsTagging + ? savedObjectsTagging.ui.getTagIdsFromReferences(persistedDoc.references) + : []; + + const runLensSave = (saveProps: SaveProps, options: { saveToLibrary: boolean }) => { + if (runSave) { + // inside lens, we use the function that's passed to it + runSave(saveProps, options); + } else { + if (attributeService && lastKnownDoc) { + runSaveLensVisualization( + { + ...lensServices, + lastKnownDoc, + initialInput, + attributeService, + redirectTo, + redirectToOrigin, + originatingApp, + getIsByValueMode: () => false, + onAppLeave: () => {}, + }, + saveProps, + options + ).then(() => { + onSave?.(); + onClose(); + }); + } + } + }; + + const savingToLibraryPermitted = Boolean(isSaveable && application.capabilities.visualize.save); + + return ( + { + runLensSave(saveProps, options); + }} + onClose={onClose} + getAppNameFromId={getAppNameFromId} + lastKnownDoc={lastKnownDoc} + returnToOriginSwitchLabel={returnToOriginSwitchLabel} + /> + ); +} + +const redirectToDashboard = ({ + embeddableInput, + dashboardFeatureFlag, + dashboardId, + stateTransfer, +}: { + embeddableInput: LensEmbeddableInput; + dashboardId: string; + dashboardFeatureFlag: LensAppServices['dashboardFeatureFlag']; + stateTransfer: LensAppServices['stateTransfer']; +}) => { + if (!dashboardFeatureFlag.allowByValueEmbeddables) { + throw new Error('redirectToDashboard called with by-value embeddables disabled'); + } + + const state = { + input: embeddableInput, + type: LENS_EMBEDDABLE_TYPE, + }; + + const path = dashboardId === 'new' ? '#/create' : `#/view/${dashboardId}`; + stateTransfer.navigateToWithEmbeddablePackage('dashboards', { + state, + path, + }); +}; + +export const runSaveLensVisualization = async ( + props: { + lastKnownDoc?: Document; + getIsByValueMode: () => boolean; + persistedDoc?: Document; + originatingApp?: string; + } & ExtraProps & + LensAppServices, + saveProps: SaveProps, + options: { saveToLibrary: boolean } +): Promise | undefined> => { + if (!props.lastKnownDoc) { + return; + } + + const { + chrome, + initialInput, + originatingApp, + lastKnownDoc, + persistedDoc, + savedObjectsClient, + overlays, + notifications, + stateTransfer, + attributeService, + usageCollection, + savedObjectsTagging, + getIsByValueMode, + redirectToOrigin, + onAppLeave, + redirectTo, + dashboardFeatureFlag, + } = props; + + const tagsIds = + persistedDoc && savedObjectsTagging + ? savedObjectsTagging.ui.getTagIdsFromReferences(persistedDoc.references) + : []; + if (usageCollection) { + usageCollection.reportUiCounter(originatingApp || 'visualize', METRIC_TYPE.CLICK, 'lens:save'); + } + + let references = lastKnownDoc.references; + if (savedObjectsTagging) { + references = savedObjectsTagging.ui.updateTagsReferences( + references, + saveProps.newTags || tagsIds + ); + } + + const docToSave = { + ...getLastKnownDocWithoutPinnedFilters(lastKnownDoc)!, + description: saveProps.newDescription, + title: saveProps.newTitle, + references, + }; + + // Required to serialize filters in by value mode until + // https://github.com/elastic/kibana/issues/77588 is fixed + if (getIsByValueMode()) { + docToSave.state.filters.forEach((filter) => { + if (typeof filter.meta.value === 'function') { + delete filter.meta.value; + } + }); + } + + const originalInput = saveProps.newCopyOnSave ? undefined : initialInput; + const originalSavedObjectId = (originalInput as LensByReferenceInput)?.savedObjectId; + if (options.saveToLibrary) { + try { + await checkForDuplicateTitle( + { + id: originalSavedObjectId, + title: docToSave.title, + copyOnSave: saveProps.newCopyOnSave, + lastSavedTitle: lastKnownDoc.title, + getEsType: () => 'lens', + getDisplayName: () => + i18n.translate('xpack.lens.app.saveModalType', { + defaultMessage: 'Lens visualization', + }), + }, + saveProps.isTitleDuplicateConfirmed, + saveProps.onTitleDuplicate, + { + savedObjectsClient, + overlays, + } + ); + } catch (e) { + // ignore duplicate title failure, user notified in save modal + throw e; + } + } + try { + const newInput = (await attributeService.wrapAttributes( + docToSave, + options.saveToLibrary, + originalInput + )) as LensEmbeddableInput; + + if (saveProps.returnToOrigin && redirectToOrigin) { + // disabling the validation on app leave because the document has been saved. + onAppLeave?.((actions) => { + return actions.default(); + }); + redirectToOrigin({ input: newInput, isCopied: saveProps.newCopyOnSave }); + return; + } else if (saveProps.dashboardId) { + // disabling the validation on app leave because the document has been saved. + onAppLeave?.((actions) => { + return actions.default(); + }); + redirectToDashboard({ + embeddableInput: newInput, + dashboardId: saveProps.dashboardId, + stateTransfer, + dashboardFeatureFlag, + }); + return; + } + + notifications.toasts.addSuccess( + i18n.translate('xpack.lens.app.saveVisualization.successNotificationText', { + defaultMessage: `Saved '{visTitle}'`, + values: { + visTitle: docToSave.title, + }, + }) + ); + + if ( + attributeService.inputIsRefType(newInput) && + newInput.savedObjectId !== originalSavedObjectId + ) { + chrome.recentlyAccessed.add( + getFullPath(newInput.savedObjectId), + docToSave.title, + newInput.savedObjectId + ); + + // remove editor state so the connection is still broken after reload + stateTransfer.clearEditorState?.(APP_ID); + + redirectTo?.(newInput.savedObjectId); + return { isLinkedToOriginatingApp: false }; + } + + const newDoc = { + ...docToSave, + ...newInput, + }; + + return { persistedDoc: newDoc, lastKnownDoc: newDoc, isLinkedToOriginatingApp: false }; + } catch (e) { + // eslint-disable-next-line no-console + console.dir(e); + trackUiEvent('save_failed'); + throw e; + } +}; + +export function getLastKnownDocWithoutPinnedFilters(doc?: Document) { + if (!doc) return undefined; + const [pinnedFilters, appFilters] = partition( + injectFilterReferences(doc.state?.filters || [], doc.references), + esFilters.isFilterPinned + ); + return pinnedFilters?.length + ? { + ...doc, + state: { + ...doc.state, + filters: appFilters, + }, + } + : doc; +} + +export const getLastKnownDoc = async ({ + initialInput, + attributeService, + data, + notifications, + chrome, +}: { + initialInput: LensEmbeddableInput; + attributeService: LensAttributeService; + data: DataPublicPluginStart; + notifications: NotificationsStart; + chrome: ChromeStart; +}): Promise<{ doc: Document; indexPatterns: IndexPattern[] } | undefined> => { + let doc: Document; + + try { + const attributes = await attributeService.unwrapAttributes(initialInput); + + doc = { + ...initialInput, + ...attributes, + type: LENS_EMBEDDABLE_TYPE, + }; + + if (attributeService.inputIsRefType(initialInput)) { + chrome.recentlyAccessed.add( + getFullPath(initialInput.savedObjectId), + attributes.title, + initialInput.savedObjectId + ); + } + const indexPatternIds = uniq( + doc.references.filter(({ type }) => type === 'index-pattern').map(({ id }) => id) + ); + const { indexPatterns } = await getAllIndexPatterns(indexPatternIds, data.indexPatterns); + + // Don't overwrite any pinned filters + data.query.filterManager.setAppFilters( + injectFilterReferences(doc.state.filters, doc.references) + ); + return { + doc, + indexPatterns, + }; + } catch (e) { + notifications.toasts.addDanger( + i18n.translate('xpack.lens.app.docLoadingError', { + defaultMessage: 'Error loading saved document', + }) + ); + } +}; + +// eslint-disable-next-line import/no-default-export +export default SaveModalContainer; diff --git a/x-pack/plugins/lens/public/app_plugin/shared/saved_modal_lazy.tsx b/x-pack/plugins/lens/public/app_plugin/shared/saved_modal_lazy.tsx new file mode 100644 index 00000000000000..f1a537fe65928a --- /dev/null +++ b/x-pack/plugins/lens/public/app_plugin/shared/saved_modal_lazy.tsx @@ -0,0 +1,66 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { Suspense, useEffect, useState } from 'react'; + +import { EuiLoadingSpinner, EuiOverlayMask } from '@elastic/eui'; +import { CoreStart } from 'kibana/public'; +import type { SaveModalContainerProps } from '../save_modal_container'; +import type { LensAttributeService } from '../../lens_attribute_service'; +import type { LensPluginStartDependencies } from '../../plugin'; +import type { LensAppServices } from '../types'; +const SaveModal = React.lazy(() => import('../save_modal_container')); + +function LoadingSpinnerWithOverlay() { + return ( + + + + ); +} + +const LensSavedModalLazy = (props: SaveModalContainerProps) => { + return ( + }> + + + ); +}; + +export function getSaveModalComponent( + coreStart: CoreStart, + startDependencies: LensPluginStartDependencies, + attributeService: () => Promise +) { + return (props: Omit) => { + const [lensServices, setLensServices] = useState(); + + useEffect(() => { + async function loadLensService() { + const { getLensServices } = await import('../../async_services'); + const lensServicesT = await getLensServices(coreStart, startDependencies, attributeService); + + setLensServices(lensServicesT); + } + loadLensService(); + }, []); + + if (!lensServices) { + return ; + } + + const { ContextProvider: PresentationUtilContext } = lensServices.presentationUtil; + + return ( + + + + + + ); + }; +} diff --git a/x-pack/plugins/lens/public/app_plugin/types.ts b/x-pack/plugins/lens/public/app_plugin/types.ts index 72850552723f33..b253e76aa14071 100644 --- a/x-pack/plugins/lens/public/app_plugin/types.ts +++ b/x-pack/plugins/lens/public/app_plugin/types.ts @@ -18,6 +18,8 @@ import { SavedObjectsStart, } from '../../../../../src/core/public'; import { DataPublicPluginStart } from '../../../../../src/plugins/data/public'; +import { UsageCollectionStart } from '../../../../../src/plugins/usage_collection/public'; +import { DashboardStart } from '../../../../../src/plugins/dashboard/public'; import { LensEmbeddableInput } from '../editor_frame_service/embeddable/embeddable'; import { NavigationPublicPluginStart } from '../../../../../src/plugins/navigation/public'; import { LensAttributeService } from '../lens_attribute_service'; @@ -33,6 +35,7 @@ import { EmbeddableStateTransfer, } from '../../../../../src/plugins/embeddable/public'; import { EditorFrameInstance } from '../types'; +import { PresentationUtilPluginStart } from '../../../../../src/plugins/presentation_util/public'; export interface RedirectToOriginProps { input?: LensEmbeddableInput; isCopied?: boolean; @@ -45,7 +48,6 @@ export interface LensAppProps { setHeaderActionMenu: AppMountParameters['setHeaderActionMenu']; redirectTo: (savedObjectId?: string) => void; redirectToOrigin?: (props?: RedirectToOriginProps) => void; - redirectToDashboard?: (input: LensEmbeddableInput, dashboardId: string) => void; // The initial input passed in by the container when editing. Can be either by reference or by value. initialInput?: LensEmbeddableInput; @@ -91,16 +93,19 @@ export interface LensAppServices { chrome: ChromeStart; overlays: OverlayStart; storage: IStorageWrapper; + dashboard: DashboardStart; data: DataPublicPluginStart; uiSettings: IUiSettingsClient; application: ApplicationStart; notifications: NotificationsStart; + usageCollection?: UsageCollectionStart; stateTransfer: EmbeddableStateTransfer; navigation: NavigationPublicPluginStart; attributeService: LensAttributeService; savedObjectsClient: SavedObjectsStart['client']; savedObjectsTagging?: SavedObjectTaggingPluginStart; getOriginatingAppName: () => string | undefined; + presentationUtil: PresentationUtilPluginStart; // Temporarily required until the 'by value' paradigm is default. dashboardFeatureFlag: DashboardFeatureFlagConfig; diff --git a/x-pack/plugins/lens/public/async_services.ts b/x-pack/plugins/lens/public/async_services.ts index b0ecc412c357ff..e7be2959556154 100644 --- a/x-pack/plugins/lens/public/async_services.ts +++ b/x-pack/plugins/lens/public/async_services.ts @@ -27,3 +27,4 @@ export * from './editor_frame_service/embeddable'; export * from './app_plugin/mounter'; export * from './lens_attribute_service'; export * from './lens_ui_telemetry'; +export * from './app_plugin/save_modal_container'; diff --git a/x-pack/plugins/lens/public/index.ts b/x-pack/plugins/lens/public/index.ts index 0fdd3bf4262325..98e0198b9d0faa 100644 --- a/x-pack/plugins/lens/public/index.ts +++ b/x-pack/plugins/lens/public/index.ts @@ -55,6 +55,8 @@ export type { DerivativeIndexPatternColumn, MovingAverageIndexPatternColumn, } from './indexpattern_datasource/types'; +export type { LensEmbeddableInput } from './editor_frame_service/embeddable'; + export { LensPublicStart } from './plugin'; export const plugin = () => new LensPlugin(); diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/dimension_editor.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/dimension_editor.tsx index 3dd2d4a4ba3f50..4ffd0db52d3746 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/dimension_editor.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/dimension_editor.tsx @@ -146,6 +146,11 @@ export function DimensionEditor(props: DimensionEditorProps) { const possibleOperations = useMemo(() => { return Object.values(operationDefinitionMap) .filter(({ hidden }) => !hidden) + .filter( + (operationDefinition) => + !('selectionStyle' in operationDefinition) || + operationDefinition.selectionStyle !== 'hidden' + ) .filter(({ type }) => fieldByOperation[type]?.size || operationWithoutField.has(type)) .sort((op1, op2) => { return op1.displayName.localeCompare(op2.displayName); diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/index.ts b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/index.ts index 815acb8c4169fb..a7741bc60d6469 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/index.ts +++ b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/index.ts @@ -9,3 +9,13 @@ export { counterRateOperation, CounterRateIndexPatternColumn } from './counter_r export { cumulativeSumOperation, CumulativeSumIndexPatternColumn } from './cumulative_sum'; export { derivativeOperation, DerivativeIndexPatternColumn } from './differences'; export { movingAverageOperation, MovingAverageIndexPatternColumn } from './moving_average'; +export { + overallSumOperation, + OverallSumIndexPatternColumn, + overallMinOperation, + OverallMinIndexPatternColumn, + overallMaxOperation, + OverallMaxIndexPatternColumn, + overallAverageOperation, + OverallAverageIndexPatternColumn, +} from './overall_metric'; diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/overall_metric.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/overall_metric.tsx new file mode 100644 index 00000000000000..21ec5387b38539 --- /dev/null +++ b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/overall_metric.tsx @@ -0,0 +1,224 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { i18n } from '@kbn/i18n'; +import { FormattedIndexPatternColumn, ReferenceBasedIndexPatternColumn } from '../column_types'; +import { optionallHistogramBasedOperationToExpression } from './utils'; +import { OperationDefinition } from '..'; +import { getFormatFromPreviousColumn } from '../helpers'; + +type OverallMetricIndexPatternColumn = FormattedIndexPatternColumn & + ReferenceBasedIndexPatternColumn & { + operationType: T; + }; + +export type OverallSumIndexPatternColumn = OverallMetricIndexPatternColumn<'overall_sum'>; +export type OverallMinIndexPatternColumn = OverallMetricIndexPatternColumn<'overall_min'>; +export type OverallMaxIndexPatternColumn = OverallMetricIndexPatternColumn<'overall_max'>; +export type OverallAverageIndexPatternColumn = OverallMetricIndexPatternColumn<'overall_average'>; + +function buildOverallMetricOperation>({ + type, + displayName, + ofName, + description, + metric, +}: { + type: T['operationType']; + displayName: string; + ofName: (name?: string) => string; + description: string; + metric: string; +}): OperationDefinition { + return { + type, + priority: 1, + displayName, + input: 'fullReference', + selectionStyle: 'hidden', + requiredReferences: [ + { + input: ['field', 'managedReference', 'fullReference'], + validateMetadata: (meta) => meta.dataType === 'number' && !meta.isBucketed, + }, + ], + getPossibleOperation: () => { + return { + dataType: 'number', + isBucketed: false, + scale: 'ratio', + }; + }, + getDefaultLabel: (column, indexPattern, columns) => { + const ref = columns[column.references[0]]; + return ofName( + ref && 'sourceField' in ref + ? indexPattern.getFieldByName(ref.sourceField)?.displayName + : undefined + ); + }, + toExpression: (layer, columnId) => { + return optionallHistogramBasedOperationToExpression(layer, columnId, 'overall_metric', { + metric: [metric], + }); + }, + buildColumn: ({ referenceIds, previousColumn, layer, indexPattern }, columnParams) => { + const ref = layer.columns[referenceIds[0]]; + return { + label: ofName( + ref && 'sourceField' in ref + ? indexPattern.getFieldByName(ref.sourceField)?.displayName + : undefined + ), + dataType: 'number', + operationType: 'overall_sum', + isBucketed: false, + scale: 'ratio', + references: referenceIds, + params: getFormatFromPreviousColumn(previousColumn), + } as T; + }, + isTransferable: () => { + return true; + }, + filterable: false, + shiftable: false, + documentation: { + section: 'calculation', + signature: i18n.translate('xpack.lens.indexPattern.overall_metric', { + defaultMessage: 'metric: number', + }), + description, + }, + }; +} + +export const overallSumOperation = buildOverallMetricOperation({ + type: 'overall_sum', + displayName: i18n.translate('xpack.lens.indexPattern.overallSum', { + defaultMessage: 'Overall sum', + }), + ofName: (name?: string) => { + return i18n.translate('xpack.lens.indexPattern.overallSumOf', { + defaultMessage: 'Overall sum of {name}', + values: { + name: + name ?? + i18n.translate('xpack.lens.indexPattern.incompleteOperation', { + defaultMessage: '(incomplete)', + }), + }, + }); + }, + metric: 'sum', + description: i18n.translate('xpack.lens.indexPattern.overall_sum.documentation', { + defaultMessage: ` +Calculates the sum of a metric of all data points of a series in the current chart. A series is defined by a dimension using a date histogram or interval function. +Other dimensions breaking down the data like top values or filter are treated as separate series. + +If no date histograms or interval functions are used in the current chart, \`overall_sum\` is calculating the sum over all dimensions no matter the used function. + +Example: Percentage of total +\`sum(bytes) / overall_sum(sum(bytes))\` + `, + }), +}); + +export const overallMinOperation = buildOverallMetricOperation({ + type: 'overall_min', + displayName: i18n.translate('xpack.lens.indexPattern.overallMin', { + defaultMessage: 'Overall min', + }), + ofName: (name?: string) => { + return i18n.translate('xpack.lens.indexPattern.overallMinOf', { + defaultMessage: 'Overall min of {name}', + values: { + name: + name ?? + i18n.translate('xpack.lens.indexPattern.incompleteOperation', { + defaultMessage: '(incomplete)', + }), + }, + }); + }, + metric: 'min', + description: i18n.translate('xpack.lens.indexPattern.overall_min.documentation', { + defaultMessage: ` +Calculates the minimum of a metric for all data points of a series in the current chart. A series is defined by a dimension using a date histogram or interval function. +Other dimensions breaking down the data like top values or filter are treated as separate series. + +If no date histograms or interval functions are used in the current chart, \`overall_min\` is calculating the minimum over all dimensions no matter the used function + +Example: Percentage of range +\`(sum(bytes) - overall_min(sum(bytes)) / (overall_max(bytes) - overall_min(bytes))\` + `, + }), +}); + +export const overallMaxOperation = buildOverallMetricOperation({ + type: 'overall_max', + displayName: i18n.translate('xpack.lens.indexPattern.overallMax', { + defaultMessage: 'Overall max', + }), + ofName: (name?: string) => { + return i18n.translate('xpack.lens.indexPattern.overallMaxOf', { + defaultMessage: 'Overall max of {name}', + values: { + name: + name ?? + i18n.translate('xpack.lens.indexPattern.incompleteOperation', { + defaultMessage: '(incomplete)', + }), + }, + }); + }, + metric: 'max', + description: i18n.translate('xpack.lens.indexPattern.overall_max.documentation', { + defaultMessage: ` +Calculates the maximum of a metric for all data points of a series in the current chart. A series is defined by a dimension using a date histogram or interval function. +Other dimensions breaking down the data like top values or filter are treated as separate series. + +If no date histograms or interval functions are used in the current chart, \`overall_max\` is calculating the maximum over all dimensions no matter the used function + +Example: Percentage of range +\`(sum(bytes) - overall_min(sum(bytes)) / (overall_max(bytes) - overall_min(bytes))\` + `, + }), +}); + +export const overallAverageOperation = buildOverallMetricOperation( + { + type: 'overall_average', + displayName: i18n.translate('xpack.lens.indexPattern.overallMax', { + defaultMessage: 'Overall max', + }), + ofName: (name?: string) => { + return i18n.translate('xpack.lens.indexPattern.overallAverageOf', { + defaultMessage: 'Overall average of {name}', + values: { + name: + name ?? + i18n.translate('xpack.lens.indexPattern.incompleteOperation', { + defaultMessage: '(incomplete)', + }), + }, + }); + }, + metric: 'average', + description: i18n.translate('xpack.lens.indexPattern.overall_average.documentation', { + defaultMessage: ` +Calculates the average of a metric for all data points of a series in the current chart. A series is defined by a dimension using a date histogram or interval function. +Other dimensions breaking down the data like top values or filter are treated as separate series. + +If no date histograms or interval functions are used in the current chart, \`overall_average\` is calculating the average over all dimensions no matter the used function + +Example: Divergence from the mean: +\`sum(bytes) - overall_average(sum(bytes))\` + `, + }), + } +); diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/utils.ts b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/utils.ts index 1f4f097c6a7fb5..03b9d6c07709c5 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/utils.ts +++ b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/calculations/utils.ts @@ -134,3 +134,35 @@ export function dateBasedOperationToExpression( }, ]; } + +/** + * Creates an expression ast for a date based operation (cumulative sum, derivative, moving average, counter rate) + */ +export function optionallHistogramBasedOperationToExpression( + layer: IndexPatternLayer, + columnId: string, + functionName: string, + additionalArgs: Record = {} +): ExpressionFunctionAST[] { + const currentColumn = (layer.columns[columnId] as unknown) as ReferenceBasedIndexPatternColumn; + const buckets = layer.columnOrder.filter((colId) => layer.columns[colId].isBucketed); + const nonHistogramColumns = buckets.filter( + (colId) => + layer.columns[colId].operationType !== 'date_histogram' && + layer.columns[colId].operationType !== 'range' + )!; + + return [ + { + type: 'function', + function: functionName, + arguments: { + by: nonHistogramColumns.length === buckets.length ? [] : nonHistogramColumns, + inputColumnId: [currentColumn.references[0]], + outputColumnId: [columnId], + outputColumnName: [currentColumn.label], + ...additionalArgs, + }, + }, + ]; +} diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/formula.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/formula.tsx index 3ed50906908762..6d3ab6a7f3082f 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/formula.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/formula.tsx @@ -100,28 +100,11 @@ export const formulaOperation: OperationDefinition< return [ { type: 'function', - function: 'mapColumn', + function: currentColumn.references.length ? 'mathColumn' : 'mapColumn', arguments: { id: [columnId], name: [label || defaultLabel], - exp: [ - { - type: 'expression', - chain: currentColumn.references.length - ? [ - { - type: 'function', - function: 'math', - arguments: { - expression: [ - currentColumn.references.length ? `"${currentColumn.references[0]}"` : ``, - ], - }, - }, - ] - : [], - }, - ], + expression: [currentColumn.references.length ? `"${currentColumn.references[0]}"` : ''], }, }, ]; diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/math.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/math.tsx index 527af324b5b054..52522a18604aa0 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/math.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/operations/definitions/formula/math.tsx @@ -45,25 +45,12 @@ export const mathOperation: OperationDefinition { "operationType": "moving_average", "type": "fullReference", }, + Object { + "operationType": "overall_sum", + "type": "fullReference", + }, + Object { + "operationType": "overall_min", + "type": "fullReference", + }, + Object { + "operationType": "overall_max", + "type": "fullReference", + }, + Object { + "operationType": "overall_average", + "type": "fullReference", + }, Object { "field": "bytes", "operationType": "min", diff --git a/x-pack/plugins/lens/public/mocks.tsx b/x-pack/plugins/lens/public/mocks.tsx index 07935bb2f241b8..b35353b98a5859 100644 --- a/x-pack/plugins/lens/public/mocks.tsx +++ b/x-pack/plugins/lens/public/mocks.tsx @@ -21,6 +21,7 @@ import { navigationPluginMock } from '../../../../src/plugins/navigation/public/ import { LensAppServices } from './app_plugin/types'; import { DOC_TYPE } from '../common'; import { DataPublicPluginStart, esFilters, UI_SETTINGS } from '../../../../src/plugins/data/public'; +import { dashboardPluginMock } from '../../../../src/plugins/dashboard/public/mocks'; import { LensByValueInput, LensSavedObjectAttributes, @@ -35,6 +36,7 @@ import { EmbeddableStateTransfer } from '../../../../src/plugins/embeddable/publ import { makeConfigureStore, getPreloadedState, LensAppState } from './state_management/index'; import { getResolvedDateRange } from './utils'; +import { presentationUtilPluginMock } from '../../../../src/plugins/presentation_util/public/mocks'; export type Start = jest.Mocked; @@ -43,6 +45,9 @@ const createStartContract = (): Start => { EmbeddableComponent: jest.fn(() => { return Lens Embeddable Component; }), + SaveModalComponent: jest.fn(() => { + return Lens Save Modal Component; + }), canUseEditor: jest.fn(() => true), navigateToPrefilledEditor: jest.fn(), getXyVisTypes: jest.fn().mockReturnValue(new Promise((resolve) => resolve(visualizationTypes))), @@ -228,6 +233,8 @@ export function makeDefaultServices( navigation: navigationStartMock, notifications: core.notifications, attributeService: makeAttributeService(), + dashboard: dashboardPluginMock.createStartContract(), + presentationUtil: presentationUtilPluginMock.createStartContract(core), savedObjectsClient: core.savedObjects.client, dashboardFeatureFlag: { allowByValueEmbeddables: false }, stateTransfer: createEmbeddableStateTransferMock() as EmbeddableStateTransfer, diff --git a/x-pack/plugins/lens/public/plugin.ts b/x-pack/plugins/lens/public/plugin.ts index fe225dba6f2561..328bea5def557e 100644 --- a/x-pack/plugins/lens/public/plugin.ts +++ b/x-pack/plugins/lens/public/plugin.ts @@ -6,7 +6,7 @@ */ import { AppMountParameters, CoreSetup, CoreStart } from 'kibana/public'; -import { UsageCollectionSetup } from 'src/plugins/usage_collection/public'; +import { UsageCollectionSetup, UsageCollectionStart } from 'src/plugins/usage_collection/public'; import { DataPublicPluginSetup, DataPublicPluginStart } from '../../../../src/plugins/data/public'; import { EmbeddableSetup, EmbeddableStart } from '../../../../src/plugins/embeddable/public'; import { DashboardStart } from '../../../../src/plugins/dashboard/public'; @@ -55,6 +55,8 @@ import { getEmbeddableComponent, } from './editor_frame_service/embeddable/embeddable_component'; import { HeatmapVisualization } from './heatmap_visualization'; +import { getSaveModalComponent } from './app_plugin/shared/saved_modal_lazy'; +import { SaveModalContainerProps } from './app_plugin/save_modal_container'; export interface LensPluginSetupDependencies { urlForwarding: UrlForwardingSetup; @@ -79,6 +81,7 @@ export interface LensPluginStartDependencies { savedObjectsTagging?: SavedObjectTaggingPluginStart; presentationUtil: PresentationUtilPluginStart; indexPatternFieldEditor: IndexPatternFieldEditorStart; + usageCollection?: UsageCollectionStart; } export interface LensPublicStart { @@ -91,6 +94,15 @@ export interface LensPublicStart { * @experimental */ EmbeddableComponent: React.ComponentType; + /** + * React component which can be used to embed a Lens Visualization Save Modal Component. + * See `x-pack/examples/embedded_lens_example` for exemplary usage. + * + * This API might undergo breaking changes even in minor versions. + * + * @experimental + */ + SaveModalComponent: React.ComponentType>; /** * Method which navigates to the Lens editor, loading the state specified by the `input` parameter. * See `x-pack/examples/embedded_lens_example` for exemplary usage. @@ -185,11 +197,6 @@ export class LensPlugin { visualizations.registerAlias(getLensAliasConfig()); - const getByValueFeatureFlag = async () => { - const [, deps] = await core.getStartServices(); - return deps.dashboard.dashboardFeatureFlagConfig; - }; - const getPresentationUtilContext = async () => { const [, deps] = await core.getStartServices(); const { ContextProvider } = deps.presentationUtil; @@ -214,7 +221,6 @@ export class LensPlugin { return mountApp(core, params, { createEditorFrame: this.createEditorFrame!, attributeService: this.attributeService!, - getByValueFeatureFlag, getPresentationUtilContext, }); }, @@ -251,6 +257,7 @@ export class LensPlugin { return { EmbeddableComponent: getEmbeddableComponent(startDependencies.embeddable), + SaveModalComponent: getSaveModalComponent(core, startDependencies, this.attributeService!), navigateToPrefilledEditor: (input: LensEmbeddableInput, openInNewTab?: boolean) => { // for openInNewTab, we set the time range in url via getEditPath below if (input.timeRange && !openInNewTab) { diff --git a/x-pack/plugins/lens/public/vis_type_alias.ts b/x-pack/plugins/lens/public/vis_type_alias.ts index b9a526c71180cf..5b48ef8b31923a 100644 --- a/x-pack/plugins/lens/public/vis_type_alias.ts +++ b/x-pack/plugins/lens/public/vis_type_alias.ts @@ -42,6 +42,7 @@ export const getLensAliasConfig = (): VisTypeAlias => ({ icon: 'lensApp', stage: 'production', savedObjectType: type, + type: 'lens', typeTitle: i18n.translate('xpack.lens.visTypeAlias.type', { defaultMessage: 'Lens' }), }; }, diff --git a/x-pack/plugins/ml/common/types/es_client.ts b/x-pack/plugins/ml/common/types/es_client.ts index 67adda6b24c18a..29a7a81aa56939 100644 --- a/x-pack/plugins/ml/common/types/es_client.ts +++ b/x-pack/plugins/ml/common/types/es_client.ts @@ -7,9 +7,9 @@ import { estypes } from '@elastic/elasticsearch'; +import { JsonObject } from '@kbn/common-utils'; import { buildEsQuery } from '../../../../../src/plugins/data/common/es_query/es_query'; import type { DslQuery } from '../../../../../src/plugins/data/common/es_query/kuery'; -import type { JsonObject } from '../../../../../src/plugins/kibana_utils/common'; import { isPopulatedObject } from '../util/object_utils'; diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/components/classification_exploration/evaluate_panel.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/components/classification_exploration/evaluate_panel.tsx index bc1c9dbed1dcc7..086adcecd077a3 100644 --- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/components/classification_exploration/evaluate_panel.tsx +++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/components/classification_exploration/evaluate_panel.tsx @@ -17,7 +17,6 @@ import { EuiDataGridPopoverContents, EuiFlexGroup, EuiFlexItem, - EuiIconTip, EuiSpacer, EuiText, EuiTitle, @@ -51,6 +50,7 @@ import { isTrainingFilter } from './is_training_filter'; import { useRocCurve } from './use_roc_curve'; import { useConfusionMatrix } from './use_confusion_matrix'; import { MulticlassConfusionMatrixHelpPopover } from './confusion_matrix_help_popover'; +import { RocCurveHelpPopover } from './roc_curve_help_popover'; export interface EvaluatePanelProps { jobConfig: DataFrameAnalyticsConfig; @@ -409,7 +409,7 @@ export const EvaluatePanel: FC = ({ jobConfig, jobStatus, se {/* AUC ROC Chart */} - + = ({ jobConfig, jobStatus, se - + {Array.isArray(errorRocCurve) && ( diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/components/classification_exploration/roc_curve_help_popover.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/components/classification_exploration/roc_curve_help_popover.tsx new file mode 100644 index 00000000000000..f828cbabde8949 --- /dev/null +++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/components/classification_exploration/roc_curve_help_popover.tsx @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { useState } from 'react'; +import { i18n } from '@kbn/i18n'; +import { FormattedMessage } from '@kbn/i18n/react'; +import { + HelpPopover, + HelpPopoverButton, +} from '../../../../../components/help_popover/help_popover'; + +export const RocCurveHelpPopover = () => { + const [isPopoverOpen, setIsPopoverOpen] = useState(false); + + return ( + { + setIsPopoverOpen(!isPopoverOpen); + }} + /> + } + closePopover={() => setIsPopoverOpen(false)} + isOpen={isPopoverOpen} + title={i18n.translate('xpack.ml.dataframe.analytics.rocCurvePopoverTitle', { + defaultMessage: 'Receiver operating characteristic (ROC) curve', + })} + > +

+ +

+

+ +

+

+ +

+ + ); +}; diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json index ad7da3330bb6cd..90f88275cb6d0b 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json @@ -22,7 +22,7 @@ ], "per_partition_categorization": { "enabled": true, - "stop_on_warn": false + "stop_on_warn": true } }, "analysis_limits": { @@ -38,6 +38,6 @@ }, "custom_settings": { "created_by": "ml-module-logs-ui-categories", - "job_revision": 1 + "job_revision": 2 } } diff --git a/x-pack/plugins/observability/public/application/types.ts b/x-pack/plugins/observability/public/application/types.ts new file mode 100644 index 00000000000000..09c5de1e694c82 --- /dev/null +++ b/x-pack/plugins/observability/public/application/types.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ApplicationStart, + ChromeStart, + HttpStart, + IUiSettingsClient, + NotificationsStart, + OverlayStart, + SavedObjectsStart, +} from 'kibana/public'; +import { EmbeddableStateTransfer } from 'src/plugins/embeddable/public'; +import { NavigationPublicPluginStart } from 'src/plugins/navigation/public'; +import { IStorageWrapper } from '../../../../../src/plugins/kibana_utils/public'; +import { DataPublicPluginStart } from '../../../../../src/plugins/data/public'; +import { LensPublicStart } from '../../../lens/public'; +import { TriggersAndActionsUIPublicPluginStart } from '../../../triggers_actions_ui/public'; + +export interface ObservabilityAppServices { + http: HttpStart; + chrome: ChromeStart; + overlays: OverlayStart; + storage: IStorageWrapper; + data: DataPublicPluginStart; + uiSettings: IUiSettingsClient; + application: ApplicationStart; + notifications: NotificationsStart; + stateTransfer: EmbeddableStateTransfer; + navigation: NavigationPublicPluginStart; + savedObjectsClient: SavedObjectsStart['client']; + + triggersActionsUi: TriggersAndActionsUIPublicPluginStart; + lens: LensPublicStart; +} diff --git a/x-pack/plugins/observability/public/components/app/section/index.tsx b/x-pack/plugins/observability/public/components/app/section/index.tsx index 191a1b2890ada3..cbe0c45bbd169c 100644 --- a/x-pack/plugins/observability/public/components/app/section/index.tsx +++ b/x-pack/plugins/observability/public/components/app/section/index.tsx @@ -25,7 +25,7 @@ interface Props { export function SectionContainer({ title, appLink, children, hasError }: Props) { const { core } = usePluginContext(); return ( - + (); + const kServices = useKibana().services; + + const { lens } = kServices; const { getSeries } = useSeriesStorage(); const series = getSeries(seriesId); + const [isSaveOpen, setIsSaveOpen] = useState(false); + + const LensSaveModalComponent = lens.SaveModalComponent; + return ( - - - -

- {DataViewLabels[series.reportType] ?? - i18n.translate('xpack.observability.expView.heading.label', { - defaultMessage: 'Analyze data', - })}{' '} - -

- - - - { - if (lensAttributes) { - lens.navigateToPrefilledEditor( - { - id: '', - timeRange: series.time, - attributes: lensAttributes, - }, - true - ); - } - }} - > - {i18n.translate('xpack.observability.expView.heading.openInLens', { - defaultMessage: 'Open in Lens', - })} - - - + <> + + + +

+ {DataViewLabels[series.reportType] ?? + i18n.translate('xpack.observability.expView.heading.label', { + defaultMessage: 'Analyze data', + })}{' '} + +

+ + + + { + if (lensAttributes) { + lens.navigateToPrefilledEditor( + { + id: '', + timeRange: series.time, + attributes: lensAttributes, + }, + true + ); + } + }} + > + {i18n.translate('xpack.observability.expView.heading.openInLens', { + defaultMessage: 'Open in Lens', + })} + + + + { + if (lensAttributes) { + setIsSaveOpen(true); + } + }} + > + {i18n.translate('xpack.observability.expView.heading.saveLensVisualization', { + defaultMessage: 'Save', + })} + + + + + {isSaveOpen && lensAttributes && ( + setIsSaveOpen(false)} + onSave={() => {}} + /> + )} + ); } diff --git a/x-pack/plugins/observability/public/index.ts b/x-pack/plugins/observability/public/index.ts index 6bd9596d5d2964..9c73f1682f8192 100644 --- a/x-pack/plugins/observability/public/index.ts +++ b/x-pack/plugins/observability/public/index.ts @@ -6,6 +6,7 @@ */ import { PluginInitializerContext, PluginInitializer } from 'kibana/public'; +import { lazy } from 'react'; import { Plugin, ObservabilityPublicPluginsStart, @@ -54,6 +55,7 @@ export { METRIC_TYPE, } from './hooks/use_track_metric'; +export const LazyAlertsFlyout = lazy(() => import('./pages/alerts/alerts_flyout')); export { useFetcher, FETCH_STATUS } from './hooks/use_fetcher'; export * from './typings'; diff --git a/x-pack/plugins/observability/public/pages/alerts/alerts_flyout/alerts_flyout.stories.tsx b/x-pack/plugins/observability/public/pages/alerts/alerts_flyout/alerts_flyout.stories.tsx index 90c75a70c08135..8aae408b1f94be 100644 --- a/x-pack/plugins/observability/public/pages/alerts/alerts_flyout/alerts_flyout.stories.tsx +++ b/x-pack/plugins/observability/public/pages/alerts/alerts_flyout/alerts_flyout.stories.tsx @@ -5,14 +5,17 @@ * 2.0. */ +import { ALERT_UUID } from '@kbn/rule-data-utils/target/technical_field_names'; import React, { ComponentType } from 'react'; +import type { TopAlertResponse } from '../'; import { KibanaContextProvider } from '../../../../../../../src/plugins/kibana_react/public'; import { PluginContext, PluginContextValue } from '../../../context/plugin_context'; -import { TopAlert } from '../'; +import { createObservabilityRuleTypeRegistryMock } from '../../../rules/observability_rule_type_registry_mock'; +import { apmAlertResponseExample } from '../example_data'; import { AlertsFlyout } from './'; interface Args { - alert: TopAlert; + alerts: TopAlertResponse[]; } export default { @@ -53,35 +56,18 @@ export default { ], }; -export function Example({ alert }: Args) { - return {}} />; +export function Example({ alerts }: Args) { + const selectedAlertId = apmAlertResponseExample[0][ALERT_UUID][0]; + const observabilityRuleTypeRegistry = createObservabilityRuleTypeRegistryMock(); + return ( + {}} + /> + ); } Example.args = { - alert: { - link: '/app/apm/services/opbeans-java?rangeFrom=now-15m&rangeTo=now', - reason: 'Error count for opbeans-java was above the threshold', - active: true, - start: 1618235449493, - fields: { - 'rule.id': 'apm.error_rate', - 'service.environment': ['production'], - 'service.name': ['opbeans-java'], - 'rule.name': 'Error count threshold | opbeans-java (smith test)', - 'kibana.rac.alert.duration.us': 61787000, - 'kibana.rac.alert.evaluation.threshold': 0, - 'kibana.rac.alert.status': 'open', - tags: ['apm', 'service.name:opbeans-java'], - 'kibana.rac.alert.uuid': 'c50fbc70-0d77-462d-ac0a-f2bd0b8512e4', - 'rule.uuid': '474920d0-93e9-11eb-ac86-0b455460de81', - 'event.action': 'active', - '@timestamp': '2021-04-14T21:43:42.966Z', - 'kibana.rac.alert.id': 'apm.error_rate_opbeans-java_production', - 'processor.event': ['error'], - 'kibana.rac.alert.start': '2021-04-14T21:42:41.179Z', - 'kibana.rac.producer': 'apm', - 'event.kind': 'state', - 'rule.category': 'Error count threshold', - 'kibana.rac.alert.evaluation.value': 1, - }, - }, + alerts: apmAlertResponseExample, } as Args; diff --git a/x-pack/plugins/observability/public/pages/alerts/alerts_flyout/index.tsx b/x-pack/plugins/observability/public/pages/alerts/alerts_flyout/index.tsx index b4bf96bcc69050..c7faa28b046854 100644 --- a/x-pack/plugins/observability/public/pages/alerts/alerts_flyout/index.tsx +++ b/x-pack/plugins/observability/public/pages/alerts/alerts_flyout/index.tsx @@ -20,28 +20,50 @@ import { EuiTitle, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import moment from 'moment-timezone'; -import React from 'react'; import { ALERT_DURATION, ALERT_EVALUATION_THRESHOLD, ALERT_EVALUATION_VALUE, ALERT_SEVERITY_LEVEL, + ALERT_UUID, RULE_CATEGORY, RULE_NAME, } from '@kbn/rule-data-utils/target/technical_field_names'; -import { TopAlert } from '../'; -import { useUiSetting } from '../../../../../../../src/plugins/kibana_react/public'; +import moment from 'moment-timezone'; +import React, { useMemo } from 'react'; +import type { TopAlertResponse } from '../'; +import { useKibana, useUiSetting } from '../../../../../../../src/plugins/kibana_react/public'; import { asDuration } from '../../../../common/utils/formatters'; -import { usePluginContext } from '../../../hooks/use_plugin_context'; +import type { ObservabilityRuleTypeRegistry } from '../../../rules/create_observability_rule_type_registry'; +import { decorateResponse } from '../decorate_response'; import { SeverityBadge } from '../severity_badge'; -type AlertsFlyoutProps = { alert: TopAlert } & EuiFlyoutProps; +type AlertsFlyoutProps = { + alerts?: TopAlertResponse[]; + isInApp?: boolean; + observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry; + selectedAlertId?: string; +} & EuiFlyoutProps; -export function AlertsFlyout({ onClose, alert }: AlertsFlyoutProps) { +export function AlertsFlyout({ + alerts, + isInApp = false, + observabilityRuleTypeRegistry, + onClose, + selectedAlertId, +}: AlertsFlyoutProps) { const dateFormat = useUiSetting('dateFormat'); - const { core } = usePluginContext(); - const { prepend } = core.http.basePath; + const { services } = useKibana(); + const { http } = services; + const prepend = http?.basePath.prepend; + const decoratedAlerts = useMemo(() => { + return decorateResponse(alerts ?? [], observabilityRuleTypeRegistry); + }, [alerts, observabilityRuleTypeRegistry]); + const alert = decoratedAlerts?.find((a) => a.fields[ALERT_UUID] === selectedAlertId); + + if (!alert) { + return null; + } const overviewListItems = [ { @@ -107,11 +129,11 @@ export function AlertsFlyout({ onClose, alert }: AlertsFlyoutProps) { listItems={overviewListItems} /> - {alert.link && ( + {alert.link && !isInApp && ( - + View in app @@ -121,3 +143,6 @@ export function AlertsFlyout({ onClose, alert }: AlertsFlyoutProps) { ); } + +// eslint-disable-next-line import/no-default-export +export default AlertsFlyout; diff --git a/x-pack/plugins/observability/public/pages/alerts/alerts_table.tsx b/x-pack/plugins/observability/public/pages/alerts/alerts_table.tsx index 31e59679854b1a..28d211766cfe54 100644 --- a/x-pack/plugins/observability/public/pages/alerts/alerts_table.tsx +++ b/x-pack/plugins/observability/public/pages/alerts/alerts_table.tsx @@ -9,133 +9,158 @@ import { CustomItemAction, EuiBasicTable, EuiBasicTableColumn, - EuiBasicTableProps, EuiButton, EuiIconTip, EuiLink, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import React, { useState } from 'react'; import { ALERT_DURATION, ALERT_SEVERITY_LEVEL, + ALERT_UUID, } from '@kbn/rule-data-utils/target/technical_field_names'; +import React, { Suspense, useMemo, useState } from 'react'; +import { LazyAlertsFlyout } from '../..'; import { asDuration } from '../../../common/utils/formatters'; import { TimestampTooltip } from '../../components/shared/timestamp_tooltip'; import { usePluginContext } from '../../hooks/use_plugin_context'; -import type { TopAlert } from './'; -import { AlertsFlyout } from './alerts_flyout'; +import type { TopAlert, TopAlertResponse } from './'; +import { decorateResponse } from './decorate_response'; import { SeverityBadge } from './severity_badge'; -type AlertsTableProps = Omit< - EuiBasicTableProps, - 'columns' | 'isSelectable' | 'pagination' | 'selection' ->; +const pagination = { pageIndex: 0, pageSize: 0, totalItemCount: 0 }; + +interface AlertsTableProps { + items: TopAlertResponse[]; +} export function AlertsTable(props: AlertsTableProps) { - const [flyoutAlert, setFlyoutAlert] = useState(undefined); - const handleFlyoutClose = () => setFlyoutAlert(undefined); - const { core } = usePluginContext(); + const [selectedAlertId, setSelectedAlertId] = useState(undefined); + const handleFlyoutClose = () => setSelectedAlertId(undefined); + const { core, observabilityRuleTypeRegistry } = usePluginContext(); const { prepend } = core.http.basePath; + const items = useMemo(() => decorateResponse(props.items, observabilityRuleTypeRegistry), [ + props.items, + observabilityRuleTypeRegistry, + ]); - const actions: Array> = [ - { - render: (alert) => - alert.link ? ( - - {i18n.translate('xpack.observability.alertsTable.viewInAppButtonLabel', { - defaultMessage: 'View in app', - })} - - ) : ( - <> - ), - isPrimary: true, - }, - ]; + const actions: Array> = useMemo( + () => [ + { + render: (alert) => + alert.link ? ( + + {i18n.translate('xpack.observability.alertsTable.viewInAppButtonLabel', { + defaultMessage: 'View in app', + })} + + ) : ( + <> + ), + isPrimary: true, + }, + ], + [prepend] + ); - const columns: Array> = [ - { - field: 'active', - name: i18n.translate('xpack.observability.alertsTable.statusColumnDescription', { - defaultMessage: 'Status', - }), - align: 'center', - render: (_, alert) => { - const { active } = alert; + const columns: Array> = useMemo( + () => [ + { + field: 'active', + name: i18n.translate('xpack.observability.alertsTable.statusColumnDescription', { + defaultMessage: 'Status', + }), + align: 'center', + render: (_, alert) => { + const { active } = alert; - return active ? ( - - ) : ( - - ); + return active ? ( + + ) : ( + + ); + }, + }, + { + field: 'start', + name: i18n.translate('xpack.observability.alertsTable.triggeredColumnDescription', { + defaultMessage: 'Triggered', + }), + render: (_, alert) => { + return ( + + ); + }, }, - }, - { - field: 'start', - name: i18n.translate('xpack.observability.alertsTable.triggeredColumnDescription', { - defaultMessage: 'Triggered', - }), - render: (_, item) => { - return ; + { + field: 'duration', + name: i18n.translate('xpack.observability.alertsTable.durationColumnDescription', { + defaultMessage: 'Duration', + }), + render: (_, alert) => { + const { active } = alert; + return active ? null : asDuration(alert.fields[ALERT_DURATION], { extended: true }); + }, }, - }, - { - field: 'duration', - name: i18n.translate('xpack.observability.alertsTable.durationColumnDescription', { - defaultMessage: 'Duration', - }), - render: (_, alert) => { - const { active } = alert; - return active ? null : asDuration(alert.fields[ALERT_DURATION], { extended: true }); + { + field: 'severity', + name: i18n.translate('xpack.observability.alertsTable.severityColumnDescription', { + defaultMessage: 'Severity', + }), + render: (_, alert) => { + return ; + }, }, - }, - { - field: 'severity', - name: i18n.translate('xpack.observability.alertsTable.severityColumnDescription', { - defaultMessage: 'Severity', - }), - render: (_, alert) => { - return ; + { + field: 'reason', + name: i18n.translate('xpack.observability.alertsTable.reasonColumnDescription', { + defaultMessage: 'Reason', + }), + dataType: 'string', + render: (_, alert) => { + return ( + setSelectedAlertId(alert.fields[ALERT_UUID])}> + {alert.reason} + + ); + }, }, - }, - { - field: 'reason', - name: i18n.translate('xpack.observability.alertsTable.reasonColumnDescription', { - defaultMessage: 'Reason', - }), - dataType: 'string', - render: (_, item) => { - return setFlyoutAlert(item)}>{item.reason}; + { + actions, + name: i18n.translate('xpack.observability.alertsTable.actionsColumnDescription', { + defaultMessage: 'Actions', + }), }, - }, - { - actions, - name: i18n.translate('xpack.observability.alertsTable.actionsColumnDescription', { - defaultMessage: 'Actions', - }), - }, - ]; + ], + [actions, setSelectedAlertId] + ); return ( <> - {flyoutAlert && } + + + - {...props} columns={columns} + items={items} tableLayout="auto" - pagination={{ pageIndex: 0, pageSize: 0, totalItemCount: 0 }} + pagination={pagination} /> ); diff --git a/x-pack/plugins/observability/public/pages/alerts/decorate_response.ts b/x-pack/plugins/observability/public/pages/alerts/decorate_response.ts new file mode 100644 index 00000000000000..e177bea6c6dac7 --- /dev/null +++ b/x-pack/plugins/observability/public/pages/alerts/decorate_response.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + RULE_ID, + RULE_NAME, + ALERT_STATUS, + ALERT_START, +} from '@kbn/rule-data-utils/target/technical_field_names'; +import type { TopAlertResponse, TopAlert } from '.'; +import { parseTechnicalFields } from '../../../../rule_registry/common/parse_technical_fields'; +import { asDuration, asPercent } from '../../../common/utils/formatters'; +import { ObservabilityRuleTypeRegistry } from '../../rules/create_observability_rule_type_registry'; + +export function decorateResponse( + alerts: TopAlertResponse[], + observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry +): TopAlert[] { + return alerts.map((alert) => { + const parsedFields = parseTechnicalFields(alert); + const formatter = observabilityRuleTypeRegistry.getFormatter(parsedFields[RULE_ID]!); + const formatted = { + link: undefined, + reason: parsedFields[RULE_NAME]!, + ...(formatter?.({ fields: parsedFields, formatters: { asDuration, asPercent } }) ?? {}), + }; + + return { + ...formatted, + fields: parsedFields, + active: parsedFields[ALERT_STATUS] !== 'closed', + start: new Date(parsedFields[ALERT_START]!).getTime(), + }; + }); +} diff --git a/x-pack/plugins/observability/public/pages/alerts/index.tsx b/x-pack/plugins/observability/public/pages/alerts/index.tsx index b76e9f82d8dfe7..bd926f3a326bf7 100644 --- a/x-pack/plugins/observability/public/pages/alerts/index.tsx +++ b/x-pack/plugins/observability/public/pages/alerts/index.tsx @@ -7,21 +7,10 @@ import { EuiButton, EuiCallOut, EuiFlexGroup, EuiFlexItem, EuiLink, EuiSpacer } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import { - ALERT_START, - ALERT_STATUS, - RULE_ID, - RULE_NAME, -} from '@kbn/rule-data-utils/target/technical_field_names'; import React from 'react'; import { useHistory } from 'react-router-dom'; -import { format, parse } from 'url'; -import { - ParsedTechnicalFields, - parseTechnicalFields, -} from '../../../../rule_registry/common/parse_technical_fields'; +import { ParsedTechnicalFields } from '../../../../rule_registry/common/parse_technical_fields'; import type { AlertStatus } from '../../../common/typings'; -import { asDuration, asPercent } from '../../../common/utils/formatters'; import { ExperimentalBadge } from '../../components/shared/experimental_badge'; import { useFetcher } from '../../hooks/use_fetcher'; import { usePluginContext } from '../../hooks/use_plugin_context'; @@ -48,7 +37,7 @@ interface AlertsPageProps { } export function AlertsPage({ routeParams }: AlertsPageProps) { - const { core, observabilityRuleTypeRegistry, ObservabilityPageTemplate } = usePluginContext(); + const { core, ObservabilityPageTemplate } = usePluginContext(); const { prepend } = core.http.basePath; const history = useHistory(); const { @@ -61,7 +50,7 @@ export function AlertsPage({ routeParams }: AlertsPageProps) { '/app/management/insightsAndAlerting/triggersActions/alerts' ); - const { data: topAlerts } = useFetcher( + const { data: alerts } = useFetcher( ({ signal }) => { const { start, end } = getAbsoluteDateRange({ rangeFrom, rangeTo }); @@ -79,38 +68,9 @@ export function AlertsPage({ routeParams }: AlertsPageProps) { status, }, }, - }).then((alerts) => { - return alerts.map((alert) => { - const parsedFields = parseTechnicalFields(alert); - const formatter = observabilityRuleTypeRegistry.getFormatter(parsedFields[RULE_ID]!); - const formatted = { - link: undefined, - reason: parsedFields[RULE_NAME]!, - ...(formatter?.({ fields: parsedFields, formatters: { asDuration, asPercent } }) ?? {}), - }; - - const parsedLink = formatted.link ? parse(formatted.link, true) : undefined; - - return { - ...formatted, - fields: parsedFields, - link: parsedLink - ? format({ - ...parsedLink, - query: { - ...parsedLink.query, - rangeFrom, - rangeTo, - }, - }) - : undefined, - active: parsedFields[ALERT_STATUS] !== 'closed', - start: new Date(parsedFields[ALERT_START]!).getTime(), - }; - }); }); }, - [kuery, observabilityRuleTypeRegistry, rangeFrom, rangeTo, status] + [kuery, rangeFrom, rangeTo, status] ); function setStatusFilter(value: AlertStatus) { @@ -193,7 +153,7 @@ export function AlertsPage({ routeParams }: AlertsPageProps) { - + diff --git a/x-pack/plugins/observability/public/rules/observability_rule_type_registry_mock.ts b/x-pack/plugins/observability/public/rules/observability_rule_type_registry_mock.ts index b2cf48f8e1c328..ad1fc13b8daf20 100644 --- a/x-pack/plugins/observability/public/rules/observability_rule_type_registry_mock.ts +++ b/x-pack/plugins/observability/public/rules/observability_rule_type_registry_mock.ts @@ -8,6 +8,7 @@ import { ObservabilityRuleTypeRegistry } from './create_observability_rule_type_registry'; const createRuleTypeRegistryMock = () => ({ + getFormatter: () => () => 'a reason', registerFormatter: () => {}, }); diff --git a/x-pack/plugins/observability/server/lib/rules/get_top_alerts.ts b/x-pack/plugins/observability/server/lib/rules/get_top_alerts.ts index 9560de6ec00ff0..db8191136686a1 100644 --- a/x-pack/plugins/observability/server/lib/rules/get_top_alerts.ts +++ b/x-pack/plugins/observability/server/lib/rules/get_top_alerts.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { ALERT_UUID, TIMESTAMP } from '@kbn/rule-data-utils/target/technical_field_names'; +import { EVENT_KIND, TIMESTAMP } from '@kbn/rule-data-utils/target/technical_field_names'; import { RuleDataClient } from '../../../../rule_registry/server'; import type { AlertStatus } from '../../../common/typings'; import { kqlQuery, rangeQuery, alertStatusQuery } from '../../utils/queries'; @@ -28,13 +28,15 @@ export async function getTopAlerts({ body: { query: { bool: { - filter: [...rangeQuery(start, end), ...kqlQuery(kuery), ...alertStatusQuery(status)], + filter: [ + ...rangeQuery(start, end), + ...kqlQuery(kuery), + ...alertStatusQuery(status), + { term: { [EVENT_KIND]: 'signal' } }, + ], }, }, fields: ['*'], - collapse: { - field: ALERT_UUID, - }, size, sort: { [TIMESTAMP]: 'desc', diff --git a/x-pack/plugins/osquery/common/typed_json.ts b/x-pack/plugins/osquery/common/typed_json.ts index fb24b1dc0db5e3..8ce6907beb80bd 100644 --- a/x-pack/plugins/osquery/common/typed_json.ts +++ b/x-pack/plugins/osquery/common/typed_json.ts @@ -7,7 +7,7 @@ import { DslQuery, Filter } from 'src/plugins/data/common'; -import { JsonObject } from '../../../../src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; export type ESQuery = | ESRangeQuery diff --git a/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx b/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx index 23277976968a98..23eaaeac1439d4 100644 --- a/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx +++ b/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx @@ -132,7 +132,7 @@ const ActionResultsSummaryComponent: React.FC = ({ diff --git a/x-pack/plugins/osquery/public/results/results_table.tsx b/x-pack/plugins/osquery/public/results/results_table.tsx index affc600847284c..6ff60d30d23bf7 100644 --- a/x-pack/plugins/osquery/public/results/results_table.tsx +++ b/x-pack/plugins/osquery/public/results/results_table.tsx @@ -66,7 +66,7 @@ const ResultsTableComponent: React.FC = ({ const getFleetAppUrl = useCallback( (agentId) => getUrlForApp('fleet', { - path: `#` + pagePathGetters.fleet_agent_details({ agentId }), + path: `#` + pagePathGetters.agent_details({ agentId }), }), [getUrlForApp] ); diff --git a/x-pack/plugins/reporting/server/config/config.ts b/x-pack/plugins/reporting/server/config/config.ts index 69eafba994b74f..cd4dbd7c19956c 100644 --- a/x-pack/plugins/reporting/server/config/config.ts +++ b/x-pack/plugins/reporting/server/config/config.ts @@ -6,8 +6,7 @@ */ import { get } from 'lodash'; -import { Observable } from 'rxjs'; -import { first, map } from 'rxjs/operators'; +import { first } from 'rxjs/operators'; import { CoreSetup, PluginInitializerContext } from 'src/core/server'; import { LevelLogger } from '../lib'; import { createConfig$ } from './create_config'; @@ -43,7 +42,6 @@ interface Config { } interface KbnServerConfigType { - path: { data: Observable }; server: { basePath: string; host: string; @@ -68,9 +66,6 @@ export const buildConfig = async ( const serverInfo = http.getServerInfo(); const kbnConfig = { - path: { - data: initContext.config.legacy.globalConfig$.pipe(map((c) => c.path.data)), - }, server: { basePath: core.http.basePath.serverBasePath, host: serverInfo.hostname, diff --git a/x-pack/plugins/rollup/kibana.json b/x-pack/plugins/rollup/kibana.json index 10541d9a4ebddc..725b563c3674f3 100644 --- a/x-pack/plugins/rollup/kibana.json +++ b/x-pack/plugins/rollup/kibana.json @@ -5,6 +5,7 @@ "server": true, "ui": true, "requiredPlugins": [ + "indexPatternManagement", "management", "licensing", "features" diff --git a/x-pack/plugins/rollup/public/index_pattern_creation/components/rollup_prompt/index.js b/x-pack/plugins/rollup/public/index_pattern_creation/components/rollup_prompt/index.js new file mode 100644 index 00000000000000..1d9eff8227c0ac --- /dev/null +++ b/x-pack/plugins/rollup/public/index_pattern_creation/components/rollup_prompt/index.js @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { RollupPrompt } from './rollup_prompt'; diff --git a/src/plugins/index_pattern_management/public/service/creation/components/rollup_prompt/rollup_prompt.tsx b/x-pack/plugins/rollup/public/index_pattern_creation/components/rollup_prompt/rollup_prompt.js similarity index 76% rename from src/plugins/index_pattern_management/public/service/creation/components/rollup_prompt/rollup_prompt.tsx rename to x-pack/plugins/rollup/public/index_pattern_creation/components/rollup_prompt/rollup_prompt.js index 81fcdaedb90c90..9306ab082dff49 100644 --- a/src/plugins/index_pattern_management/public/service/creation/components/rollup_prompt/rollup_prompt.tsx +++ b/x-pack/plugins/rollup/public/index_pattern_creation/components/rollup_prompt/rollup_prompt.js @@ -1,9 +1,8 @@ /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. */ import React from 'react'; @@ -15,7 +14,7 @@ export const RollupPrompt = () => (

{i18n.translate( - 'indexPatternManagement.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph1Text', + 'xpack.rollupJobs.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph1Text', { defaultMessage: "Kibana's support for rollup index patterns is in beta. You might encounter issues using " + @@ -26,7 +25,7 @@ export const RollupPrompt = () => (

{i18n.translate( - 'indexPatternManagement.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph2Text', + 'xpack.rollupJobs.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph2Text', { defaultMessage: 'You can match a rollup index pattern against one rollup index and zero or more regular ' + diff --git a/src/plugins/index_pattern_management/public/service/creation/rollup_creation_config.js b/x-pack/plugins/rollup/public/index_pattern_creation/rollup_index_pattern_creation_config.js similarity index 84% rename from src/plugins/index_pattern_management/public/service/creation/rollup_creation_config.js rename to x-pack/plugins/rollup/public/index_pattern_creation/rollup_index_pattern_creation_config.js index 2a85dfa01143c7..8e5203fca90347 100644 --- a/src/plugins/index_pattern_management/public/service/creation/rollup_creation_config.js +++ b/x-pack/plugins/rollup/public/index_pattern_creation/rollup_index_pattern_creation_config.js @@ -1,44 +1,43 @@ /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. */ import React from 'react'; import { i18n } from '@kbn/i18n'; import { RollupPrompt } from './components/rollup_prompt'; -import { IndexPatternCreationConfig } from '.'; +import { IndexPatternCreationConfig } from '../../../../../src/plugins/index_pattern_management/public'; const rollupIndexPatternTypeName = i18n.translate( - 'indexPatternManagement.editRollupIndexPattern.createIndex.defaultTypeName', + 'xpack.rollupJobs.editRollupIndexPattern.createIndex.defaultTypeName', { defaultMessage: 'rollup index pattern' } ); const rollupIndexPatternButtonText = i18n.translate( - 'indexPatternManagement.editRollupIndexPattern.createIndex.defaultButtonText', + 'xpack.rollupJobs.editRollupIndexPattern.createIndex.defaultButtonText', { defaultMessage: 'Rollup index pattern' } ); const rollupIndexPatternButtonDescription = i18n.translate( - 'indexPatternManagement.editRollupIndexPattern.createIndex.defaultButtonDescription', + 'xpack.rollupJobs.editRollupIndexPattern.createIndex.defaultButtonDescription', { defaultMessage: 'Perform limited aggregations against summarized data' } ); const rollupIndexPatternNoMatchError = i18n.translate( - 'indexPatternManagement.editRollupIndexPattern.createIndex.noMatchError', + 'xpack.rollupJobs.editRollupIndexPattern.createIndex.noMatchError', { defaultMessage: 'Rollup index pattern error: must match one rollup index' } ); const rollupIndexPatternTooManyMatchesError = i18n.translate( - 'indexPatternManagement.editRollupIndexPattern.createIndex.tooManyMatchesError', + 'xpack.rollupJobs.editRollupIndexPattern.createIndex.tooManyMatchesError', { defaultMessage: 'Rollup index pattern error: can only match one rollup index' } ); const rollupIndexPatternIndexLabel = i18n.translate( - 'indexPatternManagement.editRollupIndexPattern.createIndex.indexLabel', + 'xpack.rollupJobs.editRollupIndexPattern.createIndex.indexLabel', { defaultMessage: 'Rollup' } ); @@ -128,7 +127,7 @@ export class RollupIndexPatternCreationConfig extends IndexPatternCreationConfig if (error) { const errorMessage = i18n.translate( - 'indexPatternManagement.editRollupIndexPattern.createIndex.uncaughtError', + 'xpack.rollupJobs.editRollupIndexPattern.createIndex.uncaughtError', { defaultMessage: 'Rollup index pattern error: {error}', values: { diff --git a/src/plugins/index_pattern_management/public/service/list/rollup_list_config.js b/x-pack/plugins/rollup/public/index_pattern_list/rollup_index_pattern_list_config.js similarity index 86% rename from src/plugins/index_pattern_management/public/service/list/rollup_list_config.js rename to x-pack/plugins/rollup/public/index_pattern_list/rollup_index_pattern_list_config.js index 9a80d5fd0d622b..43eee6ca27f9a0 100644 --- a/src/plugins/index_pattern_management/public/service/list/rollup_list_config.js +++ b/x-pack/plugins/rollup/public/index_pattern_list/rollup_index_pattern_list_config.js @@ -1,12 +1,11 @@ /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. */ -import { IndexPatternListConfig } from '.'; +import { IndexPatternListConfig } from '../../../../../src/plugins/index_pattern_management/public'; function isRollup(indexPattern) { return ( diff --git a/x-pack/plugins/rollup/public/plugin.ts b/x-pack/plugins/rollup/public/plugin.ts index 0d345e326193c7..17e352e1a44729 100644 --- a/x-pack/plugins/rollup/public/plugin.ts +++ b/x-pack/plugins/rollup/public/plugin.ts @@ -12,13 +12,14 @@ import { rollupBadgeExtension, rollupToggleExtension } from './extend_index_mana import { RollupIndexPatternCreationConfig } from './index_pattern_creation/rollup_index_pattern_creation_config'; // @ts-ignore import { RollupIndexPatternListConfig } from './index_pattern_list/rollup_index_pattern_list_config'; -import { UIM_APP_NAME } from '../common'; +import { CONFIG_ROLLUPS, UIM_APP_NAME } from '../common'; import { FeatureCatalogueCategory, HomePublicPluginSetup, } from '../../../../src/plugins/home/public'; import { ManagementSetup } from '../../../../src/plugins/management/public'; import { IndexManagementPluginSetup } from '../../index_management/public'; +import { IndexPatternManagementSetup } from '../../../../src/plugins/index_pattern_management/public'; // @ts-ignore import { setHttp, init as initDocumentation } from './crud_app/services/index'; import { setNotifications, setFatalErrors, setUiStatsReporter } from './kibana_services'; @@ -28,13 +29,20 @@ export interface RollupPluginSetupDependencies { home?: HomePublicPluginSetup; management: ManagementSetup; indexManagement?: IndexManagementPluginSetup; + indexPatternManagement: IndexPatternManagementSetup; usageCollection?: UsageCollectionSetup; } export class RollupPlugin implements Plugin { setup( core: CoreSetup, - { home, management, indexManagement, usageCollection }: RollupPluginSetupDependencies + { + home, + management, + indexManagement, + indexPatternManagement, + usageCollection, + }: RollupPluginSetupDependencies ) { setFatalErrors(core.fatalErrors); if (usageCollection) { @@ -46,6 +54,13 @@ export class RollupPlugin implements Plugin { indexManagement.extensionsService.addToggle(rollupToggleExtension); } + const isRollupIndexPatternsEnabled = core.uiSettings.get(CONFIG_ROLLUPS); + + if (isRollupIndexPatternsEnabled) { + indexPatternManagement.creation.addCreationConfig(RollupIndexPatternCreationConfig); + indexPatternManagement.list.addListConfig(RollupIndexPatternListConfig); + } + if (home) { home.featureCatalogue.register({ id: 'rollup_jobs', diff --git a/x-pack/plugins/rollup/tsconfig.json b/x-pack/plugins/rollup/tsconfig.json index 6885081ce4bdd1..9b994d1710ffc2 100644 --- a/x-pack/plugins/rollup/tsconfig.json +++ b/x-pack/plugins/rollup/tsconfig.json @@ -16,6 +16,7 @@ "references": [ { "path": "../../../src/core/tsconfig.json" }, // required plugins + { "path": "../../../src/plugins/index_pattern_management/tsconfig.json" }, { "path": "../../../src/plugins/management/tsconfig.json" }, { "path": "../licensing/tsconfig.json" }, { "path": "../features/tsconfig.json" }, diff --git a/x-pack/plugins/rule_registry/README.md b/x-pack/plugins/rule_registry/README.md index e12c2b29ed3738..3fe6305a0d9f6e 100644 --- a/x-pack/plugins/rule_registry/README.md +++ b/x-pack/plugins/rule_registry/README.md @@ -111,9 +111,6 @@ const response = await ruleDataClient.getReader().search({ }, size: 100, fields: ['*'], - collapse: { - field: ALERT_UUID, - }, sort: { '@timestamp': 'desc', }, diff --git a/x-pack/plugins/rule_registry/server/rule_data_client/create_rule_data_client_mock.ts b/x-pack/plugins/rule_registry/server/rule_data_client/create_rule_data_client_mock.ts new file mode 100644 index 00000000000000..18f3c21fafc155 --- /dev/null +++ b/x-pack/plugins/rule_registry/server/rule_data_client/create_rule_data_client_mock.ts @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { Assign } from '@kbn/utility-types'; +import type { RuleDataClient } from '.'; +import { RuleDataReader, RuleDataWriter } from './types'; + +type MockInstances> = { + [K in keyof T]: T[K] extends (...args: infer TArgs) => infer TReturn + ? jest.MockInstance + : never; +}; + +export function createRuleDataClientMock() { + const bulk = jest.fn(); + const search = jest.fn(); + const getDynamicIndexPattern = jest.fn(); + + return ({ + createOrUpdateWriteTarget: jest.fn(({ namespace }) => Promise.resolve()), + getReader: jest.fn(() => ({ + getDynamicIndexPattern, + search, + })), + getWriter: jest.fn(() => ({ + bulk, + })), + } as unknown) as Assign< + RuleDataClient & Omit, 'options' | 'getClusterClient'>, + { + getWriter: ( + ...args: Parameters + ) => MockInstances; + getReader: ( + ...args: Parameters + ) => MockInstances; + } + >; +} diff --git a/x-pack/plugins/rule_registry/server/rule_data_client/index.ts b/x-pack/plugins/rule_registry/server/rule_data_client/index.ts index cd7467c903e52b..cb336580ca3540 100644 --- a/x-pack/plugins/rule_registry/server/rule_data_client/index.ts +++ b/x-pack/plugins/rule_registry/server/rule_data_client/index.ts @@ -4,6 +4,8 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + +import { isEmpty } from 'lodash'; import type { estypes } from '@elastic/elasticsearch'; import { ResponseError } from '@elastic/elasticsearch/lib/errors'; import { IndexPatternsFetcher } from '../../../../../src/plugins/data/server'; @@ -44,15 +46,26 @@ export class RuleDataClient implements IRuleDataClient { const clusterClient = await this.getClusterClient(); const indexPatternsFetcher = new IndexPatternsFetcher(clusterClient); - const fields = await indexPatternsFetcher.getFieldsForWildcard({ - pattern: index, - }); - - return { - fields, - timeFieldName: '@timestamp', - title: index, - }; + try { + const fields = await indexPatternsFetcher.getFieldsForWildcard({ + pattern: index, + }); + + return { + fields, + timeFieldName: '@timestamp', + title: index, + }; + } catch (err) { + if (err.output?.payload?.code === 'no_matching_indices') { + return { + fields: [], + timeFieldName: '@timestamp', + title: index, + }; + } + throw err; + } }, }; } @@ -127,6 +140,12 @@ export class RuleDataClient implements IRuleDataClient { const mappings: estypes.MappingTypeMapping = simulateResponse.template.mappings; + if (isEmpty(mappings)) { + throw new Error( + 'No mappings would be generated for this index, possibly due to failed/misconfigured bootstrapping' + ); + } + await clusterClient.indices.putMapping({ index: `${alias}*`, body: mappings }); } } diff --git a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts new file mode 100644 index 00000000000000..85e69eb51fd02f --- /dev/null +++ b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts @@ -0,0 +1,381 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { schema } from '@kbn/config-schema'; +import { loggerMock } from '@kbn/logging/target/mocks'; +import { castArray, omit, mapValues } from 'lodash'; +import { RuleDataClient } from '../rule_data_client'; +import { createRuleDataClientMock } from '../rule_data_client/create_rule_data_client_mock'; +import { createLifecycleRuleTypeFactory } from './create_lifecycle_rule_type_factory'; + +type RuleTestHelpers = ReturnType; + +function createRule() { + const ruleDataClientMock = createRuleDataClientMock(); + + const factory = createLifecycleRuleTypeFactory({ + ruleDataClient: (ruleDataClientMock as unknown) as RuleDataClient, + logger: loggerMock.create(), + }); + + let nextAlerts: Array<{ id: string; fields: Record }> = []; + + const type = factory({ + actionGroups: [ + { + id: 'warning', + name: 'warning', + }, + ], + defaultActionGroupId: 'warning', + executor: async ({ services }) => { + nextAlerts.forEach((alert) => { + services.alertWithLifecycle(alert); + }); + nextAlerts = []; + }, + id: 'test_type', + minimumLicenseRequired: 'basic', + name: 'Test type', + producer: 'test', + actionVariables: { + context: [], + params: [], + state: [], + }, + validate: { + params: schema.object({}, { unknowns: 'allow' }), + }, + }); + + let state: Record = {}; + let previousStartedAt: Date | null; + const createdAt = new Date('2021-06-16T09:00:00.000Z'); + + const scheduleActions = jest.fn(); + + const alertInstanceFactory = () => { + return { + scheduleActions, + } as any; + }; + + return { + alertWithLifecycle: async (alerts: Array<{ id: string; fields: Record }>) => { + nextAlerts = alerts; + + const startedAt = new Date((previousStartedAt ?? createdAt).getTime() + 60000); + + scheduleActions.mockClear(); + + state = await type.executor({ + alertId: 'alertId', + createdBy: 'createdBy', + name: 'name', + params: {}, + previousStartedAt, + startedAt, + rule: { + actions: [], + consumer: 'consumer', + createdAt, + createdBy: 'createdBy', + enabled: true, + name: 'name', + notifyWhen: 'onActionGroupChange', + producer: 'producer', + ruleTypeId: 'ruleTypeId', + ruleTypeName: 'ruleTypeName', + schedule: { + interval: '1m', + }, + tags: ['tags'], + throttle: null, + updatedAt: createdAt, + updatedBy: 'updatedBy', + }, + services: { + alertInstanceFactory, + savedObjectsClient: {} as any, + scopedClusterClient: {} as any, + }, + spaceId: 'spaceId', + state, + tags: ['tags'], + updatedBy: 'updatedBy', + namespace: 'namespace', + }); + + previousStartedAt = startedAt; + }, + scheduleActions, + ruleDataClientMock, + }; +} + +describe('createLifecycleRuleTypeFactory', () => { + describe('with a new rule', () => { + let helpers: RuleTestHelpers; + + beforeEach(() => { + helpers = createRule(); + }); + + describe('when alerts are new', () => { + beforeEach(async () => { + await helpers.alertWithLifecycle([ + { + id: 'opbeans-java', + fields: { + 'service.name': 'opbeans-java', + }, + }, + { + id: 'opbeans-node', + fields: { + 'service.name': 'opbeans-node', + }, + }, + ]); + }); + + it('writes the correct alerts', () => { + expect(helpers.ruleDataClientMock.getWriter().bulk).toHaveBeenCalledTimes(1); + + const body = helpers.ruleDataClientMock.getWriter().bulk.mock.calls[0][0].body!; + + const documents = body.filter((op: any) => !('index' in op)) as any[]; + + const evaluationDocuments = documents.filter((doc) => doc['event.kind'] === 'event'); + const alertDocuments = documents.filter((doc) => doc['event.kind'] === 'signal'); + + expect(evaluationDocuments.length).toBe(2); + expect(alertDocuments.length).toBe(2); + + expect( + alertDocuments.every((doc) => doc['kibana.rac.alert.status'] === 'open') + ).toBeTruthy(); + + expect( + alertDocuments.every((doc) => doc['kibana.rac.alert.duration.us'] === 0) + ).toBeTruthy(); + + expect(alertDocuments.every((doc) => doc['event.action'] === 'open')).toBeTruthy(); + + expect(documents.map((doc) => omit(doc, 'kibana.rac.alert.uuid'))).toMatchInlineSnapshot(` + Array [ + Object { + "@timestamp": "2021-06-16T09:01:00.000Z", + "event.action": "open", + "event.kind": "event", + "kibana.rac.alert.duration.us": 0, + "kibana.rac.alert.id": "opbeans-java", + "kibana.rac.alert.producer": "test", + "kibana.rac.alert.start": "2021-06-16T09:01:00.000Z", + "kibana.rac.alert.status": "open", + "rule.category": "Test type", + "rule.id": "test_type", + "rule.name": "name", + "rule.uuid": "alertId", + "service.name": "opbeans-java", + "tags": Array [ + "tags", + ], + }, + Object { + "@timestamp": "2021-06-16T09:01:00.000Z", + "event.action": "open", + "event.kind": "event", + "kibana.rac.alert.duration.us": 0, + "kibana.rac.alert.id": "opbeans-node", + "kibana.rac.alert.producer": "test", + "kibana.rac.alert.start": "2021-06-16T09:01:00.000Z", + "kibana.rac.alert.status": "open", + "rule.category": "Test type", + "rule.id": "test_type", + "rule.name": "name", + "rule.uuid": "alertId", + "service.name": "opbeans-node", + "tags": Array [ + "tags", + ], + }, + Object { + "@timestamp": "2021-06-16T09:01:00.000Z", + "event.action": "open", + "event.kind": "signal", + "kibana.rac.alert.duration.us": 0, + "kibana.rac.alert.id": "opbeans-java", + "kibana.rac.alert.producer": "test", + "kibana.rac.alert.start": "2021-06-16T09:01:00.000Z", + "kibana.rac.alert.status": "open", + "rule.category": "Test type", + "rule.id": "test_type", + "rule.name": "name", + "rule.uuid": "alertId", + "service.name": "opbeans-java", + "tags": Array [ + "tags", + ], + }, + Object { + "@timestamp": "2021-06-16T09:01:00.000Z", + "event.action": "open", + "event.kind": "signal", + "kibana.rac.alert.duration.us": 0, + "kibana.rac.alert.id": "opbeans-node", + "kibana.rac.alert.producer": "test", + "kibana.rac.alert.start": "2021-06-16T09:01:00.000Z", + "kibana.rac.alert.status": "open", + "rule.category": "Test type", + "rule.id": "test_type", + "rule.name": "name", + "rule.uuid": "alertId", + "service.name": "opbeans-node", + "tags": Array [ + "tags", + ], + }, + ] + `); + }); + }); + + describe('when alerts are active', () => { + beforeEach(async () => { + await helpers.alertWithLifecycle([ + { + id: 'opbeans-java', + fields: { + 'service.name': 'opbeans-java', + }, + }, + { + id: 'opbeans-node', + fields: { + 'service.name': 'opbeans-node', + }, + }, + ]); + + await helpers.alertWithLifecycle([ + { + id: 'opbeans-java', + fields: { + 'service.name': 'opbeans-java', + }, + }, + { + id: 'opbeans-node', + fields: { + 'service.name': 'opbeans-node', + }, + }, + ]); + }); + + it('writes the correct alerts', () => { + expect(helpers.ruleDataClientMock.getWriter().bulk).toHaveBeenCalledTimes(2); + + const body = helpers.ruleDataClientMock.getWriter().bulk.mock.calls[1][0].body!; + + const documents = body.filter((op: any) => !('index' in op)) as any[]; + + const evaluationDocuments = documents.filter((doc) => doc['event.kind'] === 'event'); + const alertDocuments = documents.filter((doc) => doc['event.kind'] === 'signal'); + + expect(evaluationDocuments.length).toBe(2); + expect(alertDocuments.length).toBe(2); + + expect( + alertDocuments.every((doc) => doc['kibana.rac.alert.status'] === 'open') + ).toBeTruthy(); + expect(alertDocuments.every((doc) => doc['event.action'] === 'active')).toBeTruthy(); + + expect(alertDocuments.every((doc) => doc['kibana.rac.alert.duration.us'] > 0)).toBeTruthy(); + }); + }); + + describe('when alerts recover', () => { + beforeEach(async () => { + await helpers.alertWithLifecycle([ + { + id: 'opbeans-java', + fields: { + 'service.name': 'opbeans-java', + }, + }, + { + id: 'opbeans-node', + fields: { + 'service.name': 'opbeans-node', + }, + }, + ]); + + const lastOpbeansNodeDoc = helpers.ruleDataClientMock + .getWriter() + .bulk.mock.calls[0][0].body?.concat() + .reverse() + .find( + (doc: any) => !('index' in doc) && doc['service.name'] === 'opbeans-node' + ) as Record; + + const stored = mapValues(lastOpbeansNodeDoc, (val) => { + return castArray(val); + }); + + helpers.ruleDataClientMock.getReader().search.mockResolvedValueOnce({ + hits: { + hits: [{ fields: stored } as any], + total: { + value: 1, + relation: 'eq', + }, + }, + took: 0, + timed_out: false, + _shards: { + failed: 0, + successful: 1, + total: 1, + }, + }); + + await helpers.alertWithLifecycle([ + { + id: 'opbeans-java', + fields: { + 'service.name': 'opbeans-java', + }, + }, + ]); + }); + + it('writes the correct alerts', () => { + expect(helpers.ruleDataClientMock.getWriter().bulk).toHaveBeenCalledTimes(2); + + const body = helpers.ruleDataClientMock.getWriter().bulk.mock.calls[1][0].body!; + + const documents = body.filter((op: any) => !('index' in op)) as any[]; + + const opbeansJavaAlertDoc = documents.find( + (doc) => castArray(doc['service.name'])[0] === 'opbeans-java' + ); + const opbeansNodeAlertDoc = documents.find( + (doc) => castArray(doc['service.name'])[0] === 'opbeans-node' + ); + + expect(opbeansJavaAlertDoc['event.action']).toBe('active'); + expect(opbeansJavaAlertDoc['kibana.rac.alert.status']).toBe('open'); + + expect(opbeansNodeAlertDoc['event.action']).toBe('close'); + expect(opbeansNodeAlertDoc['kibana.rac.alert.status']).toBe('closed'); + }); + }); + }); +}); diff --git a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type_factory.ts b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type_factory.ts index b523dd6770b9f3..c2e0ae7c151ca0 100644 --- a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type_factory.ts +++ b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type_factory.ts @@ -32,7 +32,7 @@ import { AlertTypeWithExecutor } from '../types'; import { ParsedTechnicalFields, parseTechnicalFields } from '../../common/parse_technical_fields'; import { getRuleExecutorData } from './get_rule_executor_data'; -type LifecycleAlertService> = (alert: { +export type LifecycleAlertService> = (alert: { id: string; fields: Record; }) => AlertInstance; @@ -179,7 +179,7 @@ export const createLifecycleRuleTypeFactory: CreateLifecycleRuleTypeFactory = ({ ...alertData, ...ruleExecutorData, [TIMESTAMP]: timestamp, - [EVENT_KIND]: 'state', + [EVENT_KIND]: 'event', [ALERT_ID]: alertId, }; @@ -221,8 +221,29 @@ export const createLifecycleRuleTypeFactory: CreateLifecycleRuleTypeFactory = ({ }); if (eventsToIndex.length) { + const alertEvents: Map = new Map(); + + for (const event of eventsToIndex) { + const uuid = event[ALERT_UUID]!; + let storedEvent = alertEvents.get(uuid); + if (!storedEvent) { + storedEvent = event; + } + alertEvents.set(uuid, { + ...storedEvent, + [EVENT_KIND]: 'signal', + }); + } + await ruleDataClient.getWriter().bulk({ - body: eventsToIndex.flatMap((event) => [{ index: {} }, event]), + body: eventsToIndex + .flatMap((event) => [{ index: {} }, event]) + .concat( + Array.from(alertEvents.values()).flatMap((event) => [ + { index: { _id: event[ALERT_UUID]! } }, + event, + ]) + ), }); } @@ -238,7 +259,7 @@ export const createLifecycleRuleTypeFactory: CreateLifecycleRuleTypeFactory = ({ ); return { - wrapped: nextWrappedState, + wrapped: nextWrappedState ?? {}, trackedAlerts: nextTrackedAlerts, }; }, diff --git a/x-pack/plugins/security_solution/common/cti/constants.ts b/x-pack/plugins/security_solution/common/cti/constants.ts index 3423f17e3f6833..10452996eae6f8 100644 --- a/x-pack/plugins/security_solution/common/cti/constants.ts +++ b/x-pack/plugins/security_solution/common/cti/constants.ts @@ -44,3 +44,16 @@ export const SORTED_THREAT_SUMMARY_FIELDS = [ INDICATOR_FIRSTSEEN, INDICATOR_LASTSEEN, ]; + +export const EVENT_ENRICHMENT_INDICATOR_FIELD_MAP = { + 'file.hash.md5': 'threatintel.indicator.file.hash.md5', + 'file.hash.sha1': 'threatintel.indicator.file.hash.sha1', + 'file.hash.sha256': 'threatintel.indicator.file.hash.sha256', + 'file.pe.imphash': 'threatintel.indicator.file.pe.imphash', + 'file.elf.telfhash': 'threatintel.indicator.file.elf.telfhash', + 'file.hash.ssdeep': 'threatintel.indicator.file.hash.ssdeep', + 'source.ip': 'threatintel.indicator.ip', + 'destination.ip': 'threatintel.indicator.ip', + 'url.full': 'threatintel.indicator.url.full', + 'registry.path': 'threatintel.indicator.registry.path', +}; diff --git a/x-pack/plugins/security_solution/common/ecs/threat/index.ts b/x-pack/plugins/security_solution/common/ecs/threat/index.ts index 19923a82dc846f..e5e7964c5d09d6 100644 --- a/x-pack/plugins/security_solution/common/ecs/threat/index.ts +++ b/x-pack/plugins/security_solution/common/ecs/threat/index.ts @@ -10,6 +10,8 @@ import { EventEcs } from '../event'; interface ThreatMatchEcs { atomic?: string[]; field?: string[]; + id?: string[]; + index?: string[]; type?: string[]; } diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/base_data_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/base_data_generator.ts index 35c976fbdfb1d1..1f3d4307197f8a 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_generators/base_data_generator.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/base_data_generator.ts @@ -48,9 +48,14 @@ export class BaseDataGenerator { return new Date(now - this.randomChoice(DAY_OFFSETS)).toISOString(); } - /** Generate either `true` or `false` */ - protected randomBoolean(): boolean { - return this.random() < 0.5; + /** + * Generate either `true` or `false`. By default, the boolean is calculated by determining if a + * float is less than `0.5`, but that can be adjusted via the input argument + * + * @param isLessThan + */ + protected randomBoolean(isLessThan: number = 0.5): boolean { + return this.random() < isLessThan; } /** generate random OS family value */ diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_action_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_action_generator.ts index af799de782f48c..6cc5ab7f084476 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_action_generator.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_action_generator.ts @@ -13,7 +13,7 @@ import { EndpointAction, EndpointActionResponse, ISOLATION_ACTIONS } from '../ty const ISOLATION_COMMANDS: ISOLATION_ACTIONS[] = ['isolate', 'unisolate']; export class FleetActionGenerator extends BaseDataGenerator { - /** Generate an Action */ + /** Generate a random endpoint Action (isolate or unisolate) */ generate(overrides: DeepPartial = {}): EndpointAction { const timeStamp = new Date(this.randomPastDate()); @@ -35,6 +35,14 @@ export class FleetActionGenerator extends BaseDataGenerator { ); } + generateIsolateAction(overrides: DeepPartial = {}): EndpointAction { + return merge(this.generate({ data: { command: 'isolate' } }), overrides); + } + + generateUnIsolateAction(overrides: DeepPartial = {}): EndpointAction { + return merge(this.generate({ data: { command: 'unisolate' } }), overrides); + } + /** Generates an action response */ generateResponse(overrides: DeepPartial = {}): EndpointActionResponse { const timeStamp = new Date(); @@ -56,6 +64,14 @@ export class FleetActionGenerator extends BaseDataGenerator { ); } + randomFloat(): number { + return this.random(); + } + + randomN(max: number): number { + return super.randomN(max); + } + protected randomIsolateCommand() { return this.randomChoice(ISOLATION_COMMANDS); } diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts index 7e03d9b61fc10e..b08d5649540db7 100644 --- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts +++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts @@ -422,6 +422,14 @@ export class EndpointDocGenerator extends BaseDataGenerator { this.commonInfo.Endpoint.policy.applied.status = this.randomChoice(POLICY_RESPONSE_STATUSES); } + /** + * Update the common host metadata - essentially creating an entire new endpoint metadata record + * when the `.generateHostMetadata()` is subsequently called + */ + public updateCommonInfo() { + this.commonInfo = this.createHostData(); + } + /** * Parses an index and returns the data stream fields extracted from the index. * @@ -439,7 +447,7 @@ export class EndpointDocGenerator extends BaseDataGenerator { private createHostData(): HostInfo { const hostName = this.randomHostname(); - const isIsolated = this.randomBoolean(); + const isIsolated = this.randomBoolean(0.3); return { agent: { diff --git a/x-pack/plugins/security_solution/common/endpoint/index_data.ts b/x-pack/plugins/security_solution/common/endpoint/index_data.ts index 4996d90288ca9a..959db0d964aaec 100644 --- a/x-pack/plugins/security_solution/common/endpoint/index_data.ts +++ b/x-pack/plugins/security_solution/common/endpoint/index_data.ts @@ -13,6 +13,8 @@ import { AxiosResponse } from 'axios'; import { EndpointDocGenerator, Event, TreeOptions } from './generate_data'; import { firstNonNullValue } from './models/ecs_safety_helpers'; import { + AGENT_ACTIONS_INDEX, + AGENT_ACTIONS_RESULTS_INDEX, AGENT_POLICY_API_ROUTES, CreateAgentPolicyRequest, CreateAgentPolicyResponse, @@ -25,7 +27,7 @@ import { PACKAGE_POLICY_API_ROUTES, } from '../../../fleet/common'; import { policyFactory as policyConfigFactory } from './models/policy_config'; -import { HostMetadata } from './types'; +import { EndpointAction, HostMetadata } from './types'; import { KbnClientWithApiKeySupport } from '../../scripts/endpoint/kbn_client_with_api_key_support'; import { FleetAgentGenerator } from './data_generators/fleet_agent_generator'; import { FleetActionGenerator } from './data_generators/fleet_action_generator'; @@ -409,36 +411,97 @@ const indexFleetActionsForHost = async ( ): Promise => { const ES_INDEX_OPTIONS = { headers: { 'X-elastic-product-origin': 'fleet' } }; const agentId = endpointHost.elastic.agent.id; + const total = fleetActionGenerator.randomN(5); - for (let i = 0; i < 5; i++) { + for (let i = 0; i < total; i++) { // create an action - const isolateAction = fleetActionGenerator.generate({ + const action = fleetActionGenerator.generate({ data: { comment: 'data generator: this host is bad' }, }); - isolateAction.agents = [agentId]; + action.agents = [agentId]; await esClient.index( { - index: '.fleet-actions', - body: isolateAction, + index: AGENT_ACTIONS_INDEX, + body: action, }, ES_INDEX_OPTIONS ); // Create an action response for the above - const unIsolateAction = fleetActionGenerator.generateResponse({ - action_id: isolateAction.action_id, + const actionResponse = fleetActionGenerator.generateResponse({ + action_id: action.action_id, agent_id: agentId, - action_data: isolateAction.data, + action_data: action.data, }); await esClient.index( { - index: '.fleet-actions-results', - body: unIsolateAction, + index: AGENT_ACTIONS_RESULTS_INDEX, + body: actionResponse, }, ES_INDEX_OPTIONS ); } + + // Add edge cases (maybe) + if (fleetActionGenerator.randomFloat() < 0.3) { + const randomFloat = fleetActionGenerator.randomFloat(); + + // 60% of the time just add either an Isoalte -OR- an UnIsolate action + if (randomFloat < 0.6) { + let action: EndpointAction; + + if (randomFloat < 0.3) { + // add a pending isolation + action = fleetActionGenerator.generateIsolateAction({ + '@timestamp': new Date().toISOString(), + }); + } else { + // add a pending UN-isolation + action = fleetActionGenerator.generateUnIsolateAction({ + '@timestamp': new Date().toISOString(), + }); + } + + action.agents = [agentId]; + + await esClient.index( + { + index: AGENT_ACTIONS_INDEX, + body: action, + }, + ES_INDEX_OPTIONS + ); + } else { + // Else (40% of the time) add a pending isolate AND pending un-isolate + const action1 = fleetActionGenerator.generateIsolateAction({ + '@timestamp': new Date().toISOString(), + }); + const action2 = fleetActionGenerator.generateUnIsolateAction({ + '@timestamp': new Date().toISOString(), + }); + + action1.agents = [agentId]; + action2.agents = [agentId]; + + await Promise.all([ + esClient.index( + { + index: AGENT_ACTIONS_INDEX, + body: action1, + }, + ES_INDEX_OPTIONS + ), + esClient.index( + { + index: AGENT_ACTIONS_INDEX, + body: action2, + }, + ES_INDEX_OPTIONS + ), + ]); + } + } }; diff --git a/x-pack/plugins/security_solution/common/license/mocks.ts b/x-pack/plugins/security_solution/common/license/mocks.ts new file mode 100644 index 00000000000000..f352932b446139 --- /dev/null +++ b/x-pack/plugins/security_solution/common/license/mocks.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { LicenseService } from './license'; + +export const createLicenseServiceMock = (): jest.Mocked => { + return ({ + start: jest.fn(), + stop: jest.fn(), + getLicenseInformation: jest.fn(), + getLicenseInformation$: jest.fn(), + isAtLeast: jest.fn(), + isGoldPlus: jest.fn().mockReturnValue(true), + isPlatinumPlus: jest.fn().mockReturnValue(true), + isEnterprise: jest.fn().mockReturnValue(true), + } as unknown) as jest.Mocked; +}; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts new file mode 100644 index 00000000000000..f3dee5a21e4c98 --- /dev/null +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts @@ -0,0 +1,110 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { IEsSearchResponse } from 'src/plugins/data/public'; + +import { + CtiEventEnrichmentRequestOptions, + CtiEventEnrichmentStrategyResponse, + CtiQueries, +} from '.'; + +export const buildEventEnrichmentRequestOptionsMock = ( + overrides: Partial = {} +): CtiEventEnrichmentRequestOptions => ({ + defaultIndex: ['filebeat-*'], + eventFields: { + 'file.hash.md5': '1eee2bf3f56d8abed72da2bc523e7431', + 'source.ip': '127.0.0.1', + 'url.full': 'elastic.co', + }, + factoryQueryType: CtiQueries.eventEnrichment, + filterQuery: '{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}', + timerange: { interval: '', from: '2020-09-13T09:00:43.249Z', to: '2020-09-14T09:00:43.249Z' }, + ...overrides, +}); + +export const buildEventEnrichmentRawResponseMock = (): IEsSearchResponse => ({ + rawResponse: { + took: 17, + timed_out: false, + _shards: { + total: 1, + successful: 1, + skipped: 0, + failed: 0, + }, + hits: { + total: { + value: 1, + relation: 'eq', + }, + max_score: 6.0637846, + hits: [ + { + _index: 'filebeat-8.0.0-2021.05.28-000001', + _id: '31408415b6d5601a92d29b86c2519658f210c194057588ae396d55cc20b3f03d', + _score: 6.0637846, + fields: { + 'event.category': ['threat'], + 'threatintel.indicator.file.type': ['html'], + 'related.hash': [ + '5529de7b60601aeb36f57824ed0e1ae8', + '15b012e6f626d0f88c2926d2bf4ca394d7b8ee07cc06d2ec05ea76bed3e8a05e', + '768:NXSFGJ/ooP6FawrB7Bo1MWnF/jRmhJImp:1SFXIqBo1Mwj2p', + ], + 'threatintel.indicator.first_seen': ['2021-05-28T18:33:29.000Z'], + 'threatintel.indicator.file.hash.tlsh': [ + 'FFB20B82F6617061C32784E2712F7A46B179B04FD1EA54A0F28CD8E9CFE4CAA1617F1C', + ], + 'service.type': ['threatintel'], + 'threatintel.indicator.file.hash.ssdeep': [ + '768:NXSFGJ/ooP6FawrB7Bo1MWnF/jRmhJImp:1SFXIqBo1Mwj2p', + ], + 'agent.type': ['filebeat'], + 'event.module': ['threatintel'], + 'threatintel.indicator.type': ['file'], + 'agent.name': ['rylastic.local'], + 'threatintel.indicator.file.hash.sha256': [ + '15b012e6f626d0f88c2926d2bf4ca394d7b8ee07cc06d2ec05ea76bed3e8a05e', + ], + 'event.kind': ['enrichment'], + 'threatintel.indicator.file.hash.md5': ['5529de7b60601aeb36f57824ed0e1ae8'], + 'fileset.name': ['abusemalware'], + 'input.type': ['httpjson'], + 'agent.hostname': ['rylastic.local'], + tags: ['threatintel-abusemalware', 'forwarded'], + 'event.ingested': ['2021-05-28T18:33:55.086Z'], + '@timestamp': ['2021-05-28T18:33:52.993Z'], + 'agent.id': ['ff93aee5-86a1-4a61-b0e6-0cdc313d01b5'], + 'ecs.version': ['1.6.0'], + 'event.reference': [ + 'https://urlhaus-api.abuse.ch/v1/download/15b012e6f626d0f88c2926d2bf4ca394d7b8ee07cc06d2ec05ea76bed3e8a05e/', + ], + 'event.type': ['indicator'], + 'event.created': ['2021-05-28T18:33:52.993Z'], + 'agent.ephemeral_id': ['d6b14f65-5bf3-430d-8315-7b5613685979'], + 'threatintel.indicator.file.size': [24738], + 'agent.version': ['8.0.0'], + 'event.dataset': ['threatintel.abusemalware'], + }, + matched_queries: ['file.hash.md5'], + }, + ], + }, + }, +}); + +export const buildEventEnrichmentResponseMock = ( + overrides: Partial = {} +): CtiEventEnrichmentStrategyResponse => ({ + ...buildEventEnrichmentRawResponseMock(), + enrichments: [], + inspect: { dsl: ['{"mocked": "json"}'] }, + totalCount: 0, + ...overrides, +}); diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.ts new file mode 100644 index 00000000000000..788a44bc5b9f7f --- /dev/null +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.ts @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { IEsSearchResponse } from 'src/plugins/data/public'; +import { Inspect } from '../../common'; +import { RequestBasicOptions } from '..'; + +export enum CtiQueries { + eventEnrichment = 'eventEnrichment', +} + +export interface CtiEventEnrichmentRequestOptions extends RequestBasicOptions { + eventFields: Record; +} + +export type CtiEnrichment = Record; + +export interface CtiEventEnrichmentStrategyResponse extends IEsSearchResponse { + enrichments: CtiEnrichment[]; + inspect?: Inspect; + totalCount: number; +} diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts index 956b785079d8df..06d4a16699b8f4 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts @@ -66,6 +66,11 @@ import { MatrixHistogramStrategyResponse, } from './matrix_histogram'; import { TimerangeInput, SortField, PaginationInput, PaginationInputPaginated } from '../common'; +import { + CtiEventEnrichmentRequestOptions, + CtiEventEnrichmentStrategyResponse, + CtiQueries, +} from './cti'; export * from './hosts'; export * from './matrix_histogram'; @@ -76,6 +81,7 @@ export type FactoryQueryTypes = | HostsKpiQueries | NetworkQueries | NetworkKpiQueries + | CtiQueries | typeof MatrixHistogramQuery | typeof MatrixHistogramQueryEntities; @@ -145,6 +151,8 @@ export type StrategyResponseType = T extends HostsQ ? NetworkKpiUniquePrivateIpsStrategyResponse : T extends typeof MatrixHistogramQuery ? MatrixHistogramStrategyResponse + : T extends CtiQueries.eventEnrichment + ? CtiEventEnrichmentStrategyResponse : never; export type StrategyRequestType = T extends HostsQueries.hosts @@ -193,6 +201,8 @@ export type StrategyRequestType = T extends HostsQu ? NetworkKpiUniquePrivateIpsRequestOptions : T extends typeof MatrixHistogramQuery ? MatrixHistogramRequestOptions + : T extends CtiQueries.eventEnrichment + ? CtiEventEnrichmentRequestOptions : never; export interface DocValueFieldsInput { diff --git a/x-pack/plugins/security_solution/common/typed_json.ts b/x-pack/plugins/security_solution/common/typed_json.ts index fb24b1dc0db5e3..8ce6907beb80bd 100644 --- a/x-pack/plugins/security_solution/common/typed_json.ts +++ b/x-pack/plugins/security_solution/common/typed_json.ts @@ -7,7 +7,7 @@ import { DslQuery, Filter } from 'src/plugins/data/common'; -import { JsonObject } from '../../../../src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; export type ESQuery = | ESRangeQuery diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/endpoint_host_isolation_status.test.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/endpoint_host_isolation_status.test.tsx new file mode 100644 index 00000000000000..44405748b6373b --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/endpoint_host_isolation_status.test.tsx @@ -0,0 +1,56 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { + EndpointHostIsolationStatus, + EndpointHostIsolationStatusProps, +} from './endpoint_host_isolation_status'; +import { AppContextTestRender, createAppRootMockRenderer } from '../../../mock/endpoint'; + +describe('when using the EndpointHostIsolationStatus component', () => { + let render: ( + renderProps?: Partial + ) => ReturnType; + + beforeEach(() => { + const appContext = createAppRootMockRenderer(); + render = (renderProps = {}) => + appContext.render( + + ); + }); + + it('should render `null` if not isolated and nothing is pending', () => { + const renderResult = render(); + expect(renderResult.container.textContent).toBe(''); + }); + + it('should show `Isolated` when no pending actions and isolated', () => { + const { getByTestId } = render({ isIsolated: true }); + expect(getByTestId('test').textContent).toBe('Isolated'); + }); + + it.each([ + ['Isolating pending', { pendingIsolate: 2 }], + ['Unisolating pending', { pendingUnIsolate: 2 }], + ['4 actions pending', { isIsolated: true, pendingUnIsolate: 2, pendingIsolate: 2 }], + ])('should show %s}', (expectedLabel, componentProps) => { + const { getByTestId } = render(componentProps); + expect(getByTestId('test').textContent).toBe(expectedLabel); + // Validate that the text color is set to `subdued` + expect(getByTestId('test-pending').classList.contains('euiTextColor--subdued')).toBe(true); + }); +}); diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/endpoint_host_isolation_status.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/endpoint_host_isolation_status.tsx index 5cde22de697386..0fe3a8e4337cb2 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/endpoint_host_isolation_status.tsx +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/endpoint_host_isolation_status.tsx @@ -6,8 +6,9 @@ */ import React, { memo, useMemo } from 'react'; -import { EuiBadge, EuiTextColor } from '@elastic/eui'; +import { EuiBadge, EuiFlexGroup, EuiFlexItem, EuiTextColor, EuiToolTip } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; +import { useTestIdGenerator } from '../../../../management/components/hooks/use_test_id_generator'; export interface EndpointHostIsolationStatusProps { isIsolated: boolean; @@ -15,6 +16,7 @@ export interface EndpointHostIsolationStatusProps { pendingIsolate?: number; /** the count of pending unisoalte actions */ pendingUnIsolate?: number; + 'data-test-subj'?: string; } /** @@ -23,7 +25,9 @@ export interface EndpointHostIsolationStatusProps { * (`null` is returned) */ export const EndpointHostIsolationStatus = memo( - ({ isIsolated, pendingIsolate = 0, pendingUnIsolate = 0 }) => { + ({ isIsolated, pendingIsolate = 0, pendingUnIsolate = 0, 'data-test-subj': dataTestSubj }) => { + const getTestId = useTestIdGenerator(dataTestSubj); + return useMemo(() => { // If nothing is pending and host is not currently isolated, then render nothing if (!isIsolated && !pendingIsolate && !pendingUnIsolate) { @@ -33,7 +37,7 @@ export const EndpointHostIsolationStatus = memo + + +

+ +
+ + + + + {pendingIsolate} + + + + + + {pendingUnIsolate} + +
+ } + > + + + + + + ); + } // Show 'pending [un]isolate' depending on what's pending return ( - - + + {pendingIsolate ? ( ); - }, [isIsolated, pendingIsolate, pendingUnIsolate]); + }, [dataTestSubj, getTestId, isIsolated, pendingIsolate, pendingUnIsolate]); } ); diff --git a/x-pack/plugins/security_solution/public/common/components/line_clamp/index.tsx b/x-pack/plugins/security_solution/public/common/components/line_clamp/index.tsx index 896b0ec5fd8df8..d8895490d1e0ff 100644 --- a/x-pack/plugins/security_solution/public/common/components/line_clamp/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/line_clamp/index.tsx @@ -13,15 +13,6 @@ import * as i18n from './translations'; const LINE_CLAMP = 3; const LINE_CLAMP_HEIGHT = 5.5; -const StyledLineClamp = styled.div` - display: -webkit-box; - -webkit-line-clamp: ${LINE_CLAMP}; - -webkit-box-orient: vertical; - overflow: hidden; - max-height: ${`${LINE_CLAMP_HEIGHT}em`}; - height: ${`${LINE_CLAMP_HEIGHT}em`}; -`; - const ReadMore = styled(EuiButtonEmpty)` span.euiButtonContent { padding: 0; @@ -35,7 +26,19 @@ const ExpandedContent = styled.div` overflow-y: auto; `; -const LineClampComponent: React.FC<{ content?: string | null }> = ({ content }) => { +const StyledLineClamp = styled.div<{ lineClampHeight: number }>` + display: -webkit-box; + -webkit-line-clamp: ${LINE_CLAMP}; + -webkit-box-orient: vertical; + overflow: hidden; + max-height: ${({ lineClampHeight }) => lineClampHeight}em; + height: ${({ lineClampHeight }) => lineClampHeight}em; +`; + +const LineClampComponent: React.FC<{ + content?: string | null; + lineClampHeight?: number; +}> = ({ content, lineClampHeight = LINE_CLAMP_HEIGHT }) => { const [isOverflow, setIsOverflow] = useState(null); const [isExpanded, setIsExpanded] = useState(null); const descriptionRef = useRef(null); @@ -71,7 +74,11 @@ const LineClampComponent: React.FC<{ content?: string | null }> = ({ content })

{content}

) : isOverflow == null || isOverflow === true ? ( - + {content} ) : ( diff --git a/x-pack/plugins/security_solution/public/common/hooks/__mocks__/use_license.ts b/x-pack/plugins/security_solution/public/common/hooks/__mocks__/use_license.ts new file mode 100644 index 00000000000000..2d34e4b22a14e9 --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/hooks/__mocks__/use_license.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createLicenseServiceMock } from '../../../../common/license/mocks'; + +export const licenseService = createLicenseServiceMock(); +export const useLicense = () => licenseService; diff --git a/x-pack/plugins/security_solution/public/common/lib/endpoint_pending_actions/endpoint_pending_actions.test.ts b/x-pack/plugins/security_solution/public/common/lib/endpoint_pending_actions/endpoint_pending_actions.test.ts new file mode 100644 index 00000000000000..a90f9a3508cd81 --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/lib/endpoint_pending_actions/endpoint_pending_actions.test.ts @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { KibanaServices } from '../kibana'; +import { coreMock } from '../../../../../../../src/core/public/mocks'; +import { fetchPendingActionsByAgentId } from './endpoint_pending_actions'; +import { pendingActionsHttpMock, pendingActionsResponseMock } from './mocks'; +import { ACTION_STATUS_ROUTE } from '../../../../common/endpoint/constants'; + +jest.mock('../kibana'); + +describe('when using endpoint pending actions api service', () => { + let coreHttp: ReturnType['http']; + + beforeEach(() => { + const coreStartMock = coreMock.createStart(); + coreHttp = coreStartMock.http; + pendingActionsHttpMock(coreHttp); + (KibanaServices.get as jest.Mock).mockReturnValue(coreStartMock); + }); + + it('should call the endpont pending action status API', async () => { + const agentIdList = ['111-111', '222-222']; + const response = await fetchPendingActionsByAgentId(agentIdList); + + expect(response).toEqual(pendingActionsResponseMock()); + expect(coreHttp.get).toHaveBeenCalledWith(ACTION_STATUS_ROUTE, { + query: { + agent_ids: agentIdList, + }, + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/common/lib/endpoint_pending_actions/mocks.ts b/x-pack/plugins/security_solution/public/common/lib/endpoint_pending_actions/mocks.ts new file mode 100644 index 00000000000000..4c3822b07d88c2 --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/lib/endpoint_pending_actions/mocks.ts @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + PendingActionsRequestQuery, + PendingActionsResponse, +} from '../../../../common/endpoint/types'; +import { + httpHandlerMockFactory, + ResponseProvidersInterface, +} from '../../mock/endpoint/http_handler_mock_factory'; +import { ACTION_STATUS_ROUTE } from '../../../../common/endpoint/constants'; + +export const pendingActionsResponseMock = (): PendingActionsResponse => ({ + data: [ + { + agent_id: '111-111', + pending_actions: {}, + }, + { + agent_id: '222-222', + pending_actions: { + isolate: 1, + }, + }, + ], +}); + +export type PendingActionsHttpMockInterface = ResponseProvidersInterface<{ + pendingActions: () => PendingActionsResponse; +}>; + +export const pendingActionsHttpMock = httpHandlerMockFactory([ + { + id: 'pendingActions', + method: 'get', + path: ACTION_STATUS_ROUTE, + /** Will build a response based on the number of agent ids received. */ + handler: (options) => { + const agentIds = (options.query as PendingActionsRequestQuery).agent_ids as string[]; + + if (agentIds.length) { + return { + data: agentIds.map((id, index) => ({ + agent_id: id, + pending_actions: + index % 2 // index's of the array that are not divisible by 2 will will have `isolate: 1` + ? { + isolate: 1, + } + : {}, + })), + }; + } + + return pendingActionsResponseMock(); + }, + }, +]); diff --git a/x-pack/plugins/security_solution/public/common/lib/keury/index.ts b/x-pack/plugins/security_solution/public/common/lib/keury/index.ts index bd026f486471f1..a71524f9e02a86 100644 --- a/x-pack/plugins/security_solution/public/common/lib/keury/index.ts +++ b/x-pack/plugins/security_solution/public/common/lib/keury/index.ts @@ -7,6 +7,7 @@ import { isEmpty, isString, flow } from 'lodash/fp'; +import { JsonObject } from '@kbn/common-utils'; import { EsQueryConfig, Query, @@ -15,7 +16,6 @@ import { esKuery, IIndexPattern, } from '../../../../../../../src/plugins/data/public'; -import { JsonObject } from '../../../../../../../src/plugins/kibana_utils/public'; export const convertKueryToElasticSearchQuery = ( kueryExpression: string, diff --git a/x-pack/plugins/security_solution/public/common/mock/endpoint/http_handler_mock_factory.ts b/x-pack/plugins/security_solution/public/common/mock/endpoint/http_handler_mock_factory.ts index 2df16fc1e21b0a..dc93ea8168a3f6 100644 --- a/x-pack/plugins/security_solution/public/common/mock/endpoint/http_handler_mock_factory.ts +++ b/x-pack/plugins/security_solution/public/common/mock/endpoint/http_handler_mock_factory.ts @@ -7,12 +7,7 @@ /* eslint-disable @typescript-eslint/no-explicit-any */ -import type { - HttpFetchOptions, - HttpFetchOptionsWithPath, - HttpHandler, - HttpStart, -} from 'kibana/public'; +import type { HttpFetchOptions, HttpFetchOptionsWithPath, HttpStart } from 'kibana/public'; import { merge } from 'lodash'; import { act } from '@testing-library/react'; @@ -102,7 +97,7 @@ interface RouteMock) => any; + handler: (options: HttpFetchOptionsWithPath) => any; /** * A function that returns a promise. The API response will be delayed until this promise is * resolved. This can be helpful when wanting to test an intermediate UI state while the API @@ -203,14 +198,25 @@ export const httpHandlerMockFactory = pathMatchesPattern(handler.path, path)); if (routeMock) { - markApiCallAsHandled(responseProvider[routeMock.id].mockDelay); - - await responseProvider[routeMock.id].mockDelay(); - // Use the handler defined for the HTTP Mocked interface (not the one passed on input to // the factory) for retrieving the response value because that one could have had its // response value manipulated by the individual test case. - return responseProvider[routeMock.id](...args); + + markApiCallAsHandled(responseProvider[routeMock.id].mockDelay); + await responseProvider[routeMock.id].mockDelay(); + + const fetchOptions: HttpFetchOptionsWithPath = isHttpFetchOptionsWithPath(args[0]) + ? args[0] + : { + // Ignore below is needed because the http service methods are defined via an overloaded interface. + // If the first argument is NOT fetch with options, then we know that its a string and `args` has + // a potential for being of `.length` 2. + // @ts-ignore + ...(args[1] || {}), + path: args[0], + }; + + return responseProvider[routeMock.id](fetchOptions); } else if (priorMockedFunction) { return priorMockedFunction(...args); } diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/mocks.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/mocks.ts index 3a3ad47f9f5754..de05fa949b487e 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/mocks.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/mocks.ts @@ -23,7 +23,16 @@ import { HOST_METADATA_GET_ROUTE, HOST_METADATA_LIST_ROUTE, } from '../../../../common/endpoint/constants'; -import { AGENT_POLICY_API_ROUTES, GetAgentPoliciesResponse } from '../../../../../fleet/common'; +import { + AGENT_POLICY_API_ROUTES, + EPM_API_ROUTES, + GetAgentPoliciesResponse, + GetPackagesResponse, +} from '../../../../../fleet/common'; +import { + PendingActionsHttpMockInterface, + pendingActionsHttpMock, +} from '../../../common/lib/endpoint_pending_actions/mocks'; type EndpointMetadataHttpMocksInterface = ResponseProvidersInterface<{ metadataList: () => HostResultList; @@ -40,11 +49,15 @@ export const endpointMetadataHttpMocks = httpHandlerMockFactory { - return { + const endpoint = { metadata: generator.generateHostMetadata(), host_status: HostStatus.UNHEALTHY, query_strategy_version: MetadataQueryStrategyVersions.VERSION_2, }; + + generator.updateCommonInfo(); + + return endpoint; }), total: 10, request_page_size: 10, @@ -88,6 +101,7 @@ export const endpointPolicyResponseHttpMock = httpHandlerMockFactory GetAgentPoliciesResponse; + packageList: () => GetPackagesResponse; }>; export const fleetApisHttpMock = httpHandlerMockFactory([ { @@ -113,11 +127,24 @@ export const fleetApisHttpMock = httpHandlerMockFactory & { + payload: EndpointState['endpointPendingActions']; +}; + export type EndpointAction = | ServerReturnedEndpointList | ServerFailedToReturnEndpointList @@ -186,4 +190,5 @@ export type EndpointAction = | ServerFailedToReturnAgenstWithEndpointsTotal | ServerFailedToReturnEndpointsTotal | EndpointIsolationRequest - | EndpointIsolationRequestStateChange; + | EndpointIsolationRequestStateChange + | EndpointPendingActionsStateChanged; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts index 273b4279851fd3..d43f361a0e6bb8 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts @@ -7,7 +7,7 @@ import { Immutable } from '../../../../../common/endpoint/types'; import { DEFAULT_POLL_INTERVAL } from '../../../common/constants'; -import { createUninitialisedResourceState } from '../../../state'; +import { createLoadedResourceState, createUninitialisedResourceState } from '../../../state'; import { EndpointState } from '../types'; export const initialEndpointPageState = (): Immutable => { @@ -53,5 +53,6 @@ export const initialEndpointPageState = (): Immutable => { policyVersionInfo: undefined, hostStatus: undefined, isolationRequestState: createUninitialisedResourceState(), + endpointPendingActions: createLoadedResourceState(new Map()), }; }; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts index 455c6538bcdf26..7f7c5f84f8bffd 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts @@ -77,6 +77,10 @@ describe('EndpointList store concerns', () => { isolationRequestState: { type: 'UninitialisedResourceState', }, + endpointPendingActions: { + data: new Map(), + type: 'LoadedResourceState', + }, }); }); diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts index 130f8a56fd0267..52da30fabf95a1 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts @@ -43,6 +43,7 @@ import { hostIsolationResponseMock, } from '../../../../common/lib/endpoint_isolation/mocks'; import { FleetActionGenerator } from '../../../../../common/endpoint/data_generators/fleet_action_generator'; +import { endpointPageHttpMock } from '../mocks'; jest.mock('../../policy/store/services/ingest', () => ({ sendGetAgentConfigList: () => Promise.resolve({ items: [] }), @@ -55,6 +56,7 @@ jest.mock('../../../../common/lib/kibana'); type EndpointListStore = Store, Immutable>; describe('endpoint list middleware', () => { + const getKibanaServicesMock = KibanaServices.get as jest.Mock; let fakeCoreStart: jest.Mocked; let depsStart: DepsStartMock; let fakeHttpServices: jest.Mocked; @@ -69,6 +71,17 @@ describe('endpoint list middleware', () => { return mockEndpointResultList({ request_page_size: 1, request_page_index: 1, total: 10 }); }; + const dispatchUserChangedUrlToEndpointList = (locationOverrides: Partial = {}) => { + dispatch({ + type: 'userChangedUrl', + payload: { + ...history.location, + pathname: getEndpointListPath({ name: 'endpointList' }), + ...locationOverrides, + }, + }); + }; + beforeEach(() => { fakeCoreStart = coreMock.createStart({ basePath: '/mock' }); depsStart = depsStartMock(); @@ -81,6 +94,7 @@ describe('endpoint list middleware', () => { getState = store.getState; dispatch = store.dispatch; history = createBrowserHistory(); + getKibanaServicesMock.mockReturnValue(fakeCoreStart); }); it('handles `userChangedUrl`', async () => { @@ -88,13 +102,7 @@ describe('endpoint list middleware', () => { fakeHttpServices.post.mockResolvedValue(apiResponse); expect(fakeHttpServices.post).not.toHaveBeenCalled(); - dispatch({ - type: 'userChangedUrl', - payload: { - ...history.location, - pathname: getEndpointListPath({ name: 'endpointList' }), - }, - }); + dispatchUserChangedUrlToEndpointList(); await waitForAction('serverReturnedEndpointList'); expect(fakeHttpServices.post).toHaveBeenCalledWith('/api/endpoint/metadata', { body: JSON.stringify({ @@ -111,13 +119,7 @@ describe('endpoint list middleware', () => { expect(fakeHttpServices.post).not.toHaveBeenCalled(); // First change the URL - dispatch({ - type: 'userChangedUrl', - payload: { - ...history.location, - pathname: getEndpointListPath({ name: 'endpointList' }), - }, - }); + dispatchUserChangedUrlToEndpointList(); await waitForAction('serverReturnedEndpointList'); // Then request the Endpoint List @@ -135,7 +137,6 @@ describe('endpoint list middleware', () => { }); describe('handling of IsolateEndpointHost action', () => { - const getKibanaServicesMock = KibanaServices.get as jest.Mock; const dispatchIsolateEndpointHost = (action: ISOLATION_ACTIONS = 'isolate') => { dispatch({ type: 'endpointIsolationRequest', @@ -149,7 +150,6 @@ describe('endpoint list middleware', () => { beforeEach(() => { isolateApiResponseHandlers = hostIsolationHttpMocks(fakeHttpServices); - getKibanaServicesMock.mockReturnValue(fakeCoreStart); }); it('should set Isolation state to loading', async () => { @@ -224,14 +224,7 @@ describe('endpoint list middleware', () => { selected_endpoint: endpointList.hosts[0].metadata.agent.id, }); const dispatchUserChangedUrl = () => { - dispatch({ - type: 'userChangedUrl', - payload: { - ...history.location, - pathname: '/endpoints', - search: `?${search.split('?').pop()}`, - }, - }); + dispatchUserChangedUrlToEndpointList({ search: `?${search.split('?').pop()}` }); }; const fleetActionGenerator = new FleetActionGenerator(Math.random().toString()); @@ -300,4 +293,39 @@ describe('endpoint list middleware', () => { expect(activityLogData).toEqual(getMockEndpointActivityLog()); }); }); + + describe('handle Endpoint Pending Actions state actions', () => { + let mockedApis: ReturnType; + + beforeEach(() => { + mockedApis = endpointPageHttpMock(fakeHttpServices); + }); + + it('should include all agents ids from the list when calling API', async () => { + const loadingPendingActions = waitForAction('endpointPendingActionsStateChanged', { + validate: (action) => isLoadedResourceState(action.payload), + }); + + dispatchUserChangedUrlToEndpointList(); + await loadingPendingActions; + + expect(mockedApis.responseProvider.pendingActions).toHaveBeenCalledWith({ + path: expect.any(String), + query: { + agent_ids: [ + '6db499e5-4927-4350-abb8-d8318e7d0eec', + 'c082dda9-1847-4997-8eda-f1192d95bec3', + '8aa1cd61-cc25-4783-afb5-0eefc4919c07', + '47fe24c1-7370-419a-9732-3ff38bf41272', + '0d2b2fa7-a9cd-49fc-ad5f-0252c642290e', + 'f480092d-0445-4bf3-9c96-8a3d5cb97824', + '3850e676-0940-4c4b-aaca-571bd1bc66d9', + '46efcc7a-086a-47a3-8f09-c4ecd6d2d917', + 'afa55826-b81b-4440-a2ac-0644d77a3fc6', + '25b49e50-cb5c-43df-824f-67b8cf697d9d', + ], + }, + }); + }); + }); }); diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts index aa0afe5ec980a3..4f96223e8b7897 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts @@ -34,8 +34,9 @@ import { getActivityLogData, getActivityLogDataPaging, getLastLoadedActivityLogData, + detailsData, } from './selectors'; -import { EndpointState, PolicyIds } from '../types'; +import { AgentIdsPendingActions, EndpointState, PolicyIds } from '../types'; import { sendGetEndpointSpecificPackagePolicies, sendGetEndpointSecurityPackage, @@ -59,9 +60,13 @@ import { isolateHost, unIsolateHost } from '../../../../common/lib/endpoint_isol import { AppAction } from '../../../../common/store/actions'; import { resolvePathVariables } from '../../../../common/utils/resolve_path_variables'; import { ServerReturnedEndpointPackageInfo } from './action'; +import { fetchPendingActionsByAgentId } from '../../../../common/lib/endpoint_pending_actions'; type EndpointPageStore = ImmutableMiddlewareAPI; +// eslint-disable-next-line no-console +const logError = console.error; + export const endpointMiddlewareFactory: ImmutableMiddlewareFactory = ( coreStart, depsStart @@ -110,6 +115,8 @@ export const endpointMiddlewareFactory: ImmutableMiddlewareFactory => { }) ).total; } catch (error) { - // eslint-disable-next-line no-console - console.error(`error while trying to check for total endpoints`); - // eslint-disable-next-line no-console - console.error(error); + logError(`error while trying to check for total endpoints`); + logError(error); } return 0; }; @@ -524,10 +528,8 @@ const doEndpointsExist = async (http: HttpStart): Promise => { try { return (await endpointsTotal(http)) > 0; } catch (error) { - // eslint-disable-next-line no-console - console.error(`error while trying to check if endpoints exist`); - // eslint-disable-next-line no-console - console.error(error); + logError(`error while trying to check if endpoints exist`); + logError(error); } return false; }; @@ -586,7 +588,51 @@ async function getEndpointPackageInfo( }); } catch (error) { // Ignore Errors, since this should not hinder the user's ability to use the UI - // eslint-disable-next-line no-console - console.error(error); + logError(error); } } + +/** + * retrieves the Endpoint pending actions for all of the existing endpoints being displayed on the list + * or the details tab. + * + * @param store + */ +const loadEndpointsPendingActions = async ({ + getState, + dispatch, +}: EndpointPageStore): Promise => { + const state = getState(); + const detailsEndpoint = detailsData(state); + const listEndpoints = listData(state); + const agentsIds = new Set(); + + // get all agent ids for the endpoints in the list + if (detailsEndpoint) { + agentsIds.add(detailsEndpoint.elastic.agent.id); + } + + for (const endpointInfo of listEndpoints) { + agentsIds.add(endpointInfo.metadata.elastic.agent.id); + } + + if (agentsIds.size === 0) { + return; + } + + try { + const { data: pendingActions } = await fetchPendingActionsByAgentId(Array.from(agentsIds)); + const agentIdToPendingActions: AgentIdsPendingActions = new Map(); + + for (const pendingAction of pendingActions) { + agentIdToPendingActions.set(pendingAction.agent_id, pendingAction.pending_actions); + } + + dispatch({ + type: 'endpointPendingActionsStateChanged', + payload: createLoadedResourceState(agentIdToPendingActions), + }); + } catch (error) { + logError(error); + } +}; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts index b580664512eb66..9460c27dfe705d 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { EndpointDetailsActivityLogChanged } from './action'; +import { EndpointDetailsActivityLogChanged, EndpointPendingActionsStateChanged } from './action'; import { isOnEndpointPage, hasSelectedEndpoint, @@ -41,6 +41,19 @@ const handleEndpointDetailsActivityLogChanged: CaseReducer = ( + state, + action +) => { + if (isOnEndpointPage(state)) { + return { + ...state, + endpointPendingActions: action.payload, + }; + } + return state; +}; + /* eslint-disable-next-line complexity */ export const endpointListReducer: StateReducer = (state = initialEndpointPageState(), action) => { if (action.type === 'serverReturnedEndpointList') { @@ -141,6 +154,8 @@ export const endpointListReducer: StateReducer = (state = initialEndpointPageSta }; } else if (action.type === 'endpointDetailsActivityLogChanged') { return handleEndpointDetailsActivityLogChanged(state, action); + } else if (action.type === 'endpointPendingActionsStateChanged') { + return handleEndpointPendingActionsStateChanged(state, action); } else if (action.type === 'serverReturnedPoliciesForOnboarding') { return { ...state, diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts index 2b567d1ad53b58..d9be85377c81d7 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts @@ -18,6 +18,7 @@ import { MetadataQueryStrategyVersions, HostStatus, ActivityLog, + HostMetadata, } from '../../../../../common/endpoint/types'; import { EndpointState, EndpointIndexUIQueryParams } from '../types'; import { extractListPaginationParams } from '../../../common/routing'; @@ -36,6 +37,7 @@ import { import { ServerApiError } from '../../../../common/types'; import { isEndpointHostIsolated } from '../../../../common/utils/validators'; +import { EndpointHostIsolationStatusProps } from '../../../../common/components/endpoint/host_isolation'; export const listData = (state: Immutable) => state.hosts; @@ -412,3 +414,40 @@ export const getActivityLogError: ( export const getIsEndpointHostIsolated = createSelector(detailsData, (details) => { return (details && isEndpointHostIsolated(details)) || false; }); + +export const getEndpointPendingActionsState = ( + state: Immutable +): Immutable => { + return state.endpointPendingActions; +}; + +/** + * Returns a function (callback) that can be used to retrieve the props for the `EndpointHostIsolationStatus` + * component for a given Endpoint + */ +export const getEndpointHostIsolationStatusPropsCallback: ( + state: Immutable +) => (endpoint: HostMetadata) => EndpointHostIsolationStatusProps = createSelector( + getEndpointPendingActionsState, + (pendingActionsState) => { + return (endpoint: HostMetadata) => { + let pendingIsolate = 0; + let pendingUnIsolate = 0; + + if (isLoadedResourceState(pendingActionsState)) { + const endpointPendingActions = pendingActionsState.data.get(endpoint.elastic.agent.id); + + if (endpointPendingActions) { + pendingIsolate = endpointPendingActions?.isolate ?? 0; + pendingUnIsolate = endpointPendingActions?.unisolate ?? 0; + } + } + + return { + isIsolated: isEndpointHostIsolated(endpoint), + pendingIsolate, + pendingUnIsolate, + }; + }; + } +); diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts index eed2182d41809d..59aa2bd15dd74a 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts @@ -16,6 +16,7 @@ import { MetadataQueryStrategyVersions, HostStatus, HostIsolationResponse, + EndpointPendingActions, } from '../../../../common/endpoint/types'; import { ServerApiError } from '../../../common/types'; import { GetPackagesResponse } from '../../../../../fleet/common'; @@ -94,10 +95,18 @@ export interface EndpointState { policyVersionInfo?: HostInfo['policy_info']; /** The status of the host, which is mapped to the Elastic Agent status in Fleet */ hostStatus?: HostStatus; - /* Host isolation state */ + /** Host isolation request state for a single endpoint */ isolationRequestState: AsyncResourceState; + /** + * Holds a map of `agentId` to `EndpointPendingActions` that is used by both the list and details view + * Getting pending endpoint actions is "supplemental" data, so there is no need to show other Async + * states other than Loaded + */ + endpointPendingActions: AsyncResourceState; } +export type AgentIdsPendingActions = Map; + /** * packagePolicy contains a list of Package Policy IDs (received via Endpoint metadata policy response) mapped to a boolean whether they exist or not. * agentPolicy contains a list of existing Package Policy Ids mapped to an associated Fleet parent Agent Config. diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/components/endpoint_agent_status.test.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/components/endpoint_agent_status.test.tsx new file mode 100644 index 00000000000000..9010bb5785c1d4 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/components/endpoint_agent_status.test.tsx @@ -0,0 +1,90 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { + AppContextTestRender, + createAppRootMockRenderer, +} from '../../../../../common/mock/endpoint'; +import { endpointPageHttpMock } from '../../mocks'; +import { act } from '@testing-library/react'; +import { EndpointAgentStatus, EndpointAgentStatusProps } from './endpoint_agent_status'; +import { HostMetadata, HostStatus } from '../../../../../../common/endpoint/types'; +import { isLoadedResourceState } from '../../../../state'; +import { KibanaServices } from '../../../../../common/lib/kibana'; + +jest.mock('../../../../../common/lib/kibana'); + +describe('When using the EndpointAgentStatus component', () => { + let render: ( + props: EndpointAgentStatusProps + ) => Promise>; + let waitForAction: AppContextTestRender['middlewareSpy']['waitForAction']; + let renderResult: ReturnType; + let httpMocks: ReturnType; + let endpointMeta: HostMetadata; + + beforeEach(() => { + const mockedContext = createAppRootMockRenderer(); + + (KibanaServices.get as jest.Mock).mockReturnValue(mockedContext.startServices); + httpMocks = endpointPageHttpMock(mockedContext.coreStart.http); + waitForAction = mockedContext.middlewareSpy.waitForAction; + endpointMeta = httpMocks.responseProvider.metadataList().hosts[0].metadata; + render = async (props: EndpointAgentStatusProps) => { + renderResult = mockedContext.render(); + return renderResult; + }; + + act(() => { + mockedContext.history.push('/endpoints'); + }); + }); + + it.each([ + ['Healthy', 'healthy'], + ['Unhealthy', 'unhealthy'], + ['Updating', 'updating'], + ['Offline', 'offline'], + ['Inactive', 'inactive'], + ['Unhealthy', 'someUnknownValueHere'], + ])('should show agent status of %s', async (expectedLabel, hostStatus) => { + await render({ hostStatus: hostStatus as HostStatus, endpointMetadata: endpointMeta }); + expect(renderResult.getByTestId('rowHostStatus').textContent).toEqual(expectedLabel); + }); + + describe('and host is isolated or pending isolation', () => { + beforeEach(async () => { + // Ensure pending action api sets pending action for the test endpoint metadata + const pendingActionsResponseProvider = httpMocks.responseProvider.pendingActions.getMockImplementation(); + httpMocks.responseProvider.pendingActions.mockImplementation((...args) => { + const response = pendingActionsResponseProvider!(...args); + response.data.some((pendingAction) => { + if (pendingAction.agent_id === endpointMeta.elastic.agent.id) { + pendingAction.pending_actions.isolate = 1; + return true; + } + return false; + }); + return response; + }); + + const loadingPendingActions = waitForAction('endpointPendingActionsStateChanged', { + validate: (action) => isLoadedResourceState(action.payload), + }); + + await render({ hostStatus: HostStatus.HEALTHY, endpointMetadata: endpointMeta }); + await loadingPendingActions; + }); + + it('should show host pending action', () => { + expect(renderResult.getByTestId('rowIsolationStatus').textContent).toEqual( + 'Isolating pending' + ); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/components/endpoint_agent_status.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/components/endpoint_agent_status.tsx new file mode 100644 index 00000000000000..94db233972d670 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/components/endpoint_agent_status.tsx @@ -0,0 +1,59 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo } from 'react'; +import { EuiBadge, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n/react'; +import styled from 'styled-components'; +import { HostInfo, HostMetadata } from '../../../../../../common/endpoint/types'; +import { HOST_STATUS_TO_BADGE_COLOR } from '../host_constants'; +import { EndpointHostIsolationStatus } from '../../../../../common/components/endpoint/host_isolation'; +import { useEndpointSelector } from '../hooks'; +import { getEndpointHostIsolationStatusPropsCallback } from '../../store/selectors'; + +const EuiFlexGroupStyled = styled(EuiFlexGroup)` + .isolation-status { + margin-left: ${({ theme }) => theme.eui.paddingSizes.s}; + } +`; + +export interface EndpointAgentStatusProps { + hostStatus: HostInfo['host_status']; + endpointMetadata: HostMetadata; +} +export const EndpointAgentStatus = memo( + ({ endpointMetadata, hostStatus }) => { + const getEndpointIsolationStatusProps = useEndpointSelector( + getEndpointHostIsolationStatusPropsCallback + ); + + return ( + + + + + + + + + + + ); + } +); + +EndpointAgentStatus.displayName = 'EndpointAgentStatus'; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/actions_menu.test.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/actions_menu.test.tsx index 356d44a8105287..04708ea90cd349 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/actions_menu.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/actions_menu.test.tsx @@ -15,8 +15,10 @@ import React from 'react'; import { act } from '@testing-library/react'; import { endpointPageHttpMock } from '../../../mocks'; import { fireEvent } from '@testing-library/dom'; +import { licenseService } from '../../../../../../common/hooks/use_license'; jest.mock('../../../../../../common/lib/kibana'); +jest.mock('../../../../../../common/hooks/use_license'); describe('When using the Endpoint Details Actions Menu', () => { let render: () => Promise>; @@ -112,4 +114,25 @@ describe('When using the Endpoint Details Actions Menu', () => { expect(coreStart.application.navigateToApp).toHaveBeenCalled(); }); }); + + describe('and license is NOT PlatinumPlus', () => { + const licenseServiceMock = licenseService as jest.Mocked; + + beforeEach(() => licenseServiceMock.isPlatinumPlus.mockReturnValue(false)); + + afterEach(() => licenseServiceMock.isPlatinumPlus.mockReturnValue(true)); + + it('should not show the `isoalte` action', async () => { + setEndpointMetadataResponse(); + await render(); + expect(renderResult.queryByTestId('isolateLink')).toBeNull(); + }); + + it('should still show `unisolate` action for endpoints that are currently isolated', async () => { + setEndpointMetadataResponse(true); + await render(); + expect(renderResult.queryByTestId('isolateLink')).toBeNull(); + expect(renderResult.getByTestId('unIsolateLink')).not.toBeNull(); + }); + }); }); diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details.tsx index 38404a5c6c11ff..64ea575c37d798 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details.tsx @@ -23,7 +23,7 @@ import { isPolicyOutOfDate } from '../../utils'; import { HostInfo, HostMetadata, HostStatus } from '../../../../../../common/endpoint/types'; import { useEndpointSelector } from '../hooks'; import { policyResponseStatus, uiQueryParams } from '../../store/selectors'; -import { POLICY_STATUS_TO_BADGE_COLOR, HOST_STATUS_TO_BADGE_COLOR } from '../host_constants'; +import { POLICY_STATUS_TO_BADGE_COLOR } from '../host_constants'; import { FormattedDateAndTime } from '../../../../../common/components/endpoint/formatted_date_time'; import { useNavigateByRouterEventHandler } from '../../../../../common/hooks/endpoint/use_navigate_by_router_event_handler'; import { getEndpointDetailsPath } from '../../../../common/routing'; @@ -31,6 +31,7 @@ import { SecurityPageName } from '../../../../../app/types'; import { useFormatUrl } from '../../../../../common/components/link_to'; import { EndpointPolicyLink } from '../components/endpoint_policy_link'; import { OutOfDate } from '../components/out_of_date'; +import { EndpointAgentStatus } from '../components/endpoint_agent_status'; const HostIds = styled(EuiListGroupItem)` margin-top: 0; @@ -88,20 +89,7 @@ export const EndpointDetails = memo( title: i18n.translate('xpack.securitySolution.endpoint.details.agentStatus', { defaultMessage: 'Agent Status', }), - description: ( - - - - - - ), + description: , }, { title: i18n.translate('xpack.securitySolution.endpoint.details.lastSeen', { diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks/use_endpoint_action_items.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks/use_endpoint_action_items.tsx index 31069b1939ce98..7c38c935a0b9f3 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks/use_endpoint_action_items.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks/use_endpoint_action_items.tsx @@ -17,7 +17,8 @@ import { useEndpointSelector } from './hooks'; import { agentPolicies, uiQueryParams } from '../../store/selectors'; import { useKibana } from '../../../../../common/lib/kibana'; import { ContextMenuItemNavByRouterProps } from '../components/context_menu_item_nav_by_rotuer'; -import { isEndpointHostIsolated } from '../../../../../common/utils/validators/is_endpoint_host_isolated'; +import { isEndpointHostIsolated } from '../../../../../common/utils/validators'; +import { useLicense } from '../../../../../common/hooks/use_license'; /** * Returns a list (array) of actions for an individual endpoint @@ -26,6 +27,7 @@ import { isEndpointHostIsolated } from '../../../../../common/utils/validators/i export const useEndpointActionItems = ( endpointMetadata: MaybeImmutable | undefined ): ContextMenuItemNavByRouterProps[] => { + const isPlatinumPlus = useLicense().isPlatinumPlus(); const { formatUrl } = useFormatUrl(SecurityPageName.administration); const fleetAgentPolicies = useEndpointSelector(agentPolicies); const allCurrentUrlParams = useEndpointSelector(uiQueryParams); @@ -58,40 +60,48 @@ export const useEndpointActionItems = ( selected_endpoint: endpointId, }); + const isolationActions = []; + + if (isIsolated) { + // Un-isolate is always available to users regardless of license level + isolationActions.push({ + 'data-test-subj': 'unIsolateLink', + icon: 'logoSecurity', + key: 'unIsolateHost', + navigateAppId: MANAGEMENT_APP_ID, + navigateOptions: { + path: endpointUnIsolatePath, + }, + href: formatUrl(endpointUnIsolatePath), + children: ( + + ), + }); + } else if (isPlatinumPlus) { + // For Platinum++ licenses, users also have ability to isolate + isolationActions.push({ + 'data-test-subj': 'isolateLink', + icon: 'logoSecurity', + key: 'isolateHost', + navigateAppId: MANAGEMENT_APP_ID, + navigateOptions: { + path: endpointIsolatePath, + }, + href: formatUrl(endpointIsolatePath), + children: ( + + ), + }); + } + return [ - isIsolated - ? { - 'data-test-subj': 'unIsolateLink', - icon: 'logoSecurity', - key: 'unIsolateHost', - navigateAppId: MANAGEMENT_APP_ID, - navigateOptions: { - path: endpointUnIsolatePath, - }, - href: formatUrl(endpointUnIsolatePath), - children: ( - - ), - } - : { - 'data-test-subj': 'isolateLink', - icon: 'logoSecurity', - key: 'isolateHost', - navigateAppId: MANAGEMENT_APP_ID, - navigateOptions: { - path: endpointIsolatePath, - }, - href: formatUrl(endpointIsolatePath), - children: ( - - ), - }, + ...isolationActions, { 'data-test-subj': 'hostLink', icon: 'logoSecurity', @@ -138,13 +148,13 @@ export const useEndpointActionItems = ( navigateAppId: 'fleet', navigateOptions: { path: `#${ - pagePathGetters.fleet_agent_details({ + pagePathGetters.agent_details({ agentId: fleetAgentId, })[1] }`, }, href: `${getUrlForApp('fleet')}#${ - pagePathGetters.fleet_agent_details({ + pagePathGetters.agent_details({ agentId: fleetAgentId, })[1] }`, @@ -162,13 +172,13 @@ export const useEndpointActionItems = ( navigateAppId: 'fleet', navigateOptions: { path: `#${ - pagePathGetters.fleet_agent_details({ + pagePathGetters.agent_details({ agentId: fleetAgentId, })[1] }/activity?openReassignFlyout=true`, }, href: `${getUrlForApp('fleet')}#${ - pagePathGetters.fleet_agent_details({ + pagePathGetters.agent_details({ agentId: fleetAgentId, })[1] }/activity?openReassignFlyout=true`, @@ -183,5 +193,12 @@ export const useEndpointActionItems = ( } return []; - }, [allCurrentUrlParams, endpointMetadata, fleetAgentPolicies, formatUrl, getUrlForApp]); + }, [ + allCurrentUrlParams, + endpointMetadata, + fleetAgentPolicies, + formatUrl, + getUrlForApp, + isPlatinumPlus, + ]); }; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx index 86f1e32e751eeb..14f9662ad9b0bb 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx @@ -37,6 +37,7 @@ import { isUninitialisedResourceState, } from '../../../state'; import { getCurrentIsolationRequestState } from '../store/selectors'; +import { licenseService } from '../../../../common/hooks/use_license'; // not sure why this can't be imported from '../../../../common/mock/formatted_relative'; // but sure enough it needs to be inline in this one file @@ -59,6 +60,7 @@ jest.mock('../../policy/store/services/ingest', () => { }); jest.mock('../../../../common/lib/kibana'); +jest.mock('../../../../common/hooks/use_license'); describe('when on the endpoint list page', () => { const docGenerator = new EndpointDocGenerator(); @@ -70,6 +72,9 @@ describe('when on the endpoint list page', () => { let coreStart: AppContextTestRender['coreStart']; let middlewareSpy: AppContextTestRender['middlewareSpy']; let abortSpy: jest.SpyInstance; + + (licenseService as jest.Mocked).isPlatinumPlus.mockReturnValue(true); + beforeAll(() => { const mockAbort = new AbortController(); mockAbort.abort(); @@ -1108,13 +1113,13 @@ describe('when on the endpoint list page', () => { }); it('navigates to the Ingest Agent Details page', async () => { const agentDetailsLink = await renderResult.findByTestId('agentDetailsLink'); - expect(agentDetailsLink.getAttribute('href')).toEqual(`/app/fleet#/fleet/agents/${agentId}`); + expect(agentDetailsLink.getAttribute('href')).toEqual(`/app/fleet#/agents/${agentId}`); }); it('navigates to the Ingest Agent Details page with policy reassign', async () => { const agentPolicyReassignLink = await renderResult.findByTestId('agentPolicyReassignLink'); expect(agentPolicyReassignLink.getAttribute('href')).toEqual( - `/app/fleet#/fleet/agents/${agentId}/activity?openReassignFlyout=true` + `/app/fleet#/agents/${agentId}/activity?openReassignFlyout=true` ); }); }); diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx index 4d1ab0f3de8252..d1dab3dd07a7e3 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx @@ -31,11 +31,7 @@ import { EndpointDetailsFlyout } from './details'; import * as selectors from '../store/selectors'; import { useEndpointSelector } from './hooks'; import { isPolicyOutOfDate } from '../utils'; -import { - HOST_STATUS_TO_BADGE_COLOR, - POLICY_STATUS_TO_BADGE_COLOR, - POLICY_STATUS_TO_TEXT, -} from './host_constants'; +import { POLICY_STATUS_TO_BADGE_COLOR, POLICY_STATUS_TO_TEXT } from './host_constants'; import { useNavigateByRouterEventHandler } from '../../../../common/hooks/endpoint/use_navigate_by_router_event_handler'; import { CreateStructuredSelector } from '../../../../common/store'; import { Immutable, HostInfo } from '../../../../../common/endpoint/types'; @@ -59,6 +55,7 @@ import { AdministrationListPage } from '../../../components/administration_list_ import { useKibana } from '../../../../../../../../src/plugins/kibana_react/public'; import { LinkToApp } from '../../../../common/components/endpoint/link_to_app'; import { TableRowActions } from './components/table_row_actions'; +import { EndpointAgentStatus } from './components/endpoint_agent_status'; const MAX_PAGINATED_ITEM = 9999; @@ -97,6 +94,7 @@ const EndpointListNavLink = memo<{ }); EndpointListNavLink.displayName = 'EndpointListNavLink'; +// FIXME: this needs refactoring - we are pulling in all selectors from endpoint, which includes many more than what the list uses const selector = (createStructuredSelector as CreateStructuredSelector)(selectors); export const EndpointList = () => { const history = useHistory(); @@ -279,19 +277,9 @@ export const EndpointList = () => { defaultMessage: 'Agent Status', }), // eslint-disable-next-line react/display-name - render: (hostStatus: HostInfo['host_status']) => { + render: (hostStatus: HostInfo['host_status'], endpointInfo) => { return ( - - - + ); }, }, @@ -527,12 +515,12 @@ export const EndpointList = () => { agentsLink: ( diff --git a/x-pack/plugins/security_solution/public/management/pages/event_filters/view/components/event_filter_delete_modal.tsx b/x-pack/plugins/security_solution/public/management/pages/event_filters/view/components/event_filter_delete_modal.tsx index 74a023965a57d5..653469d304978c 100644 --- a/x-pack/plugins/security_solution/public/management/pages/event_filters/view/components/event_filter_delete_modal.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/event_filters/view/components/event_filter_delete_modal.tsx @@ -91,7 +91,7 @@ export const EventFilterDeleteModal = memo<{}>(() => { {eventFilter?.name} }} + values={{ name: {eventFilter?.name} }} />

diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/fleet_event_filters_card.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/fleet_event_filters_card.tsx index be3cba5eb43181..5588cdbe81e3ed 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/fleet_event_filters_card.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/fleet_event_filters_card.tsx @@ -20,7 +20,7 @@ import { GetExceptionSummaryResponse, ListPageRouteState, } from '../../../../../../../../common/endpoint/types'; -import { PLUGIN_ID as FLEET_PLUGIN_ID } from '../../../../../../../../../fleet/common'; +import { INTEGRATIONS_PLUGIN_ID } from '../../../../../../../../../fleet/common'; import { MANAGEMENT_APP_ID } from '../../../../../../common/constants'; import { useToasts } from '../../../../../../../common/lib/kibana'; import { LinkWithIcon } from './link_with_icon'; @@ -68,19 +68,21 @@ export const FleetEventFiltersCard = memo( }, [eventFiltersApi, toasts]); const eventFiltersRouteState = useMemo(() => { - const fleetPackageCustomUrlPath = `#${pagePathGetters.integration_details_custom({ pkgkey })}`; + const fleetPackageCustomUrlPath = `#${ + pagePathGetters.integration_details_custom({ pkgkey })[1] + }`; return { backButtonLabel: i18n.translate( 'xpack.securitySolution.endpoint.fleetCustomExtension.backButtonLabel', { defaultMessage: 'Back to Endpoint Integration' } ), onBackButtonNavigateTo: [ - FLEET_PLUGIN_ID, + INTEGRATIONS_PLUGIN_ID, { path: fleetPackageCustomUrlPath, }, ], - backButtonUrl: getUrlForApp(FLEET_PLUGIN_ID, { + backButtonUrl: getUrlForApp(INTEGRATIONS_PLUGIN_ID, { path: fleetPackageCustomUrlPath, }), }; diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/fleet_trusted_apps_card.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/fleet_trusted_apps_card.tsx index ed3ba10c1e62bb..f1c9cb13a27dc5 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/fleet_trusted_apps_card.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/fleet_trusted_apps_card.tsx @@ -20,7 +20,7 @@ import { ListPageRouteState, GetExceptionSummaryResponse, } from '../../../../../../../../common/endpoint/types'; -import { PLUGIN_ID as FLEET_PLUGIN_ID } from '../../../../../../../../../fleet/common'; +import { INTEGRATIONS_PLUGIN_ID } from '../../../../../../../../../fleet/common'; import { MANAGEMENT_APP_ID } from '../../../../../../common/constants'; import { useToasts } from '../../../../../../../common/lib/kibana'; import { LinkWithIcon } from './link_with_icon'; @@ -68,24 +68,26 @@ export const FleetTrustedAppsCard = memo(( const trustedAppsListUrlPath = getTrustedAppsListPath(); const trustedAppRouteState = useMemo(() => { - const fleetPackageCustomUrlPath = `#${pagePathGetters.integration_details_custom({ pkgkey })}`; + const fleetPackageCustomUrlPath = `#${ + pagePathGetters.integration_details_custom({ pkgkey })[1] + }`; + return { backButtonLabel: i18n.translate( 'xpack.securitySolution.endpoint.fleetCustomExtension.backButtonLabel', { defaultMessage: 'Back to Endpoint Integration' } ), onBackButtonNavigateTo: [ - FLEET_PLUGIN_ID, + INTEGRATIONS_PLUGIN_ID, { path: fleetPackageCustomUrlPath, }, ], - backButtonUrl: getUrlForApp(FLEET_PLUGIN_ID, { + backButtonUrl: getUrlForApp(INTEGRATIONS_PLUGIN_ID, { path: fleetPackageCustomUrlPath, }), }; }, [getUrlForApp, pkgkey]); - return ( diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.test.tsx index d01ccea5ba1f4a..1766048a3985aa 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.test.tsx @@ -17,17 +17,7 @@ import { policyListApiPathHandlers } from '../store/test_mock_utils'; import { licenseService } from '../../../../common/hooks/use_license'; jest.mock('../../../../common/components/link_to'); -jest.mock('../../../../common/hooks/use_license', () => { - const licenseServiceInstance = { - isPlatinumPlus: jest.fn(), - }; - return { - licenseService: licenseServiceInstance, - useLicense: () => { - return licenseServiceInstance; - }, - }; -}); +jest.mock('../../../../common/hooks/use_license'); describe('Policy Details', () => { type FindReactWrapperResponse = ReturnType['find']>; diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_app_deletion_dialog.test.tsx.snap b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_app_deletion_dialog.test.tsx.snap index 5ab58914ff8b1c..0343ab62b9773d 100644 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_app_deletion_dialog.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_app_deletion_dialog.test.tsx.snap @@ -56,9 +56,11 @@ exports[`TrustedAppDeletionDialog renders correctly when deletion failed 1`] = ` >

You are removing trusted application " - + trusted app 3 - + ".

@@ -158,9 +160,11 @@ exports[`TrustedAppDeletionDialog renders correctly when deletion is in progress >

You are removing trusted application " - + trusted app 3 - + ".

@@ -265,9 +269,11 @@ exports[`TrustedAppDeletionDialog renders correctly when dialog started 1`] = ` >

You are removing trusted application " - + trusted app 3 - + ".

diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/trusted_app_deletion_dialog.tsx b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/trusted_app_deletion_dialog.tsx index bffd9806103721..3afa2642eba121 100644 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/trusted_app_deletion_dialog.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/trusted_app_deletion_dialog.tsx @@ -45,7 +45,7 @@ const getTranslations = (entry: Immutable | undefined) => ({ {entry?.name} }} + values={{ name: {entry?.name} }} /> ), subMessage: ( diff --git a/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx index da45579b347739..dd8cdb818cad75 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx @@ -52,6 +52,7 @@ import * as i18n from './translations'; import * as commonI18n from '../../timeline/properties/translations'; import { getTimelineStatusByIdSelector } from './selectors'; import { TimelineKPIs } from './kpis'; +import { LineClamp } from '../../../../common/components/line_clamp'; // to hide side borders const StyledPanel = styled(EuiPanel)` @@ -206,13 +207,13 @@ const TimelineDescriptionComponent: React.FC = ({ timelineId (state) => (getTimeline(state, timelineId) ?? timelineDefaults).description ); - const content = useMemo(() => (description.length ? description : commonI18n.DESCRIPTION), [ - description, - ]); - return ( - {content} + {description.length ? ( + + ) : ( + commonI18n.DESCRIPTION + )} ); }; diff --git a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/timelines_table/common_columns.tsx b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/timelines_table/common_columns.tsx index 98d678a25b4c68..65963c96093209 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/timelines_table/common_columns.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/timelines_table/common_columns.tsx @@ -10,7 +10,7 @@ import { EuiButtonIcon, EuiLink } from '@elastic/eui'; import { omit } from 'lodash/fp'; import React from 'react'; - +import styled from 'styled-components'; import { ACTION_COLUMN_WIDTH } from './common_styles'; import { isUntitled } from '../helpers'; import { NotePreviews } from '../note_previews'; @@ -20,6 +20,14 @@ import { getEmptyTagValue } from '../../../../common/components/empty_value'; import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date'; import { TimelineType } from '../../../../../common/types/timeline'; +const DescriptionCell = styled.span` + text-overflow: ellipsis; + display: -webkit-box; + -webkit-line-clamp: 5; + -webkit-box-orient: vertical; + overflow: hidden; +`; + /** * Returns the column definitions (passed as the `columns` prop to * `EuiBasicTable`) that are common to the compact `Open Timeline` modal view, @@ -85,9 +93,9 @@ export const getCommonColumns = ({ field: 'description', name: i18n.DESCRIPTION, render: (description: string) => ( - + {description != null && description.trim().length > 0 ? description : getEmptyTagValue()} - + ), sortable: false, }, diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/isolation.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/isolation.ts index 8c1eb611cb5a1a..c54c12981c7710 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/isolation.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/isolation.ts @@ -156,9 +156,7 @@ export const isolationRequestHandler = function ( commentLines.push(`${isolate ? 'I' : 'Uni'}solate action was sent to the following Agents:`); // lines of markdown links, inside a code block - commentLines.push( - `${agentIDs.map((a) => `- [${a}](/app/fleet#/fleet/agents/${a})`).join('\n')}` - ); + commentLines.push(`${agentIDs.map((a) => `- [${a}](/app/fleet#/agents/${a})`).join('\n')}`); if (req.body.comment) { commentLines.push(`\n\nWith Comment:\n> ${req.body.comment}`); } diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/queries/events.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/queries/events.ts index 28a220c6f048a6..70e74356188c76 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/queries/events.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/queries/events.ts @@ -6,10 +6,10 @@ */ import type { IScopedClusterClient } from 'kibana/server'; +import { JsonObject } from '@kbn/common-utils'; import { parseFilterQuery } from '../../../../utils/serialized_query'; import { SafeResolverEvent } from '../../../../../common/endpoint/types'; import { PaginationBuilder } from '../utils/pagination'; -import { JsonObject } from '../../../../../../../../src/plugins/kibana_utils/common'; interface TimeRange { from: string; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts index bf9b3ce6aa8f3a..331f622951515e 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/descendants.ts @@ -7,8 +7,8 @@ import type { ApiResponse, estypes } from '@elastic/elasticsearch'; import { IScopedClusterClient } from 'src/core/server'; +import { JsonObject, JsonValue } from '@kbn/common-utils'; import { FieldsObject, ResolverSchema } from '../../../../../../common/endpoint/types'; -import { JsonObject, JsonValue } from '../../../../../../../../../src/plugins/kibana_utils/common'; import { NodeID, TimeRange, docValueFields, validIDs } from '../utils/index'; interface DescendantsParams { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts index f9780d1469756e..7de038ccc9ae45 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/lifecycle.ts @@ -6,8 +6,8 @@ */ import { IScopedClusterClient } from 'src/core/server'; +import { JsonObject, JsonValue } from '@kbn/common-utils'; import { FieldsObject, ResolverSchema } from '../../../../../../common/endpoint/types'; -import { JsonObject, JsonValue } from '../../../../../../../../../src/plugins/kibana_utils/common'; import { NodeID, TimeRange, docValueFields, validIDs } from '../utils/index'; interface LifecycleParams { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts index 24c97ad88b26ae..f21259980d464f 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts @@ -6,7 +6,7 @@ */ import { IScopedClusterClient } from 'src/core/server'; -import { JsonObject } from '../../../../../../../../../src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { EventStats, ResolverSchema } from '../../../../../../common/endpoint/types'; import { NodeID, TimeRange } from '../utils/index'; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/pagination.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/pagination.ts index befd69bdcf953c..24fc447173ba6c 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/pagination.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/pagination.ts @@ -5,12 +5,12 @@ * 2.0. */ +import { JsonObject } from '@kbn/common-utils'; import { SafeResolverEvent } from '../../../../../common/endpoint/types'; import { eventIDSafeVersion, timestampSafeVersion, } from '../../../../../common/endpoint/models/event'; -import { JsonObject } from '../../../../../../../../src/plugins/kibana_utils/common'; type SearchAfterFields = [number, string]; diff --git a/x-pack/plugins/security_solution/server/endpoint/types.ts b/x-pack/plugins/security_solution/server/endpoint/types.ts index b3c7e58afe9915..6076aa9af635bf 100644 --- a/x-pack/plugins/security_solution/server/endpoint/types.ts +++ b/x-pack/plugins/security_solution/server/endpoint/types.ts @@ -8,9 +8,9 @@ import { LoggerFactory } from 'kibana/server'; import { SearchResponse } from '@elastic/elasticsearch/api/types'; +import { JsonObject } from '@kbn/common-utils'; import { ConfigType } from '../config'; import { EndpointAppContextService } from './endpoint_app_context_services'; -import { JsonObject } from '../../../../../src/plugins/kibana_utils/common'; import { HostMetadata, MetadataQueryStrategyVersions } from '../../common/endpoint/types'; import { ExperimentalFeatures } from '../../common/experimental_features'; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.test.ts index 947e7d573173ea..e7af3d484dfbd2 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.test.ts @@ -5,6 +5,7 @@ * 2.0. */ +import dateMath from '@elastic/datemath'; import { loggingSystemMock } from 'src/core/server/mocks'; import { alertsMock, AlertServicesMock } from '../../../../../../alerting/server/mocks'; import { eqlExecutor } from './eql'; @@ -23,6 +24,7 @@ describe('eql_executor', () => { let logger: ReturnType; let alertServices: AlertServicesMock; (getIndexVersion as jest.Mock).mockReturnValue(SIGNALS_TEMPLATE_VERSION); + const params = getEqlRuleParams(); const eqlSO = { id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', type: 'alert', @@ -40,10 +42,15 @@ describe('eql_executor', () => { interval: '5m', }, throttle: 'no_actions', - params: getEqlRuleParams(), + params, }, references: [], }; + const tuple = { + from: dateMath.parse(params.from)!, + to: dateMath.parse(params.to)!, + maxSignals: params.maxSignals, + }; const searchAfterSize = 7; beforeEach(() => { @@ -64,6 +71,7 @@ describe('eql_executor', () => { const exceptionItems = [getExceptionListItemSchemaMock({ entries: [getEntryListMock()] })]; const response = await eqlExecutor({ rule: eqlSO, + tuple, exceptionItems, services: alertServices, version, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.ts index 28d1f3e19baeed..a187b730696829 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.ts @@ -28,6 +28,7 @@ import { AlertAttributes, BulkCreate, EqlSignalSearchResponse, + RuleRangeTuple, SearchAfterAndBulkCreateReturnType, WrappedSignalHit, } from '../types'; @@ -35,6 +36,7 @@ import { createSearchAfterReturnType, makeFloatString, wrapSignal } from '../uti export const eqlExecutor = async ({ rule, + tuple, exceptionItems, services, version, @@ -43,6 +45,7 @@ export const eqlExecutor = async ({ bulkCreate, }: { rule: SavedObject>; + tuple: RuleRangeTuple; exceptionItems: ExceptionListItemSchema[]; services: AlertServices; version: string; @@ -81,8 +84,8 @@ export const eqlExecutor = async ({ const request = buildEqlSearchRequest( ruleParams.query, inputIndex, - ruleParams.from, - ruleParams.to, + tuple.from.toISOString(), + tuple.to.toISOString(), searchAfterSize, ruleParams.timestampOverride, exceptionItems, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.test.ts index 25a9d2c3f510fe..89c1392cb67ba7 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.test.ts @@ -5,6 +5,7 @@ * 2.0. */ +import dateMath from '@elastic/datemath'; import { loggingSystemMock } from 'src/core/server/mocks'; import { alertsMock, AlertServicesMock } from '../../../../../../alerting/server/mocks'; import { mlExecutor } from './ml'; @@ -26,7 +27,13 @@ describe('ml_executor', () => { const exceptionItems = [getExceptionListItemSchemaMock()]; let logger: ReturnType; let alertServices: AlertServicesMock; - const mlSO = sampleRuleSO(getMlRuleParams()); + const params = getMlRuleParams(); + const mlSO = sampleRuleSO(params); + const tuple = { + from: dateMath.parse(params.from)!, + to: dateMath.parse(params.to)!, + maxSignals: params.maxSignals, + }; const buildRuleMessage = buildRuleMessageFactory({ id: mlSO.id, ruleId: mlSO.attributes.params.ruleId, @@ -60,6 +67,7 @@ describe('ml_executor', () => { await expect( mlExecutor({ rule: mlSO, + tuple, ml: undefined, exceptionItems, services: alertServices, @@ -76,6 +84,7 @@ describe('ml_executor', () => { jobsSummaryMock.mockResolvedValue([]); const response = await mlExecutor({ rule: mlSO, + tuple, ml: mlMock, exceptionItems, services: alertServices, @@ -101,6 +110,7 @@ describe('ml_executor', () => { const response = await mlExecutor({ rule: mlSO, + tuple, ml: mlMock, exceptionItems, services: alertServices, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts index f5c7d8822b51f0..20c4cb16dadc8d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts @@ -21,11 +21,12 @@ import { bulkCreateMlSignals } from '../bulk_create_ml_signals'; import { filterEventsAgainstList } from '../filters/filter_events_against_list'; import { findMlSignals } from '../find_ml_signals'; import { BuildRuleMessage } from '../rule_messages'; -import { AlertAttributes, BulkCreate, WrapHits } from '../types'; +import { AlertAttributes, BulkCreate, RuleRangeTuple, WrapHits } from '../types'; import { createErrorsFromShard, createSearchAfterReturnType, mergeReturns } from '../utils'; export const mlExecutor = async ({ rule, + tuple, ml, listClient, exceptionItems, @@ -36,6 +37,7 @@ export const mlExecutor = async ({ wrapHits, }: { rule: SavedObject>; + tuple: RuleRangeTuple; ml: SetupPlugins['ml']; listClient: ListClient; exceptionItems: ExceptionListItemSchema[]; @@ -88,8 +90,8 @@ export const mlExecutor = async ({ savedObjectsClient: services.savedObjectsClient, jobIds: ruleParams.machineLearningJobId, anomalyThreshold: ruleParams.anomalyThreshold, - from: ruleParams.from, - to: ruleParams.to, + from: tuple.from.toISOString(), + to: tuple.to.toISOString(), exceptionItems, }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts index 9d76a06afa2755..385c01c2f1cda1 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts @@ -24,7 +24,7 @@ import { QueryRuleParams, SavedQueryRuleParams } from '../../schemas/rule_schema export const queryExecutor = async ({ rule, - tuples, + tuple, listClient, exceptionItems, services, @@ -37,7 +37,7 @@ export const queryExecutor = async ({ wrapHits, }: { rule: SavedObject>; - tuples: RuleRangeTuple[]; + tuple: RuleRangeTuple; listClient: ListClient; exceptionItems: ExceptionListItemSchema[]; services: AlertServices; @@ -63,7 +63,7 @@ export const queryExecutor = async ({ }); return searchAfterAndBulkCreate({ - tuples, + tuple, listClient, exceptionsList: exceptionItems, ruleSO: rule, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts index 078eb8362069cf..d0e22f696b222e 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts @@ -23,7 +23,7 @@ import { ThreatRuleParams } from '../../schemas/rule_schemas'; export const threatMatchExecutor = async ({ rule, - tuples, + tuple, listClient, exceptionItems, services, @@ -36,7 +36,7 @@ export const threatMatchExecutor = async ({ wrapHits, }: { rule: SavedObject>; - tuples: RuleRangeTuple[]; + tuple: RuleRangeTuple; listClient: ListClient; exceptionItems: ExceptionListItemSchema[]; services: AlertServices; @@ -51,7 +51,7 @@ export const threatMatchExecutor = async ({ const ruleParams = rule.attributes.params; const inputIndex = await getInputIndex(services, version, ruleParams.index); return createThreatSignals({ - tuples, + tuple, threatMapping: ruleParams.threatMapping, query: ruleParams.query, inputIndex, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.test.ts index f03e8b8a147aea..3906c669222386 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.test.ts @@ -5,18 +5,23 @@ * 2.0. */ +import dateMath from '@elastic/datemath'; import { loggingSystemMock } from 'src/core/server/mocks'; +// eslint-disable-next-line @kbn/eslint/no-restricted-paths +import { elasticsearchClientMock } from 'src/core/server/elasticsearch/client/mocks'; import { alertsMock, AlertServicesMock } from '../../../../../../alerting/server/mocks'; import { thresholdExecutor } from './threshold'; import { getExceptionListItemSchemaMock } from '../../../../../../lists/common/schemas/response/exception_list_item_schema.mock'; import { getEntryListMock } from '../../../../../../lists/common/schemas/types/entry_list.mock'; import { getThresholdRuleParams } from '../../schemas/rule_schemas.mock'; import { buildRuleMessageFactory } from '../rule_messages'; +import { sampleEmptyDocSearchResults } from '../__mocks__/es_results'; describe('threshold_executor', () => { const version = '8.0.0'; let logger: ReturnType; let alertServices: AlertServicesMock; + const params = getThresholdRuleParams(); const thresholdSO = { id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', type: 'alert', @@ -34,10 +39,15 @@ describe('threshold_executor', () => { interval: '5m', }, throttle: 'no_actions', - params: getThresholdRuleParams(), + params, }, references: [], }; + const tuple = { + from: dateMath.parse(params.from)!, + to: dateMath.parse(params.to)!, + maxSignals: params.maxSignals, + }; const buildRuleMessage = buildRuleMessageFactory({ id: thresholdSO.id, ruleId: thresholdSO.attributes.params.ruleId, @@ -47,6 +57,9 @@ describe('threshold_executor', () => { beforeEach(() => { alertServices = alertsMock.createAlertServices(); + alertServices.scopedClusterClient.asCurrentUser.search.mockResolvedValue( + elasticsearchClientMock.createSuccessTransportRequestPromise(sampleEmptyDocSearchResults()) + ); logger = loggingSystemMock.createLogger(); }); @@ -55,14 +68,20 @@ describe('threshold_executor', () => { const exceptionItems = [getExceptionListItemSchemaMock({ entries: [getEntryListMock()] })]; const response = await thresholdExecutor({ rule: thresholdSO, - tuples: [], + tuple, exceptionItems, services: alertServices, version, logger, buildRuleMessage, startedAt: new Date(), - bulkCreate: jest.fn(), + bulkCreate: jest.fn().mockImplementation((hits) => ({ + errors: [], + success: true, + bulkCreateDuration: '0', + createdItemsCount: 0, + createdItems: [], + })), wrapHits: jest.fn(), }); expect(response.warningMessages.length).toEqual(1); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts index 5e23128c9c148a..378d68fc13d2a9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts @@ -39,7 +39,7 @@ import { BuildRuleMessage } from '../rule_messages'; export const thresholdExecutor = async ({ rule, - tuples, + tuple, exceptionItems, services, version, @@ -50,7 +50,7 @@ export const thresholdExecutor = async ({ wrapHits, }: { rule: SavedObject>; - tuples: RuleRangeTuple[]; + tuple: RuleRangeTuple; exceptionItems: ExceptionListItemSchema[]; services: AlertServices; version: string; @@ -70,90 +70,88 @@ export const thresholdExecutor = async ({ } const inputIndex = await getInputIndex(services, version, ruleParams.index); - for (const tuple of tuples) { - const { - thresholdSignalHistory, - searchErrors: previousSearchErrors, - } = await getThresholdSignalHistory({ - indexPattern: [ruleParams.outputIndex], - from: tuple.from.toISOString(), - to: tuple.to.toISOString(), - services, - logger, - ruleId: ruleParams.ruleId, - bucketByFields: ruleParams.threshold.field, - timestampOverride: ruleParams.timestampOverride, - buildRuleMessage, - }); + const { + thresholdSignalHistory, + searchErrors: previousSearchErrors, + } = await getThresholdSignalHistory({ + indexPattern: [ruleParams.outputIndex], + from: tuple.from.toISOString(), + to: tuple.to.toISOString(), + services, + logger, + ruleId: ruleParams.ruleId, + bucketByFields: ruleParams.threshold.field, + timestampOverride: ruleParams.timestampOverride, + buildRuleMessage, + }); - const bucketFilters = await getThresholdBucketFilters({ - thresholdSignalHistory, - timestampOverride: ruleParams.timestampOverride, - }); + const bucketFilters = await getThresholdBucketFilters({ + thresholdSignalHistory, + timestampOverride: ruleParams.timestampOverride, + }); + + const esFilter = await getFilter({ + type: ruleParams.type, + filters: ruleParams.filters ? ruleParams.filters.concat(bucketFilters) : bucketFilters, + language: ruleParams.language, + query: ruleParams.query, + savedId: ruleParams.savedId, + services, + index: inputIndex, + lists: exceptionItems, + }); + + const { + searchResult: thresholdResults, + searchErrors, + searchDuration: thresholdSearchDuration, + } = await findThresholdSignals({ + inputIndexPattern: inputIndex, + from: tuple.from.toISOString(), + to: tuple.to.toISOString(), + services, + logger, + filter: esFilter, + threshold: ruleParams.threshold, + timestampOverride: ruleParams.timestampOverride, + buildRuleMessage, + }); - const esFilter = await getFilter({ - type: ruleParams.type, - filters: ruleParams.filters ? ruleParams.filters.concat(bucketFilters) : bucketFilters, - language: ruleParams.language, - query: ruleParams.query, - savedId: ruleParams.savedId, - services, - index: inputIndex, - lists: exceptionItems, - }); + const { + success, + bulkCreateDuration, + createdItemsCount, + createdItems, + errors, + } = await bulkCreateThresholdSignals({ + someResult: thresholdResults, + ruleSO: rule, + filter: esFilter, + services, + logger, + inputIndexPattern: inputIndex, + signalsIndex: ruleParams.outputIndex, + startedAt, + from: tuple.from.toDate(), + thresholdSignalHistory, + bulkCreate, + wrapHits, + }); - const { + result = mergeReturns([ + result, + createSearchAfterReturnTypeFromResponse({ searchResult: thresholdResults, - searchErrors, - searchDuration: thresholdSearchDuration, - } = await findThresholdSignals({ - inputIndexPattern: inputIndex, - from: tuple.from.toISOString(), - to: tuple.to.toISOString(), - services, - logger, - filter: esFilter, - threshold: ruleParams.threshold, timestampOverride: ruleParams.timestampOverride, - buildRuleMessage, - }); - - const { + }), + createSearchAfterReturnType({ success, - bulkCreateDuration, - createdItemsCount, - createdItems, - errors, - } = await bulkCreateThresholdSignals({ - someResult: thresholdResults, - ruleSO: rule, - filter: esFilter, - services, - logger, - inputIndexPattern: inputIndex, - signalsIndex: ruleParams.outputIndex, - startedAt, - from: tuple.from.toDate(), - thresholdSignalHistory, - bulkCreate, - wrapHits, - }); - - result = mergeReturns([ - result, - createSearchAfterReturnTypeFromResponse({ - searchResult: thresholdResults, - timestampOverride: ruleParams.timestampOverride, - }), - createSearchAfterReturnType({ - success, - errors: [...errors, ...previousSearchErrors, ...searchErrors], - createdSignalsCount: createdItemsCount, - createdSignals: createdItems, - bulkCreateTimes: bulkCreateDuration ? [bulkCreateDuration] : [], - searchAfterTimes: [thresholdSearchDuration], - }), - ]); - } + errors: [...errors, ...previousSearchErrors, ...searchErrors], + createdSignalsCount: createdItemsCount, + createdSignals: createdItems, + bulkCreateTimes: bulkCreateDuration ? [bulkCreateDuration] : [], + searchAfterTimes: [thresholdSearchDuration], + }), + ]); return result; }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts index e4eb7e854f670f..184b49c2d6c7b9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts @@ -44,14 +44,14 @@ describe('searchAfterAndBulkCreate', () => { const sampleParams = getQueryRuleParams(); const ruleSO = sampleRuleSO(getQueryRuleParams()); sampleParams.maxSignals = 30; - let tuples: RuleRangeTuple[]; + let tuple: RuleRangeTuple; beforeEach(() => { jest.clearAllMocks(); listClient = listMock.getListClient(); listClient.searchListItemByValues = jest.fn().mockResolvedValue([]); inputIndexPattern = ['auditbeat-*']; mockService = alertsMock.createAlertServices(); - ({ tuples } = getRuleRangeTuples({ + tuple = getRuleRangeTuples({ logger: mockLogger, previousStartedAt: new Date(), from: sampleParams.from, @@ -59,7 +59,7 @@ describe('searchAfterAndBulkCreate', () => { interval: '5m', maxSignals: sampleParams.maxSignals, buildRuleMessage, - })); + }).tuples[0]; bulkCreate = bulkCreateFactory( mockLogger, mockService.scopedClusterClient.asCurrentUser, @@ -174,7 +174,7 @@ describe('searchAfterAndBulkCreate', () => { ]; const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ - tuples, + tuple, ruleSO, listClient, exceptionsList: [exceptionItem], @@ -279,7 +279,7 @@ describe('searchAfterAndBulkCreate', () => { ]; const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, - tuples, + tuple, listClient, exceptionsList: [exceptionItem], services: mockService, @@ -357,7 +357,7 @@ describe('searchAfterAndBulkCreate', () => { ]; const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, - tuples, + tuple, listClient, exceptionsList: [exceptionItem], services: mockService, @@ -416,7 +416,7 @@ describe('searchAfterAndBulkCreate', () => { ]; const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, - tuples, + tuple, listClient, exceptionsList: [exceptionItem], services: mockService, @@ -495,7 +495,7 @@ describe('searchAfterAndBulkCreate', () => { const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, - tuples, + tuple, listClient, exceptionsList: [], services: mockService, @@ -550,7 +550,7 @@ describe('searchAfterAndBulkCreate', () => { ]; const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, - tuples, + tuple, listClient, exceptionsList: [exceptionItem], services: mockService, @@ -569,11 +569,6 @@ describe('searchAfterAndBulkCreate', () => { expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(1); expect(createdSignalsCount).toEqual(0); // should not create any signals because all events were in the allowlist expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); - // I don't like testing log statements since logs change but this is the best - // way I can think of to ensure this section is getting hit with this test case. - expect(((mockLogger.debug as unknown) as jest.Mock).mock.calls[7][0]).toContain( - 'ran out of sort ids to sort on name: "fake name" id: "fake id" rule id: "fake rule id" signals index: "fakeindex"' - ); }); test('should return success when no sortId present but search results are in the allowlist', async () => { @@ -627,7 +622,7 @@ describe('searchAfterAndBulkCreate', () => { ]; const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, - tuples, + tuple, listClient, exceptionsList: [exceptionItem], services: mockService, @@ -701,7 +696,7 @@ describe('searchAfterAndBulkCreate', () => { ); const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, - tuples, + tuple, listClient, exceptionsList: [], services: mockService, @@ -746,7 +741,7 @@ describe('searchAfterAndBulkCreate', () => { const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ listClient, exceptionsList: [exceptionItem], - tuples, + tuple, ruleSO, services: mockService, logger: mockLogger, @@ -793,7 +788,7 @@ describe('searchAfterAndBulkCreate', () => { const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ listClient, exceptionsList: [exceptionItem], - tuples, + tuple, ruleSO, services: mockService, logger: mockLogger, @@ -854,7 +849,7 @@ describe('searchAfterAndBulkCreate', () => { const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ listClient, exceptionsList: [exceptionItem], - tuples, + tuple, ruleSO, services: mockService, logger: mockLogger, @@ -979,7 +974,7 @@ describe('searchAfterAndBulkCreate', () => { errors, } = await searchAfterAndBulkCreate({ ruleSO, - tuples, + tuple, listClient, exceptionsList: [], services: mockService, @@ -1075,7 +1070,7 @@ describe('searchAfterAndBulkCreate', () => { const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ enrichment: mockEnrichment, ruleSO, - tuples, + tuple, listClient, exceptionsList: [], services: mockService, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts index bb2e57b0606e59..eb4af0c38ce254 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts @@ -23,7 +23,7 @@ import { SearchAfterAndBulkCreateParams, SearchAfterAndBulkCreateReturnType } fr // search_after through documents and re-index using bulk endpoint. export const searchAfterAndBulkCreate = async ({ - tuples: totalToFromTuples, + tuple, ruleSO, exceptionsList, services, @@ -49,150 +49,143 @@ export const searchAfterAndBulkCreate = async ({ // to ensure we don't exceed maxSignals let signalsCreatedCount = 0; - const tuplesToBeLogged = [...totalToFromTuples]; - logger.debug(buildRuleMessage(`totalToFromTuples: ${totalToFromTuples.length}`)); - - while (totalToFromTuples.length > 0) { - const tuple = totalToFromTuples.pop(); - if (tuple == null || tuple.to == null || tuple.from == null) { - logger.error(buildRuleMessage(`[-] malformed date tuple`)); - return createSearchAfterReturnType({ - success: false, - errors: ['malformed date tuple'], - }); - } - signalsCreatedCount = 0; - while (signalsCreatedCount < tuple.maxSignals) { - try { - let mergedSearchResults = createSearchResultReturnType(); - logger.debug(buildRuleMessage(`sortIds: ${sortIds}`)); + if (tuple == null || tuple.to == null || tuple.from == null) { + logger.error(buildRuleMessage(`[-] malformed date tuple`)); + return createSearchAfterReturnType({ + success: false, + errors: ['malformed date tuple'], + }); + } + signalsCreatedCount = 0; + while (signalsCreatedCount < tuple.maxSignals) { + try { + let mergedSearchResults = createSearchResultReturnType(); + logger.debug(buildRuleMessage(`sortIds: ${sortIds}`)); - if (hasSortId) { - const { searchResult, searchDuration, searchErrors } = await singleSearchAfter({ - buildRuleMessage, - searchAfterSortIds: sortIds, - index: inputIndexPattern, - from: tuple.from.toISOString(), - to: tuple.to.toISOString(), - services, - logger, - // @ts-expect-error please, declare a type explicitly instead of unknown - filter, - pageSize: Math.ceil(Math.min(tuple.maxSignals, pageSize)), + if (hasSortId) { + const { searchResult, searchDuration, searchErrors } = await singleSearchAfter({ + buildRuleMessage, + searchAfterSortIds: sortIds, + index: inputIndexPattern, + from: tuple.from.toISOString(), + to: tuple.to.toISOString(), + services, + logger, + // @ts-expect-error please, declare a type explicitly instead of unknown + filter, + pageSize: Math.ceil(Math.min(tuple.maxSignals, pageSize)), + timestampOverride: ruleParams.timestampOverride, + }); + mergedSearchResults = mergeSearchResults([mergedSearchResults, searchResult]); + toReturn = mergeReturns([ + toReturn, + createSearchAfterReturnTypeFromResponse({ + searchResult: mergedSearchResults, timestampOverride: ruleParams.timestampOverride, - }); - mergedSearchResults = mergeSearchResults([mergedSearchResults, searchResult]); - toReturn = mergeReturns([ - toReturn, - createSearchAfterReturnTypeFromResponse({ - searchResult: mergedSearchResults, - timestampOverride: ruleParams.timestampOverride, - }), - createSearchAfterReturnType({ - searchAfterTimes: [searchDuration], - errors: searchErrors, - }), - ]); + }), + createSearchAfterReturnType({ + searchAfterTimes: [searchDuration], + errors: searchErrors, + }), + ]); - const lastSortIds = getSafeSortIds( - searchResult.hits.hits[searchResult.hits.hits.length - 1]?.sort - ); - if (lastSortIds != null && lastSortIds.length !== 0) { - sortIds = lastSortIds; - hasSortId = true; - } else { - hasSortId = false; - } + const lastSortIds = getSafeSortIds( + searchResult.hits.hits[searchResult.hits.hits.length - 1]?.sort + ); + if (lastSortIds != null && lastSortIds.length !== 0) { + sortIds = lastSortIds; + hasSortId = true; + } else { + hasSortId = false; } + } + + // determine if there are any candidate signals to be processed + const totalHits = createTotalHitsFromSearchResult({ searchResult: mergedSearchResults }); + logger.debug(buildRuleMessage(`totalHits: ${totalHits}`)); + logger.debug( + buildRuleMessage(`searchResult.hit.hits.length: ${mergedSearchResults.hits.hits.length}`) + ); - // determine if there are any candidate signals to be processed - const totalHits = createTotalHitsFromSearchResult({ searchResult: mergedSearchResults }); - logger.debug(buildRuleMessage(`totalHits: ${totalHits}`)); + if (totalHits === 0 || mergedSearchResults.hits.hits.length === 0) { logger.debug( - buildRuleMessage(`searchResult.hit.hits.length: ${mergedSearchResults.hits.hits.length}`) + buildRuleMessage( + `${ + totalHits === 0 ? 'totalHits' : 'searchResult.hits.hits.length' + } was 0, exiting early` + ) ); + break; + } - if (totalHits === 0 || mergedSearchResults.hits.hits.length === 0) { - logger.debug( - buildRuleMessage( - `${ - totalHits === 0 ? 'totalHits' : 'searchResult.hits.hits.length' - } was 0, exiting and moving on to next tuple` - ) - ); - break; - } - - // filter out the search results that match with the values found in the list. - // the resulting set are signals to be indexed, given they are not duplicates - // of signals already present in the signals index. - const filteredEvents = await filterEventsAgainstList({ - listClient, - exceptionsList, - logger, - eventSearchResult: mergedSearchResults, - buildRuleMessage, - }); - - // only bulk create if there are filteredEvents leftover - // if there isn't anything after going through the value list filter - // skip the call to bulk create and proceed to the next search_after, - // if there is a sort id to continue the search_after with. - if (filteredEvents.hits.hits.length !== 0) { - // make sure we are not going to create more signals than maxSignals allows - if (signalsCreatedCount + filteredEvents.hits.hits.length > tuple.maxSignals) { - filteredEvents.hits.hits = filteredEvents.hits.hits.slice( - 0, - tuple.maxSignals - signalsCreatedCount - ); - } - const enrichedEvents = await enrichment(filteredEvents); - const wrappedDocs = wrapHits(enrichedEvents.hits.hits); + // filter out the search results that match with the values found in the list. + // the resulting set are signals to be indexed, given they are not duplicates + // of signals already present in the signals index. + const filteredEvents = await filterEventsAgainstList({ + listClient, + exceptionsList, + logger, + eventSearchResult: mergedSearchResults, + buildRuleMessage, + }); - const { - bulkCreateDuration: bulkDuration, - createdItemsCount: createdCount, - createdItems, - success: bulkSuccess, - errors: bulkErrors, - } = await bulkCreate(wrappedDocs); - toReturn = mergeReturns([ - toReturn, - createSearchAfterReturnType({ - success: bulkSuccess, - createdSignalsCount: createdCount, - createdSignals: createdItems, - bulkCreateTimes: bulkDuration ? [bulkDuration] : undefined, - errors: bulkErrors, - }), - ]); - signalsCreatedCount += createdCount; - logger.debug(buildRuleMessage(`created ${createdCount} signals`)); - logger.debug(buildRuleMessage(`signalsCreatedCount: ${signalsCreatedCount}`)); - logger.debug( - buildRuleMessage(`enrichedEvents.hits.hits: ${enrichedEvents.hits.hits.length}`) + // only bulk create if there are filteredEvents leftover + // if there isn't anything after going through the value list filter + // skip the call to bulk create and proceed to the next search_after, + // if there is a sort id to continue the search_after with. + if (filteredEvents.hits.hits.length !== 0) { + // make sure we are not going to create more signals than maxSignals allows + if (signalsCreatedCount + filteredEvents.hits.hits.length > tuple.maxSignals) { + filteredEvents.hits.hits = filteredEvents.hits.hits.slice( + 0, + tuple.maxSignals - signalsCreatedCount ); - - sendAlertTelemetryEvents(logger, eventsTelemetry, enrichedEvents, buildRuleMessage); } + const enrichedEvents = await enrichment(filteredEvents); + const wrappedDocs = wrapHits(enrichedEvents.hits.hits); - if (!hasSortId) { - logger.debug(buildRuleMessage('ran out of sort ids to sort on')); - break; - } - } catch (exc: unknown) { - logger.error(buildRuleMessage(`[-] search_after and bulk threw an error ${exc}`)); - return mergeReturns([ + const { + bulkCreateDuration: bulkDuration, + createdItemsCount: createdCount, + createdItems, + success: bulkSuccess, + errors: bulkErrors, + } = await bulkCreate(wrappedDocs); + toReturn = mergeReturns([ toReturn, createSearchAfterReturnType({ - success: false, - errors: [`${exc}`], + success: bulkSuccess, + createdSignalsCount: createdCount, + createdSignals: createdItems, + bulkCreateTimes: bulkDuration ? [bulkDuration] : undefined, + errors: bulkErrors, }), ]); + signalsCreatedCount += createdCount; + logger.debug(buildRuleMessage(`created ${createdCount} signals`)); + logger.debug(buildRuleMessage(`signalsCreatedCount: ${signalsCreatedCount}`)); + logger.debug( + buildRuleMessage(`enrichedEvents.hits.hits: ${enrichedEvents.hits.hits.length}`) + ); + + sendAlertTelemetryEvents(logger, eventsTelemetry, enrichedEvents, buildRuleMessage); + } + + if (!hasSortId) { + logger.debug(buildRuleMessage('ran out of sort ids to sort on')); + break; } + } catch (exc: unknown) { + logger.error(buildRuleMessage(`[-] search_after and bulk threw an error ${exc}`)); + return mergeReturns([ + toReturn, + createSearchAfterReturnType({ + success: false, + errors: [`${exc}`], + }), + ]); } } logger.debug(buildRuleMessage(`[+] completed bulk index of ${toReturn.createdSignalsCount}`)); - toReturn.totalToFromTuples = tuplesToBeLogged; return toReturn; }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts index 0a2e22bc44b60e..bb1e50c14d4014 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts @@ -235,74 +235,86 @@ export const signalRulesAlertType = ({ if (isMlRule(type)) { const mlRuleSO = asTypeSpecificSO(savedObject, machineLearningRuleParams); - result = await mlExecutor({ - rule: mlRuleSO, - ml, - listClient, - exceptionItems, - services, - logger, - buildRuleMessage, - bulkCreate, - wrapHits, - }); + for (const tuple of tuples) { + result = await mlExecutor({ + rule: mlRuleSO, + tuple, + ml, + listClient, + exceptionItems, + services, + logger, + buildRuleMessage, + bulkCreate, + wrapHits, + }); + } } else if (isThresholdRule(type)) { const thresholdRuleSO = asTypeSpecificSO(savedObject, thresholdRuleParams); - result = await thresholdExecutor({ - rule: thresholdRuleSO, - tuples, - exceptionItems, - services, - version, - logger, - buildRuleMessage, - startedAt, - bulkCreate, - wrapHits, - }); + for (const tuple of tuples) { + result = await thresholdExecutor({ + rule: thresholdRuleSO, + tuple, + exceptionItems, + services, + version, + logger, + buildRuleMessage, + startedAt, + bulkCreate, + wrapHits, + }); + } } else if (isThreatMatchRule(type)) { const threatRuleSO = asTypeSpecificSO(savedObject, threatRuleParams); - result = await threatMatchExecutor({ - rule: threatRuleSO, - tuples, - listClient, - exceptionItems, - services, - version, - searchAfterSize, - logger, - eventsTelemetry, - buildRuleMessage, - bulkCreate, - wrapHits, - }); + for (const tuple of tuples) { + result = await threatMatchExecutor({ + rule: threatRuleSO, + tuple, + listClient, + exceptionItems, + services, + version, + searchAfterSize, + logger, + eventsTelemetry, + buildRuleMessage, + bulkCreate, + wrapHits, + }); + } } else if (isQueryRule(type)) { const queryRuleSO = validateQueryRuleTypes(savedObject); - result = await queryExecutor({ - rule: queryRuleSO, - tuples, - listClient, - exceptionItems, - services, - version, - searchAfterSize, - logger, - eventsTelemetry, - buildRuleMessage, - bulkCreate, - wrapHits, - }); + for (const tuple of tuples) { + result = await queryExecutor({ + rule: queryRuleSO, + tuple, + listClient, + exceptionItems, + services, + version, + searchAfterSize, + logger, + eventsTelemetry, + buildRuleMessage, + bulkCreate, + wrapHits, + }); + } } else if (isEqlRule(type)) { const eqlRuleSO = asTypeSpecificSO(savedObject, eqlRuleParams); - result = await eqlExecutor({ - rule: eqlRuleSO, - exceptionItems, - services, - version, - searchAfterSize, - bulkCreate, - logger, - }); + for (const tuple of tuples) { + result = await eqlExecutor({ + rule: eqlRuleSO, + tuple, + exceptionItems, + services, + version, + searchAfterSize, + bulkCreate, + logger, + }); + } } else { throw new Error(`unknown rule type ${type}`); } diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signal.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signal.ts index 3e30a08f1ae69c..806f5e47608e40 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signal.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signal.ts @@ -13,7 +13,7 @@ import { CreateThreatSignalOptions } from './types'; import { SearchAfterAndBulkCreateReturnType } from '../types'; export const createThreatSignal = async ({ - tuples, + tuple, threatMapping, threatEnrichment, query, @@ -70,7 +70,7 @@ export const createThreatSignal = async ({ ); const result = await searchAfterAndBulkCreate({ - tuples, + tuple, listClient, exceptionsList: exceptionItems, ruleSO, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts index 5054ab1b2cca50..169a820392a6e6 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts @@ -15,7 +15,7 @@ import { combineConcurrentResults } from './utils'; import { buildThreatEnrichment } from './build_threat_enrichment'; export const createThreatSignals = async ({ - tuples, + tuple, threatMapping, query, inputIndex, @@ -104,7 +104,7 @@ export const createThreatSignals = async ({ const concurrentSearchesPerformed = chunks.map>( (slicedChunk) => createThreatSignal({ - tuples, + tuple, threatEnrichment, threatMapping, query, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts index 34b064b0f88053..ded79fc647ac41 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts @@ -40,7 +40,7 @@ import { ThreatRuleParams } from '../../schemas/rule_schemas'; export type SortOrderOrUndefined = 'asc' | 'desc' | undefined; export interface CreateThreatSignalsOptions { - tuples: RuleRangeTuple[]; + tuple: RuleRangeTuple; threatMapping: ThreatMapping; query: string; inputIndex: string[]; @@ -70,7 +70,7 @@ export interface CreateThreatSignalsOptions { } export interface CreateThreatSignalOptions { - tuples: RuleRangeTuple[]; + tuple: RuleRangeTuple; threatMapping: ThreatMapping; threatEnrichment: SignalsEnrichment; query: string; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts index c35eb04ba12707..8a6ce91b2575ab 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts @@ -262,11 +262,11 @@ export type WrapHits = ( ) => Array>; export interface SearchAfterAndBulkCreateParams { - tuples: Array<{ + tuple: { to: moment.Moment; from: moment.Moment; maxSignals: number; - }>; + }; ruleSO: SavedObject; services: AlertServices; listClient: ListClient; diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts index baf4fb2d2cfd0d..2b3c002a9b2aeb 100644 --- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts +++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts @@ -347,6 +347,9 @@ const allowlistBaseEventFields: AllowlistFields = { direction: true, }, registry: { + data: { + strings: true, + }, hive: true, key: true, path: true, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/factory.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/factory.ts new file mode 100644 index 00000000000000..e5e1a14df3c1c8 --- /dev/null +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/factory.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { CtiQueries } from '../../../../../../common/search_strategy/security_solution/cti'; +import { SecuritySolutionFactory } from '../../types'; +import { buildEventEnrichmentQuery } from './query'; +import { parseEventEnrichmentResponse } from './response'; + +export const eventEnrichment: SecuritySolutionFactory = { + buildDsl: buildEventEnrichmentQuery, + parse: parseEventEnrichmentResponse, +}; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/helpers.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/helpers.test.ts new file mode 100644 index 00000000000000..a246b66d462cef --- /dev/null +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/helpers.test.ts @@ -0,0 +1,172 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { buildIndicatorEnrichments, buildIndicatorShouldClauses, getTotalCount } from './helpers'; + +describe('buildIndicatorShouldClauses', () => { + it('returns an empty array given an empty fieldset', () => { + expect(buildIndicatorShouldClauses({})).toEqual([]); + }); + + it('returns an empty array given no relevant values', () => { + const eventFields = { 'url.domain': 'elastic.co' }; + expect(buildIndicatorShouldClauses(eventFields)).toEqual([]); + }); + + it('returns a clause for each relevant value', () => { + const eventFields = { 'source.ip': '127.0.0.1', 'url.full': 'elastic.co' }; + expect(buildIndicatorShouldClauses(eventFields)).toHaveLength(2); + }); + + it('excludes non-CTI fields', () => { + const eventFields = { 'source.ip': '127.0.0.1', 'url.domain': 'elastic.co' }; + expect(buildIndicatorShouldClauses(eventFields)).toHaveLength(1); + }); + + it('defines a named query where the name is the event field and the value is the event field value', () => { + const eventFields = { 'file.hash.md5': '1eee2bf3f56d8abed72da2bc523e7431' }; + + expect(buildIndicatorShouldClauses(eventFields)).toContainEqual({ + match: { + 'threatintel.indicator.file.hash.md5': { + _name: 'file.hash.md5', + query: '1eee2bf3f56d8abed72da2bc523e7431', + }, + }, + }); + }); + + it('returns valid queries for multiple valid fields', () => { + const eventFields = { 'source.ip': '127.0.0.1', 'url.full': 'elastic.co' }; + expect(buildIndicatorShouldClauses(eventFields)).toEqual( + expect.arrayContaining([ + { match: { 'threatintel.indicator.ip': { _name: 'source.ip', query: '127.0.0.1' } } }, + { match: { 'threatintel.indicator.url.full': { _name: 'url.full', query: 'elastic.co' } } }, + ]) + ); + }); +}); + +describe('getTotalCount', () => { + it('returns 0 when total is null (not tracking)', () => { + expect(getTotalCount(null)).toEqual(0); + }); + + it('returns total when total is a number', () => { + expect(getTotalCount(5)).toEqual(5); + }); + + it('returns total.value when total is an object', () => { + expect(getTotalCount({ value: 20, relation: 'eq' })).toEqual(20); + }); +}); + +describe('buildIndicatorEnrichments', () => { + it('returns nothing if hits have no matched queries', () => { + const hits = [{ _id: '_id', _index: '_index', matched_queries: [] }]; + expect(buildIndicatorEnrichments(hits)).toEqual([]); + }); + + it("returns nothing if hits' matched queries are not valid", () => { + const hits = [{ _id: '_id', _index: '_index', matched_queries: ['invalid.field'] }]; + expect(buildIndicatorEnrichments(hits)).toEqual([]); + }); + + it('builds a single enrichment if the hit has a matched query', () => { + const hits = [ + { + _id: '_id', + _index: '_index', + matched_queries: ['file.hash.md5'], + fields: { + 'threatintel.indicator.file.hash.md5': ['indicator_value'], + }, + }, + ]; + + expect(buildIndicatorEnrichments(hits)).toEqual([ + expect.objectContaining({ + 'matched.atomic': ['indicator_value'], + 'matched.field': ['file.hash.md5'], + 'matched.id': ['_id'], + 'matched.index': ['_index'], + 'threatintel.indicator.file.hash.md5': ['indicator_value'], + }), + ]); + }); + + it('builds multiple enrichments if the hit has matched queries', () => { + const hits = [ + { + _id: '_id', + _index: '_index', + matched_queries: ['file.hash.md5', 'source.ip'], + fields: { + 'threatintel.indicator.file.hash.md5': ['indicator_value'], + 'threatintel.indicator.ip': ['127.0.0.1'], + }, + }, + ]; + + expect(buildIndicatorEnrichments(hits)).toEqual([ + expect.objectContaining({ + 'matched.atomic': ['indicator_value'], + 'matched.field': ['file.hash.md5'], + 'matched.id': ['_id'], + 'matched.index': ['_index'], + 'threatintel.indicator.file.hash.md5': ['indicator_value'], + 'threatintel.indicator.ip': ['127.0.0.1'], + }), + expect.objectContaining({ + 'matched.atomic': ['127.0.0.1'], + 'matched.field': ['source.ip'], + 'matched.id': ['_id'], + 'matched.index': ['_index'], + 'threatintel.indicator.file.hash.md5': ['indicator_value'], + 'threatintel.indicator.ip': ['127.0.0.1'], + }), + ]); + }); + + it('builds an enrichment for each hit', () => { + const hits = [ + { + _id: '_id', + _index: '_index', + matched_queries: ['file.hash.md5'], + fields: { + 'threatintel.indicator.file.hash.md5': ['indicator_value'], + }, + }, + { + _id: '_id2', + _index: '_index2', + matched_queries: ['source.ip'], + fields: { + 'threatintel.indicator.ip': ['127.0.0.1'], + }, + }, + ]; + + expect(buildIndicatorEnrichments(hits)).toEqual([ + expect.objectContaining({ + 'matched.atomic': ['indicator_value'], + 'matched.field': ['file.hash.md5'], + 'matched.id': ['_id'], + 'matched.index': ['_index'], + 'threatintel.indicator.file.hash.md5': ['indicator_value'], + }), + expect.objectContaining({ + 'matched.atomic': ['127.0.0.1'], + 'matched.field': ['source.ip'], + 'matched.id': ['_id2'], + 'matched.index': ['_index2'], + 'threatintel.indicator.ip': ['127.0.0.1'], + }), + ]); + }); +}); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/helpers.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/helpers.ts new file mode 100644 index 00000000000000..e4ed05baeed778 --- /dev/null +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/helpers.ts @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { get, isEmpty } from 'lodash'; +import { estypes } from '@elastic/elasticsearch'; + +import { EVENT_ENRICHMENT_INDICATOR_FIELD_MAP } from '../../../../../../common/cti/constants'; +import { CtiEnrichment } from '../../../../../../common/search_strategy/security_solution/cti'; + +type EventField = keyof typeof EVENT_ENRICHMENT_INDICATOR_FIELD_MAP; +const validEventFields = Object.keys(EVENT_ENRICHMENT_INDICATOR_FIELD_MAP) as EventField[]; + +const isValidEventField = (field: string): field is EventField => + validEventFields.includes(field as EventField); + +export const buildIndicatorShouldClauses = ( + eventFields: Record +): estypes.QueryDslQueryContainer[] => { + return validEventFields.reduce((shoulds, eventField) => { + const eventFieldValue = eventFields[eventField]; + + if (!isEmpty(eventFieldValue)) { + shoulds.push({ + match: { + [EVENT_ENRICHMENT_INDICATOR_FIELD_MAP[eventField]]: { + query: eventFieldValue, + _name: eventField, + }, + }, + }); + } + + return shoulds; + }, []); +}; + +export const buildIndicatorEnrichments = (hits: estypes.SearchHit[]): CtiEnrichment[] => { + return hits.flatMap(({ matched_queries: matchedQueries, ...hit }) => { + return ( + matchedQueries?.reduce((enrichments, matchedQuery) => { + if (isValidEventField(matchedQuery)) { + enrichments.push({ + ...hit.fields, + ...buildIndicatorMatchedFields(hit, matchedQuery), + }); + } + + return enrichments; + }, []) ?? [] + ); + }); +}; + +const buildIndicatorMatchedFields = ( + hit: estypes.SearchHit, + eventField: EventField +): Record => { + const indicatorField = EVENT_ENRICHMENT_INDICATOR_FIELD_MAP[eventField]; + const atomic = get(hit.fields, indicatorField) as string[]; + + return { + 'matched.atomic': atomic, + 'matched.field': [eventField], + 'matched.id': [hit._id], + 'matched.index': [hit._index], + }; +}; + +export const getTotalCount = (total: number | estypes.SearchTotalHits | null): number => { + if (total == null) { + return 0; + } + + if (typeof total === 'number') { + return total; + } + + return total.value; +}; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/index.ts new file mode 100644 index 00000000000000..6884b7b6320cf5 --- /dev/null +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { eventEnrichment } from './factory'; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.test.ts new file mode 100644 index 00000000000000..bc96a387105c68 --- /dev/null +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.test.ts @@ -0,0 +1,90 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { buildEventEnrichmentRequestOptionsMock } from '../../../../../../common/search_strategy/security_solution/cti/index.mock'; +import { buildEventEnrichmentQuery } from './query'; + +describe('buildEventEnrichmentQuery', () => { + it('converts each event field/value into a named filter', () => { + const options = buildEventEnrichmentRequestOptionsMock(); + const query = buildEventEnrichmentQuery(options); + expect(query.body?.query?.bool?.should).toEqual( + expect.arrayContaining([ + { + match: { + 'threatintel.indicator.file.hash.md5': { + _name: 'file.hash.md5', + query: '1eee2bf3f56d8abed72da2bc523e7431', + }, + }, + }, + { match: { 'threatintel.indicator.ip': { _name: 'source.ip', query: '127.0.0.1' } } }, + { match: { 'threatintel.indicator.url.full': { _name: 'url.full', query: 'elastic.co' } } }, + ]) + ); + }); + + it('filters on indicator events', () => { + const options = buildEventEnrichmentRequestOptionsMock(); + const query = buildEventEnrichmentQuery(options); + expect(query.body?.query?.bool?.filter).toEqual( + expect.arrayContaining([{ term: { 'event.type': 'indicator' } }]) + ); + }); + + it('includes the specified timerange', () => { + const options = buildEventEnrichmentRequestOptionsMock(); + const query = buildEventEnrichmentQuery(options); + expect(query.body?.query?.bool?.filter).toEqual( + expect.arrayContaining([ + { + range: { + '@timestamp': { + format: 'strict_date_optional_time', + gte: '2020-09-13T09:00:43.249Z', + lte: '2020-09-14T09:00:43.249Z', + }, + }, + }, + ]) + ); + }); + + it('includes specified docvalue_fields', () => { + const docValueFields = [ + { field: '@timestamp', format: 'date_time' }, + { field: 'event.created', format: 'date_time' }, + { field: 'event.end', format: 'date_time' }, + ]; + const options = buildEventEnrichmentRequestOptionsMock({ docValueFields }); + const query = buildEventEnrichmentQuery(options); + expect(query.body?.docvalue_fields).toEqual(expect.arrayContaining(docValueFields)); + }); + + it('requests all fields', () => { + const options = buildEventEnrichmentRequestOptionsMock(); + const query = buildEventEnrichmentQuery(options); + expect(query.body?.fields).toEqual(['*']); + }); + + it('excludes _source', () => { + const options = buildEventEnrichmentRequestOptionsMock(); + const query = buildEventEnrichmentQuery(options); + expect(query.body?._source).toEqual(false); + }); + + it('includes specified filters', () => { + const filterQuery = { + query: 'query_field: query_value', + language: 'kuery', + }; + + const options = buildEventEnrichmentRequestOptionsMock({ filterQuery }); + const query = buildEventEnrichmentQuery(options); + expect(query.body?.query?.bool?.filter).toEqual(expect.arrayContaining([filterQuery])); + }); +}); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.ts new file mode 100644 index 00000000000000..4760e6a227cd3d --- /dev/null +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.ts @@ -0,0 +1,52 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { isEmpty } from 'lodash'; +import { CtiQueries } from '../../../../../../common/search_strategy/security_solution/cti'; +import { createQueryFilterClauses } from '../../../../../utils/build_query'; +import { SecuritySolutionFactory } from '../../types'; +import { buildIndicatorShouldClauses } from './helpers'; + +export const buildEventEnrichmentQuery: SecuritySolutionFactory['buildDsl'] = ({ + defaultIndex, + docValueFields, + eventFields, + filterQuery, + timerange: { from, to }, +}) => { + const filter = [ + ...createQueryFilterClauses(filterQuery), + { term: { 'event.type': 'indicator' } }, + { + range: { + '@timestamp': { + gte: from, + lte: to, + format: 'strict_date_optional_time', + }, + }, + }, + ]; + + return { + allowNoIndices: true, + ignoreUnavailable: true, + index: defaultIndex, + body: { + _source: false, + ...(!isEmpty(docValueFields) && { docvalue_fields: docValueFields }), + fields: ['*'], + query: { + bool: { + should: buildIndicatorShouldClauses(eventFields), + filter, + minimum_should_match: 1, + }, + }, + }, + }; +}; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.test.ts new file mode 100644 index 00000000000000..7ced866e0bb5b6 --- /dev/null +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.test.ts @@ -0,0 +1,89 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + buildEventEnrichmentRequestOptionsMock, + buildEventEnrichmentRawResponseMock, +} from '../../../../../../common/search_strategy/security_solution/cti/index.mock'; +import { parseEventEnrichmentResponse } from './response'; + +describe('parseEventEnrichmentResponse', () => { + it('includes an accurate inspect response', async () => { + const options = buildEventEnrichmentRequestOptionsMock(); + const response = buildEventEnrichmentRawResponseMock(); + const parsedResponse = await parseEventEnrichmentResponse(options, response); + + const expectedInspect = expect.objectContaining({ + allowNoIndices: true, + body: { + _source: false, + fields: ['*'], + query: { + bool: { + filter: [ + { bool: { filter: [{ match_all: {} }], must: [], must_not: [], should: [] } }, + { term: { 'event.type': 'indicator' } }, + { + range: { + '@timestamp': { + format: 'strict_date_optional_time', + gte: '2020-09-13T09:00:43.249Z', + lte: '2020-09-14T09:00:43.249Z', + }, + }, + }, + ], + minimum_should_match: 1, + should: [ + { + match: { + 'threatintel.indicator.file.hash.md5': { + _name: 'file.hash.md5', + query: '1eee2bf3f56d8abed72da2bc523e7431', + }, + }, + }, + { match: { 'threatintel.indicator.ip': { _name: 'source.ip', query: '127.0.0.1' } } }, + { + match: { + 'threatintel.indicator.url.full': { _name: 'url.full', query: 'elastic.co' }, + }, + }, + ], + }, + }, + }, + ignoreUnavailable: true, + index: ['filebeat-*'], + }); + const parsedInspect = JSON.parse(parsedResponse.inspect!.dsl[0]); + expect(parsedInspect).toEqual(expectedInspect); + }); + + it('includes an accurate total count', async () => { + const options = buildEventEnrichmentRequestOptionsMock(); + const response = buildEventEnrichmentRawResponseMock(); + const parsedResponse = await parseEventEnrichmentResponse(options, response); + + expect(parsedResponse.totalCount).toEqual(1); + }); + + it('adds matched.* enrichment fields based on the named query', async () => { + const options = buildEventEnrichmentRequestOptionsMock(); + const response = buildEventEnrichmentRawResponseMock(); + const parsedResponse = await parseEventEnrichmentResponse(options, response); + + expect(parsedResponse.enrichments).toEqual([ + expect.objectContaining({ + 'matched.atomic': ['5529de7b60601aeb36f57824ed0e1ae8'], + 'matched.field': ['file.hash.md5'], + 'matched.id': ['31408415b6d5601a92d29b86c2519658f210c194057588ae396d55cc20b3f03d'], + 'matched.index': ['filebeat-8.0.0-2021.05.28-000001'], + }), + ]); + }); +}); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.ts new file mode 100644 index 00000000000000..29a842d84558c7 --- /dev/null +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.ts @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { CtiQueries } from '../../../../../../common/search_strategy/security_solution/cti'; +import { inspectStringifyObject } from '../../../../../utils/build_query'; +import { SecuritySolutionFactory } from '../../types'; +import { buildIndicatorEnrichments, getTotalCount } from './helpers'; +import { buildEventEnrichmentQuery } from './query'; + +export const parseEventEnrichmentResponse: SecuritySolutionFactory['parse'] = async ( + options, + response, + deps +) => { + const inspect = { + dsl: [inspectStringifyObject(buildEventEnrichmentQuery(options))], + }; + const totalCount = getTotalCount(response.rawResponse.hits.total); + const enrichments = buildIndicatorEnrichments(response.rawResponse.hits.hits); + + return { + ...response, + enrichments, + inspect, + totalCount, + }; +}; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/index.ts new file mode 100644 index 00000000000000..5857a0417239c8 --- /dev/null +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FactoryQueryTypes } from '../../../../../common/search_strategy/security_solution'; +import { CtiQueries } from '../../../../../common/search_strategy/security_solution/cti'; +import type { SecuritySolutionFactory } from '../types'; +import { eventEnrichment } from './event_enrichment'; + +export const ctiFactoryTypes: Record> = { + [CtiQueries.eventEnrichment]: eventEnrichment, +}; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/index.ts index 346dd20c89441f..5b54c63408d100 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/index.ts @@ -5,12 +5,13 @@ * 2.0. */ -import { FactoryQueryTypes } from '../../../../common/search_strategy/security_solution'; +import type { FactoryQueryTypes } from '../../../../common/search_strategy/security_solution'; +import type { SecuritySolutionFactory } from './types'; import { hostsFactory } from './hosts'; import { matrixHistogramFactory } from './matrix_histogram'; import { networkFactory } from './network'; -import { SecuritySolutionFactory } from './types'; +import { ctiFactoryTypes } from './cti'; export const securitySolutionFactory: Record< FactoryQueryTypes, @@ -19,4 +20,5 @@ export const securitySolutionFactory: Record< ...hostsFactory, ...matrixHistogramFactory, ...networkFactory, + ...ctiFactoryTypes, }; diff --git a/x-pack/plugins/security_solution/server/usage/detections/detection_rule_helpers.ts b/x-pack/plugins/security_solution/server/usage/detections/detection_rule_helpers.ts index ebcda694411355..8d5a2efc7fae11 100644 --- a/x-pack/plugins/security_solution/server/usage/detections/detection_rule_helpers.ts +++ b/x-pack/plugins/security_solution/server/usage/detections/detection_rule_helpers.ts @@ -177,6 +177,8 @@ export const updateDetectionRuleUsage = ( return updatedUsage; }; +const MAX_RESULTS_WINDOW = 10_000; // elasticsearch index.max_result_window default value + export const getDetectionRuleMetrics = async ( kibanaIndex: string, signalsIndex: string, @@ -189,14 +191,14 @@ export const getDetectionRuleMetrics = async ( filterPath: [], ignoreUnavailable: true, index: kibanaIndex, - size: 10_000, // elasticsearch index.max_result_window default value + size: MAX_RESULTS_WINDOW, }; try { const { body: ruleResults } = await esClient.search(ruleSearchOptions); const { body: detectionAlertsResp } = (await esClient.search({ index: `${signalsIndex}*`, - size: 0, + size: MAX_RESULTS_WINDOW, body: { aggs: { detectionAlerts: { @@ -224,7 +226,7 @@ export const getDetectionRuleMetrics = async ( type: 'cases-comments', fields: [], page: 1, - perPage: 10_000, + perPage: MAX_RESULTS_WINDOW, filter: 'cases-comments.attributes.type: alert', }); diff --git a/x-pack/plugins/security_solution/server/utils/serialized_query.ts b/x-pack/plugins/security_solution/server/utils/serialized_query.ts index fb5009eefa3180..7f8603ccab4b76 100644 --- a/x-pack/plugins/security_solution/server/utils/serialized_query.ts +++ b/x-pack/plugins/security_solution/server/utils/serialized_query.ts @@ -7,7 +7,7 @@ import { isEmpty, isPlainObject, isString } from 'lodash/fp'; -import { JsonObject } from '../../../../../src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; export const parseFilterQuery = (filterQuery: string): JsonObject => { try { diff --git a/x-pack/plugins/task_manager/server/config.test.ts b/x-pack/plugins/task_manager/server/config.test.ts index 85a139956ae966..947b1fd84467e1 100644 --- a/x-pack/plugins/task_manager/server/config.test.ts +++ b/x-pack/plugins/task_manager/server/config.test.ts @@ -20,6 +20,7 @@ describe('config validation', () => { "monitored_aggregated_stats_refresh_rate": 60000, "monitored_stats_required_freshness": 4000, "monitored_stats_running_average_window": 50, + "monitored_stats_warn_delayed_task_start_in_seconds": 60, "monitored_task_execution_thresholds": Object { "custom": Object {}, "default": Object { @@ -68,6 +69,7 @@ describe('config validation', () => { "monitored_aggregated_stats_refresh_rate": 60000, "monitored_stats_required_freshness": 4000, "monitored_stats_running_average_window": 50, + "monitored_stats_warn_delayed_task_start_in_seconds": 60, "monitored_task_execution_thresholds": Object { "custom": Object {}, "default": Object { @@ -103,6 +105,7 @@ describe('config validation', () => { "monitored_aggregated_stats_refresh_rate": 60000, "monitored_stats_required_freshness": 4000, "monitored_stats_running_average_window": 50, + "monitored_stats_warn_delayed_task_start_in_seconds": 60, "monitored_task_execution_thresholds": Object { "custom": Object { "alerting:always-fires": Object { diff --git a/x-pack/plugins/task_manager/server/config.ts b/x-pack/plugins/task_manager/server/config.ts index 3ebfe7da7c3f9b..5dee66cf113b28 100644 --- a/x-pack/plugins/task_manager/server/config.ts +++ b/x-pack/plugins/task_manager/server/config.ts @@ -18,6 +18,7 @@ export const DEFAULT_VERSION_CONFLICT_THRESHOLD = 80; // Refresh aggregated monitored stats at a default rate of once a minute export const DEFAULT_MONITORING_REFRESH_RATE = 60 * 1000; export const DEFAULT_MONITORING_STATS_RUNNING_AVERGAE_WINDOW = 50; +export const DEFAULT_MONITORING_STATS_WARN_DELAYED_TASK_START_IN_SECONDS = 60; export const taskExecutionFailureThresholdSchema = schema.object( { @@ -109,6 +110,10 @@ export const configSchema = schema.object( defaultValue: {}, }), }), + /* The amount of seconds we allow a task to delay before printing a warning server log */ + monitored_stats_warn_delayed_task_start_in_seconds: schema.number({ + defaultValue: DEFAULT_MONITORING_STATS_WARN_DELAYED_TASK_START_IN_SECONDS, + }), }, { validate: (config) => { diff --git a/x-pack/plugins/task_manager/server/integration_tests/managed_configuration.test.ts b/x-pack/plugins/task_manager/server/integration_tests/managed_configuration.test.ts index f7ea6cea538577..f6ee8d8a78ddce 100644 --- a/x-pack/plugins/task_manager/server/integration_tests/managed_configuration.test.ts +++ b/x-pack/plugins/task_manager/server/integration_tests/managed_configuration.test.ts @@ -37,6 +37,7 @@ describe('managed configuration', () => { version_conflict_threshold: 80, max_poll_inactivity_cycles: 10, monitored_aggregated_stats_refresh_rate: 60000, + monitored_stats_warn_delayed_task_start_in_seconds: 60, monitored_stats_required_freshness: 4000, monitored_stats_running_average_window: 50, request_capacity: 1000, diff --git a/x-pack/plugins/task_manager/server/lib/calculate_health_status.mock.ts b/x-pack/plugins/task_manager/server/lib/calculate_health_status.mock.ts new file mode 100644 index 00000000000000..f34a26560133b2 --- /dev/null +++ b/x-pack/plugins/task_manager/server/lib/calculate_health_status.mock.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +const createCalculateHealthStatusMock = () => { + return jest.fn(); +}; + +export const calculateHealthStatusMock = { + create: createCalculateHealthStatusMock, +}; diff --git a/x-pack/plugins/task_manager/server/lib/calculate_health_status.ts b/x-pack/plugins/task_manager/server/lib/calculate_health_status.ts new file mode 100644 index 00000000000000..7a6bc598621001 --- /dev/null +++ b/x-pack/plugins/task_manager/server/lib/calculate_health_status.ts @@ -0,0 +1,79 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { isString } from 'lodash'; +import { JsonValue } from '@kbn/common-utils'; +import { HealthStatus, RawMonitoringStats } from '../monitoring'; +import { TaskManagerConfig } from '../config'; + +export function calculateHealthStatus( + summarizedStats: RawMonitoringStats, + config: TaskManagerConfig +): HealthStatus { + const now = Date.now(); + + // if "hot" health stats are any more stale than monitored_stats_required_freshness (pollInterval +1s buffer by default) + // consider the system unhealthy + const requiredHotStatsFreshness: number = config.monitored_stats_required_freshness; + + // if "cold" health stats are any more stale than the configured refresh (+ a buffer), consider the system unhealthy + const requiredColdStatsFreshness: number = config.monitored_aggregated_stats_refresh_rate * 1.5; + + /** + * If the monitored stats aren't fresh, return a red status + */ + const healthStatus = + hasStatus(summarizedStats.stats, HealthStatus.Error) || + hasExpiredHotTimestamps(summarizedStats, now, requiredHotStatsFreshness) || + hasExpiredColdTimestamps(summarizedStats, now, requiredColdStatsFreshness) + ? HealthStatus.Error + : hasStatus(summarizedStats.stats, HealthStatus.Warning) + ? HealthStatus.Warning + : HealthStatus.OK; + return healthStatus; +} + +function hasStatus(stats: RawMonitoringStats['stats'], status: HealthStatus): boolean { + return Object.values(stats) + .map((stat) => stat?.status === status) + .includes(true); +} + +/** + * If certain "hot" stats are not fresh, then the _health api will should return a Red status + * @param monitoringStats The monitored stats + * @param now The time to compare against + * @param requiredFreshness How fresh should these stats be + */ +function hasExpiredHotTimestamps( + monitoringStats: RawMonitoringStats, + now: number, + requiredFreshness: number +): boolean { + const diff = + now - + getOldestTimestamp( + monitoringStats.last_update, + monitoringStats.stats.runtime?.value.polling.last_successful_poll + ); + return diff > requiredFreshness; +} + +function hasExpiredColdTimestamps( + monitoringStats: RawMonitoringStats, + now: number, + requiredFreshness: number +): boolean { + return now - getOldestTimestamp(monitoringStats.stats.workload?.timestamp) > requiredFreshness; +} + +function getOldestTimestamp(...timestamps: Array): number { + const validTimestamps = timestamps + .map((timestamp) => (isString(timestamp) ? Date.parse(timestamp) : NaN)) + .filter((timestamp) => !isNaN(timestamp)); + return validTimestamps.length ? Math.min(...validTimestamps) : 0; +} diff --git a/x-pack/plugins/task_manager/server/lib/log_health_metrics.mock.ts b/x-pack/plugins/task_manager/server/lib/log_health_metrics.mock.ts new file mode 100644 index 00000000000000..96c0f686ad61e7 --- /dev/null +++ b/x-pack/plugins/task_manager/server/lib/log_health_metrics.mock.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +const createLogHealthMetricsMock = () => { + return jest.fn(); +}; + +export const logHealthMetricsMock = { + create: createLogHealthMetricsMock, +}; diff --git a/x-pack/plugins/task_manager/server/lib/log_health_metrics.test.ts b/x-pack/plugins/task_manager/server/lib/log_health_metrics.test.ts new file mode 100644 index 00000000000000..ccbbf81ebfa31b --- /dev/null +++ b/x-pack/plugins/task_manager/server/lib/log_health_metrics.test.ts @@ -0,0 +1,262 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { merge } from 'lodash'; +import { loggingSystemMock } from 'src/core/server/mocks'; +import { configSchema, TaskManagerConfig } from '../config'; +import { HealthStatus } from '../monitoring'; +import { TaskPersistence } from '../monitoring/task_run_statistics'; +import { MonitoredHealth } from '../routes/health'; +import { logHealthMetrics } from './log_health_metrics'; +import { Logger } from '../../../../../src/core/server'; + +jest.mock('./calculate_health_status', () => ({ + calculateHealthStatus: jest.fn(), +})); + +describe('logHealthMetrics', () => { + afterEach(() => { + const { calculateHealthStatus } = jest.requireMock('./calculate_health_status'); + (calculateHealthStatus as jest.Mock).mockReset(); + }); + it('should log as debug if status is OK', () => { + const logger = loggingSystemMock.create().get(); + const config = getTaskManagerConfig({ + monitored_stats_warn_delayed_task_start_in_seconds: 60, + }); + const health = getMockMonitoredHealth(); + + logHealthMetrics(health, logger, config); + + const firstDebug = JSON.parse( + (logger as jest.Mocked).debug.mock.calls[0][0].replace('Latest Monitored Stats: ', '') + ); + expect(firstDebug).toMatchObject(health); + }); + + it('should log as warn if status is Warn', () => { + const logger = loggingSystemMock.create().get(); + const config = getTaskManagerConfig({ + monitored_stats_warn_delayed_task_start_in_seconds: 60, + }); + const health = getMockMonitoredHealth(); + const { calculateHealthStatus } = jest.requireMock('./calculate_health_status'); + (calculateHealthStatus as jest.Mock).mockImplementation( + () => HealthStatus.Warning + ); + + logHealthMetrics(health, logger, config); + + const logMessage = JSON.parse( + ((logger as jest.Mocked).warn.mock.calls[0][0] as string).replace( + 'Latest Monitored Stats: ', + '' + ) + ); + expect(logMessage).toMatchObject(health); + }); + + it('should log as error if status is Error', () => { + const logger = loggingSystemMock.create().get(); + const config = getTaskManagerConfig({ + monitored_stats_warn_delayed_task_start_in_seconds: 60, + }); + const health = getMockMonitoredHealth(); + const { calculateHealthStatus } = jest.requireMock('./calculate_health_status'); + (calculateHealthStatus as jest.Mock).mockImplementation(() => HealthStatus.Error); + + logHealthMetrics(health, logger, config); + + const logMessage = JSON.parse( + ((logger as jest.Mocked).error.mock.calls[0][0] as string).replace( + 'Latest Monitored Stats: ', + '' + ) + ); + expect(logMessage).toMatchObject(health); + }); + + it('should log as warn if drift exceeds the threshold', () => { + const logger = loggingSystemMock.create().get(); + const config = getTaskManagerConfig({ + monitored_stats_warn_delayed_task_start_in_seconds: 60, + }); + const health = getMockMonitoredHealth({ + stats: { + runtime: { + value: { + drift: { + p99: 60000, + }, + }, + }, + }, + }); + + logHealthMetrics(health, logger, config); + + expect((logger as jest.Mocked).warn.mock.calls[0][0] as string).toBe( + `Detected delay task start of 60s (which exceeds configured value of 60s)` + ); + + const secondMessage = JSON.parse( + ((logger as jest.Mocked).warn.mock.calls[1][0] as string).replace( + `Latest Monitored Stats: `, + '' + ) + ); + expect(secondMessage).toMatchObject(health); + }); + + it('should log as debug if there are no stats', () => { + const logger = loggingSystemMock.create().get(); + const config = getTaskManagerConfig({ + monitored_stats_warn_delayed_task_start_in_seconds: 60, + }); + const health = { + id: '1', + status: HealthStatus.OK, + timestamp: new Date().toISOString(), + last_update: new Date().toISOString(), + stats: {}, + }; + + logHealthMetrics(health, logger, config); + + const firstDebug = JSON.parse( + (logger as jest.Mocked).debug.mock.calls[0][0].replace('Latest Monitored Stats: ', '') + ); + expect(firstDebug).toMatchObject(health); + }); + + it('should ignore capacity estimation status', () => { + const logger = loggingSystemMock.create().get(); + const config = getTaskManagerConfig({ + monitored_stats_warn_delayed_task_start_in_seconds: 60, + }); + const health = getMockMonitoredHealth({ + stats: { + capacity_estimation: { + status: HealthStatus.Warning, + }, + }, + }); + + logHealthMetrics(health, logger, config); + + const { calculateHealthStatus } = jest.requireMock('./calculate_health_status'); + expect(calculateHealthStatus).toBeCalledTimes(1); + expect(calculateHealthStatus.mock.calls[0][0].stats.capacity_estimation).toBeUndefined(); + }); +}); + +function getMockMonitoredHealth(overrides = {}): MonitoredHealth { + const stub: MonitoredHealth = { + id: '1', + status: HealthStatus.OK, + timestamp: new Date().toISOString(), + last_update: new Date().toISOString(), + stats: { + configuration: { + timestamp: new Date().toISOString(), + status: HealthStatus.OK, + value: { + max_workers: 10, + poll_interval: 3000, + max_poll_inactivity_cycles: 10, + request_capacity: 1000, + monitored_aggregated_stats_refresh_rate: 5000, + monitored_stats_running_average_window: 50, + monitored_task_execution_thresholds: { + default: { + error_threshold: 90, + warn_threshold: 80, + }, + custom: {}, + }, + }, + }, + workload: { + timestamp: new Date().toISOString(), + status: HealthStatus.OK, + value: { + count: 4, + task_types: { + actions_telemetry: { count: 2, status: { idle: 2 } }, + alerting_telemetry: { count: 1, status: { idle: 1 } }, + session_cleanup: { count: 1, status: { idle: 1 } }, + }, + schedule: [], + overdue: 0, + overdue_non_recurring: 0, + estimatedScheduleDensity: [], + non_recurring: 20, + owner_ids: 2, + estimated_schedule_density: [], + capacity_requirments: { + per_minute: 150, + per_hour: 360, + per_day: 820, + }, + }, + }, + runtime: { + timestamp: new Date().toISOString(), + status: HealthStatus.OK, + value: { + drift: { + p50: 1000, + p90: 2000, + p95: 2500, + p99: 3000, + }, + drift_by_type: {}, + load: { + p50: 1000, + p90: 2000, + p95: 2500, + p99: 3000, + }, + execution: { + duration: {}, + duration_by_persistence: {}, + persistence: { + [TaskPersistence.Recurring]: 10, + [TaskPersistence.NonRecurring]: 10, + [TaskPersistence.Ephemeral]: 10, + }, + result_frequency_percent_as_number: {}, + }, + polling: { + last_successful_poll: new Date().toISOString(), + duration: [500, 400, 3000], + claim_conflicts: [0, 100, 75], + claim_mismatches: [0, 100, 75], + result_frequency_percent_as_number: [ + 'NoTasksClaimed', + 'NoTasksClaimed', + 'NoTasksClaimed', + ], + }, + }, + }, + }, + }; + return (merge(stub, overrides) as unknown) as MonitoredHealth; +} + +function getTaskManagerConfig(overrides: Partial = {}) { + return configSchema.validate( + overrides.monitored_stats_required_freshness + ? { + // use `monitored_stats_required_freshness` as poll interval otherwise we might + // fail validation as it must be greather than the poll interval + poll_interval: overrides.monitored_stats_required_freshness, + ...overrides, + } + : overrides + ); +} diff --git a/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts b/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts new file mode 100644 index 00000000000000..1c98b3272a82da --- /dev/null +++ b/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { isEmpty } from 'lodash'; +import { Logger } from '../../../../../src/core/server'; +import { HealthStatus } from '../monitoring'; +import { TaskManagerConfig } from '../config'; +import { MonitoredHealth } from '../routes/health'; +import { calculateHealthStatus } from './calculate_health_status'; + +export function logHealthMetrics( + monitoredHealth: MonitoredHealth, + logger: Logger, + config: TaskManagerConfig +) { + const healthWithoutCapacity: MonitoredHealth = { + ...monitoredHealth, + stats: { + ...monitoredHealth.stats, + capacity_estimation: undefined, + }, + }; + const statusWithoutCapacity = calculateHealthStatus(healthWithoutCapacity, config); + let logAsWarn = statusWithoutCapacity === HealthStatus.Warning; + const logAsError = + statusWithoutCapacity === HealthStatus.Error && !isEmpty(monitoredHealth.stats); + const driftInSeconds = (monitoredHealth.stats.runtime?.value.drift.p99 ?? 0) / 1000; + + if (driftInSeconds >= config.monitored_stats_warn_delayed_task_start_in_seconds) { + logger.warn( + `Detected delay task start of ${driftInSeconds}s (which exceeds configured value of ${config.monitored_stats_warn_delayed_task_start_in_seconds}s)` + ); + logAsWarn = true; + } + + if (logAsError) { + logger.error(`Latest Monitored Stats: ${JSON.stringify(monitoredHealth)}`); + } else if (logAsWarn) { + logger.warn(`Latest Monitored Stats: ${JSON.stringify(monitoredHealth)}`); + } else { + logger.debug(`Latest Monitored Stats: ${JSON.stringify(monitoredHealth)}`); + } +} diff --git a/x-pack/plugins/task_manager/server/monitoring/capacity_estimation.ts b/x-pack/plugins/task_manager/server/monitoring/capacity_estimation.ts index 35eb0dfca7a6bc..073112f94e049b 100644 --- a/x-pack/plugins/task_manager/server/monitoring/capacity_estimation.ts +++ b/x-pack/plugins/task_manager/server/monitoring/capacity_estimation.ts @@ -7,7 +7,7 @@ import { mapValues } from 'lodash'; import stats from 'stats-lite'; -import { JsonObject } from 'src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { RawMonitoringStats, RawMonitoredStat, HealthStatus } from './monitoring_stats_stream'; import { AveragedStat } from './task_run_calcultors'; import { TaskPersistenceTypes } from './task_run_statistics'; diff --git a/x-pack/plugins/task_manager/server/monitoring/configuration_statistics.test.ts b/x-pack/plugins/task_manager/server/monitoring/configuration_statistics.test.ts index b8f047836b750d..39a7658fb09e40 100644 --- a/x-pack/plugins/task_manager/server/monitoring/configuration_statistics.test.ts +++ b/x-pack/plugins/task_manager/server/monitoring/configuration_statistics.test.ts @@ -23,6 +23,7 @@ describe('Configuration Statistics Aggregator', () => { max_poll_inactivity_cycles: 10, request_capacity: 1000, monitored_aggregated_stats_refresh_rate: 5000, + monitored_stats_warn_delayed_task_start_in_seconds: 60, monitored_stats_running_average_window: 50, monitored_task_execution_thresholds: { default: { diff --git a/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.test.ts b/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.test.ts index 7e13e25457ed68..01bd86ec96db6b 100644 --- a/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.test.ts +++ b/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.test.ts @@ -9,7 +9,7 @@ import { TaskManagerConfig } from '../config'; import { of, Subject } from 'rxjs'; import { take, bufferCount } from 'rxjs/operators'; import { createMonitoringStatsStream, AggregatedStat } from './monitoring_stats_stream'; -import { JsonValue } from 'src/plugins/kibana_utils/common'; +import { JsonValue } from '@kbn/common-utils'; beforeEach(() => { jest.resetAllMocks(); @@ -27,6 +27,7 @@ describe('createMonitoringStatsStream', () => { max_poll_inactivity_cycles: 10, request_capacity: 1000, monitored_aggregated_stats_refresh_rate: 5000, + monitored_stats_warn_delayed_task_start_in_seconds: 60, monitored_stats_running_average_window: 50, monitored_task_execution_thresholds: { default: { diff --git a/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.ts b/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.ts index 8338bf3197162e..0d3b6ebf56de65 100644 --- a/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.ts +++ b/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.ts @@ -9,7 +9,7 @@ import { merge, of, Observable } from 'rxjs'; import { map, scan } from 'rxjs/operators'; import { set } from '@elastic/safer-lodash-set'; import { Logger } from 'src/core/server'; -import { JsonObject } from 'src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { TaskStore } from '../task_store'; import { TaskPollingLifecycle } from '../polling_lifecycle'; import { @@ -51,7 +51,6 @@ interface MonitoredStat { timestamp: string; value: T; } - export type RawMonitoredStat = MonitoredStat & { status: HealthStatus; }; diff --git a/x-pack/plugins/task_manager/server/monitoring/runtime_statistics_aggregator.ts b/x-pack/plugins/task_manager/server/monitoring/runtime_statistics_aggregator.ts index 0a6db350a88b9a..799ea054596c0a 100644 --- a/x-pack/plugins/task_manager/server/monitoring/runtime_statistics_aggregator.ts +++ b/x-pack/plugins/task_manager/server/monitoring/runtime_statistics_aggregator.ts @@ -6,7 +6,7 @@ */ import { Observable } from 'rxjs'; -import { JsonValue } from 'src/plugins/kibana_utils/common'; +import { JsonValue } from '@kbn/common-utils'; export interface AggregatedStat { key: string; diff --git a/x-pack/plugins/task_manager/server/monitoring/task_run_calcultors.ts b/x-pack/plugins/task_manager/server/monitoring/task_run_calcultors.ts index 4e2e689b71c88d..b0611437d87bec 100644 --- a/x-pack/plugins/task_manager/server/monitoring/task_run_calcultors.ts +++ b/x-pack/plugins/task_manager/server/monitoring/task_run_calcultors.ts @@ -6,7 +6,7 @@ */ import stats from 'stats-lite'; -import { JsonObject } from 'src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { isUndefined, countBy, mapValues } from 'lodash'; export interface AveragedStat extends JsonObject { diff --git a/x-pack/plugins/task_manager/server/monitoring/task_run_statistics.ts b/x-pack/plugins/task_manager/server/monitoring/task_run_statistics.ts index eb6cb0796c33cc..b792f4ca475f93 100644 --- a/x-pack/plugins/task_manager/server/monitoring/task_run_statistics.ts +++ b/x-pack/plugins/task_manager/server/monitoring/task_run_statistics.ts @@ -7,7 +7,7 @@ import { combineLatest, Observable } from 'rxjs'; import { filter, startWith, map } from 'rxjs/operators'; -import { JsonObject, JsonValue } from 'src/plugins/kibana_utils/common'; +import { JsonObject, JsonValue } from '@kbn/common-utils'; import { isNumber, mapValues } from 'lodash'; import { AggregatedStatProvider, AggregatedStat } from './runtime_statistics_aggregator'; import { TaskLifecycleEvent } from '../polling_lifecycle'; diff --git a/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts b/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts index 669f6198325485..abd86be522f0cd 100644 --- a/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts +++ b/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts @@ -8,7 +8,7 @@ import { combineLatest, Observable, timer } from 'rxjs'; import { mergeMap, map, filter, switchMap, catchError } from 'rxjs/operators'; import { Logger } from 'src/core/server'; -import { JsonObject } from 'src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { keyBy, mapValues } from 'lodash'; import { estypes } from '@elastic/elasticsearch'; import { AggregatedStatProvider } from './runtime_statistics_aggregator'; diff --git a/x-pack/plugins/task_manager/server/plugin.test.ts b/x-pack/plugins/task_manager/server/plugin.test.ts index 45db18a3e83857..6c7f722d4c5255 100644 --- a/x-pack/plugins/task_manager/server/plugin.test.ts +++ b/x-pack/plugins/task_manager/server/plugin.test.ts @@ -25,6 +25,7 @@ describe('TaskManagerPlugin', () => { max_poll_inactivity_cycles: 10, request_capacity: 1000, monitored_aggregated_stats_refresh_rate: 5000, + monitored_stats_warn_delayed_task_start_in_seconds: 60, monitored_stats_required_freshness: 5000, monitored_stats_running_average_window: 50, monitored_task_execution_thresholds: { @@ -55,6 +56,7 @@ describe('TaskManagerPlugin', () => { max_poll_inactivity_cycles: 10, request_capacity: 1000, monitored_aggregated_stats_refresh_rate: 5000, + monitored_stats_warn_delayed_task_start_in_seconds: 60, monitored_stats_required_freshness: 5000, monitored_stats_running_average_window: 50, monitored_task_execution_thresholds: { diff --git a/x-pack/plugins/task_manager/server/polling_lifecycle.test.ts b/x-pack/plugins/task_manager/server/polling_lifecycle.test.ts index f733bb6bfdf2a8..66c6805e9160ef 100644 --- a/x-pack/plugins/task_manager/server/polling_lifecycle.test.ts +++ b/x-pack/plugins/task_manager/server/polling_lifecycle.test.ts @@ -45,6 +45,7 @@ describe('TaskPollingLifecycle', () => { max_poll_inactivity_cycles: 10, request_capacity: 1000, monitored_aggregated_stats_refresh_rate: 5000, + monitored_stats_warn_delayed_task_start_in_seconds: 60, monitored_stats_required_freshness: 5000, monitored_stats_running_average_window: 50, monitored_task_execution_thresholds: { diff --git a/x-pack/plugins/task_manager/server/routes/health.test.ts b/x-pack/plugins/task_manager/server/routes/health.test.ts index ae883585e7085e..c14eb7e10b7261 100644 --- a/x-pack/plugins/task_manager/server/routes/health.test.ts +++ b/x-pack/plugins/task_manager/server/routes/health.test.ts @@ -14,10 +14,19 @@ import { healthRoute } from './health'; import { mockHandlerArguments } from './_mock_handler_arguments'; import { sleep } from '../test_utils'; import { loggingSystemMock } from '../../../../../src/core/server/mocks'; -import { Logger } from '../../../../../src/core/server'; -import { MonitoringStats, RawMonitoringStats, summarizeMonitoringStats } from '../monitoring'; +import { + HealthStatus, + MonitoringStats, + RawMonitoringStats, + summarizeMonitoringStats, +} from '../monitoring'; import { ServiceStatusLevels } from 'src/core/server'; import { configSchema, TaskManagerConfig } from '../config'; +import { calculateHealthStatusMock } from '../lib/calculate_health_status.mock'; + +jest.mock('../lib/log_health_metrics', () => ({ + logHealthMetrics: jest.fn(), +})); describe('healthRoute', () => { beforeEach(() => { @@ -38,6 +47,9 @@ describe('healthRoute', () => { it('logs the Task Manager stats at a fixed interval', async () => { const router = httpServiceMock.createRouter(); const logger = loggingSystemMock.create().get(); + const calculateHealthStatus = calculateHealthStatusMock.create(); + calculateHealthStatus.mockImplementation(() => HealthStatus.OK); + const { logHealthMetrics } = jest.requireMock('../lib/log_health_metrics'); const mockStat = mockHealthStats(); await sleep(10); @@ -55,6 +67,7 @@ describe('healthRoute', () => { id, getTaskManagerConfig({ monitored_stats_required_freshness: 1000, + monitored_stats_warn_delayed_task_start_in_seconds: 100, monitored_aggregated_stats_refresh_rate: 60000, }) ); @@ -65,35 +78,137 @@ describe('healthRoute', () => { await sleep(600); stats$.next(nextMockStat); - const firstDebug = JSON.parse( - (logger as jest.Mocked).debug.mock.calls[0][0].replace('Latest Monitored Stats: ', '') - ); - expect(firstDebug).toMatchObject({ + expect(logHealthMetrics).toBeCalledTimes(2); + expect(logHealthMetrics.mock.calls[0][0]).toMatchObject({ id, timestamp: expect.any(String), status: expect.any(String), ...ignoreCapacityEstimation(summarizeMonitoringStats(mockStat, getTaskManagerConfig({}))), }); + expect(logHealthMetrics.mock.calls[1][0]).toMatchObject({ + id, + timestamp: expect.any(String), + status: expect.any(String), + ...ignoreCapacityEstimation(summarizeMonitoringStats(nextMockStat, getTaskManagerConfig({}))), + }); + }); - const secondDebug = JSON.parse( - (logger as jest.Mocked).debug.mock.calls[1][0].replace('Latest Monitored Stats: ', '') + it(`logs at a warn level if the status is warning`, async () => { + const router = httpServiceMock.createRouter(); + const logger = loggingSystemMock.create().get(); + const calculateHealthStatus = calculateHealthStatusMock.create(); + calculateHealthStatus.mockImplementation(() => HealthStatus.Warning); + const { logHealthMetrics } = jest.requireMock('../lib/log_health_metrics'); + + const warnRuntimeStat = mockHealthStats(); + const warnConfigurationStat = mockHealthStats(); + const warnWorkloadStat = mockHealthStats(); + + const stats$ = new Subject(); + + const id = uuid.v4(); + healthRoute( + router, + stats$, + logger, + id, + getTaskManagerConfig({ + monitored_stats_required_freshness: 1000, + monitored_stats_warn_delayed_task_start_in_seconds: 120, + monitored_aggregated_stats_refresh_rate: 60000, + }) ); - expect(secondDebug).not.toMatchObject({ + + stats$.next(warnRuntimeStat); + await sleep(1001); + stats$.next(warnConfigurationStat); + await sleep(1001); + stats$.next(warnWorkloadStat); + + expect(logHealthMetrics).toBeCalledTimes(3); + expect(logHealthMetrics.mock.calls[0][0]).toMatchObject({ id, timestamp: expect.any(String), status: expect.any(String), ...ignoreCapacityEstimation( - summarizeMonitoringStats(skippedMockStat, getTaskManagerConfig({})) + summarizeMonitoringStats(warnRuntimeStat, getTaskManagerConfig({})) ), }); - expect(secondDebug).toMatchObject({ + expect(logHealthMetrics.mock.calls[1][0]).toMatchObject({ id, timestamp: expect.any(String), status: expect.any(String), - ...ignoreCapacityEstimation(summarizeMonitoringStats(nextMockStat, getTaskManagerConfig({}))), + ...ignoreCapacityEstimation( + summarizeMonitoringStats(warnConfigurationStat, getTaskManagerConfig({})) + ), }); + expect(logHealthMetrics.mock.calls[2][0]).toMatchObject({ + id, + timestamp: expect.any(String), + status: expect.any(String), + ...ignoreCapacityEstimation( + summarizeMonitoringStats(warnWorkloadStat, getTaskManagerConfig({})) + ), + }); + }); - expect(logger.debug).toHaveBeenCalledTimes(2); + it(`logs at an error level if the status is error`, async () => { + const router = httpServiceMock.createRouter(); + const logger = loggingSystemMock.create().get(); + const calculateHealthStatus = calculateHealthStatusMock.create(); + calculateHealthStatus.mockImplementation(() => HealthStatus.Error); + const { logHealthMetrics } = jest.requireMock('../lib/log_health_metrics'); + + const errorRuntimeStat = mockHealthStats(); + const errorConfigurationStat = mockHealthStats(); + const errorWorkloadStat = mockHealthStats(); + + const stats$ = new Subject(); + + const id = uuid.v4(); + healthRoute( + router, + stats$, + logger, + id, + getTaskManagerConfig({ + monitored_stats_required_freshness: 1000, + monitored_stats_warn_delayed_task_start_in_seconds: 120, + monitored_aggregated_stats_refresh_rate: 60000, + }) + ); + + stats$.next(errorRuntimeStat); + await sleep(1001); + stats$.next(errorConfigurationStat); + await sleep(1001); + stats$.next(errorWorkloadStat); + + expect(logHealthMetrics).toBeCalledTimes(3); + expect(logHealthMetrics.mock.calls[0][0]).toMatchObject({ + id, + timestamp: expect.any(String), + status: expect.any(String), + ...ignoreCapacityEstimation( + summarizeMonitoringStats(errorRuntimeStat, getTaskManagerConfig({})) + ), + }); + expect(logHealthMetrics.mock.calls[1][0]).toMatchObject({ + id, + timestamp: expect.any(String), + status: expect.any(String), + ...ignoreCapacityEstimation( + summarizeMonitoringStats(errorConfigurationStat, getTaskManagerConfig({})) + ), + }); + expect(logHealthMetrics.mock.calls[2][0]).toMatchObject({ + id, + timestamp: expect.any(String), + status: expect.any(String), + ...ignoreCapacityEstimation( + summarizeMonitoringStats(errorWorkloadStat, getTaskManagerConfig({})) + ), + }); }); it('returns a error status if the overall stats have not been updated within the required hot freshness', async () => { diff --git a/x-pack/plugins/task_manager/server/routes/health.ts b/x-pack/plugins/task_manager/server/routes/health.ts index cc2f6c6630e56d..b5d8a23ba55575 100644 --- a/x-pack/plugins/task_manager/server/routes/health.ts +++ b/x-pack/plugins/task_manager/server/routes/health.ts @@ -15,8 +15,6 @@ import { import { Observable, Subject } from 'rxjs'; import { tap, map } from 'rxjs/operators'; import { throttleTime } from 'rxjs/operators'; -import { isString } from 'lodash'; -import { JsonValue } from 'src/plugins/kibana_utils/common'; import { Logger, ServiceStatus, ServiceStatusLevels } from '../../../../../src/core/server'; import { MonitoringStats, @@ -25,8 +23,14 @@ import { RawMonitoringStats, } from '../monitoring'; import { TaskManagerConfig } from '../config'; +import { logHealthMetrics } from '../lib/log_health_metrics'; +import { calculateHealthStatus } from '../lib/calculate_health_status'; -type MonitoredHealth = RawMonitoringStats & { id: string; status: HealthStatus; timestamp: string }; +export type MonitoredHealth = RawMonitoringStats & { + id: string; + status: HealthStatus; + timestamp: string; +}; const LEVEL_SUMMARY = { [ServiceStatusLevels.available.toString()]: 'Task Manager is healthy', @@ -54,26 +58,12 @@ export function healthRoute( // consider the system unhealthy const requiredHotStatsFreshness: number = config.monitored_stats_required_freshness; - // if "cold" health stats are any more stale than the configured refresh (+ a buffer), consider the system unhealthy - const requiredColdStatsFreshness: number = config.monitored_aggregated_stats_refresh_rate * 1.5; - - function calculateStatus(monitoredStats: MonitoringStats): MonitoredHealth { + function getHealthStatus(monitoredStats: MonitoringStats) { + const summarizedStats = summarizeMonitoringStats(monitoredStats, config); + const status = calculateHealthStatus(summarizedStats, config); const now = Date.now(); const timestamp = new Date(now).toISOString(); - const summarizedStats = summarizeMonitoringStats(monitoredStats, config); - - /** - * If the monitored stats aren't fresh, return a red status - */ - const healthStatus = - hasStatus(summarizedStats.stats, HealthStatus.Error) || - hasExpiredHotTimestamps(summarizedStats, now, requiredHotStatsFreshness) || - hasExpiredColdTimestamps(summarizedStats, now, requiredColdStatsFreshness) - ? HealthStatus.Error - : hasStatus(summarizedStats.stats, HealthStatus.Warning) - ? HealthStatus.Warning - : HealthStatus.OK; - return { id: taskManagerId, timestamp, status: healthStatus, ...summarizedStats }; + return { id: taskManagerId, timestamp, status, ...summarizedStats }; } const serviceStatus$: Subject = new Subject(); @@ -90,11 +80,11 @@ export function healthRoute( }), // Only calculate the summerized stats (calculates all runnign averages and evaluates state) // when needed by throttling down to the requiredHotStatsFreshness - map((stats) => withServiceStatus(calculateStatus(stats))) + map((stats) => withServiceStatus(getHealthStatus(stats))) ) .subscribe(([monitoredHealth, serviceStatus]) => { serviceStatus$.next(serviceStatus); - logger.debug(`Latest Monitored Stats: ${JSON.stringify(monitoredHealth)}`); + logHealthMetrics(monitoredHealth, logger, config); }); router.get( @@ -109,7 +99,7 @@ export function healthRoute( ): Promise { return res.ok({ body: lastMonitoredStats - ? calculateStatus(lastMonitoredStats) + ? getHealthStatus(lastMonitoredStats) : { id: taskManagerId, timestamp: new Date().toISOString(), status: HealthStatus.Error }, }); } @@ -134,45 +124,3 @@ export function withServiceStatus( }, ]; } - -/** - * If certain "hot" stats are not fresh, then the _health api will should return a Red status - * @param monitoringStats The monitored stats - * @param now The time to compare against - * @param requiredFreshness How fresh should these stats be - */ -function hasExpiredHotTimestamps( - monitoringStats: RawMonitoringStats, - now: number, - requiredFreshness: number -): boolean { - return ( - now - - getOldestTimestamp( - monitoringStats.last_update, - monitoringStats.stats.runtime?.value.polling.last_successful_poll - ) > - requiredFreshness - ); -} - -function hasExpiredColdTimestamps( - monitoringStats: RawMonitoringStats, - now: number, - requiredFreshness: number -): boolean { - return now - getOldestTimestamp(monitoringStats.stats.workload?.timestamp) > requiredFreshness; -} - -function hasStatus(stats: RawMonitoringStats['stats'], status: HealthStatus): boolean { - return Object.values(stats) - .map((stat) => stat?.status === status) - .includes(true); -} - -function getOldestTimestamp(...timestamps: Array): number { - const validTimestamps = timestamps - .map((timestamp) => (isString(timestamp) ? Date.parse(timestamp) : NaN)) - .filter((timestamp) => !isNaN(timestamp)); - return validTimestamps.length ? Math.min(...validTimestamps) : 0; -} diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 5680ff2447bba9..390a6f8ce4ce57 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -5630,7 +5630,6 @@ "xpack.apm.serviceHealthStatus.healthy": "正常", "xpack.apm.serviceHealthStatus.unknown": "不明", "xpack.apm.serviceHealthStatus.warning": "警告", - "xpack.apm.serviceIcons.alerts": "アラート", "xpack.apm.serviceIcons.cloud": "クラウド", "xpack.apm.serviceIcons.container": "コンテナー", "xpack.apm.serviceIcons.service": "サービス", @@ -8830,7 +8829,6 @@ "xpack.fleet.agentList.addButton": "エージェントの追加", "xpack.fleet.agentList.agentUpgradeLabel": "アップグレードが利用可能です", "xpack.fleet.agentList.clearFiltersLinkText": "フィルターを消去", - "xpack.fleet.agentList.enrollButton": "エージェントの追加", "xpack.fleet.agentList.errorFetchingDataTitle": "エージェントの取り込みエラー", "xpack.fleet.agentList.forceUnenrollOneButton": "強制的に登録解除する", "xpack.fleet.agentList.hostColumnTitle": "ホスト", @@ -8904,8 +8902,6 @@ "xpack.fleet.agentPolicyList.noAgentPoliciesPrompt": "エージェントポリシーがありません", "xpack.fleet.agentPolicyList.noFilteredAgentPoliciesPrompt": "エージェントポリシーが見つかりません。{clearFiltersLink}", "xpack.fleet.agentPolicyList.packagePoliciesCountColumnTitle": "統合", - "xpack.fleet.agentPolicyList.pageSubtitle": "エージェントポリシーを使用すると、エージェントとエージェントが収集するデータを管理できます。", - "xpack.fleet.agentPolicyList.pageTitle": "エージェントポリシー", "xpack.fleet.agentPolicyList.reloadAgentPoliciesButtonText": "再読み込み", "xpack.fleet.agentPolicyList.updatedOnColumnTitle": "最終更新日", "xpack.fleet.agentPolicySummaryLine.hostedPolicyTooltip": "このポリシーはFleet外で管理されます。このポリシーに関連するほとんどのアクションは使用できません。", @@ -8915,8 +8911,6 @@ "xpack.fleet.agentReassignPolicy.flyoutTitle": "新しいエージェントポリシーを割り当てる", "xpack.fleet.agentReassignPolicy.selectPolicyLabel": "エージェントポリシー", "xpack.fleet.agentReassignPolicy.successSingleNotificationTitle": "エージェントポリシーが再割り当てされました", - "xpack.fleet.agents.pageSubtitle": "ポリシーの更新を管理し、任意のサイズのエージェントのグループにデプロイします。", - "xpack.fleet.agents.pageTitle": "エージェント", "xpack.fleet.agentsInitializationErrorMessageTitle": "Elasticエージェントの集中管理を初期化できません", "xpack.fleet.agentStatus.healthyLabel": "正常", "xpack.fleet.agentStatus.inactiveLabel": "非アクティブ", @@ -8925,13 +8919,10 @@ "xpack.fleet.agentStatus.updatingLabel": "更新中", "xpack.fleet.appNavigation.agentsLinkText": "エージェント", "xpack.fleet.appNavigation.dataStreamsLinkText": "データストリーム", - "xpack.fleet.appNavigation.overviewLinkText": "概要", "xpack.fleet.appNavigation.policiesLinkText": "ポリシー", "xpack.fleet.appNavigation.sendFeedbackButton": "フィードバックを送信", "xpack.fleet.appNavigation.settingsButton": "Fleet 設定", "xpack.fleet.appTitle": "Fleet", - "xpack.fleet.betaBadge.labelText": "ベータ", - "xpack.fleet.betaBadge.tooltipText": "このプラグインは本番環境用ではありません。バグについてはディスカッションフォーラムで報告してください。", "xpack.fleet.breadcrumbs.addPackagePolicyPageTitle": "統合の追加", "xpack.fleet.breadcrumbs.agentsPageTitle": "エージェント", "xpack.fleet.breadcrumbs.allIntegrationsPageTitle": "すべて", @@ -8940,8 +8931,6 @@ "xpack.fleet.breadcrumbs.editPackagePolicyPageTitle": "統合の編集", "xpack.fleet.breadcrumbs.enrollmentTokensPageTitle": "登録トークン", "xpack.fleet.breadcrumbs.installedIntegrationsPageTitle": "インストール済み", - "xpack.fleet.breadcrumbs.integrationsPageTitle": "統合", - "xpack.fleet.breadcrumbs.overviewPageTitle": "概要", "xpack.fleet.breadcrumbs.policiesPageTitle": "ポリシー", "xpack.fleet.config.invalidPackageVersionError": "有効なサーバーまたはキーワード「latest」でなければなりません", "xpack.fleet.copyAgentPolicy.confirmModal.cancelButtonLabel": "キャンセル", @@ -9000,8 +8989,6 @@ "xpack.fleet.dataStreamList.namespaceColumnTitle": "名前空間", "xpack.fleet.dataStreamList.noDataStreamsPrompt": "データストリームがありません", "xpack.fleet.dataStreamList.noFilteredDataStreamsMessage": "一致するデータストリームが見つかりません", - "xpack.fleet.dataStreamList.pageSubtitle": "エージェントが作成したデータを管理します。", - "xpack.fleet.dataStreamList.pageTitle": "データストリーム", "xpack.fleet.dataStreamList.reloadDataStreamsButtonText": "再読み込み", "xpack.fleet.dataStreamList.searchPlaceholderTitle": "データストリームをフィルター", "xpack.fleet.dataStreamList.sizeColumnTitle": "サイズ", @@ -9190,8 +9177,6 @@ "xpack.fleet.integrations.updatePackage.updatePackageButtonLabel": "最新バージョンに更新", "xpack.fleet.invalidLicenseDescription": "現在のライセンスは期限切れです。登録されたビートエージェントは引き続き動作しますが、Elastic Fleet インターフェイスにアクセスするには有効なライセンスが必要です。", "xpack.fleet.invalidLicenseTitle": "ライセンスの期限切れ", - "xpack.fleet.listTabs.agentTitle": "エージェント", - "xpack.fleet.listTabs.enrollmentTokensTitle": "登録トークン", "xpack.fleet.namespaceValidation.invalidCharactersErrorMessage": "名前空間に無効な文字が含まれています", "xpack.fleet.namespaceValidation.lowercaseErrorMessage": "名前空間は小文字で指定する必要があります", "xpack.fleet.namespaceValidation.requiredErrorMessage": "名前空間は必須です", @@ -9204,33 +9189,8 @@ "xpack.fleet.noAccess.accessDeniedDescription": "Elastic Fleet にアクセスする権限がありません。Elastic Fleet を使用するには、このアプリケーションの読み取り権または全権を含むユーザーロールが必要です。", "xpack.fleet.noAccess.accessDeniedTitle": "アクセスが拒否されました", "xpack.fleet.oldAppTitle": "Ingest Manager", - "xpack.fleet.overviewAgentActiveTitle": "アクティブ", - "xpack.fleet.overviewAgentErrorTitle": "エラー", - "xpack.fleet.overviewAgentOfflineTitle": "オフライン", - "xpack.fleet.overviewAgentTotalTitle": "合計エージェント数", - "xpack.fleet.overviewDatastreamNamespacesTitle": "名前空間", - "xpack.fleet.overviewDatastreamSizeTitle": "合計サイズ", - "xpack.fleet.overviewDatastreamTotalTitle": "データストリーム", - "xpack.fleet.overviewIntegrationsInstalledTitle": "インストール済み", - "xpack.fleet.overviewIntegrationsTotalTitle": "合計利用可能数", - "xpack.fleet.overviewIntegrationsUpdatesAvailableTitle": "更新が可能です", - "xpack.fleet.overviewPackagePolicyTitle": "使用済みの統合", - "xpack.fleet.overviewPageAgentsPanelTitle": "エージェント", - "xpack.fleet.overviewPageDataStreamsPanelAction": "データストリームを表示", - "xpack.fleet.overviewPageDataStreamsPanelTitle": "データストリーム", - "xpack.fleet.overviewPageDataStreamsPanelTooltip": "エージェントが収集するデータはさまざまなデータストリームに整理されます。", - "xpack.fleet.overviewPageEnrollAgentButton": "エージェントの追加", - "xpack.fleet.overviewPageFleetPanelAction": "エージェントを表示", - "xpack.fleet.overviewPageFleetPanelTooltip": "Fleetを使用して、中央の場所からエージェントを登録し、ポリシーを管理します。", - "xpack.fleet.overviewPageIntegrationsPanelAction": "統合を表示", - "xpack.fleet.overviewPageIntegrationsPanelTitle": "統合", - "xpack.fleet.overviewPageIntegrationsPanelTooltip": "Elastic Stackの統合を参照し、インストールします。統合をエージェントポリシーに追加し、データの送信を開始します。", - "xpack.fleet.overviewPagePoliciesPanelAction": "ポリシーを表示", - "xpack.fleet.overviewPagePoliciesPanelTitle": "エージェントポリシー", - "xpack.fleet.overviewPagePoliciesPanelTooltip": "エージェントポリシーを使用すると、エージェントが収集するデータを管理できます。", "xpack.fleet.overviewPageSubtitle": "Elasticエージェントとポリシーを中央の場所で管理します。", "xpack.fleet.overviewPageTitle": "Fleet", - "xpack.fleet.overviewPolicyTotalTitle": "合計利用可能数", "xpack.fleet.packagePolicyInputOverrideError": "パッケージ{packageName}には入力タイプ{inputType}が存在しません。", "xpack.fleet.packagePolicyStreamOverrideError": "パッケージ{packageName}の{inputType}にはデータストリーム{streamSet}が存在しません", "xpack.fleet.packagePolicyStreamVarOverrideError": "パッケージ{packageName}の{inputType}の{streamSet}にはVar {varName}が存在しません", @@ -14028,7 +13988,6 @@ "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionMeanRecallStat": "平均再現率", "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionOverallAccuracyStat": "全体的な精度", "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionOverallAccuracyTooltip": "合計予測数に対する正しいクラス予測数の比率。", - "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionRocInfoTooltip": "受信者操作特性 (ROC) 曲線は、異なる予測確率しきい値で分類プロセスのパフォーマンスを表すプロットです。", "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionRocTitle": "受信者操作特性 (ROC) 曲線", "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionTitle": "モデル評価", "xpack.ml.dataframe.analytics.classificationExploration.showActions": "アクションを表示", @@ -18016,15 +17975,15 @@ "xpack.rollupJobs.detailPanel.jobActionMenu.buttonLabel": "管理", "xpack.rollupJobs.detailPanel.loadingLabel": "ロールアップジョブを読み込み中...", "xpack.rollupJobs.detailPanel.notFoundLabel": "ロールアップジョブが見つかりません", - "indexPatternManagement.editRollupIndexPattern.createIndex.defaultButtonDescription": "要約データに制限された集約を実行します。", - "indexPatternManagement.editRollupIndexPattern.createIndex.defaultButtonText": "ロールアップインデックスパターン", - "indexPatternManagement.editRollupIndexPattern.createIndex.defaultTypeName": "ロールアップインデックスパターン", - "indexPatternManagement.editRollupIndexPattern.createIndex.indexLabel": "ロールアップ", - "indexPatternManagement.editRollupIndexPattern.createIndex.noMatchError": "ロールアップインデックスパターンエラー:ロールアップインデックスの 1 つと一致している必要があります", - "indexPatternManagement.editRollupIndexPattern.createIndex.tooManyMatchesError": "ロールアップインデックスパターンエラー:一致できるロールアップインデックスは 1 つだけです", - "indexPatternManagement.editRollupIndexPattern.createIndex.uncaughtError": "ロールアップインデックスパターンエラー:{error}", - "indexPatternManagement.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph1Text": "ロールアップインデックスパターンのKibanaのサポートはベータ版です。保存された検索、可視化、ダッシュボードでこれらのパターンを使用すると問題が発生する場合があります。Timelionや機械学習などの一部の高度な機能ではサポートされていません。", - "indexPatternManagement.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph2Text": "ロールアップインデックスパターンは、1つのロールアップインデックスとゼロ以上の標準インデックスと一致させることができます。ロールアップインデックスパターンでは、メトリック、フィールド、間隔、アグリゲーションが制限されています。ロールアップインデックスは、1つのジョブ構成があるインデックス、または複数のジョブと互換する構成があるインデックスに制限されています。", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.defaultButtonDescription": "要約データに制限された集約を実行します。", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.defaultButtonText": "ロールアップインデックスパターン", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.defaultTypeName": "ロールアップインデックスパターン", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.indexLabel": "ロールアップ", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.noMatchError": "ロールアップインデックスパターンエラー:ロールアップインデックスの 1 つと一致している必要があります", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.tooManyMatchesError": "ロールアップインデックスパターンエラー:一致できるロールアップインデックスは 1 つだけです", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.uncaughtError": "ロールアップインデックスパターンエラー:{error}", + "xpack.rollupJobs.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph1Text": "ロールアップインデックスパターンのKibanaのサポートはベータ版です。保存された検索、可視化、ダッシュボードでこれらのパターンを使用すると問題が発生する場合があります。Timelionや機械学習などの一部の高度な機能ではサポートされていません。", + "xpack.rollupJobs.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph2Text": "ロールアップインデックスパターンは、1つのロールアップインデックスとゼロ以上の標準インデックスと一致させることができます。ロールアップインデックスパターンでは、メトリック、フィールド、間隔、アグリゲーションが制限されています。ロールアップインデックスは、1つのジョブ構成があるインデックス、または複数のジョブと互換する構成があるインデックスに制限されています。", "xpack.rollupJobs.featureCatalogueDescription": "今後の分析用に履歴データを小さなインデックスに要約して格納します。", "xpack.rollupJobs.indexMgmtBadge.rollupLabel": "ロールアップ", "xpack.rollupJobs.indexMgmtToggle.toggleLabel": "ロールアップインデックスを含める", @@ -24297,8 +24256,6 @@ "xpack.watcher.sections.watchEdit.json.titlePanel.editWatchTitle": "{watchName}を編集", "xpack.watcher.sections.watchEdit.loadingWatchDescription": "ウォッチの読み込み中…", "xpack.watcher.sections.watchEdit.loadingWatchVisualizationDescription": "ウォッチビジュアライゼーションを読み込み中…", - "xpack.watcher.sections.watchEdit.monitoring.edit.calloutDescriptionText": "ウォッチ'{watchName}'はシステムウォッチであるため、編集できません。{watchStatusLink}", - "xpack.watcher.sections.watchEdit.monitoring.edit.calloutTitleText": "このウォッチは編集できません。", "xpack.watcher.sections.watchEdit.monitoring.header.watchLinkTitle": "ウォッチステータスを表示します。", "xpack.watcher.sections.watchEdit.simulate.form.actionModesFieldLabel": "アクションモード", "xpack.watcher.sections.watchEdit.simulate.form.actionOverridesDescription": "ウォッチでアクションを実行またはスキップすることができるようにします。{actionsLink}", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 841441178b7c1e..4eea2c90740f79 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -5663,7 +5663,6 @@ "xpack.apm.serviceHealthStatus.healthy": "运行正常", "xpack.apm.serviceHealthStatus.unknown": "未知", "xpack.apm.serviceHealthStatus.warning": "警告", - "xpack.apm.serviceIcons.alerts": "告警", "xpack.apm.serviceIcons.cloud": "云", "xpack.apm.serviceIcons.container": "容器", "xpack.apm.serviceIcons.service": "服务", @@ -8907,7 +8906,6 @@ "xpack.fleet.agentList.addButton": "添加代理", "xpack.fleet.agentList.agentUpgradeLabel": "升级可用", "xpack.fleet.agentList.clearFiltersLinkText": "清除筛选", - "xpack.fleet.agentList.enrollButton": "添加代理", "xpack.fleet.agentList.errorFetchingDataTitle": "获取代理时出错", "xpack.fleet.agentList.forceUnenrollOneButton": "强制取消注册", "xpack.fleet.agentList.hostColumnTitle": "主机", @@ -8982,8 +8980,6 @@ "xpack.fleet.agentPolicyList.noAgentPoliciesPrompt": "无代理策略", "xpack.fleet.agentPolicyList.noFilteredAgentPoliciesPrompt": "找不到任何代理策略。{clearFiltersLink}", "xpack.fleet.agentPolicyList.packagePoliciesCountColumnTitle": "集成", - "xpack.fleet.agentPolicyList.pageSubtitle": "使用代理策略管理代理及其收集的数据。", - "xpack.fleet.agentPolicyList.pageTitle": "代理策略", "xpack.fleet.agentPolicyList.reloadAgentPoliciesButtonText": "重新加载", "xpack.fleet.agentPolicyList.updatedOnColumnTitle": "上次更新时间", "xpack.fleet.agentPolicySummaryLine.hostedPolicyTooltip": "此策略是在 Fleet 外进行管理的。与此策略相关的操作多数不可用。", @@ -8995,8 +8991,6 @@ "xpack.fleet.agentReassignPolicy.policyDescription": "选定代理策略将收集 {count, plural, other {{countValue} 个集成} }的数据:", "xpack.fleet.agentReassignPolicy.selectPolicyLabel": "代理策略", "xpack.fleet.agentReassignPolicy.successSingleNotificationTitle": "代理策略已重新分配", - "xpack.fleet.agents.pageSubtitle": "管理策略更新并将其部署到一组任意大小的代理。", - "xpack.fleet.agents.pageTitle": "代理", "xpack.fleet.agentsInitializationErrorMessageTitle": "无法为 Elastic 代理初始化集中管理", "xpack.fleet.agentStatus.healthyLabel": "运行正常", "xpack.fleet.agentStatus.inactiveLabel": "非活动", @@ -9005,13 +8999,10 @@ "xpack.fleet.agentStatus.updatingLabel": "正在更新", "xpack.fleet.appNavigation.agentsLinkText": "代理", "xpack.fleet.appNavigation.dataStreamsLinkText": "数据流", - "xpack.fleet.appNavigation.overviewLinkText": "概览", "xpack.fleet.appNavigation.policiesLinkText": "策略", "xpack.fleet.appNavigation.sendFeedbackButton": "发送反馈", "xpack.fleet.appNavigation.settingsButton": "Fleet 设置", "xpack.fleet.appTitle": "Fleet", - "xpack.fleet.betaBadge.labelText": "公测版", - "xpack.fleet.betaBadge.tooltipText": "不推荐在生产环境中使用此插件。请在我们讨论论坛中报告错误。", "xpack.fleet.breadcrumbs.addPackagePolicyPageTitle": "添加集成", "xpack.fleet.breadcrumbs.agentsPageTitle": "代理", "xpack.fleet.breadcrumbs.allIntegrationsPageTitle": "全部", @@ -9020,8 +9011,6 @@ "xpack.fleet.breadcrumbs.editPackagePolicyPageTitle": "编辑集成", "xpack.fleet.breadcrumbs.enrollmentTokensPageTitle": "注册令牌", "xpack.fleet.breadcrumbs.installedIntegrationsPageTitle": "已安装", - "xpack.fleet.breadcrumbs.integrationsPageTitle": "集成", - "xpack.fleet.breadcrumbs.overviewPageTitle": "概览", "xpack.fleet.breadcrumbs.policiesPageTitle": "策略", "xpack.fleet.config.invalidPackageVersionError": "必须是有效的 semver 或关键字 `latest`", "xpack.fleet.copyAgentPolicy.confirmModal.cancelButtonLabel": "取消", @@ -9082,8 +9071,6 @@ "xpack.fleet.dataStreamList.namespaceColumnTitle": "命名空间", "xpack.fleet.dataStreamList.noDataStreamsPrompt": "无数据流", "xpack.fleet.dataStreamList.noFilteredDataStreamsMessage": "找不到匹配的数据流", - "xpack.fleet.dataStreamList.pageSubtitle": "管理您的代理创建的数据。", - "xpack.fleet.dataStreamList.pageTitle": "数据流", "xpack.fleet.dataStreamList.reloadDataStreamsButtonText": "重新加载", "xpack.fleet.dataStreamList.searchPlaceholderTitle": "筛选数据流", "xpack.fleet.dataStreamList.sizeColumnTitle": "大小", @@ -9276,8 +9263,6 @@ "xpack.fleet.integrations.updatePackage.updatePackageButtonLabel": "更新到最新版本", "xpack.fleet.invalidLicenseDescription": "您当前的许可证已过期。已注册 Beats 代理将继续工作,但您需要有效的许可证,才能访问 Elastic Fleet 界面。", "xpack.fleet.invalidLicenseTitle": "已过期许可证", - "xpack.fleet.listTabs.agentTitle": "代理", - "xpack.fleet.listTabs.enrollmentTokensTitle": "注册令牌", "xpack.fleet.namespaceValidation.invalidCharactersErrorMessage": "命名空间包含无效字符", "xpack.fleet.namespaceValidation.lowercaseErrorMessage": "命名空间必须小写", "xpack.fleet.namespaceValidation.requiredErrorMessage": "“命名空间”必填", @@ -9290,33 +9275,8 @@ "xpack.fleet.noAccess.accessDeniedDescription": "您无权访问 Elastic Fleet。要使用 Elastic Fleet,您需要包含此应用程序读取权限或所有权限的用户角色。", "xpack.fleet.noAccess.accessDeniedTitle": "访问被拒绝", "xpack.fleet.oldAppTitle": "采集管理器", - "xpack.fleet.overviewAgentActiveTitle": "活动", - "xpack.fleet.overviewAgentErrorTitle": "错误", - "xpack.fleet.overviewAgentOfflineTitle": "脱机", - "xpack.fleet.overviewAgentTotalTitle": "代理总数", - "xpack.fleet.overviewDatastreamNamespacesTitle": "命名空间", - "xpack.fleet.overviewDatastreamSizeTitle": "总大小", - "xpack.fleet.overviewDatastreamTotalTitle": "数据流", - "xpack.fleet.overviewIntegrationsInstalledTitle": "已安装", - "xpack.fleet.overviewIntegrationsTotalTitle": "可用总计", - "xpack.fleet.overviewIntegrationsUpdatesAvailableTitle": "可用更新", - "xpack.fleet.overviewPackagePolicyTitle": "已使用的集成", - "xpack.fleet.overviewPageAgentsPanelTitle": "代理", - "xpack.fleet.overviewPageDataStreamsPanelAction": "查看数据流", - "xpack.fleet.overviewPageDataStreamsPanelTitle": "数据流", - "xpack.fleet.overviewPageDataStreamsPanelTooltip": "您的代理收集的数据组织到各种数据流中。", - "xpack.fleet.overviewPageEnrollAgentButton": "添加代理", - "xpack.fleet.overviewPageFleetPanelAction": "查看代理", - "xpack.fleet.overviewPageFleetPanelTooltip": "使用 Fleet 注册代理并从中央位置管理其策略。", - "xpack.fleet.overviewPageIntegrationsPanelAction": "查看集成", - "xpack.fleet.overviewPageIntegrationsPanelTitle": "集成", - "xpack.fleet.overviewPageIntegrationsPanelTooltip": "浏览并安装适用于 Elastic Stack 的集成。将集成添加到您的代理策略,以开始发送数据。", - "xpack.fleet.overviewPagePoliciesPanelAction": "查看策略", - "xpack.fleet.overviewPagePoliciesPanelTitle": "代理策略", - "xpack.fleet.overviewPagePoliciesPanelTooltip": "使用代理策略控制您的代理收集的数据。", "xpack.fleet.overviewPageSubtitle": "在集中位置管理 Elastic 代理及其策略。", "xpack.fleet.overviewPageTitle": "Fleet", - "xpack.fleet.overviewPolicyTotalTitle": "可用总计", "xpack.fleet.packagePolicyInputOverrideError": "输入类型 {inputType} 在软件包 {packageName} 上不存在", "xpack.fleet.packagePolicyStreamOverrideError": "数据流 {streamSet} 在软件包 {packageName} 的 {inputType} 上不存在", "xpack.fleet.packagePolicyStreamVarOverrideError": "变量 {varName} 在软件包 {packageName} 的 {inputType} 的 {streamSet} 上不存在", @@ -14209,7 +14169,6 @@ "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionMeanRecallStat": "平均召回率", "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionOverallAccuracyStat": "总体准确率", "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionOverallAccuracyTooltip": "正确类预测数目与预测总数的比率。", - "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionRocInfoTooltip": "接受者操作特性 (ROC) 曲线是表示在不同预测概率阈值下分类过程的性能绘图。", "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionRocTitle": "接受者操作特性 (ROC) 曲线", "xpack.ml.dataframe.analytics.classificationExploration.evaluateSectionTitle": "模型评估", "xpack.ml.dataframe.analytics.classificationExploration.generalizationDocsCount": "{docsCount, plural, other {个文档}}已评估", @@ -18256,15 +18215,15 @@ "xpack.rollupJobs.detailPanel.jobActionMenu.buttonLabel": "管理", "xpack.rollupJobs.detailPanel.loadingLabel": "正在加载汇总/打包作业……", "xpack.rollupJobs.detailPanel.notFoundLabel": "未找到汇总/打包作业", - "indexPatternManagement.editRollupIndexPattern.createIndex.defaultButtonDescription": "针对汇总数据执行有限聚合", - "indexPatternManagement.editRollupIndexPattern.createIndex.defaultButtonText": "汇总/打包索引模式", - "indexPatternManagement.editRollupIndexPattern.createIndex.defaultTypeName": "汇总/打包索引模式", - "indexPatternManagement.editRollupIndexPattern.createIndex.indexLabel": "汇总/打包", - "indexPatternManagement.editRollupIndexPattern.createIndex.noMatchError": "汇总/打包索引模式错误:必须匹配一个汇总/打包索引", - "indexPatternManagement.editRollupIndexPattern.createIndex.tooManyMatchesError": "汇总/打包索引模式错误:只能匹配一个汇总/打包索引", - "indexPatternManagement.editRollupIndexPattern.createIndex.uncaughtError": "汇总索引模式错误:{error}", - "indexPatternManagement.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph1Text": "Kibana 对汇总/打包索引模式的支持处于公测版状态。将这些模式用于已保存搜索、可视化以及仪表板可能会遇到问题。某些高级功能,如 Timelion 和 Machine Learning,不支持这些模式。", - "indexPatternManagement.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph2Text": "可以根据一个汇总/打包索引和零个或更多常规索引匹配汇总/打包索引模式。汇总/打包索引模式的指标、字段、时间间隔和聚合有限。汇总/打包索引仅限于具有一个作业配置或多个作业配置兼容的索引。", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.defaultButtonDescription": "针对汇总数据执行有限聚合", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.defaultButtonText": "汇总/打包索引模式", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.defaultTypeName": "汇总/打包索引模式", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.indexLabel": "汇总/打包", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.noMatchError": "汇总/打包索引模式错误:必须匹配一个汇总/打包索引", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.tooManyMatchesError": "汇总/打包索引模式错误:只能匹配一个汇总/打包索引", + "xpack.rollupJobs.editRollupIndexPattern.createIndex.uncaughtError": "汇总索引模式错误:{error}", + "xpack.rollupJobs.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph1Text": "Kibana 对汇总/打包索引模式的支持处于公测版状态。将这些模式用于已保存搜索、可视化以及仪表板可能会遇到问题。某些高级功能,如 Timelion 和 Machine Learning,不支持这些模式。", + "xpack.rollupJobs.editRollupIndexPattern.rollupPrompt.betaCalloutParagraph2Text": "可以根据一个汇总/打包索引和零个或更多常规索引匹配汇总/打包索引模式。汇总/打包索引模式的指标、字段、时间间隔和聚合有限。汇总/打包索引仅限于具有一个作业配置或多个作业配置兼容的索引。", "xpack.rollupJobs.featureCatalogueDescription": "汇总历史数据并将其存储在较小的索引中以供将来分析。", "xpack.rollupJobs.indexMgmtBadge.rollupLabel": "汇总/打包", "xpack.rollupJobs.indexMgmtToggle.toggleLabel": "包括汇总索引", @@ -24667,8 +24626,6 @@ "xpack.watcher.sections.watchEdit.json.titlePanel.editWatchTitle": "编辑 {watchName}", "xpack.watcher.sections.watchEdit.loadingWatchDescription": "正在加载监视……", "xpack.watcher.sections.watchEdit.loadingWatchVisualizationDescription": "正在加载监视可视化……", - "xpack.watcher.sections.watchEdit.monitoring.edit.calloutDescriptionText": "监视“{watchName}”为系统监视,无法编辑。{watchStatusLink}", - "xpack.watcher.sections.watchEdit.monitoring.edit.calloutTitleText": "此监视无法编辑。", "xpack.watcher.sections.watchEdit.monitoring.header.watchLinkTitle": "查看监视状态。", "xpack.watcher.sections.watchEdit.simulate.form.actionModesFieldLabel": "操作模式", "xpack.watcher.sections.watchEdit.simulate.form.actionOverridesDescription": "允许监视执行或跳过操作。{actionsLink}", diff --git a/x-pack/plugins/uptime/public/components/common/header/action_menu_content.tsx b/x-pack/plugins/uptime/public/components/common/header/action_menu_content.tsx index ac7c8ae0a95c65..da32ffd41853bc 100644 --- a/x-pack/plugins/uptime/public/components/common/header/action_menu_content.tsx +++ b/x-pack/plugins/uptime/public/components/common/header/action_menu_content.tsx @@ -49,19 +49,19 @@ export function ActionMenuContent(): React.ReactElement { ); return ( - + @@ -72,12 +72,13 @@ export function ActionMenuContent(): React.ReactElement { {ANALYZE_MESSAGE}

}> {ANALYZE_DATA} diff --git a/x-pack/plugins/uptime/public/components/fleet_package/contexts/http_context.tsx b/x-pack/plugins/uptime/public/components/fleet_package/contexts/http_context.tsx new file mode 100644 index 00000000000000..d1306836afa9c8 --- /dev/null +++ b/x-pack/plugins/uptime/public/components/fleet_package/contexts/http_context.tsx @@ -0,0 +1,60 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { createContext, useContext, useMemo, useState } from 'react'; +import { IHTTPSimpleFields, ConfigKeys, ScheduleUnit, DataStream } from '../types'; + +interface IHTTPSimpleFieldsContext { + setFields: React.Dispatch>; + fields: IHTTPSimpleFields; + defaultValues: IHTTPSimpleFields; +} + +interface IHTTPSimpleFieldsContextProvider { + children: React.ReactNode; + defaultValues?: IHTTPSimpleFields; +} + +export const initialValues = { + [ConfigKeys.URLS]: '', + [ConfigKeys.MAX_REDIRECTS]: '0', + [ConfigKeys.MONITOR_TYPE]: DataStream.HTTP, + [ConfigKeys.SCHEDULE]: { + number: '3', + unit: ScheduleUnit.MINUTES, + }, + [ConfigKeys.APM_SERVICE_NAME]: '', + [ConfigKeys.TAGS]: [], + [ConfigKeys.TIMEOUT]: '16', +}; + +const defaultContext: IHTTPSimpleFieldsContext = { + setFields: (_fields: React.SetStateAction) => { + throw new Error( + 'setFields was not initialized for HTTP Simple Fields, set it when you invoke the context' + ); + }, + fields: initialValues, // mutable + defaultValues: initialValues, // immutable +}; + +export const HTTPSimpleFieldsContext = createContext(defaultContext); + +export const HTTPSimpleFieldsContextProvider = ({ + children, + defaultValues = initialValues, +}: IHTTPSimpleFieldsContextProvider) => { + const [fields, setFields] = useState(defaultValues); + + const value = useMemo(() => { + return { fields, setFields, defaultValues }; + }, [fields, defaultValues]); + + return ; +}; + +export const useHTTPSimpleFieldsContext = () => useContext(HTTPSimpleFieldsContext); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/contexts/http_provider.tsx b/x-pack/plugins/uptime/public/components/fleet_package/contexts/http_provider.tsx new file mode 100644 index 00000000000000..e48de76862e24a --- /dev/null +++ b/x-pack/plugins/uptime/public/components/fleet_package/contexts/http_provider.tsx @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { ReactNode } from 'react'; +import { IHTTPSimpleFields, IHTTPAdvancedFields, ITLSFields, ConfigKeys } from '../types'; +import { + HTTPSimpleFieldsContextProvider, + HTTPAdvancedFieldsContextProvider, + TLSFieldsContextProvider, +} from '.'; + +interface HTTPContextProviderProps { + defaultValues?: any; + children: ReactNode; +} + +export const HTTPContextProvider = ({ defaultValues, children }: HTTPContextProviderProps) => { + const httpAdvancedFields: IHTTPAdvancedFields | undefined = defaultValues + ? { + [ConfigKeys.USERNAME]: defaultValues[ConfigKeys.USERNAME], + [ConfigKeys.PASSWORD]: defaultValues[ConfigKeys.PASSWORD], + [ConfigKeys.PROXY_URL]: defaultValues[ConfigKeys.PROXY_URL], + [ConfigKeys.RESPONSE_BODY_CHECK_NEGATIVE]: + defaultValues[ConfigKeys.RESPONSE_BODY_CHECK_NEGATIVE], + [ConfigKeys.RESPONSE_BODY_CHECK_POSITIVE]: + defaultValues[ConfigKeys.RESPONSE_BODY_CHECK_POSITIVE], + [ConfigKeys.RESPONSE_BODY_INDEX]: defaultValues[ConfigKeys.RESPONSE_BODY_INDEX], + [ConfigKeys.RESPONSE_HEADERS_CHECK]: defaultValues[ConfigKeys.RESPONSE_HEADERS_CHECK], + [ConfigKeys.RESPONSE_HEADERS_INDEX]: defaultValues[ConfigKeys.RESPONSE_HEADERS_INDEX], + [ConfigKeys.RESPONSE_STATUS_CHECK]: defaultValues[ConfigKeys.RESPONSE_STATUS_CHECK], + [ConfigKeys.REQUEST_BODY_CHECK]: defaultValues[ConfigKeys.REQUEST_BODY_CHECK], + [ConfigKeys.REQUEST_HEADERS_CHECK]: defaultValues[ConfigKeys.REQUEST_HEADERS_CHECK], + [ConfigKeys.REQUEST_METHOD_CHECK]: defaultValues[ConfigKeys.REQUEST_METHOD_CHECK], + } + : undefined; + const httpSimpleFields: IHTTPSimpleFields | undefined = defaultValues + ? { + [ConfigKeys.APM_SERVICE_NAME]: defaultValues[ConfigKeys.APM_SERVICE_NAME], + [ConfigKeys.MAX_REDIRECTS]: defaultValues[ConfigKeys.MAX_REDIRECTS], + [ConfigKeys.MONITOR_TYPE]: defaultValues[ConfigKeys.MONITOR_TYPE], + [ConfigKeys.SCHEDULE]: defaultValues[ConfigKeys.SCHEDULE], + [ConfigKeys.TAGS]: defaultValues[ConfigKeys.TAGS], + [ConfigKeys.TIMEOUT]: defaultValues[ConfigKeys.TIMEOUT], + [ConfigKeys.URLS]: defaultValues[ConfigKeys.URLS], + } + : undefined; + const tlsFields: ITLSFields | undefined = defaultValues + ? { + [ConfigKeys.TLS_CERTIFICATE_AUTHORITIES]: + defaultValues[ConfigKeys.TLS_CERTIFICATE_AUTHORITIES], + [ConfigKeys.TLS_CERTIFICATE]: defaultValues[ConfigKeys.TLS_CERTIFICATE], + [ConfigKeys.TLS_KEY]: defaultValues[ConfigKeys.TLS_KEY], + [ConfigKeys.TLS_KEY_PASSPHRASE]: defaultValues[ConfigKeys.TLS_KEY_PASSPHRASE], + [ConfigKeys.TLS_VERIFICATION_MODE]: defaultValues[ConfigKeys.TLS_VERIFICATION_MODE], + [ConfigKeys.TLS_VERSION]: defaultValues[ConfigKeys.TLS_VERSION], + } + : undefined; + return ( + + + {children} + + + ); +}; diff --git a/x-pack/plugins/uptime/public/components/fleet_package/contexts/icmp_context.tsx b/x-pack/plugins/uptime/public/components/fleet_package/contexts/icmp_context.tsx new file mode 100644 index 00000000000000..93c67c6133ce9f --- /dev/null +++ b/x-pack/plugins/uptime/public/components/fleet_package/contexts/icmp_context.tsx @@ -0,0 +1,61 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { createContext, useContext, useMemo, useState } from 'react'; +import { IICMPSimpleFields, ConfigKeys, ScheduleUnit, DataStream } from '../types'; + +interface IICMPSimpleFieldsContext { + setFields: React.Dispatch>; + fields: IICMPSimpleFields; + defaultValues: IICMPSimpleFields; +} + +interface IICMPSimpleFieldsContextProvider { + children: React.ReactNode; + defaultValues?: IICMPSimpleFields; +} + +export const initialValues = { + [ConfigKeys.HOSTS]: '', + [ConfigKeys.MAX_REDIRECTS]: '0', + [ConfigKeys.MONITOR_TYPE]: DataStream.ICMP, + [ConfigKeys.SCHEDULE]: { + number: '3', + unit: ScheduleUnit.MINUTES, + }, + [ConfigKeys.APM_SERVICE_NAME]: '', + [ConfigKeys.TAGS]: [], + [ConfigKeys.TIMEOUT]: '16', + [ConfigKeys.WAIT]: '1', +}; + +const defaultContext: IICMPSimpleFieldsContext = { + setFields: (_fields: React.SetStateAction) => { + throw new Error( + 'setFields was not initialized for ICMP Simple Fields, set it when you invoke the context' + ); + }, + fields: initialValues, // mutable + defaultValues: initialValues, // immutable +}; + +export const ICMPSimpleFieldsContext = createContext(defaultContext); + +export const ICMPSimpleFieldsContextProvider = ({ + children, + defaultValues = initialValues, +}: IICMPSimpleFieldsContextProvider) => { + const [fields, setFields] = useState(defaultValues); + + const value = useMemo(() => { + return { fields, setFields, defaultValues }; + }, [fields, defaultValues]); + + return ; +}; + +export const useICMPSimpleFieldsContext = () => useContext(ICMPSimpleFieldsContext); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/contexts/index.ts b/x-pack/plugins/uptime/public/components/fleet_package/contexts/index.ts index bea3e9d5641a57..f84a4e75df922a 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/contexts/index.ts +++ b/x-pack/plugins/uptime/public/components/fleet_package/contexts/index.ts @@ -6,11 +6,29 @@ */ export { - SimpleFieldsContext, - SimpleFieldsContextProvider, - initialValues as defaultSimpleFields, - useSimpleFieldsContext, -} from './simple_fields_context'; + MonitorTypeContext, + MonitorTypeContextProvider, + initialValue as defaultMonitorType, + useMonitorTypeContext, +} from './monitor_type_context'; +export { + HTTPSimpleFieldsContext, + HTTPSimpleFieldsContextProvider, + initialValues as defaultHTTPSimpleFields, + useHTTPSimpleFieldsContext, +} from './http_context'; +export { + TCPSimpleFieldsContext, + TCPSimpleFieldsContextProvider, + initialValues as defaultTCPSimpleFields, + useTCPSimpleFieldsContext, +} from './tcp_context'; +export { + ICMPSimpleFieldsContext, + ICMPSimpleFieldsContextProvider, + initialValues as defaultICMPSimpleFields, + useICMPSimpleFieldsContext, +} from './icmp_context'; export { TCPAdvancedFieldsContext, TCPAdvancedFieldsContextProvider, @@ -29,3 +47,5 @@ export { initialValues as defaultTLSFields, useTLSFieldsContext, } from './tls_fields_context'; +export { HTTPContextProvider } from './http_provider'; +export { TCPContextProvider } from './tcp_provider'; diff --git a/x-pack/plugins/uptime/public/components/fleet_package/contexts/monitor_type_context.tsx b/x-pack/plugins/uptime/public/components/fleet_package/contexts/monitor_type_context.tsx new file mode 100644 index 00000000000000..6e9a5de83c2fe1 --- /dev/null +++ b/x-pack/plugins/uptime/public/components/fleet_package/contexts/monitor_type_context.tsx @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { createContext, useContext, useMemo, useState } from 'react'; +import { DataStream } from '../types'; + +interface IMonitorTypeFieldsContext { + setMonitorType: React.Dispatch>; + monitorType: DataStream; + defaultValue: DataStream; +} + +interface IMonitorTypeFieldsContextProvider { + children: React.ReactNode; + defaultValue?: DataStream; +} + +export const initialValue = DataStream.HTTP; + +const defaultContext: IMonitorTypeFieldsContext = { + setMonitorType: (_monitorType: React.SetStateAction) => { + throw new Error('setMonitorType was not initialized, set it when you invoke the context'); + }, + monitorType: initialValue, // mutable + defaultValue: initialValue, // immutable +}; + +export const MonitorTypeContext = createContext(defaultContext); + +export const MonitorTypeContextProvider = ({ + children, + defaultValue = initialValue, +}: IMonitorTypeFieldsContextProvider) => { + const [monitorType, setMonitorType] = useState(defaultValue); + + const value = useMemo(() => { + return { monitorType, setMonitorType, defaultValue }; + }, [monitorType, defaultValue]); + + return ; +}; + +export const useMonitorTypeContext = () => useContext(MonitorTypeContext); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/contexts/simple_fields_context.tsx b/x-pack/plugins/uptime/public/components/fleet_package/contexts/simple_fields_context.tsx deleted file mode 100644 index 1d981ed4c2c8fb..00000000000000 --- a/x-pack/plugins/uptime/public/components/fleet_package/contexts/simple_fields_context.tsx +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React, { createContext, useContext, useMemo, useState } from 'react'; -import { ISimpleFields, ConfigKeys, ScheduleUnit, DataStream } from '../types'; - -interface ISimpleFieldsContext { - setFields: React.Dispatch>; - fields: ISimpleFields; - defaultValues: ISimpleFields; -} - -interface ISimpleFieldsContextProvider { - children: React.ReactNode; - defaultValues?: ISimpleFields; -} - -export const initialValues = { - [ConfigKeys.HOSTS]: '', - [ConfigKeys.MAX_REDIRECTS]: '0', - [ConfigKeys.MONITOR_TYPE]: DataStream.HTTP, - [ConfigKeys.SCHEDULE]: { - number: '3', - unit: ScheduleUnit.MINUTES, - }, - [ConfigKeys.APM_SERVICE_NAME]: '', - [ConfigKeys.TAGS]: [], - [ConfigKeys.TIMEOUT]: '16', - [ConfigKeys.URLS]: '', - [ConfigKeys.WAIT]: '1', -}; - -const defaultContext: ISimpleFieldsContext = { - setFields: (_fields: React.SetStateAction) => { - throw new Error('setSimpleFields was not initialized, set it when you invoke the context'); - }, - fields: initialValues, // mutable - defaultValues: initialValues, // immutable -}; - -export const SimpleFieldsContext = createContext(defaultContext); - -export const SimpleFieldsContextProvider = ({ - children, - defaultValues = initialValues, -}: ISimpleFieldsContextProvider) => { - const [fields, setFields] = useState(defaultValues); - - const value = useMemo(() => { - return { fields, setFields, defaultValues }; - }, [fields, defaultValues]); - - return ; -}; - -export const useSimpleFieldsContext = () => useContext(SimpleFieldsContext); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/contexts/tcp_context.tsx b/x-pack/plugins/uptime/public/components/fleet_package/contexts/tcp_context.tsx new file mode 100644 index 00000000000000..6020a7ff2bff8d --- /dev/null +++ b/x-pack/plugins/uptime/public/components/fleet_package/contexts/tcp_context.tsx @@ -0,0 +1,60 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { createContext, useContext, useMemo, useState } from 'react'; +import { ITCPSimpleFields, ConfigKeys, ScheduleUnit, DataStream } from '../types'; + +interface ITCPSimpleFieldsContext { + setFields: React.Dispatch>; + fields: ITCPSimpleFields; + defaultValues: ITCPSimpleFields; +} + +interface ITCPSimpleFieldsContextProvider { + children: React.ReactNode; + defaultValues?: ITCPSimpleFields; +} + +export const initialValues = { + [ConfigKeys.HOSTS]: '', + [ConfigKeys.MAX_REDIRECTS]: '0', + [ConfigKeys.MONITOR_TYPE]: DataStream.TCP, + [ConfigKeys.SCHEDULE]: { + number: '3', + unit: ScheduleUnit.MINUTES, + }, + [ConfigKeys.APM_SERVICE_NAME]: '', + [ConfigKeys.TAGS]: [], + [ConfigKeys.TIMEOUT]: '16', +}; + +const defaultContext: ITCPSimpleFieldsContext = { + setFields: (_fields: React.SetStateAction) => { + throw new Error( + 'setFields was not initialized for TCP Simple Fields, set it when you invoke the context' + ); + }, + fields: initialValues, // mutable + defaultValues: initialValues, // immutable +}; + +export const TCPSimpleFieldsContext = createContext(defaultContext); + +export const TCPSimpleFieldsContextProvider = ({ + children, + defaultValues = initialValues, +}: ITCPSimpleFieldsContextProvider) => { + const [fields, setFields] = useState(defaultValues); + + const value = useMemo(() => { + return { fields, setFields, defaultValues }; + }, [fields, defaultValues]); + + return ; +}; + +export const useTCPSimpleFieldsContext = () => useContext(TCPSimpleFieldsContext); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/contexts/tcp_provider.tsx b/x-pack/plugins/uptime/public/components/fleet_package/contexts/tcp_provider.tsx new file mode 100644 index 00000000000000..666839803f4d67 --- /dev/null +++ b/x-pack/plugins/uptime/public/components/fleet_package/contexts/tcp_provider.tsx @@ -0,0 +1,62 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { ReactNode } from 'react'; +import { ConfigKeys, ITCPSimpleFields, ITCPAdvancedFields, ITLSFields } from '../types'; +import { + TCPSimpleFieldsContextProvider, + TCPAdvancedFieldsContextProvider, + TLSFieldsContextProvider, +} from '.'; + +interface TCPContextProviderProps { + defaultValues?: any; + children: ReactNode; +} + +/** + * Exports Synthetics-specific package policy instructions + * for use in the Ingest app create / edit package policy + */ +export const TCPContextProvider = ({ defaultValues, children }: TCPContextProviderProps) => { + const tcpSimpleFields: ITCPSimpleFields | undefined = defaultValues + ? { + [ConfigKeys.APM_SERVICE_NAME]: defaultValues[ConfigKeys.APM_SERVICE_NAME], + [ConfigKeys.HOSTS]: defaultValues[ConfigKeys.HOSTS], + [ConfigKeys.MONITOR_TYPE]: defaultValues[ConfigKeys.MONITOR_TYPE], + [ConfigKeys.SCHEDULE]: defaultValues[ConfigKeys.SCHEDULE], + [ConfigKeys.TAGS]: defaultValues[ConfigKeys.TAGS], + [ConfigKeys.TIMEOUT]: defaultValues[ConfigKeys.TIMEOUT], + } + : undefined; + const tcpAdvancedFields: ITCPAdvancedFields | undefined = defaultValues + ? { + [ConfigKeys.PROXY_URL]: defaultValues[ConfigKeys.PROXY_URL], + [ConfigKeys.PROXY_USE_LOCAL_RESOLVER]: defaultValues[ConfigKeys.PROXY_USE_LOCAL_RESOLVER], + [ConfigKeys.RESPONSE_RECEIVE_CHECK]: defaultValues[ConfigKeys.RESPONSE_RECEIVE_CHECK], + [ConfigKeys.REQUEST_SEND_CHECK]: defaultValues[ConfigKeys.REQUEST_SEND_CHECK], + } + : undefined; + const tlsFields: ITLSFields | undefined = defaultValues + ? { + [ConfigKeys.TLS_CERTIFICATE_AUTHORITIES]: + defaultValues[ConfigKeys.TLS_CERTIFICATE_AUTHORITIES], + [ConfigKeys.TLS_CERTIFICATE]: defaultValues[ConfigKeys.TLS_CERTIFICATE], + [ConfigKeys.TLS_KEY]: defaultValues[ConfigKeys.TLS_KEY], + [ConfigKeys.TLS_KEY_PASSPHRASE]: defaultValues[ConfigKeys.TLS_KEY_PASSPHRASE], + [ConfigKeys.TLS_VERIFICATION_MODE]: defaultValues[ConfigKeys.TLS_VERIFICATION_MODE], + [ConfigKeys.TLS_VERSION]: defaultValues[ConfigKeys.TLS_VERSION], + } + : undefined; + return ( + + + {children} + + + ); +}; diff --git a/x-pack/plugins/uptime/public/components/fleet_package/custom_fields.test.tsx b/x-pack/plugins/uptime/public/components/fleet_package/custom_fields.test.tsx index b5fec58d4da850..e114ea72b8f49c 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/custom_fields.test.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/custom_fields.test.tsx @@ -9,18 +9,15 @@ import React from 'react'; import { fireEvent, waitFor } from '@testing-library/react'; import { render } from '../../lib/helper/rtl_helpers'; import { - SimpleFieldsContextProvider, - HTTPAdvancedFieldsContextProvider, - TCPAdvancedFieldsContextProvider, - TLSFieldsContextProvider, - defaultSimpleFields, - defaultTLSFields, - defaultHTTPAdvancedFields, - defaultTCPAdvancedFields, + TCPContextProvider, + HTTPContextProvider, + ICMPSimpleFieldsContextProvider, + MonitorTypeContextProvider, } from './contexts'; import { CustomFields } from './custom_fields'; import { ConfigKeys, DataStream, ScheduleUnit } from './types'; import { validate as centralValidation } from './validation'; +import { defaultConfig } from './synthetics_policy_create_extension'; // ensures that fields appropriately match to their label jest.mock('@elastic/eui/lib/services/accessibility/html_id_generator', () => ({ @@ -29,25 +26,21 @@ jest.mock('@elastic/eui/lib/services/accessibility/html_id_generator', () => ({ const defaultValidation = centralValidation[DataStream.HTTP]; -const defaultConfig = { - ...defaultSimpleFields, - ...defaultTLSFields, - ...defaultHTTPAdvancedFields, - ...defaultTCPAdvancedFields, -}; +const defaultHTTPConfig = defaultConfig[DataStream.HTTP]; +const defaultTCPConfig = defaultConfig[DataStream.TCP]; describe('', () => { const WrappedComponent = ({ validate = defaultValidation, typeEditable = false }) => { return ( - - - - + + + + - - - - + + + + ); }; @@ -63,20 +56,20 @@ describe('', () => { const timeout = getByLabelText('Timeout in seconds') as HTMLInputElement; expect(monitorType).not.toBeInTheDocument(); expect(url).toBeInTheDocument(); - expect(url.value).toEqual(defaultConfig[ConfigKeys.URLS]); + expect(url.value).toEqual(defaultHTTPConfig[ConfigKeys.URLS]); expect(proxyUrl).toBeInTheDocument(); - expect(proxyUrl.value).toEqual(defaultConfig[ConfigKeys.PROXY_URL]); + expect(proxyUrl.value).toEqual(defaultHTTPConfig[ConfigKeys.PROXY_URL]); expect(monitorIntervalNumber).toBeInTheDocument(); - expect(monitorIntervalNumber.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].number); + expect(monitorIntervalNumber.value).toEqual(defaultHTTPConfig[ConfigKeys.SCHEDULE].number); expect(monitorIntervalUnit).toBeInTheDocument(); - expect(monitorIntervalUnit.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].unit); + expect(monitorIntervalUnit.value).toEqual(defaultHTTPConfig[ConfigKeys.SCHEDULE].unit); // expect(tags).toBeInTheDocument(); expect(apmServiceName).toBeInTheDocument(); - expect(apmServiceName.value).toEqual(defaultConfig[ConfigKeys.APM_SERVICE_NAME]); + expect(apmServiceName.value).toEqual(defaultHTTPConfig[ConfigKeys.APM_SERVICE_NAME]); expect(maxRedirects).toBeInTheDocument(); - expect(maxRedirects.value).toEqual(`${defaultConfig[ConfigKeys.MAX_REDIRECTS]}`); + expect(maxRedirects.value).toEqual(`${defaultHTTPConfig[ConfigKeys.MAX_REDIRECTS]}`); expect(timeout).toBeInTheDocument(); - expect(timeout.value).toEqual(`${defaultConfig[ConfigKeys.TIMEOUT]}`); + expect(timeout.value).toEqual(`${defaultHTTPConfig[ConfigKeys.TIMEOUT]}`); // ensure other monitor type options are not in the DOM expect(queryByLabelText('Host')).not.toBeInTheDocument(); @@ -116,11 +109,15 @@ describe('', () => { expect(verificationMode).toBeInTheDocument(); await waitFor(() => { - expect(ca.value).toEqual(defaultConfig[ConfigKeys.TLS_CERTIFICATE_AUTHORITIES].value); - expect(clientKey.value).toEqual(defaultConfig[ConfigKeys.TLS_KEY].value); - expect(clientKeyPassphrase.value).toEqual(defaultConfig[ConfigKeys.TLS_KEY_PASSPHRASE].value); - expect(clientCertificate.value).toEqual(defaultConfig[ConfigKeys.TLS_CERTIFICATE].value); - expect(verificationMode.value).toEqual(defaultConfig[ConfigKeys.TLS_VERIFICATION_MODE].value); + expect(ca.value).toEqual(defaultHTTPConfig[ConfigKeys.TLS_CERTIFICATE_AUTHORITIES].value); + expect(clientKey.value).toEqual(defaultHTTPConfig[ConfigKeys.TLS_KEY].value); + expect(clientKeyPassphrase.value).toEqual( + defaultHTTPConfig[ConfigKeys.TLS_KEY_PASSPHRASE].value + ); + expect(clientCertificate.value).toEqual(defaultHTTPConfig[ConfigKeys.TLS_CERTIFICATE].value); + expect(verificationMode.value).toEqual( + defaultHTTPConfig[ConfigKeys.TLS_VERIFICATION_MODE].value + ); }); }); @@ -157,14 +154,14 @@ describe('', () => { ); const monitorType = getByLabelText('Monitor Type') as HTMLInputElement; expect(monitorType).toBeInTheDocument(); - expect(monitorType.value).toEqual(defaultConfig[ConfigKeys.MONITOR_TYPE]); + expect(monitorType.value).toEqual(defaultHTTPConfig[ConfigKeys.MONITOR_TYPE]); fireEvent.change(monitorType, { target: { value: DataStream.TCP } }); // expect tcp fields to be in the DOM const host = getByLabelText('Host:Port') as HTMLInputElement; expect(host).toBeInTheDocument(); - expect(host.value).toEqual(defaultConfig[ConfigKeys.HOSTS]); + expect(host.value).toEqual(defaultTCPConfig[ConfigKeys.HOSTS]); // expect HTTP fields not to be in the DOM expect(queryByLabelText('URL')).not.toBeInTheDocument(); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/custom_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/custom_fields.tsx index e6703a6eaa97cd..0d9291261b82d6 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/custom_fields.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/custom_fields.tsx @@ -5,28 +5,26 @@ * 2.0. */ -import React, { useEffect, useState, memo } from 'react'; +import React, { useState, memo } from 'react'; import { FormattedMessage } from '@kbn/i18n/react'; import { EuiFlexGroup, EuiFlexItem, EuiForm, EuiFormRow, - EuiFieldText, - EuiFieldNumber, EuiSelect, EuiSpacer, EuiDescribedFormGroup, EuiCheckbox, } from '@elastic/eui'; -import { ConfigKeys, DataStream, ISimpleFields, Validation } from './types'; -import { useSimpleFieldsContext } from './contexts'; +import { ConfigKeys, DataStream, Validation } from './types'; +import { useMonitorTypeContext } from './contexts'; import { TLSFields, TLSRole } from './tls_fields'; -import { ComboBox } from './combo_box'; -import { OptionalLabel } from './optional_label'; -import { HTTPAdvancedFields } from './http_advanced_fields'; -import { TCPAdvancedFields } from './tcp_advanced_fields'; -import { ScheduleField } from './schedule_field'; +import { HTTPSimpleFields } from './http/simple_fields'; +import { HTTPAdvancedFields } from './http/advanced_fields'; +import { TCPSimpleFields } from './tcp/simple_fields'; +import { TCPAdvancedFields } from './tcp/advanced_fields'; +import { ICMPSimpleFields } from './icmp/simple_fields'; interface Props { typeEditable?: boolean; @@ -37,26 +35,22 @@ interface Props { export const CustomFields = memo( ({ typeEditable = false, isTLSEnabled: defaultIsTLSEnabled = false, validate }) => { const [isTLSEnabled, setIsTLSEnabled] = useState(defaultIsTLSEnabled); - const { fields, setFields, defaultValues } = useSimpleFieldsContext(); - const { type } = fields; + const { monitorType, setMonitorType } = useMonitorTypeContext(); - const isHTTP = fields[ConfigKeys.MONITOR_TYPE] === DataStream.HTTP; - const isTCP = fields[ConfigKeys.MONITOR_TYPE] === DataStream.TCP; - const isICMP = fields[ConfigKeys.MONITOR_TYPE] === DataStream.ICMP; + const isHTTP = monitorType === DataStream.HTTP; + const isTCP = monitorType === DataStream.TCP; - // reset monitor type specific fields any time a monitor type is switched - useEffect(() => { - if (typeEditable) { - setFields((prevFields: ISimpleFields) => ({ - ...prevFields, - [ConfigKeys.HOSTS]: defaultValues[ConfigKeys.HOSTS], - [ConfigKeys.URLS]: defaultValues[ConfigKeys.URLS], - })); + const renderSimpleFields = (type: DataStream) => { + switch (type) { + case DataStream.HTTP: + return ; + case DataStream.ICMP: + return ; + case DataStream.TCP: + return ; + default: + return null; } - }, [defaultValues, type, typeEditable, setFields]); - - const handleInputChange = ({ value, configKey }: { value: unknown; configKey: ConfigKeys }) => { - setFields((prevFields) => ({ ...prevFields, [configKey]: value })); }; return ( @@ -88,7 +82,7 @@ export const CustomFields = memo( defaultMessage="Monitor Type" /> } - isInvalid={!!validate[ConfigKeys.MONITOR_TYPE]?.(fields[ConfigKeys.MONITOR_TYPE])} + isInvalid={!!validate[ConfigKeys.MONITOR_TYPE]?.(monitorType)} error={ ( > - handleInputChange({ - value: event.target.value, - configKey: ConfigKeys.MONITOR_TYPE, - }) - } + value={monitorType} + onChange={(event) => setMonitorType(event.target.value as DataStream)} data-test-subj="syntheticsMonitorTypeField" /> )} - {isHTTP && ( - - } - isInvalid={!!validate[ConfigKeys.URLS]?.(fields[ConfigKeys.URLS])} - error={ - - } - > - - handleInputChange({ value: event.target.value, configKey: ConfigKeys.URLS }) - } - data-test-subj="syntheticsUrlField" - /> - - )} - {isTCP && ( - - } - isInvalid={!!validate[ConfigKeys.HOSTS]?.(fields[ConfigKeys.HOSTS])} - error={ - - } - > - - handleInputChange({ - value: event.target.value, - configKey: ConfigKeys.HOSTS, - }) - } - data-test-subj="syntheticsTCPHostField" - /> - - )} - {isICMP && ( - - } - isInvalid={!!validate[ConfigKeys.HOSTS]?.(fields[ConfigKeys.HOSTS])} - error={ - - } - > - - handleInputChange({ - value: event.target.value, - configKey: ConfigKeys.HOSTS, - }) - } - data-test-subj="syntheticsICMPHostField" - /> - - )} - - } - isInvalid={!!validate[ConfigKeys.SCHEDULE]?.(fields[ConfigKeys.SCHEDULE])} - error={ - - } - > - - handleInputChange({ - value: schedule, - configKey: ConfigKeys.SCHEDULE, - }) - } - number={fields[ConfigKeys.SCHEDULE].number} - unit={fields[ConfigKeys.SCHEDULE].unit} - /> - - {isICMP && ( - - } - isInvalid={!!validate[ConfigKeys.WAIT]?.(fields[ConfigKeys.WAIT])} - error={ - - } - labelAppend={} - helpText={ - - } - > - - handleInputChange({ value: event.target.value, configKey: ConfigKeys.WAIT }) - } - step={'any'} - /> - - )} - - } - labelAppend={} - helpText={ - - } - > - - handleInputChange({ - value: event.target.value, - configKey: ConfigKeys.APM_SERVICE_NAME, - }) - } - data-test-subj="syntheticsAPMServiceName" - /> - - {isHTTP && ( - - } - isInvalid={ - !!validate[ConfigKeys.MAX_REDIRECTS]?.(fields[ConfigKeys.MAX_REDIRECTS]) - } - error={ - - } - labelAppend={} - helpText={ - - } - > - - handleInputChange({ - value: event.target.value, - configKey: ConfigKeys.MAX_REDIRECTS, - }) - } - /> - - )} - - } - isInvalid={ - !!validate[ConfigKeys.TIMEOUT]?.( - fields[ConfigKeys.TIMEOUT], - fields[ConfigKeys.SCHEDULE].number, - fields[ConfigKeys.SCHEDULE].unit - ) - } - error={ - - } - helpText={ - - } - > - - handleInputChange({ - value: event.target.value, - configKey: ConfigKeys.TIMEOUT, - }) - } - step={'any'} - /> - - - } - labelAppend={} - helpText={ - - } - > - handleInputChange({ value, configKey: ConfigKeys.TAGS })} - data-test-subj="syntheticsTags" - /> - + {renderSimpleFields(monitorType)} diff --git a/x-pack/plugins/uptime/public/components/fleet_package/http_advanced_fields.test.tsx b/x-pack/plugins/uptime/public/components/fleet_package/http/advanced_fields.test.tsx similarity index 95% rename from x-pack/plugins/uptime/public/components/fleet_package/http_advanced_fields.test.tsx rename to x-pack/plugins/uptime/public/components/fleet_package/http/advanced_fields.test.tsx index b1a37be1bffb67..69c1d897f7847d 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/http_advanced_fields.test.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/http/advanced_fields.test.tsx @@ -7,14 +7,14 @@ import React from 'react'; import { fireEvent } from '@testing-library/react'; -import { render } from '../../lib/helper/rtl_helpers'; -import { HTTPAdvancedFields } from './http_advanced_fields'; -import { ConfigKeys, DataStream, HTTPMethod, IHTTPAdvancedFields, Validation } from './types'; +import { render } from '../../../lib/helper/rtl_helpers'; +import { HTTPAdvancedFields } from './advanced_fields'; +import { ConfigKeys, DataStream, HTTPMethod, IHTTPAdvancedFields, Validation } from '../types'; import { HTTPAdvancedFieldsContextProvider, defaultHTTPAdvancedFields as defaultConfig, -} from './contexts'; -import { validate as centralValidation } from './validation'; +} from '../contexts'; +import { validate as centralValidation } from '../validation'; jest.mock('@elastic/eui/lib/services/accessibility/html_id_generator', () => ({ htmlIdGenerator: () => () => `id-${Math.random()}`, diff --git a/x-pack/plugins/uptime/public/components/fleet_package/http_advanced_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/http/advanced_fields.tsx similarity index 97% rename from x-pack/plugins/uptime/public/components/fleet_package/http_advanced_fields.tsx rename to x-pack/plugins/uptime/public/components/fleet_package/http/advanced_fields.tsx index 568ff526efb6e9..aeaa452c38db96 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/http_advanced_fields.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/http/advanced_fields.tsx @@ -20,15 +20,15 @@ import { EuiFieldPassword, } from '@elastic/eui'; -import { useHTTPAdvancedFieldsContext } from './contexts'; +import { useHTTPAdvancedFieldsContext } from '../contexts'; -import { ConfigKeys, HTTPMethod, Validation } from './types'; +import { ConfigKeys, HTTPMethod, Validation } from '../types'; -import { OptionalLabel } from './optional_label'; -import { HeaderField } from './header_field'; -import { RequestBodyField } from './request_body_field'; -import { ResponseBodyIndexField } from './index_response_body_field'; -import { ComboBox } from './combo_box'; +import { OptionalLabel } from '../optional_label'; +import { HeaderField } from '../header_field'; +import { RequestBodyField } from '../request_body_field'; +import { ResponseBodyIndexField } from '../index_response_body_field'; +import { ComboBox } from '../combo_box'; interface Props { validate: Validation; diff --git a/x-pack/plugins/uptime/public/components/fleet_package/http/simple_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/http/simple_fields.tsx new file mode 100644 index 00000000000000..d17b8c997e9e8d --- /dev/null +++ b/x-pack/plugins/uptime/public/components/fleet_package/http/simple_fields.tsx @@ -0,0 +1,200 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo } from 'react'; +import { FormattedMessage } from '@kbn/i18n/react'; +import { EuiFormRow, EuiFieldText, EuiFieldNumber } from '@elastic/eui'; +import { ConfigKeys, Validation } from '../types'; +import { useHTTPSimpleFieldsContext } from '../contexts'; +import { ComboBox } from '../combo_box'; +import { OptionalLabel } from '../optional_label'; +import { ScheduleField } from '../schedule_field'; + +interface Props { + validate: Validation; +} + +export const HTTPSimpleFields = memo(({ validate }) => { + const { fields, setFields } = useHTTPSimpleFieldsContext(); + const handleInputChange = ({ value, configKey }: { value: unknown; configKey: ConfigKeys }) => { + setFields((prevFields) => ({ ...prevFields, [configKey]: value })); + }; + + return ( + <> + + } + isInvalid={!!validate[ConfigKeys.URLS]?.(fields[ConfigKeys.URLS])} + error={ + + } + > + + handleInputChange({ value: event.target.value, configKey: ConfigKeys.URLS }) + } + data-test-subj="syntheticsUrlField" + /> + + + } + isInvalid={!!validate[ConfigKeys.SCHEDULE]?.(fields[ConfigKeys.SCHEDULE])} + error={ + + } + > + + handleInputChange({ + value: schedule, + configKey: ConfigKeys.SCHEDULE, + }) + } + number={fields[ConfigKeys.SCHEDULE].number} + unit={fields[ConfigKeys.SCHEDULE].unit} + /> + + + } + labelAppend={} + helpText={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.APM_SERVICE_NAME, + }) + } + data-test-subj="syntheticsAPMServiceName" + /> + + + } + isInvalid={!!validate[ConfigKeys.MAX_REDIRECTS]?.(fields[ConfigKeys.MAX_REDIRECTS])} + error={ + + } + labelAppend={} + helpText={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.MAX_REDIRECTS, + }) + } + /> + + + } + isInvalid={ + !!validate[ConfigKeys.TIMEOUT]?.( + fields[ConfigKeys.TIMEOUT], + fields[ConfigKeys.SCHEDULE].number, + fields[ConfigKeys.SCHEDULE].unit + ) + } + error={ + + } + helpText={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.TIMEOUT, + }) + } + step={'any'} + /> + + + } + labelAppend={} + helpText={ + + } + > + handleInputChange({ value, configKey: ConfigKeys.TAGS })} + data-test-subj="syntheticsTags" + /> + + + ); +}); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/icmp/simple_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/icmp/simple_fields.tsx new file mode 100644 index 00000000000000..3ca07c70673677 --- /dev/null +++ b/x-pack/plugins/uptime/public/components/fleet_package/icmp/simple_fields.tsx @@ -0,0 +1,204 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo } from 'react'; +import { FormattedMessage } from '@kbn/i18n/react'; +import { EuiFormRow, EuiFieldText, EuiFieldNumber } from '@elastic/eui'; +import { ConfigKeys, Validation } from '../types'; +import { useICMPSimpleFieldsContext } from '../contexts'; +import { ComboBox } from '../combo_box'; +import { OptionalLabel } from '../optional_label'; +import { ScheduleField } from '../schedule_field'; + +interface Props { + validate: Validation; +} + +export const ICMPSimpleFields = memo(({ validate }) => { + const { fields, setFields } = useICMPSimpleFieldsContext(); + const handleInputChange = ({ value, configKey }: { value: unknown; configKey: ConfigKeys }) => { + setFields((prevFields) => ({ ...prevFields, [configKey]: value })); + }; + + return ( + <> + + } + isInvalid={!!validate[ConfigKeys.HOSTS]?.(fields[ConfigKeys.HOSTS])} + error={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.HOSTS, + }) + } + data-test-subj="syntheticsICMPHostField" + /> + + + } + isInvalid={!!validate[ConfigKeys.SCHEDULE]?.(fields[ConfigKeys.SCHEDULE])} + error={ + + } + > + + handleInputChange({ + value: schedule, + configKey: ConfigKeys.SCHEDULE, + }) + } + number={fields[ConfigKeys.SCHEDULE].number} + unit={fields[ConfigKeys.SCHEDULE].unit} + /> + + + } + isInvalid={!!validate[ConfigKeys.WAIT]?.(fields[ConfigKeys.WAIT])} + error={ + + } + labelAppend={} + helpText={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.WAIT, + }) + } + step={'any'} + /> + + + } + labelAppend={} + helpText={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.APM_SERVICE_NAME, + }) + } + data-test-subj="syntheticsAPMServiceName" + /> + + + } + isInvalid={ + !!validate[ConfigKeys.TIMEOUT]?.( + fields[ConfigKeys.TIMEOUT], + fields[ConfigKeys.SCHEDULE].number, + fields[ConfigKeys.SCHEDULE].unit + ) + } + error={ + + } + helpText={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.TIMEOUT, + }) + } + step={'any'} + /> + + + } + labelAppend={} + helpText={ + + } + > + handleInputChange({ value, configKey: ConfigKeys.TAGS })} + data-test-subj="syntheticsTags" + /> + + + ); +}); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension.tsx b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension.tsx index 1306308f8ba4e1..90e7e7d7bb7333 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension.tsx @@ -9,37 +9,62 @@ import React, { memo, useContext, useEffect } from 'react'; import useDebounce from 'react-use/lib/useDebounce'; import { PackagePolicyCreateExtensionComponentProps } from '../../../../fleet/public'; import { useTrackPageview } from '../../../../observability/public'; -import { Config, ConfigKeys, DataStream } from './types'; +import { PolicyConfig, DataStream } from './types'; import { - SimpleFieldsContext, + MonitorTypeContext, HTTPAdvancedFieldsContext, TCPAdvancedFieldsContext, TLSFieldsContext, + HTTPSimpleFieldsContext, + TCPSimpleFieldsContext, + ICMPSimpleFieldsContext, + defaultHTTPAdvancedFields, + defaultHTTPSimpleFields, + defaultICMPSimpleFields, + defaultTCPSimpleFields, + defaultTCPAdvancedFields, + defaultTLSFields, } from './contexts'; import { CustomFields } from './custom_fields'; import { useUpdatePolicy } from './use_update_policy'; import { validate } from './validation'; +export const defaultConfig: PolicyConfig = { + [DataStream.HTTP]: { + ...defaultHTTPSimpleFields, + ...defaultHTTPAdvancedFields, + ...defaultTLSFields, + }, + [DataStream.TCP]: { + ...defaultTCPSimpleFields, + ...defaultTCPAdvancedFields, + ...defaultTLSFields, + }, + [DataStream.ICMP]: defaultICMPSimpleFields, +}; + /** * Exports Synthetics-specific package policy instructions * for use in the Ingest app create / edit package policy */ export const SyntheticsPolicyCreateExtension = memo( ({ newPolicy, onChange }) => { - const { fields: simpleFields } = useContext(SimpleFieldsContext); + const { monitorType } = useContext(MonitorTypeContext); + const { fields: httpSimpleFields } = useContext(HTTPSimpleFieldsContext); + const { fields: tcpSimpleFields } = useContext(TCPSimpleFieldsContext); + const { fields: icmpSimpleFields } = useContext(ICMPSimpleFieldsContext); const { fields: httpAdvancedFields } = useContext(HTTPAdvancedFieldsContext); const { fields: tcpAdvancedFields } = useContext(TCPAdvancedFieldsContext); const { fields: tlsFields } = useContext(TLSFieldsContext); - const defaultConfig: Config = { - name: '', - ...simpleFields, - ...httpAdvancedFields, - ...tcpAdvancedFields, - ...tlsFields, - }; useTrackPageview({ app: 'fleet', path: 'syntheticsCreate' }); useTrackPageview({ app: 'fleet', path: 'syntheticsCreate', delay: 15000 }); - const { config, setConfig } = useUpdatePolicy({ defaultConfig, newPolicy, onChange, validate }); + const { setConfig } = useUpdatePolicy({ + monitorType, + defaultConfig, + newPolicy, + onChange, + validate, + }); // Fleet will initialize the create form with a default name for the integratin policy, however, // for synthetics, we want the user to explicitely type in a name to use as the monitor name, @@ -57,24 +82,40 @@ export const SyntheticsPolicyCreateExtension = memo { - setConfig((prevConfig) => ({ - ...prevConfig, - ...simpleFields, - ...httpAdvancedFields, - ...tcpAdvancedFields, - ...tlsFields, - // ensure proxyUrl is not overwritten - [ConfigKeys.PROXY_URL]: - simpleFields[ConfigKeys.MONITOR_TYPE] === DataStream.HTTP - ? httpAdvancedFields[ConfigKeys.PROXY_URL] - : tcpAdvancedFields[ConfigKeys.PROXY_URL], - })); + setConfig(() => { + switch (monitorType) { + case DataStream.HTTP: + return { + ...httpSimpleFields, + ...httpAdvancedFields, + ...tlsFields, + }; + case DataStream.TCP: + return { + ...tcpSimpleFields, + ...tcpAdvancedFields, + ...tlsFields, + }; + case DataStream.ICMP: + return { + ...icmpSimpleFields, + }; + } + }); }, 250, - [setConfig, simpleFields, httpAdvancedFields, tcpAdvancedFields, tlsFields] + [ + setConfig, + httpSimpleFields, + tcpSimpleFields, + icmpSimpleFields, + httpAdvancedFields, + tcpAdvancedFields, + tlsFields, + ] ); - return ; + return ; } ); SyntheticsPolicyCreateExtension.displayName = 'SyntheticsPolicyCreateExtension'; diff --git a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension_wrapper.test.tsx b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension_wrapper.test.tsx index a16f2ba87d79ab..395b5d67abeb0b 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension_wrapper.test.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension_wrapper.test.tsx @@ -9,22 +9,10 @@ import React from 'react'; import { fireEvent, waitFor } from '@testing-library/react'; import { render } from '../../lib/helper/rtl_helpers'; import { NewPackagePolicy } from '../../../../fleet/public'; -import { - defaultSimpleFields, - defaultTLSFields, - defaultHTTPAdvancedFields, - defaultTCPAdvancedFields, -} from './contexts'; import { SyntheticsPolicyCreateExtensionWrapper } from './synthetics_policy_create_extension_wrapper'; +import { defaultConfig } from './synthetics_policy_create_extension'; import { ConfigKeys, DataStream, ScheduleUnit, VerificationMode } from './types'; -const defaultConfig = { - ...defaultSimpleFields, - ...defaultTLSFields, - ...defaultHTTPAdvancedFields, - ...defaultTCPAdvancedFields, -}; - // ensures that fields appropriately match to their label jest.mock('@elastic/eui/lib/services/accessibility/html_id_generator', () => ({ htmlIdGenerator: () => () => `id-${Math.random()}`, @@ -266,6 +254,9 @@ const defaultNewPolicy: NewPackagePolicy = { }, }; +const defaultHTTPConfig = defaultConfig[DataStream.HTTP]; +const defaultTCPConfig = defaultConfig[DataStream.TCP]; + describe('', () => { const onChange = jest.fn(); const WrappedComponent = ({ newPolicy = defaultNewPolicy }) => { @@ -283,21 +274,21 @@ describe('', () => { const maxRedirects = getByLabelText('Max redirects') as HTMLInputElement; const timeout = getByLabelText('Timeout in seconds') as HTMLInputElement; expect(monitorType).toBeInTheDocument(); - expect(monitorType.value).toEqual(defaultConfig[ConfigKeys.MONITOR_TYPE]); + expect(monitorType.value).toEqual(DataStream.HTTP); expect(url).toBeInTheDocument(); - expect(url.value).toEqual(defaultConfig[ConfigKeys.URLS]); + expect(url.value).toEqual(defaultHTTPConfig[ConfigKeys.URLS]); expect(proxyUrl).toBeInTheDocument(); - expect(proxyUrl.value).toEqual(defaultConfig[ConfigKeys.PROXY_URL]); + expect(proxyUrl.value).toEqual(defaultHTTPConfig[ConfigKeys.PROXY_URL]); expect(monitorIntervalNumber).toBeInTheDocument(); - expect(monitorIntervalNumber.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].number); + expect(monitorIntervalNumber.value).toEqual(defaultHTTPConfig[ConfigKeys.SCHEDULE].number); expect(monitorIntervalUnit).toBeInTheDocument(); - expect(monitorIntervalUnit.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].unit); + expect(monitorIntervalUnit.value).toEqual(defaultHTTPConfig[ConfigKeys.SCHEDULE].unit); expect(apmServiceName).toBeInTheDocument(); - expect(apmServiceName.value).toEqual(defaultConfig[ConfigKeys.APM_SERVICE_NAME]); + expect(apmServiceName.value).toEqual(defaultHTTPConfig[ConfigKeys.APM_SERVICE_NAME]); expect(maxRedirects).toBeInTheDocument(); - expect(maxRedirects.value).toEqual(`${defaultConfig[ConfigKeys.MAX_REDIRECTS]}`); + expect(maxRedirects.value).toEqual(`${defaultHTTPConfig[ConfigKeys.MAX_REDIRECTS]}`); expect(timeout).toBeInTheDocument(); - expect(timeout.value).toEqual(`${defaultConfig[ConfigKeys.TIMEOUT]}`); + expect(timeout.value).toEqual(`${defaultHTTPConfig[ConfigKeys.TIMEOUT]}`); // ensure other monitor type options are not in the DOM expect(queryByLabelText('Host')).not.toBeInTheDocument(); @@ -425,7 +416,7 @@ describe('', () => { const { getByText, getByLabelText, queryByLabelText } = render(); const monitorType = getByLabelText('Monitor Type') as HTMLInputElement; expect(monitorType).toBeInTheDocument(); - expect(monitorType.value).toEqual(defaultConfig[ConfigKeys.MONITOR_TYPE]); + expect(monitorType.value).toEqual(DataStream.HTTP); fireEvent.change(monitorType, { target: { value: DataStream.TCP } }); await waitFor(() => { @@ -452,7 +443,7 @@ describe('', () => { const host = getByLabelText('Host:Port') as HTMLInputElement; expect(host).toBeInTheDocument(); - expect(host.value).toEqual(defaultConfig[ConfigKeys.HOSTS]); + expect(host.value).toEqual(defaultTCPConfig[ConfigKeys.HOSTS]); // expect HTTP fields not to be in the DOM expect(queryByLabelText('URL')).not.toBeInTheDocument(); @@ -467,29 +458,6 @@ describe('', () => { fireEvent.change(monitorType, { target: { value: DataStream.ICMP } }); - await waitFor(() => { - expect(onChange).toBeCalledWith({ - isValid: false, - updatedPolicy: { - ...defaultNewPolicy, - inputs: [ - { - ...defaultNewPolicy.inputs[0], - enabled: false, - }, - { - ...defaultNewPolicy.inputs[1], - enabled: false, - }, - { - ...defaultNewPolicy.inputs[2], - enabled: true, - }, - ], - }, - }); - }); - // expect ICMP fields to be in the DOM expect(getByLabelText('Wait in seconds')).toBeInTheDocument(); @@ -721,23 +689,27 @@ describe('', () => { await waitFor(() => { fireEvent.change(ca, { target: { value: 'certificateAuthorities' } }); - expect(ca.value).toEqual(defaultConfig[ConfigKeys.TLS_CERTIFICATE_AUTHORITIES].value); + expect(ca.value).toEqual(defaultHTTPConfig[ConfigKeys.TLS_CERTIFICATE_AUTHORITIES].value); }); await waitFor(() => { fireEvent.change(clientCertificate, { target: { value: 'clientCertificate' } }); - expect(clientCertificate.value).toEqual(defaultConfig[ConfigKeys.TLS_KEY].value); + expect(clientCertificate.value).toEqual(defaultHTTPConfig[ConfigKeys.TLS_KEY].value); }); await waitFor(() => { fireEvent.change(clientKey, { target: { value: 'clientKey' } }); - expect(clientKey.value).toEqual(defaultConfig[ConfigKeys.TLS_KEY].value); + expect(clientKey.value).toEqual(defaultHTTPConfig[ConfigKeys.TLS_KEY].value); }); await waitFor(() => { fireEvent.change(clientKeyPassphrase, { target: { value: 'clientKeyPassphrase' } }); - expect(clientKeyPassphrase.value).toEqual(defaultConfig[ConfigKeys.TLS_KEY_PASSPHRASE].value); + expect(clientKeyPassphrase.value).toEqual( + defaultHTTPConfig[ConfigKeys.TLS_KEY_PASSPHRASE].value + ); }); await waitFor(() => { fireEvent.change(verificationMode, { target: { value: VerificationMode.NONE } }); - expect(verificationMode.value).toEqual(defaultConfig[ConfigKeys.TLS_VERIFICATION_MODE].value); + expect(verificationMode.value).toEqual( + defaultHTTPConfig[ConfigKeys.TLS_VERIFICATION_MODE].value + ); }); await waitFor(() => { diff --git a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension_wrapper.tsx b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension_wrapper.tsx index 688ee24bd2330a..88bb8e7871459d 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension_wrapper.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_create_extension_wrapper.tsx @@ -9,9 +9,10 @@ import React, { memo } from 'react'; import { PackagePolicyCreateExtensionComponentProps } from '../../../../fleet/public'; import { SyntheticsPolicyCreateExtension } from './synthetics_policy_create_extension'; import { - SimpleFieldsContextProvider, - HTTPAdvancedFieldsContextProvider, - TCPAdvancedFieldsContextProvider, + MonitorTypeContextProvider, + TCPContextProvider, + ICMPSimpleFieldsContextProvider, + HTTPContextProvider, TLSFieldsContextProvider, } from './contexts'; @@ -22,15 +23,17 @@ import { export const SyntheticsPolicyCreateExtensionWrapper = memo( ({ newPolicy, onChange }) => { return ( - - - + + + - + + + - - - + + + ); } ); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension.tsx b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension.tsx index e29a5c6a363ed5..8a3c42c10bc14a 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension.tsx @@ -5,17 +5,20 @@ * 2.0. */ -import React, { memo, useContext } from 'react'; +import React, { memo } from 'react'; import useDebounce from 'react-use/lib/useDebounce'; import { PackagePolicyEditExtensionComponentProps } from '../../../../fleet/public'; import { useTrackPageview } from '../../../../observability/public'; import { - SimpleFieldsContext, - HTTPAdvancedFieldsContext, - TCPAdvancedFieldsContext, - TLSFieldsContext, + useMonitorTypeContext, + useTCPSimpleFieldsContext, + useTCPAdvancedFieldsContext, + useICMPSimpleFieldsContext, + useHTTPSimpleFieldsContext, + useHTTPAdvancedFieldsContext, + useTLSFieldsContext, } from './contexts'; -import { Config, ConfigKeys, DataStream } from './types'; +import { PolicyConfig, DataStream } from './types'; import { CustomFields } from './custom_fields'; import { useUpdatePolicy } from './use_update_policy'; import { validate } from './validation'; @@ -23,7 +26,7 @@ import { validate } from './validation'; interface SyntheticsPolicyEditExtensionProps { newPolicy: PackagePolicyEditExtensionComponentProps['newPolicy']; onChange: PackagePolicyEditExtensionComponentProps['onChange']; - defaultConfig: Config; + defaultConfig: PolicyConfig; isTLSEnabled: boolean; } /** @@ -34,37 +37,57 @@ export const SyntheticsPolicyEditExtension = memo { useTrackPageview({ app: 'fleet', path: 'syntheticsEdit' }); useTrackPageview({ app: 'fleet', path: 'syntheticsEdit', delay: 15000 }); - const { fields: simpleFields } = useContext(SimpleFieldsContext); - const { fields: httpAdvancedFields } = useContext(HTTPAdvancedFieldsContext); - const { fields: tcpAdvancedFields } = useContext(TCPAdvancedFieldsContext); - const { fields: tlsFields } = useContext(TLSFieldsContext); - const { config, setConfig } = useUpdatePolicy({ defaultConfig, newPolicy, onChange, validate }); + const { monitorType } = useMonitorTypeContext(); + const { fields: httpSimpleFields } = useHTTPSimpleFieldsContext(); + const { fields: tcpSimpleFields } = useTCPSimpleFieldsContext(); + const { fields: icmpSimpleFields } = useICMPSimpleFieldsContext(); + const { fields: httpAdvancedFields } = useHTTPAdvancedFieldsContext(); + const { fields: tcpAdvancedFields } = useTCPAdvancedFieldsContext(); + const { fields: tlsFields } = useTLSFieldsContext(); + const { setConfig } = useUpdatePolicy({ + defaultConfig, + newPolicy, + onChange, + validate, + monitorType, + }); useDebounce( () => { - setConfig((prevConfig) => ({ - ...prevConfig, - ...simpleFields, - ...httpAdvancedFields, - ...tcpAdvancedFields, - ...tlsFields, - // ensure proxyUrl is not overwritten - [ConfigKeys.PROXY_URL]: - simpleFields[ConfigKeys.MONITOR_TYPE] === DataStream.HTTP - ? httpAdvancedFields[ConfigKeys.PROXY_URL] - : tcpAdvancedFields[ConfigKeys.PROXY_URL], - })); + setConfig(() => { + switch (monitorType) { + case DataStream.HTTP: + return { + ...httpSimpleFields, + ...httpAdvancedFields, + ...tlsFields, + }; + case DataStream.TCP: + return { + ...tcpSimpleFields, + ...tcpAdvancedFields, + ...tlsFields, + }; + case DataStream.ICMP: + return { + ...icmpSimpleFields, + }; + } + }); }, 250, - [setConfig, simpleFields, httpAdvancedFields, tcpAdvancedFields, tlsFields] + [ + setConfig, + httpSimpleFields, + httpAdvancedFields, + tcpSimpleFields, + tcpAdvancedFields, + icmpSimpleFields, + tlsFields, + ] ); - return ( - - ); + return ; } ); SyntheticsPolicyEditExtension.displayName = 'SyntheticsPolicyEditExtension'; diff --git a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension_wrapper.test.tsx b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension_wrapper.test.tsx index e6981b9a850e1f..fec6c504a445f0 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension_wrapper.test.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension_wrapper.test.tsx @@ -11,25 +11,13 @@ import { render } from '../../lib/helper/rtl_helpers'; import { NewPackagePolicy } from '../../../../fleet/public'; import { SyntheticsPolicyEditExtensionWrapper } from './synthetics_policy_edit_extension_wrapper'; import { ConfigKeys, DataStream, ScheduleUnit } from './types'; -import { - defaultSimpleFields, - defaultTLSFields, - defaultHTTPAdvancedFields, - defaultTCPAdvancedFields, -} from './contexts'; +import { defaultConfig } from './synthetics_policy_create_extension'; // ensures that fields appropriately match to their label jest.mock('@elastic/eui/lib/services/accessibility/html_id_generator', () => ({ htmlIdGenerator: () => () => `id-${Math.random()}`, })); -const defaultConfig = { - ...defaultSimpleFields, - ...defaultTLSFields, - ...defaultHTTPAdvancedFields, - ...defaultTCPAdvancedFields, -}; - const defaultNewPolicy: NewPackagePolicy = { name: 'samplePolicyName', description: '', @@ -277,6 +265,10 @@ const defaultCurrentPolicy: any = { created_by: '', }; +const defaultHTTPConfig = defaultConfig[DataStream.HTTP]; +const defaultICMPConfig = defaultConfig[DataStream.ICMP]; +const defaultTCPConfig = defaultConfig[DataStream.TCP]; + describe('', () => { const onChange = jest.fn(); const WrappedComponent = ({ policy = defaultCurrentPolicy, newPolicy = defaultNewPolicy }) => { @@ -301,24 +293,24 @@ describe('', () => { const verificationMode = getByLabelText('Verification mode') as HTMLInputElement; const enableTLSConfig = getByLabelText('Enable TLS configuration') as HTMLInputElement; expect(url).toBeInTheDocument(); - expect(url.value).toEqual(defaultConfig[ConfigKeys.URLS]); + expect(url.value).toEqual(defaultHTTPConfig[ConfigKeys.URLS]); expect(proxyUrl).toBeInTheDocument(); - expect(proxyUrl.value).toEqual(defaultConfig[ConfigKeys.PROXY_URL]); + expect(proxyUrl.value).toEqual(defaultHTTPConfig[ConfigKeys.PROXY_URL]); expect(monitorIntervalNumber).toBeInTheDocument(); - expect(monitorIntervalNumber.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].number); + expect(monitorIntervalNumber.value).toEqual(defaultHTTPConfig[ConfigKeys.SCHEDULE].number); expect(monitorIntervalUnit).toBeInTheDocument(); - expect(monitorIntervalUnit.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].unit); + expect(monitorIntervalUnit.value).toEqual(defaultHTTPConfig[ConfigKeys.SCHEDULE].unit); expect(apmServiceName).toBeInTheDocument(); - expect(apmServiceName.value).toEqual(defaultConfig[ConfigKeys.APM_SERVICE_NAME]); + expect(apmServiceName.value).toEqual(defaultHTTPConfig[ConfigKeys.APM_SERVICE_NAME]); expect(maxRedirects).toBeInTheDocument(); - expect(maxRedirects.value).toEqual(`${defaultConfig[ConfigKeys.MAX_REDIRECTS]}`); + expect(maxRedirects.value).toEqual(`${defaultHTTPConfig[ConfigKeys.MAX_REDIRECTS]}`); expect(timeout).toBeInTheDocument(); - expect(timeout.value).toEqual(`${defaultConfig[ConfigKeys.TIMEOUT]}`); + expect(timeout.value).toEqual(`${defaultHTTPConfig[ConfigKeys.TIMEOUT]}`); // expect TLS settings to be in the document when at least one tls key is populated expect(enableTLSConfig.checked).toBe(true); expect(verificationMode).toBeInTheDocument(); expect(verificationMode.value).toEqual( - `${defaultConfig[ConfigKeys.TLS_VERIFICATION_MODE].value}` + `${defaultHTTPConfig[ConfigKeys.TLS_VERIFICATION_MODE].value}` ); // ensure other monitor type options are not in the DOM @@ -651,15 +643,21 @@ describe('', () => { streams: [ { ...defaultNewPolicy.inputs[0].streams[0], - vars: Object.keys(httpVars || []).reduce< - Record - >((acc, key) => { - acc[key] = { - value: undefined, - type: `${httpVars?.[key].type}`, - }; - return acc; - }, {}), + vars: { + ...Object.keys(httpVars || []).reduce< + Record + >((acc, key) => { + acc[key] = { + value: undefined, + type: `${httpVars?.[key].type}`, + }; + return acc; + }, {}), + [ConfigKeys.MONITOR_TYPE]: { + value: 'http', + type: 'text', + }, + }, }, ], }, @@ -680,19 +678,19 @@ describe('', () => { const enableTLSConfig = getByLabelText('Enable TLS configuration') as HTMLInputElement; expect(url).toBeInTheDocument(); - expect(url.value).toEqual(defaultConfig[ConfigKeys.URLS]); + expect(url.value).toEqual(defaultHTTPConfig[ConfigKeys.URLS]); expect(proxyUrl).toBeInTheDocument(); - expect(proxyUrl.value).toEqual(defaultConfig[ConfigKeys.PROXY_URL]); + expect(proxyUrl.value).toEqual(defaultHTTPConfig[ConfigKeys.PROXY_URL]); expect(monitorIntervalNumber).toBeInTheDocument(); - expect(monitorIntervalNumber.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].number); + expect(monitorIntervalNumber.value).toEqual(defaultHTTPConfig[ConfigKeys.SCHEDULE].number); expect(monitorIntervalUnit).toBeInTheDocument(); - expect(monitorIntervalUnit.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].unit); + expect(monitorIntervalUnit.value).toEqual(defaultHTTPConfig[ConfigKeys.SCHEDULE].unit); expect(apmServiceName).toBeInTheDocument(); - expect(apmServiceName.value).toEqual(defaultConfig[ConfigKeys.APM_SERVICE_NAME]); + expect(apmServiceName.value).toEqual(defaultHTTPConfig[ConfigKeys.APM_SERVICE_NAME]); expect(maxRedirects).toBeInTheDocument(); - expect(maxRedirects.value).toEqual(`${defaultConfig[ConfigKeys.MAX_REDIRECTS]}`); + expect(maxRedirects.value).toEqual(`${defaultHTTPConfig[ConfigKeys.MAX_REDIRECTS]}`); expect(timeout).toBeInTheDocument(); - expect(timeout.value).toEqual(`${defaultConfig[ConfigKeys.TIMEOUT]}`); + expect(timeout.value).toEqual(`${defaultHTTPConfig[ConfigKeys.TIMEOUT]}`); /* expect TLS settings not to be in the document when and Enable TLS settings not to be checked * when all TLS values are falsey */ @@ -709,7 +707,7 @@ describe('', () => { await waitFor(() => { const requestMethod = getByLabelText('Request method') as HTMLInputElement; expect(requestMethod).toBeInTheDocument(); - expect(requestMethod.value).toEqual(`${defaultConfig[ConfigKeys.REQUEST_METHOD_CHECK]}`); + expect(requestMethod.value).toEqual(`${defaultHTTPConfig[ConfigKeys.REQUEST_METHOD_CHECK]}`); }); }); @@ -752,24 +750,24 @@ describe('', () => { const { getByText, getByLabelText, queryByLabelText } = render( ); - const url = getByLabelText('Host:Port') as HTMLInputElement; + const host = getByLabelText('Host:Port') as HTMLInputElement; const proxyUrl = getByLabelText('Proxy URL') as HTMLInputElement; const monitorIntervalNumber = getByLabelText('Number') as HTMLInputElement; const monitorIntervalUnit = getByLabelText('Unit') as HTMLInputElement; const apmServiceName = getByLabelText('APM service name') as HTMLInputElement; const timeout = getByLabelText('Timeout in seconds') as HTMLInputElement; - expect(url).toBeInTheDocument(); - expect(url.value).toEqual(defaultConfig[ConfigKeys.URLS]); + expect(host).toBeInTheDocument(); + expect(host.value).toEqual(defaultTCPConfig[ConfigKeys.HOSTS]); expect(proxyUrl).toBeInTheDocument(); - expect(proxyUrl.value).toEqual(defaultConfig[ConfigKeys.PROXY_URL]); + expect(proxyUrl.value).toEqual(defaultTCPConfig[ConfigKeys.PROXY_URL]); expect(monitorIntervalNumber).toBeInTheDocument(); - expect(monitorIntervalNumber.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].number); + expect(monitorIntervalNumber.value).toEqual(defaultTCPConfig[ConfigKeys.SCHEDULE].number); expect(monitorIntervalUnit).toBeInTheDocument(); - expect(monitorIntervalUnit.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].unit); + expect(monitorIntervalUnit.value).toEqual(defaultTCPConfig[ConfigKeys.SCHEDULE].unit); expect(apmServiceName).toBeInTheDocument(); - expect(apmServiceName.value).toEqual(defaultConfig[ConfigKeys.APM_SERVICE_NAME]); + expect(apmServiceName.value).toEqual(defaultTCPConfig[ConfigKeys.APM_SERVICE_NAME]); expect(timeout).toBeInTheDocument(); - expect(timeout.value).toEqual(`${defaultConfig[ConfigKeys.TIMEOUT]}`); + expect(timeout.value).toEqual(`${defaultTCPConfig[ConfigKeys.TIMEOUT]}`); // ensure other monitor type options are not in the DOM expect(queryByLabelText('Url')).not.toBeInTheDocument(); @@ -825,24 +823,24 @@ describe('', () => { const { getByLabelText, queryByLabelText } = render( ); - const url = getByLabelText('Host') as HTMLInputElement; + const host = getByLabelText('Host') as HTMLInputElement; const monitorIntervalNumber = getByLabelText('Number') as HTMLInputElement; const monitorIntervalUnit = getByLabelText('Unit') as HTMLInputElement; const apmServiceName = getByLabelText('APM service name') as HTMLInputElement; const timeout = getByLabelText('Timeout in seconds') as HTMLInputElement; const wait = getByLabelText('Wait in seconds') as HTMLInputElement; - expect(url).toBeInTheDocument(); - expect(url.value).toEqual(defaultConfig[ConfigKeys.URLS]); + expect(host).toBeInTheDocument(); + expect(host.value).toEqual(defaultICMPConfig[ConfigKeys.HOSTS]); expect(monitorIntervalNumber).toBeInTheDocument(); - expect(monitorIntervalNumber.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].number); + expect(monitorIntervalNumber.value).toEqual(defaultICMPConfig[ConfigKeys.SCHEDULE].number); expect(monitorIntervalUnit).toBeInTheDocument(); - expect(monitorIntervalUnit.value).toEqual(defaultConfig[ConfigKeys.SCHEDULE].unit); + expect(monitorIntervalUnit.value).toEqual(defaultICMPConfig[ConfigKeys.SCHEDULE].unit); expect(apmServiceName).toBeInTheDocument(); - expect(apmServiceName.value).toEqual(defaultConfig[ConfigKeys.APM_SERVICE_NAME]); + expect(apmServiceName.value).toEqual(defaultICMPConfig[ConfigKeys.APM_SERVICE_NAME]); expect(timeout).toBeInTheDocument(); - expect(timeout.value).toEqual(`${defaultConfig[ConfigKeys.TIMEOUT]}`); + expect(timeout.value).toEqual(`${defaultICMPConfig[ConfigKeys.TIMEOUT]}`); expect(wait).toBeInTheDocument(); - expect(wait.value).toEqual(`${defaultConfig[ConfigKeys.WAIT]}`); + expect(wait.value).toEqual(`${defaultICMPConfig[ConfigKeys.WAIT]}`); // ensure other monitor type options are not in the DOM expect(queryByLabelText('Url')).not.toBeInTheDocument(); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension_wrapper.tsx b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension_wrapper.tsx index 85b38e05fdbc89..0bafef61166d26 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension_wrapper.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/synthetics_policy_edit_extension_wrapper.tsx @@ -7,17 +7,26 @@ import React, { memo, useMemo } from 'react'; import { PackagePolicyEditExtensionComponentProps } from '../../../../fleet/public'; -import { Config, ConfigKeys, ContentType, contentTypesToMode } from './types'; +import { + PolicyConfig, + ConfigKeys, + ContentType, + DataStream, + ICustomFields, + contentTypesToMode, +} from './types'; import { SyntheticsPolicyEditExtension } from './synthetics_policy_edit_extension'; import { - SimpleFieldsContextProvider, - HTTPAdvancedFieldsContextProvider, - TCPAdvancedFieldsContextProvider, - TLSFieldsContextProvider, - defaultSimpleFields, + MonitorTypeContextProvider, + HTTPContextProvider, + TCPContextProvider, + defaultTCPSimpleFields, + defaultHTTPSimpleFields, + defaultICMPSimpleFields, defaultHTTPAdvancedFields, defaultTCPAdvancedFields, defaultTLSFields, + ICMPSimpleFieldsContextProvider, } from './contexts'; /** @@ -26,21 +35,29 @@ import { */ export const SyntheticsPolicyEditExtensionWrapper = memo( ({ policy: currentPolicy, newPolicy, onChange }) => { - const { enableTLS: isTLSEnabled, config: defaultConfig } = useMemo(() => { - const fallbackConfig: Config = { - name: '', - ...defaultSimpleFields, - ...defaultHTTPAdvancedFields, - ...defaultTCPAdvancedFields, - ...defaultTLSFields, + const { enableTLS: isTLSEnabled, config: defaultConfig, monitorType } = useMemo(() => { + const fallbackConfig: PolicyConfig = { + [DataStream.HTTP]: { + ...defaultHTTPSimpleFields, + ...defaultHTTPAdvancedFields, + ...defaultTLSFields, + }, + [DataStream.TCP]: { + ...defaultTCPSimpleFields, + ...defaultTCPAdvancedFields, + ...defaultTLSFields, + }, + [DataStream.ICMP]: defaultICMPSimpleFields, }; let enableTLS = false; const getDefaultConfig = () => { const currentInput = currentPolicy.inputs.find((input) => input.enabled === true); const vars = currentInput?.streams[0]?.vars; + const type: DataStream = vars?.[ConfigKeys.MONITOR_TYPE].value as DataStream; + const fallbackConfigForMonitorType = fallbackConfig[type] as Partial; const configKeys: ConfigKeys[] = Object.values(ConfigKeys); - const formattedDefaultConfig = configKeys.reduce( + const formatttedDefaultConfigForMonitorType = configKeys.reduce( (acc: Record, key: ConfigKeys) => { const value = vars?.[key]?.value; switch (key) { @@ -59,12 +76,14 @@ export const SyntheticsPolicyEditExtensionWrapper = memo { if ( headerKey === 'Content-Type' && contentTypesToMode[headers[headerKey] as ContentType] ) { - type = contentTypesToMode[headers[headerKey] as ContentType]; + requestBodyType = contentTypesToMode[headers[headerKey] as ContentType]; return true; } }); acc[key] = { value: requestBodyValue, - type, + type: requestBodyType, }; break; case ConfigKeys.TLS_KEY_PASSPHRASE: case ConfigKeys.TLS_VERIFICATION_MODE: acc[key] = { - value: value ?? fallbackConfig[key].value, + value: value ?? fallbackConfigForMonitorType[key]?.value, isEnabled: !!value, }; if (!!value) { @@ -112,7 +131,7 @@ export const SyntheticsPolicyEditExtensionWrapper = memo - - - + + + + - - - - + + + + ); } ); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/tcp_advanced_fields.test.tsx b/x-pack/plugins/uptime/public/components/fleet_package/tcp/advanced_fields.test.tsx similarity index 92% rename from x-pack/plugins/uptime/public/components/fleet_package/tcp_advanced_fields.test.tsx rename to x-pack/plugins/uptime/public/components/fleet_package/tcp/advanced_fields.test.tsx index 77551f9aa80114..78a6724fc8cfbf 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/tcp_advanced_fields.test.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/tcp/advanced_fields.test.tsx @@ -7,13 +7,13 @@ import React from 'react'; import { fireEvent } from '@testing-library/react'; -import { render } from '../../lib/helper/rtl_helpers'; -import { TCPAdvancedFields } from './tcp_advanced_fields'; +import { render } from '../../../lib/helper/rtl_helpers'; +import { TCPAdvancedFields } from './advanced_fields'; import { TCPAdvancedFieldsContextProvider, defaultTCPAdvancedFields as defaultConfig, -} from './contexts'; -import { ConfigKeys, ITCPAdvancedFields } from './types'; +} from '../contexts'; +import { ConfigKeys, ITCPAdvancedFields } from '../types'; // ensures fields and labels map appropriately jest.mock('@elastic/eui/lib/services/accessibility/html_id_generator', () => ({ diff --git a/x-pack/plugins/uptime/public/components/fleet_package/tcp_advanced_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/tcp/advanced_fields.tsx similarity index 97% rename from x-pack/plugins/uptime/public/components/fleet_package/tcp_advanced_fields.tsx rename to x-pack/plugins/uptime/public/components/fleet_package/tcp/advanced_fields.tsx index 161de0f0af8d0f..9db07afa559b9d 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/tcp_advanced_fields.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/tcp/advanced_fields.tsx @@ -16,11 +16,11 @@ import { EuiSpacer, } from '@elastic/eui'; -import { useTCPAdvancedFieldsContext } from './contexts'; +import { useTCPAdvancedFieldsContext } from '../contexts'; -import { ConfigKeys } from './types'; +import { ConfigKeys } from '../types'; -import { OptionalLabel } from './optional_label'; +import { OptionalLabel } from '../optional_label'; export const TCPAdvancedFields = () => { const { fields, setFields } = useTCPAdvancedFieldsContext(); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/tcp/simple_fields.tsx b/x-pack/plugins/uptime/public/components/fleet_package/tcp/simple_fields.tsx new file mode 100644 index 00000000000000..82c77a63611f2d --- /dev/null +++ b/x-pack/plugins/uptime/public/components/fleet_package/tcp/simple_fields.tsx @@ -0,0 +1,171 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo } from 'react'; +import { FormattedMessage } from '@kbn/i18n/react'; +import { EuiFormRow, EuiFieldText, EuiFieldNumber } from '@elastic/eui'; +import { ConfigKeys, Validation } from '../types'; +import { useTCPSimpleFieldsContext } from '../contexts'; +import { ComboBox } from '../combo_box'; +import { OptionalLabel } from '../optional_label'; +import { ScheduleField } from '../schedule_field'; + +interface Props { + validate: Validation; +} + +export const TCPSimpleFields = memo(({ validate }) => { + const { fields, setFields } = useTCPSimpleFieldsContext(); + const handleInputChange = ({ value, configKey }: { value: unknown; configKey: ConfigKeys }) => { + setFields((prevFields) => ({ ...prevFields, [configKey]: value })); + }; + + return ( + <> + + } + isInvalid={!!validate[ConfigKeys.HOSTS]?.(fields[ConfigKeys.HOSTS])} + error={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.HOSTS, + }) + } + data-test-subj="syntheticsTCPHostField" + /> + + + + } + isInvalid={!!validate[ConfigKeys.SCHEDULE]?.(fields[ConfigKeys.SCHEDULE])} + error={ + + } + > + + handleInputChange({ + value: schedule, + configKey: ConfigKeys.SCHEDULE, + }) + } + number={fields[ConfigKeys.SCHEDULE].number} + unit={fields[ConfigKeys.SCHEDULE].unit} + /> + + + } + labelAppend={} + helpText={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.APM_SERVICE_NAME, + }) + } + data-test-subj="syntheticsAPMServiceName" + /> + + + } + isInvalid={ + !!validate[ConfigKeys.TIMEOUT]?.( + fields[ConfigKeys.TIMEOUT], + fields[ConfigKeys.SCHEDULE].number, + fields[ConfigKeys.SCHEDULE].unit + ) + } + error={ + + } + helpText={ + + } + > + + handleInputChange({ + value: event.target.value, + configKey: ConfigKeys.TIMEOUT, + }) + } + step={'any'} + /> + + + } + labelAppend={} + helpText={ + + } + > + handleInputChange({ value, configKey: ConfigKeys.TAGS })} + data-test-subj="syntheticsTags" + /> + + + ); +}); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/types.tsx b/x-pack/plugins/uptime/public/components/fleet_package/types.tsx index 802d5f08fd6468..4d44b4f074e829 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/types.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/types.tsx @@ -105,6 +105,28 @@ export interface ISimpleFields { [ConfigKeys.WAIT]: string; } +export interface ICommonFields { + [ConfigKeys.MONITOR_TYPE]: DataStream; + [ConfigKeys.SCHEDULE]: { number: string; unit: ScheduleUnit }; + [ConfigKeys.APM_SERVICE_NAME]: string; + [ConfigKeys.TIMEOUT]: string; + [ConfigKeys.TAGS]: string[]; +} + +export type IHTTPSimpleFields = { + [ConfigKeys.MAX_REDIRECTS]: string; + [ConfigKeys.URLS]: string; +} & ICommonFields; + +export type ITCPSimpleFields = { + [ConfigKeys.HOSTS]: string; +} & ICommonFields; + +export type IICMPSimpleFields = { + [ConfigKeys.HOSTS]: string; + [ConfigKeys.WAIT]: string; +} & ICommonFields; + export interface ITLSFields { [ConfigKeys.TLS_CERTIFICATE_AUTHORITIES]: { value: string; @@ -154,11 +176,21 @@ export interface ITCPAdvancedFields { [ConfigKeys.REQUEST_SEND_CHECK]: string; } -export type ICustomFields = ISimpleFields & ITLSFields & IHTTPAdvancedFields & ITCPAdvancedFields; +export type HTTPFields = IHTTPSimpleFields & IHTTPAdvancedFields & ITLSFields; +export type TCPFields = ITCPSimpleFields & ITCPAdvancedFields & ITLSFields; +export type ICMPFields = IICMPSimpleFields; + +export type ICustomFields = HTTPFields & + TCPFields & + ICMPFields & { + [ConfigKeys.NAME]: string; + }; -export type Config = { - [ConfigKeys.NAME]: string; -} & ICustomFields; +export interface PolicyConfig { + [DataStream.HTTP]: HTTPFields; + [DataStream.TCP]: TCPFields; + [DataStream.ICMP]: ICMPFields; +} export type Validation = Partial void>>; diff --git a/x-pack/plugins/uptime/public/components/fleet_package/use_update_policy.test.tsx b/x-pack/plugins/uptime/public/components/fleet_package/use_update_policy.test.tsx index 3732791f895dcb..5a62aec90032d9 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/use_update_policy.test.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/use_update_policy.test.tsx @@ -10,20 +10,7 @@ import { act, renderHook } from '@testing-library/react-hooks'; import { NewPackagePolicy } from '../../../../fleet/public'; import { validate } from './validation'; import { ConfigKeys, DataStream, TLSVersion } from './types'; -import { - defaultSimpleFields, - defaultTLSFields, - defaultHTTPAdvancedFields, - defaultTCPAdvancedFields, -} from './contexts'; - -const defaultConfig = { - name: '', - ...defaultSimpleFields, - ...defaultTLSFields, - ...defaultHTTPAdvancedFields, - ...defaultTCPAdvancedFields, -}; +import { defaultConfig } from './synthetics_policy_create_extension'; describe('useBarChartsHooks', () => { const newPolicy: NewPackagePolicy = { @@ -269,10 +256,10 @@ describe('useBarChartsHooks', () => { it('handles http data stream', () => { const onChange = jest.fn(); const { result } = renderHook((props) => useUpdatePolicy(props), { - initialProps: { defaultConfig, newPolicy, onChange, validate }, + initialProps: { defaultConfig, newPolicy, onChange, validate, monitorType: DataStream.HTTP }, }); - expect(result.current.config).toMatchObject({ ...defaultConfig }); + expect(result.current.config).toMatchObject({ ...defaultConfig[DataStream.HTTP] }); // expect only http to be enabled expect(result.current.updatedPolicy.inputs[0].enabled).toBe(true); @@ -281,28 +268,28 @@ describe('useBarChartsHooks', () => { expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.MONITOR_TYPE].value - ).toEqual(defaultConfig[ConfigKeys.MONITOR_TYPE]); + ).toEqual(defaultConfig[DataStream.HTTP][ConfigKeys.MONITOR_TYPE]); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.URLS].value - ).toEqual(defaultConfig[ConfigKeys.URLS]); + ).toEqual(defaultConfig[DataStream.HTTP][ConfigKeys.URLS]); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.SCHEDULE].value ).toEqual( JSON.stringify( - `@every ${defaultConfig[ConfigKeys.SCHEDULE].number}${ - defaultConfig[ConfigKeys.SCHEDULE].unit + `@every ${defaultConfig[DataStream.HTTP][ConfigKeys.SCHEDULE].number}${ + defaultConfig[DataStream.HTTP][ConfigKeys.SCHEDULE].unit }` ) ); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.PROXY_URL].value - ).toEqual(defaultConfig[ConfigKeys.PROXY_URL]); + ).toEqual(defaultConfig[DataStream.HTTP][ConfigKeys.PROXY_URL]); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.APM_SERVICE_NAME].value - ).toEqual(defaultConfig[ConfigKeys.APM_SERVICE_NAME]); + ).toEqual(defaultConfig[DataStream.HTTP][ConfigKeys.APM_SERVICE_NAME]); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.TIMEOUT].value - ).toEqual(`${defaultConfig[ConfigKeys.TIMEOUT]}s`); + ).toEqual(`${defaultConfig[DataStream.HTTP][ConfigKeys.TIMEOUT]}s`); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ ConfigKeys.RESPONSE_BODY_CHECK_POSITIVE @@ -316,29 +303,29 @@ describe('useBarChartsHooks', () => { expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.RESPONSE_STATUS_CHECK] .value - ).toEqual(JSON.stringify(defaultConfig[ConfigKeys.RESPONSE_STATUS_CHECK])); + ).toEqual(null); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.REQUEST_HEADERS_CHECK] .value - ).toEqual(JSON.stringify(defaultConfig[ConfigKeys.REQUEST_HEADERS_CHECK])); + ).toEqual(null); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.RESPONSE_HEADERS_CHECK] .value - ).toEqual(JSON.stringify(defaultConfig[ConfigKeys.RESPONSE_HEADERS_CHECK])); + ).toEqual(null); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.RESPONSE_BODY_INDEX] .value - ).toEqual(defaultConfig[ConfigKeys.RESPONSE_BODY_INDEX]); + ).toEqual(defaultConfig[DataStream.HTTP][ConfigKeys.RESPONSE_BODY_INDEX]); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.RESPONSE_HEADERS_INDEX] .value - ).toEqual(defaultConfig[ConfigKeys.RESPONSE_HEADERS_INDEX]); + ).toEqual(defaultConfig[DataStream.HTTP][ConfigKeys.RESPONSE_HEADERS_INDEX]); }); it('stringifies array values and returns null for empty array values', () => { const onChange = jest.fn(); const { result } = renderHook((props) => useUpdatePolicy(props), { - initialProps: { defaultConfig, newPolicy, onChange, validate }, + initialProps: { defaultConfig, newPolicy, onChange, validate, monitorType: DataStream.HTTP }, }); act(() => { @@ -419,16 +406,8 @@ describe('useBarChartsHooks', () => { it('handles tcp data stream', () => { const onChange = jest.fn(); - const tcpConfig = { - ...defaultConfig, - [ConfigKeys.MONITOR_TYPE]: DataStream.TCP, - }; const { result } = renderHook((props) => useUpdatePolicy(props), { - initialProps: { defaultConfig, newPolicy, onChange, validate }, - }); - - act(() => { - result.current.setConfig(tcpConfig); + initialProps: { defaultConfig, newPolicy, onChange, validate, monitorType: DataStream.TCP }, }); // expect only tcp to be enabled @@ -443,55 +422,47 @@ describe('useBarChartsHooks', () => { expect( result.current.updatedPolicy.inputs[1]?.streams[0]?.vars?.[ConfigKeys.MONITOR_TYPE].value - ).toEqual(tcpConfig[ConfigKeys.MONITOR_TYPE]); + ).toEqual(defaultConfig[DataStream.TCP][ConfigKeys.MONITOR_TYPE]); expect( result.current.updatedPolicy.inputs[1]?.streams[0]?.vars?.[ConfigKeys.HOSTS].value - ).toEqual(defaultConfig[ConfigKeys.HOSTS]); + ).toEqual(defaultConfig[DataStream.TCP][ConfigKeys.HOSTS]); expect( result.current.updatedPolicy.inputs[1]?.streams[0]?.vars?.[ConfigKeys.SCHEDULE].value ).toEqual( JSON.stringify( - `@every ${defaultConfig[ConfigKeys.SCHEDULE].number}${ - defaultConfig[ConfigKeys.SCHEDULE].unit + `@every ${defaultConfig[DataStream.TCP][ConfigKeys.SCHEDULE].number}${ + defaultConfig[DataStream.TCP][ConfigKeys.SCHEDULE].unit }` ) ); expect( result.current.updatedPolicy.inputs[1]?.streams[0]?.vars?.[ConfigKeys.PROXY_URL].value - ).toEqual(tcpConfig[ConfigKeys.PROXY_URL]); + ).toEqual(defaultConfig[DataStream.TCP][ConfigKeys.PROXY_URL]); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.APM_SERVICE_NAME].value - ).toEqual(tcpConfig[ConfigKeys.APM_SERVICE_NAME]); + ).toEqual(defaultConfig[DataStream.TCP][ConfigKeys.APM_SERVICE_NAME]); expect( result.current.updatedPolicy.inputs[1]?.streams[0]?.vars?.[ConfigKeys.TIMEOUT].value - ).toEqual(`${tcpConfig[ConfigKeys.TIMEOUT]}s`); + ).toEqual(`${defaultConfig[DataStream.TCP][ConfigKeys.TIMEOUT]}s`); expect( result.current.updatedPolicy.inputs[1]?.streams[0]?.vars?.[ ConfigKeys.PROXY_USE_LOCAL_RESOLVER ].value - ).toEqual(tcpConfig[ConfigKeys.PROXY_USE_LOCAL_RESOLVER]); + ).toEqual(defaultConfig[DataStream.TCP][ConfigKeys.PROXY_USE_LOCAL_RESOLVER]); expect( result.current.updatedPolicy.inputs[1]?.streams[0]?.vars?.[ConfigKeys.RESPONSE_RECEIVE_CHECK] .value - ).toEqual(tcpConfig[ConfigKeys.RESPONSE_RECEIVE_CHECK]); + ).toEqual(defaultConfig[DataStream.TCP][ConfigKeys.RESPONSE_RECEIVE_CHECK]); expect( result.current.updatedPolicy.inputs[1]?.streams[0]?.vars?.[ConfigKeys.REQUEST_SEND_CHECK] .value - ).toEqual(tcpConfig[ConfigKeys.REQUEST_SEND_CHECK]); + ).toEqual(defaultConfig[DataStream.TCP][ConfigKeys.REQUEST_SEND_CHECK]); }); it('handles icmp data stream', () => { const onChange = jest.fn(); - const icmpConfig = { - ...defaultConfig, - [ConfigKeys.MONITOR_TYPE]: DataStream.ICMP, - }; const { result } = renderHook((props) => useUpdatePolicy(props), { - initialProps: { defaultConfig, newPolicy, onChange, validate }, - }); - - act(() => { - result.current.setConfig(icmpConfig); + initialProps: { defaultConfig, newPolicy, onChange, validate, monitorType: DataStream.ICMP }, }); // expect only icmp to be enabled @@ -506,25 +477,27 @@ describe('useBarChartsHooks', () => { expect( result.current.updatedPolicy.inputs[2]?.streams[0]?.vars?.[ConfigKeys.MONITOR_TYPE].value - ).toEqual(icmpConfig[ConfigKeys.MONITOR_TYPE]); + ).toEqual(defaultConfig[DataStream.ICMP][ConfigKeys.MONITOR_TYPE]); expect( result.current.updatedPolicy.inputs[2]?.streams[0]?.vars?.[ConfigKeys.HOSTS].value - ).toEqual(icmpConfig[ConfigKeys.HOSTS]); + ).toEqual(defaultConfig[DataStream.ICMP][ConfigKeys.HOSTS]); expect( result.current.updatedPolicy.inputs[2]?.streams[0]?.vars?.[ConfigKeys.SCHEDULE].value ).toEqual( JSON.stringify( - `@every ${icmpConfig[ConfigKeys.SCHEDULE].number}${icmpConfig[ConfigKeys.SCHEDULE].unit}` + `@every ${defaultConfig[DataStream.ICMP][ConfigKeys.SCHEDULE].number}${ + defaultConfig[DataStream.ICMP][ConfigKeys.SCHEDULE].unit + }` ) ); expect( result.current.updatedPolicy.inputs[0]?.streams[0]?.vars?.[ConfigKeys.APM_SERVICE_NAME].value - ).toEqual(defaultConfig[ConfigKeys.APM_SERVICE_NAME]); + ).toEqual(defaultConfig[DataStream.ICMP][ConfigKeys.APM_SERVICE_NAME]); expect( result.current.updatedPolicy.inputs[2]?.streams[0]?.vars?.[ConfigKeys.TIMEOUT].value - ).toEqual(`${icmpConfig[ConfigKeys.TIMEOUT]}s`); + ).toEqual(`${defaultConfig[DataStream.ICMP][ConfigKeys.TIMEOUT]}s`); expect( result.current.updatedPolicy.inputs[2]?.streams[0]?.vars?.[ConfigKeys.WAIT].value - ).toEqual(`${icmpConfig[ConfigKeys.WAIT]}s`); + ).toEqual(`${defaultConfig[DataStream.ICMP][ConfigKeys.WAIT]}s`); }); }); diff --git a/x-pack/plugins/uptime/public/components/fleet_package/use_update_policy.ts b/x-pack/plugins/uptime/public/components/fleet_package/use_update_policy.ts index cb11e9f9c4a9b1..2b2fb22866463f 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/use_update_policy.ts +++ b/x-pack/plugins/uptime/public/components/fleet_package/use_update_policy.ts @@ -6,10 +6,11 @@ */ import { useEffect, useRef, useState } from 'react'; import { NewPackagePolicy } from '../../../../fleet/public'; -import { ConfigKeys, Config, DataStream, Validation } from './types'; +import { ConfigKeys, PolicyConfig, DataStream, Validation, ICustomFields } from './types'; interface Props { - defaultConfig: Config; + monitorType: DataStream; + defaultConfig: PolicyConfig; newPolicy: NewPackagePolicy; onChange: (opts: { /** is current form state is valid */ @@ -20,22 +21,27 @@ interface Props { validate: Record; } -export const useUpdatePolicy = ({ defaultConfig, newPolicy, onChange, validate }: Props) => { +export const useUpdatePolicy = ({ + monitorType, + defaultConfig, + newPolicy, + onChange, + validate, +}: Props) => { const [updatedPolicy, setUpdatedPolicy] = useState(newPolicy); // Update the integration policy with our custom fields - const [config, setConfig] = useState(defaultConfig); - const currentConfig = useRef(defaultConfig); + const [config, setConfig] = useState>(defaultConfig[monitorType]); + const currentConfig = useRef>(defaultConfig[monitorType]); useEffect(() => { - const { type } = config; const configKeys = Object.keys(config) as ConfigKeys[]; - const validationKeys = Object.keys(validate[type]) as ConfigKeys[]; + const validationKeys = Object.keys(validate[monitorType]) as ConfigKeys[]; const configDidUpdate = configKeys.some((key) => config[key] !== currentConfig.current[key]); const isValid = - !!newPolicy.name && !validationKeys.find((key) => validate[type][key]?.(config[key])); + !!newPolicy.name && !validationKeys.find((key) => validate[monitorType][key]?.(config[key])); const formattedPolicy = { ...newPolicy }; const currentInput = formattedPolicy.inputs.find( - (input) => input.type === `synthetics/${type}` + (input) => input.type === `synthetics/${monitorType}` ); const dataStream = currentInput?.streams[0]; @@ -51,17 +57,19 @@ export const useUpdatePolicy = ({ defaultConfig, newPolicy, onChange, validate } if (configItem) { switch (key) { case ConfigKeys.SCHEDULE: - configItem.value = JSON.stringify(`@every ${config[key].number}${config[key].unit}`); // convert to cron + configItem.value = JSON.stringify( + `@every ${config[key]?.number}${config[key]?.unit}` + ); // convert to cron break; case ConfigKeys.RESPONSE_BODY_CHECK_NEGATIVE: case ConfigKeys.RESPONSE_BODY_CHECK_POSITIVE: case ConfigKeys.RESPONSE_STATUS_CHECK: case ConfigKeys.TAGS: - configItem.value = config[key].length ? JSON.stringify(config[key]) : null; + configItem.value = config[key]?.length ? JSON.stringify(config[key]) : null; break; case ConfigKeys.RESPONSE_HEADERS_CHECK: case ConfigKeys.REQUEST_HEADERS_CHECK: - configItem.value = Object.keys(config[key]).length + configItem.value = Object.keys(config?.[key] || []).length ? JSON.stringify(config[key]) : null; break; @@ -70,26 +78,26 @@ export const useUpdatePolicy = ({ defaultConfig, newPolicy, onChange, validate } configItem.value = config[key] ? `${config[key]}s` : null; // convert to cron break; case ConfigKeys.REQUEST_BODY_CHECK: - configItem.value = config[key].value ? JSON.stringify(config[key].value) : null; // only need value of REQUEST_BODY_CHECK for outputted policy + configItem.value = config[key]?.value ? JSON.stringify(config[key]?.value) : null; // only need value of REQUEST_BODY_CHECK for outputted policy break; case ConfigKeys.TLS_CERTIFICATE: case ConfigKeys.TLS_CERTIFICATE_AUTHORITIES: case ConfigKeys.TLS_KEY: configItem.value = - config[key].isEnabled && config[key].value - ? JSON.stringify(config[key].value) + config[key]?.isEnabled && config[key]?.value + ? JSON.stringify(config[key]?.value) : null; // only add tls settings if they are enabled by the user break; case ConfigKeys.TLS_VERSION: configItem.value = - config[key].isEnabled && config[key].value.length - ? JSON.stringify(config[key].value) + config[key]?.isEnabled && config[key]?.value.length + ? JSON.stringify(config[key]?.value) : null; // only add tls settings if they are enabled by the user break; case ConfigKeys.TLS_KEY_PASSPHRASE: case ConfigKeys.TLS_VERIFICATION_MODE: configItem.value = - config[key].isEnabled && config[key].value ? config[key].value : null; // only add tls settings if they are enabled by the user + config[key]?.isEnabled && config[key]?.value ? config[key]?.value : null; // only add tls settings if they are enabled by the user break; default: configItem.value = @@ -104,7 +112,7 @@ export const useUpdatePolicy = ({ defaultConfig, newPolicy, onChange, validate } updatedPolicy: formattedPolicy, }); } - }, [config, currentConfig, newPolicy, onChange, validate]); + }, [config, currentConfig, newPolicy, onChange, validate, monitorType]); // update our local config state ever time name, which is managed by fleet, changes useEffect(() => { diff --git a/x-pack/plugins/uptime/public/components/fleet_package/validation.tsx b/x-pack/plugins/uptime/public/components/fleet_package/validation.tsx index 5197cb9299e45e..f3057baf10381f 100644 --- a/x-pack/plugins/uptime/public/components/fleet_package/validation.tsx +++ b/x-pack/plugins/uptime/public/components/fleet_package/validation.tsx @@ -48,10 +48,6 @@ function validateTimeout({ // validation functions return true when invalid const validateCommon = { - [ConfigKeys.MAX_REDIRECTS]: (value: unknown) => - (!!value && !`${value}`.match(digitsOnly)) || - parseFloat(value as ICustomFields[ConfigKeys.MAX_REDIRECTS]) < 0, - [ConfigKeys.MONITOR_TYPE]: (value: unknown) => !value, [ConfigKeys.SCHEDULE]: (value: unknown) => { const { number, unit } = value as ICustomFields[ConfigKeys.SCHEDULE]; const parsedFloat = parseFloat(number); @@ -84,6 +80,9 @@ const validateHTTP = { const headers = value as ICustomFields[ConfigKeys.REQUEST_HEADERS_CHECK]; return validateHeaders(headers); }, + [ConfigKeys.MAX_REDIRECTS]: (value: unknown) => + (!!value && !`${value}`.match(digitsOnly)) || + parseFloat(value as ICustomFields[ConfigKeys.MAX_REDIRECTS]) < 0, [ConfigKeys.URLS]: (value: unknown) => !value, ...validateCommon, }; diff --git a/x-pack/plugins/uptime/public/components/overview/alerts/toggle_alert_flyout_button.tsx b/x-pack/plugins/uptime/public/components/overview/alerts/toggle_alert_flyout_button.tsx index fe507236569ec3..a1b745d07924ef 100644 --- a/x-pack/plugins/uptime/public/components/overview/alerts/toggle_alert_flyout_button.tsx +++ b/x-pack/plugins/uptime/public/components/overview/alerts/toggle_alert_flyout_button.tsx @@ -124,6 +124,8 @@ export const ToggleAlertFlyoutButtonComponent: React.FC = ({ { if (!valid) { return ( - - } - color="danger" - iconType="help" - > - {message}{' '} - - - - + + + +

+ } + body={

{message}

} + actions={[ + + + , + ]} + /> + ); } return ( diff --git a/x-pack/plugins/watcher/public/application/components/page_error/page_error.tsx b/x-pack/plugins/watcher/public/application/components/page_error/page_error.tsx index ca05d390518f26..321b5c0e5e11b7 100644 --- a/x-pack/plugins/watcher/public/application/components/page_error/page_error.tsx +++ b/x-pack/plugins/watcher/public/application/components/page_error/page_error.tsx @@ -25,7 +25,7 @@ export function getPageErrorCode(errorOrErrors: any) { } } -export function PageError({ errorCode, id }: { errorCode?: any; id?: any }) { +export function PageError({ errorCode, id }: { errorCode?: number; id?: string }) { switch (errorCode) { case 404: return ; diff --git a/x-pack/plugins/watcher/public/application/components/page_error/page_error_forbidden.tsx b/x-pack/plugins/watcher/public/application/components/page_error/page_error_forbidden.tsx index c2e93c7f066001..56dc5c7dc22b53 100644 --- a/x-pack/plugins/watcher/public/application/components/page_error/page_error_forbidden.tsx +++ b/x-pack/plugins/watcher/public/application/components/page_error/page_error_forbidden.tsx @@ -13,8 +13,7 @@ import { FormattedMessage } from '@kbn/i18n/react'; export function PageErrorForbidden() { return ( - + {id ? ( + + ) : ( + + )}

} /> diff --git a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit.tsx b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit.tsx index 8b5827fbd0fe0d..80931c3f60c05a 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit.tsx @@ -7,15 +7,7 @@ import React, { useContext, useState } from 'react'; -import { - EuiFlexGroup, - EuiFlexItem, - EuiPageContent, - EuiSpacer, - EuiTab, - EuiTabs, - EuiTitle, -} from '@elastic/eui'; +import { EuiPageHeader, EuiSpacer, EuiPageContentBody } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { ExecuteDetails } from '../../../../models/execute_details'; import { getActionType } from '../../../../../../common/lib/get_action_type'; @@ -96,36 +88,31 @@ export const JsonWatchEdit = ({ pageTitle }: { pageTitle: string }) => { const hasExecuteWatchErrors = !!Object.keys(executeWatchErrors).find( (errorKey) => executeWatchErrors[errorKey].length >= 1 ); + return ( - - - - -

{pageTitle}

- - - - - {WATCH_TABS.map((tab, index) => ( - { - setSelectedTab(tab.id); - setExecuteDetails( - new ExecuteDetails({ - ...executeDetails, - actionModes: getActionModes(watchActions), - }) - ); - }} - isSelected={tab.id === selectedTab} - key={index} - data-test-subj="tab" - > - {tab.name} - - ))} - + + {pageTitle}} + bottomBorder + tabs={WATCH_TABS.map((tab, index) => ({ + onClick: () => { + setSelectedTab(tab.id); + setExecuteDetails( + new ExecuteDetails({ + ...executeDetails, + actionModes: getActionModes(watchActions), + }) + ); + }, + isSelected: tab.id === selectedTab, + key: index, + 'data-test-subj': 'tab', + label: tab.name, + }))} + /> + + {selectedTab === WATCH_SIMULATE_TAB && ( { watchActions={watchActions} /> )} + {selectedTab === WATCH_EDIT_TAB && } - + ); }; diff --git a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/monitoring_watch_edit/monitoring_watch_edit.tsx b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/monitoring_watch_edit/monitoring_watch_edit.tsx index 930c11340ce5e3..b00e4dc310e27e 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/monitoring_watch_edit/monitoring_watch_edit.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/monitoring_watch_edit/monitoring_watch_edit.tsx @@ -7,16 +7,7 @@ import React, { useContext } from 'react'; -import { - EuiFlexGroup, - EuiFlexItem, - EuiPageContent, - EuiSpacer, - EuiTitle, - EuiCallOut, - EuiText, - EuiLink, -} from '@elastic/eui'; +import { EuiPageContent, EuiEmptyPrompt, EuiLink } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import { WatchContext } from '../../watch_context'; import { useAppContext } from '../../../../app_context'; @@ -27,46 +18,31 @@ export const MonitoringWatchEdit = ({ pageTitle }: { pageTitle: string }) => { const { watch } = useContext(WatchContext); const { history } = useAppContext(); - const systemWatchTitle = ( - - ); - const systemWatchMessage = ( - - - ), }} /> ); return ( - - - - -

{pageTitle}

- - - - - - -

{systemWatchMessage}

- - + + {pageTitle}

} + body={

{systemWatchMessage}

} + actions={[ + + + , + ]} + /> ); }; diff --git a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/threshold_watch_edit/threshold_watch_edit.tsx b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/threshold_watch_edit/threshold_watch_edit.tsx index 2f89a3bc2be641..6587974363a802 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/threshold_watch_edit/threshold_watch_edit.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/threshold_watch_edit/threshold_watch_edit.tsx @@ -18,13 +18,14 @@ import { EuiFlexGroup, EuiFlexItem, EuiForm, - EuiPageContent, EuiPopover, EuiPopoverTitle, EuiSelect, EuiSpacer, EuiText, EuiTitle, + EuiPageHeader, + EuiPageContentBody, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; @@ -236,19 +237,15 @@ export const ThresholdWatchEdit = ({ pageTitle }: { pageTitle: string }) => { }; return ( - - - - -

{pageTitle}

- - - - {watch.titleDescription} - - - - + + {pageTitle}} + description={watch.titleDescription} + bottomBorder + /> + + + {serverError && ( @@ -957,6 +954,6 @@ export const ThresholdWatchEdit = ({ pageTitle }: { pageTitle: string }) => { close={() => setIsRequestVisible(false)} /> ) : null} - + ); }; diff --git a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/watch_edit.tsx b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/watch_edit.tsx index 525ae077df655f..fa3c7e374f7b56 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/watch_edit.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/watch_edit.tsx @@ -10,19 +10,20 @@ import { isEqual } from 'lodash'; import { EuiPageContent } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; - import { FormattedMessage } from '@kbn/i18n/react'; -import { Watch } from '../../../models/watch'; + import { WATCH_TYPES } from '../../../../../common/constants'; import { BaseWatch } from '../../../../../common/types/watch_types'; -import { getPageErrorCode, PageError, SectionLoading, SectionError } from '../../../components'; +import { getPageErrorCode, PageError, SectionLoading } from '../../../components'; import { loadWatch } from '../../../lib/api'; import { listBreadcrumb, editBreadcrumb, createBreadcrumb } from '../../../lib/breadcrumbs'; +import { useAppContext } from '../../../app_context'; +import { Watch } from '../../../models/watch'; +import { PageError as GenericPageError } from '../../../shared_imports'; +import { WatchContext } from '../watch_context'; import { JsonWatchEdit } from './json_watch_edit'; import { ThresholdWatchEdit } from './threshold_watch_edit'; import { MonitoringWatchEdit } from './monitoring_watch_edit'; -import { WatchContext } from '../watch_context'; -import { useAppContext } from '../../../app_context'; const getTitle = (watch: BaseWatch) => { if (watch.isNew) { @@ -115,7 +116,7 @@ export const WatchEdit = ({ const loadedWatch = await loadWatch(id); dispatch({ command: 'setWatch', payload: loadedWatch }); } catch (error) { - dispatch({ command: 'setError', payload: error }); + dispatch({ command: 'setError', payload: error.body }); } } else if (type) { const WatchType = Watch.getWatchTypes()[type]; @@ -135,36 +136,34 @@ export const WatchEdit = ({ const errorCode = getPageErrorCode(loadError); if (errorCode) { return ( - + ); - } - - if (loadError) { + } else if (loadError) { return ( - - - } - error={loadError} - /> - + + } + error={loadError} + /> ); } if (!watch) { return ( - - - + + + + + ); } diff --git a/x-pack/plugins/watcher/public/application/sections/watch_list/components/watch_list.tsx b/x-pack/plugins/watcher/public/application/sections/watch_list/components/watch_list.tsx index 0e89871063507e..31accef0b63691 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_list/components/watch_list.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_list/components/watch_list.tsx @@ -11,25 +11,25 @@ import { CriteriaWithPagination, EuiButton, EuiButtonEmpty, - EuiFlexGroup, - EuiFlexItem, EuiInMemoryTable, EuiLink, EuiPageContent, EuiSpacer, EuiText, - EuiTitle, EuiToolTip, EuiEmptyPrompt, EuiButtonIcon, EuiPopover, EuiContextMenuPanel, EuiContextMenuItem, + EuiPageHeader, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; import { Moment } from 'moment'; +import { reactRouterNavigate } from '../../../../../../../../src/plugins/kibana_react/public'; + import { REFRESH_INTERVALS, PAGINATION, WATCH_TYPES } from '../../../../../common/constants'; import { listBreadcrumb } from '../../../lib/breadcrumbs'; import { @@ -37,15 +37,13 @@ import { PageError, DeleteWatchesModal, WatchStatus, - SectionError, SectionLoading, Error, } from '../../../components'; import { useLoadWatches } from '../../../lib/api'; import { goToCreateThresholdAlert, goToCreateAdvancedWatch } from '../../../lib/navigation'; import { useAppContext } from '../../../app_context'; - -import { reactRouterNavigate } from '../../../../../../../../src/plugins/kibana_react/public'; +import { PageError as GenericPageError } from '../../../shared_imports'; export const WatchList = () => { // hooks @@ -173,21 +171,36 @@ export const WatchList = () => { if (isWatchesLoading) { return ( - - - + + + + + ); } - if (getPageErrorCode(error)) { + const errorCode = getPageErrorCode(error); + if (errorCode) { return ( - - + + ); + } else if (error) { + return ( + + } + error={(error as unknown) as Error} + /> + ); } if (availableWatches && availableWatches.length === 0) { @@ -206,7 +219,7 @@ export const WatchList = () => { ); return ( - + { let content; - if (error) { - content = ( - - } - error={(error as unknown) as Error} - /> - ); - } else if (availableWatches) { + if (availableWatches) { const columns = [ { field: 'id', @@ -463,56 +464,46 @@ export const WatchList = () => { ); } - if (content) { - return ( - - { - if (deleted) { - setDeletedWatches([...deletedWatches, ...watchesToDelete]); - } - setWatchesToDelete([]); - }} - watchesToDelete={watchesToDelete} - /> - - - - -

- -

- - - - - - - - - - - - -

{watcherDescriptionText}

- + return ( + <> + + + + } + bottomBorder + rightSideItems={[ + + + , + ]} + description={watcherDescriptionText} + /> + { + if (deleted) { + setDeletedWatches([...deletedWatches, ...watchesToDelete]); + } + setWatchesToDelete([]); + }} + watchesToDelete={watchesToDelete} + /> - + - {content} - - ); - } - return null; + {content} + + ); }; diff --git a/x-pack/plugins/watcher/public/application/sections/watch_status/components/watch_status.tsx b/x-pack/plugins/watcher/public/application/sections/watch_status/components/watch_status.tsx index 1e3548620339aa..73400b9ccaaa72 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_status/components/watch_status.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_status/components/watch_status.tsx @@ -9,14 +9,10 @@ import React, { useEffect, useState } from 'react'; import { EuiPageContent, EuiSpacer, - EuiTabs, - EuiTab, - EuiFlexGroup, - EuiFlexItem, - EuiTitle, EuiToolTip, EuiBadge, EuiButtonEmpty, + EuiPageHeader, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; @@ -88,18 +84,20 @@ export const WatchStatus = ({ if (isWatchDetailLoading) { return ( - - - + + + + + ); } if (errorCode) { return ( - + ); @@ -156,20 +154,11 @@ export const WatchStatus = ({ return ( - - { - if (deleted) { - goToWatchList(); - } - setWatchesToDelete([]); - }} - watchesToDelete={watchesToDelete} - /> - - - -

+ <> + + -

- - - {isSystemWatch ? ( - - - } - > - - - - - - ) : ( - - - + + {isSystemWatch && ( + <> + {' '} + + } + > + + + + + + )} + + } + bottomBorder + rightSideItems={ + isSystemWatch + ? [] + : [ toggleWatchActivation()} isLoading={isTogglingActivation} > {activationButtonText} - - - + , { @@ -223,30 +213,34 @@ export const WatchStatus = ({ id="xpack.watcher.sections.watchHistory.deleteWatchButtonLabel" defaultMessage="Delete" /> - - - - - )} - - - - {WATCH_STATUS_TABS.map((tab, index) => ( - { - setSelectedTab(tab.id); - }} - isSelected={tab.id === selectedTab} - key={index} - data-test-subj="tab" - > - {tab.name} - - ))} - + , + ] + } + tabs={WATCH_STATUS_TABS.map((tab, index) => ({ + onClick: () => { + setSelectedTab(tab.id); + }, + isSelected: tab.id === selectedTab, + key: index, + 'data-test-subj': 'tab', + label: tab.name, + }))} + /> + + {selectedTab === WATCH_ACTIONS_TAB ? : } - + + { + if (deleted) { + goToWatchList(); + } + setWatchesToDelete([]); + }} + watchesToDelete={watchesToDelete} + /> + ); } diff --git a/x-pack/plugins/watcher/public/application/shared_imports.ts b/x-pack/plugins/watcher/public/application/shared_imports.ts index e3eb11eda77b30..44bef3b0c4f5f6 100644 --- a/x-pack/plugins/watcher/public/application/shared_imports.ts +++ b/x-pack/plugins/watcher/public/application/shared_imports.ts @@ -12,4 +12,5 @@ export { sendRequest, useRequest, XJson, + PageError, } from '../../../../../src/plugins/es_ui_shared/public'; diff --git a/x-pack/test/api_integration/apis/ml/modules/index.ts b/x-pack/test/api_integration/apis/ml/modules/index.ts index ab46c4f0333c8c..f6c36c61b998ca 100644 --- a/x-pack/test/api_integration/apis/ml/modules/index.ts +++ b/x-pack/test/api_integration/apis/ml/modules/index.ts @@ -12,7 +12,9 @@ export default function ({ getService, loadTestFile }: FtrProviderContext) { const fleetPackages = ['apache-0.5.0', 'nginx-0.5.0']; - describe('modules', function () { + // Failing: See https://github.com/elastic/kibana/issues/102282 + // Failing: See https://github.com/elastic/kibana/issues/102283 + describe.skip('modules', function () { before(async () => { for (const fleetPackage of fleetPackages) { await ml.testResources.installFleetPackage(fleetPackage); diff --git a/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts b/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts index 1f8d1144349dd5..3c2e98cfdae47c 100644 --- a/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts +++ b/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts @@ -8,6 +8,7 @@ import expect from '@kbn/expect'; import { merge, omit } from 'lodash'; import { format } from 'url'; +import { EVENT_KIND } from '@kbn/rule-data-utils/target/technical_field_names'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { registry } from '../../common/registry'; @@ -259,7 +260,9 @@ export default function ApiTest({ getService }: FtrProviderContext) { index: ALERTS_INDEX_TARGET, body: { query: { - match_all: {}, + term: { + [EVENT_KIND]: 'signal', + }, }, size: 1, sort: { @@ -286,7 +289,9 @@ export default function ApiTest({ getService }: FtrProviderContext) { index: ALERTS_INDEX_TARGET, body: { query: { - match_all: {}, + term: { + [EVENT_KIND]: 'signal', + }, }, size: 1, sort: { @@ -313,7 +318,9 @@ export default function ApiTest({ getService }: FtrProviderContext) { index: ALERTS_INDEX_TARGET, body: { query: { - match_all: {}, + term: { + [EVENT_KIND]: 'signal', + }, }, size: 1, sort: { @@ -346,7 +353,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { "open", ], "event.kind": Array [ - "state", + "signal", ], "kibana.rac.alert.duration.us": Array [ 0, @@ -416,7 +423,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { "open", ], "event.kind": Array [ - "state", + "signal", ], "kibana.rac.alert.duration.us": Array [ 0, @@ -486,7 +493,9 @@ export default function ApiTest({ getService }: FtrProviderContext) { index: ALERTS_INDEX_TARGET, body: { query: { - match_all: {}, + term: { + [EVENT_KIND]: 'signal', + }, }, size: 1, sort: { @@ -521,7 +530,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { "close", ], "event.kind": Array [ - "state", + "signal", ], "kibana.rac.alert.evaluation.threshold": Array [ 30, diff --git a/x-pack/test/apm_api_integration/tests/services/annotations.ts b/x-pack/test/apm_api_integration/tests/services/annotations.ts index 9a634c9bf82470..34eadbe3c609ce 100644 --- a/x-pack/test/apm_api_integration/tests/services/annotations.ts +++ b/x-pack/test/apm_api_integration/tests/services/annotations.ts @@ -7,7 +7,7 @@ import expect from '@kbn/expect'; import { merge, cloneDeep, isPlainObject } from 'lodash'; -import { JsonObject } from 'src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { registry } from '../../common/registry'; diff --git a/x-pack/test/fleet_functional/apps/fleet/agents_page.ts b/x-pack/test/fleet_functional/apps/fleet/agents_page.ts new file mode 100644 index 00000000000000..515eaa65f5310a --- /dev/null +++ b/x-pack/test/fleet_functional/apps/fleet/agents_page.ts @@ -0,0 +1,38 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../ftr_provider_context'; + +export default function ({ getPageObjects, getService }: FtrProviderContext) { + const { agentsPage } = getPageObjects(['agentsPage']); + + describe('When in the Fleet application', function () { + this.tags(['ciGroup7']); + + describe('and on the agents page', () => { + before(async () => { + await agentsPage.navigateToAgentsPage(); + }); + + it('should show the agents tab', async () => { + await agentsPage.agentsTabExistsOrFail(); + }); + + it('should show the agent policies tab', async () => { + await agentsPage.agentPoliciesTabExistsOrFail(); + }); + + it('should show the enrollment tokens tab', async () => { + await agentsPage.enrollmentTokensTabExistsOrFail(); + }); + + it('should show the data streams tab', async () => { + await agentsPage.dataStreamsTabExistsOrFail(); + }); + }); + }); +} diff --git a/x-pack/test/fleet_functional/apps/fleet/index.ts b/x-pack/test/fleet_functional/apps/fleet/index.ts index 23a070cb799340..ec16e2d8571831 100644 --- a/x-pack/test/fleet_functional/apps/fleet/index.ts +++ b/x-pack/test/fleet_functional/apps/fleet/index.ts @@ -12,6 +12,6 @@ export default function (providerContext: FtrProviderContext) { describe('endpoint', function () { this.tags('ciGroup7'); - loadTestFile(require.resolve('./overview_page')); + loadTestFile(require.resolve('./agents_page')); }); } diff --git a/x-pack/test/fleet_functional/apps/fleet/overview_page.ts b/x-pack/test/fleet_functional/apps/fleet/overview_page.ts deleted file mode 100644 index 3d3b069665448b..00000000000000 --- a/x-pack/test/fleet_functional/apps/fleet/overview_page.ts +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../ftr_provider_context'; - -export default function ({ getPageObjects, getService }: FtrProviderContext) { - const { overviewPage } = getPageObjects(['overviewPage']); - - describe('When in the Fleet application', function () { - this.tags(['ciGroup7']); - - describe('and on the Overview page', () => { - before(async () => { - await overviewPage.navigateToOverview(); - }); - - it('should show the Integrations section', async () => { - await overviewPage.integrationsSectionExistsOrFail(); - }); - - it('should show the Agents section', async () => { - await overviewPage.agentSectionExistsOrFail(); - }); - - it('should show the Agent policies section', async () => { - await overviewPage.agentPolicySectionExistsOrFail(); - }); - - it('should show the Data streams section', async () => { - await overviewPage.datastreamSectionExistsOrFail(); - }); - }); - }); -} diff --git a/x-pack/test/fleet_functional/page_objects/overview_page.ts b/x-pack/test/fleet_functional/page_objects/agents_page.ts similarity index 55% rename from x-pack/test/fleet_functional/page_objects/overview_page.ts rename to x-pack/test/fleet_functional/page_objects/agents_page.ts index 2fd351184c7fe9..99e9ebfdcc15a5 100644 --- a/x-pack/test/fleet_functional/page_objects/overview_page.ts +++ b/x-pack/test/fleet_functional/page_objects/agents_page.ts @@ -11,31 +11,32 @@ import { PLUGIN_ID } from '../../../plugins/fleet/common'; // NOTE: import path below should be the deep path to the actual module - else we get CI errors import { pagePathGetters } from '../../../plugins/fleet/public/constants/page_paths'; -export function OverviewPage({ getService, getPageObjects }: FtrProviderContext) { +export function AgentsPage({ getService, getPageObjects }: FtrProviderContext) { const pageObjects = getPageObjects(['common']); const testSubjects = getService('testSubjects'); return { - async navigateToOverview() { + async navigateToAgentsPage() { await pageObjects.common.navigateToApp(PLUGIN_ID, { - hash: pagePathGetters.overview()[1], + // Fleet's "/" route should redirect to "/agents" + hash: pagePathGetters.base()[1], }); }, - async integrationsSectionExistsOrFail() { - await testSubjects.existOrFail('fleet-integrations-section'); + async agentsTabExistsOrFail() { + await testSubjects.existOrFail('fleet-agents-tab'); }, - async agentPolicySectionExistsOrFail() { - await testSubjects.existOrFail('fleet-agent-policy-section'); + async agentPoliciesTabExistsOrFail() { + await testSubjects.existOrFail('fleet-agent-policies-tab'); }, - async agentSectionExistsOrFail() { - await testSubjects.existOrFail('fleet-agent-section'); + async enrollmentTokensTabExistsOrFail() { + await testSubjects.existOrFail('fleet-enrollment-tokens-tab'); }, - async datastreamSectionExistsOrFail() { - await testSubjects.existOrFail('fleet-datastream-section'); + async dataStreamsTabExistsOrFail() { + await testSubjects.existOrFail('fleet-datastreams-tab'); }, }; } diff --git a/x-pack/test/fleet_functional/page_objects/index.ts b/x-pack/test/fleet_functional/page_objects/index.ts index 2c534285146e54..f0543aa3c7e89e 100644 --- a/x-pack/test/fleet_functional/page_objects/index.ts +++ b/x-pack/test/fleet_functional/page_objects/index.ts @@ -6,9 +6,9 @@ */ import { pageObjects as xpackFunctionalPageObjects } from '../../functional/page_objects'; -import { OverviewPage } from './overview_page'; +import { AgentsPage } from './agents_page'; export const pageObjects = { ...xpackFunctionalPageObjects, - overviewPage: OverviewPage, + agentsPage: AgentsPage, }; diff --git a/x-pack/test/functional/apps/canvas/lens.ts b/x-pack/test/functional/apps/canvas/lens.ts index ed1bf246fae650..67ba40a99684ec 100644 --- a/x-pack/test/functional/apps/canvas/lens.ts +++ b/x-pack/test/functional/apps/canvas/lens.ts @@ -22,6 +22,10 @@ export default function canvasLensTest({ getService, getPageObjects }: FtrProvid }); }); + after(async () => { + await esArchiver.unload('x-pack/test/functional/es_archives/canvas/lens'); + }); + it('renders lens visualization', async () => { await PageObjects.header.waitUntilLoadingHasFinished(); diff --git a/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts b/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts index 04f251d247d1b5..52fcac769955c5 100644 --- a/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts +++ b/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts @@ -20,6 +20,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { describe('security', () => { before(async () => { await esArchiver.load('x-pack/test/functional/es_archives/empty_kibana'); + await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/logstash_functional'); }); after(async () => { diff --git a/x-pack/test/functional/apps/saved_objects_management/exports/_7.13_import_saved_objects.ndjson b/x-pack/test/functional/apps/saved_objects_management/exports/_7.13_import_saved_objects.ndjson index 5b2a4748d2eee9..5c80b7f0624fe5 100644 --- a/x-pack/test/functional/apps/saved_objects_management/exports/_7.13_import_saved_objects.ndjson +++ b/x-pack/test/functional/apps/saved_objects_management/exports/_7.13_import_saved_objects.ndjson @@ -1,72 +1,88 @@ -{"attributes":{"accessCount":0,"accessDate":1621977234367,"createDate":1621977234367,"url":"/app/dashboards#/view/154944b0-6249-11eb-aebf-c306684b328d?embed=true&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15y,to:now))&_a=(description:%27%27,filters:!(),fullScreenMode:!f,options:(darkTheme:!f,hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(enhancements:()),gridData:(h:15,i:%271%27,w:24,x:0,y:0),id:%2736b91810-6239-11eb-aebf-c306684b328d%27,panelIndex:%271%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:(),vis:!n),gridData:(h:15,i:%272%27,w:24,x:24,y:0),id:%270a274320-61cc-11eb-aebf-c306684b328d%27,panelIndex:%272%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%273%27,w:24,x:0,y:15),id:e4aef350-623d-11eb-aebf-c306684b328d,panelIndex:%273%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%274%27,w:24,x:24,y:15),id:f92e5630-623e-11eb-aebf-c306684b328d,panelIndex:%274%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:(),vis:!n),gridData:(h:15,i:%275%27,w:24,x:0,y:30),id:%279853d4d0-623d-11eb-aebf-c306684b328d%27,panelIndex:%275%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:(),vis:!n),gridData:(h:15,i:%276%27,w:24,x:24,y:30),id:%276ecb33b0-623d-11eb-aebf-c306684b328d%27,panelIndex:%276%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:(),vis:!n),gridData:(h:15,i:%277%27,w:24,x:0,y:45),id:b8e35c80-623c-11eb-aebf-c306684b328d,panelIndex:%277%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%278%27,w:24,x:24,y:45),id:f1bc75d0-6239-11eb-aebf-c306684b328d,panelIndex:%278%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%279%27,w:24,x:0,y:60),id:%270d8a8860-623a-11eb-aebf-c306684b328d%27,panelIndex:%279%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2710%27,w:24,x:24,y:60),id:d79fe3d0-6239-11eb-aebf-c306684b328d,panelIndex:%2710%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2711%27,w:24,x:0,y:75),id:%27318375a0-6240-11eb-aebf-c306684b328d%27,panelIndex:%2711%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2712%27,w:24,x:24,y:75),id:e461eb20-6245-11eb-aebf-c306684b328d,panelIndex:%2712%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2713%27,w:24,x:0,y:90),id:%2725bdc750-6242-11eb-aebf-c306684b328d%27,panelIndex:%2713%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2714%27,w:24,x:24,y:90),id:%2771dd7bc0-6248-11eb-aebf-c306684b328d%27,panelIndex:%2714%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2715%27,w:24,x:0,y:105),id:%276aea48a0-6240-11eb-aebf-c306684b328d%27,panelIndex:%2715%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2716%27,w:24,x:24,y:105),id:%2732b681f0-6241-11eb-aebf-c306684b328d%27,panelIndex:%2716%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2717%27,w:24,x:0,y:120),id:ccca99e0-6244-11eb-aebf-c306684b328d,panelIndex:%2717%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2718%27,w:24,x:24,y:120),id:a4d7be80-6245-11eb-aebf-c306684b328d,panelIndex:%2718%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2719%27,w:24,x:0,y:135),id:c94d8440-6248-11eb-aebf-c306684b328d,panelIndex:%2719%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2720%27,w:24,x:24,y:135),id:db6226f0-61c0-11eb-aebf-c306684b328d,panelIndex:%2720%27,type:search,version:%277.13.1%27)),query:(language:lucene,query:%27%27),tags:!(),timeRestore:!f,title:logstash_dashboardwithtime,viewMode:view)"},"coreMigrationVersion":"7.13.1","id":"058bc10f0578013fc41ddedc9a1dcd1e","references":[],"sort":[1621977234371,155],"type":"url","updated_at":"2021-05-25T21:13:54.371Z","version":"Wzk3LDJd"} -{"attributes":{"fieldAttrs":"{\"machine.os\":{\"count\":1},\"spaces\":{\"count\":1},\"type\":{\"count\":1},\"bytes_scripted\":{\"count\":1}}","fields":"[{\"count\":1,\"script\":\"doc['bytes'].value*1024\",\"lang\":\"painless\",\"name\":\"bytes_scripted\",\"type\":\"number\",\"scripted\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"logstash-*"},"coreMigrationVersion":"7.13.1","id":"56b34100-619d-11eb-aebf-c306684b328d","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1621974324983,81],"type":"index-pattern","updated_at":"2021-05-25T20:25:24.983Z","version":"WzEyLDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_scriptedfieldviz","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"logstash_scriptedfieldviz\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":true,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"schema\":\"group\",\"params\":{\"field\":\"bytes_scripted\",\"ranges\":[{\"from\":0,\"to\":40000},{\"from\":40001,\"to\":20000000}]}}]}"},"coreMigrationVersion":"7.13.1","id":"0a274320-61cc-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974352673,78],"type":"visualization","updated_at":"2021-05-25T20:25:52.673Z","version":"WzY4LDJd"} -{"attributes":{"color":"#81a93f","description":"","name":"logstash_tag"},"coreMigrationVersion":"7.13.1","id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","references":[],"sort":[1621977573626,178],"type":"tag","updated_at":"2021-05-25T21:19:33.626Z","version":"WzE1MSwyXQ=="} -{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"4c2394ca-a6a2-4f8d-9631-259eb3a9627f\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"geo.coordinates\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"7555324e-e793-4b7d-a9d2-cd63e6b7fe3d\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"tooltipProperties\":[\"geo.srcdest\",\"machine.os\",\"type\"],\"sortField\":\"bytes_scripted\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"6a493d8b-a220-46bc-8906-a1a7569799e0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"extension.raw\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"CATEGORICAL\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"machine.os.raw\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"CATEGORICAL\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"BLENDED_VECTOR\",\"joins\":[]}]","mapStateJSON":"{\"zoom\":1.56,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"logstash_maps","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"7.13.1","id":"0c5974f0-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"map":"7.12.0"},"references":[{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"layer_1_source_index_pattern","type":"index-pattern"}],"sort":[1622058811844,517],"type":"map","updated_at":"2021-05-26T19:53:31.844Z","version":"WzExODAsMl0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logstash_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"bucket\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-07-24T08:58:14.175Z\",\"to\":\"2015-11-11T13:28:17.223Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.1","id":"0d8a8860-623a-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974339308,101],"type":"visualization","updated_at":"2021-05-25T20:25:39.308Z","version":"WzQyLDJd"} -{"attributes":{"description":null,"state":{"datasourceStates":{"indexpattern":{"layers":{"35fd070e-5bbc-4906-bf69-8548a213d7a0":{"columnOrder":["2bf7969f-0371-4df2-a398-0a191e428ce5","aab812d6-609b-444d-9990-1e67f85fd85d","e9829e8a-c484-4c9d-b489-f1eb3fb138d2","4fc9fb3b-29a5-4679-ab3c-90d5daaf0661"],"columns":{"2bf7969f-0371-4df2-a398-0a191e428ce5":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"4fc9fb3b-29a5-4679-ab3c-90d5daaf0661":{"dataType":"number","isBucketed":false,"label":"Moving average of Median of bytes","operationType":"moving_average","params":{"window":5},"references":["e9829e8a-c484-4c9d-b489-f1eb3fb138d2"],"scale":"ratio"},"aab812d6-609b-444d-9990-1e67f85fd85d":{"dataType":"number","isBucketed":false,"label":"Average of bytes","operationType":"average","scale":"ratio","sourceField":"bytes"},"e9829e8a-c484-4c9d-b489-f1eb3fb138d2":{"dataType":"number","isBucketed":false,"label":"Median of bytes","operationType":"median","scale":"ratio","sourceField":"bytes"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["aab812d6-609b-444d-9990-1e67f85fd85d","4fc9fb3b-29a5-4679-ab3c-90d5daaf0661"],"layerId":"35fd070e-5bbc-4906-bf69-8548a213d7a0","position":"top","seriesType":"bar_stacked","showGridlines":false,"xAccessor":"2bf7969f-0371-4df2-a398-0a191e428ce5"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_barvertical_stacked_average","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"0dbbf8b0-be3c-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-35fd070e-5bbc-4906-bf69-8548a213d7a0","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622144050677,978],"type":"lens","updated_at":"2021-05-27T19:34:10.677Z","version":"WzE5OTQsMl0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_area_chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_area_chart\",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2010-01-28T19:25:55.242Z\",\"to\":\"2021-01-28T19:40:55.242Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"machine.os.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"machine OS\"}}]}"},"coreMigrationVersion":"7.13.1","id":"36b91810-6239-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974331088,14],"type":"visualization","updated_at":"2021-05-25T20:25:31.088Z","version":"WzI2LDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_horizontal","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_horizontal\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"no of documents\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"no of documents\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"no of documents\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-07-24T08:58:14.175Z\",\"to\":\"2015-11-11T13:28:17.223Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"agent.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"extension.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.1","id":"e4aef350-623d-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974333130,10],"type":"visualization","updated_at":"2021-05-25T20:25:33.130Z","version":"WzMwLDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_linechart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_linechart\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"radiusRatio\":51,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-09-18T06:38:43.311Z\",\"to\":\"2015-09-26T04:02:51.104Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"radius\",\"params\":{\"field\":\"bytes\",\"customLabel\":\"bubbles\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"machine.os.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.1","id":"f92e5630-623e-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974334172,12],"type":"visualization","updated_at":"2021-05-25T20:25:34.172Z","version":"WzMyLDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_heatmap","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0% - 25%\":\"rgb(255,255,204)\",\"25% - 50%\":\"rgb(254,217,118)\",\"50% - 75%\":\"rgb(253,141,60)\",\"75% - 100%\":\"rgb(227,27,28)\"}}}","version":1,"visState":"{\"title\":\"logstash_heatmap\",\"type\":\"heatmap\",\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Yellow to Red\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":true,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"#555\"}}],\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-07-24T08:58:14.175Z\",\"to\":\"2015-11-11T13:28:17.223Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"machine.os.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"response.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.1","id":"9853d4d0-623d-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974335202,93],"type":"visualization","updated_at":"2021-05-25T20:25:35.202Z","version":"WzM0LDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_goalchart","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 33\":\"rgb(0,104,55)\",\"33 - 67\":\"rgb(255,255,190)\",\"67 - 100\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"title\":\"logstash_goalchart\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":true,\"gaugeType\":\"Circle\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000},{\"from\":10001,\"to\":20000},{\"from\":20001,\"to\":30000}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60},\"minAngle\":0,\"maxAngle\":6.283185307179586}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"group\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-07-24T08:58:14.175Z\",\"to\":\"2015-11-11T13:28:17.223Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"7.13.1","id":"6ecb33b0-623d-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974336232,97],"type":"visualization","updated_at":"2021-05-25T20:25:36.232Z","version":"WzM2LDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_gauge","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 50\":\"rgb(0,104,55)\",\"50 - 75\":\"rgb(255,255,190)\",\"75 - 100\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"title\":\"logstash_gauge\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":50},{\"from\":50,\"to\":75},{\"from\":75,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"\",\"fontSize\":60,\"labelColor\":true},\"alignment\":\"horizontal\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"schema\":\"group\",\"params\":{\"field\":\"bytes\",\"ranges\":[{\"from\":0,\"to\":10001},{\"from\":10002,\"to\":1000000}],\"json\":\"\"}}]}"},"coreMigrationVersion":"7.13.1","id":"b8e35c80-623c-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974337263,95],"type":"visualization","updated_at":"2021-05-25T20:25:37.263Z","version":"WzM4LDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_coordinatemaps","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_coordinatemaps\",\"type\":\"tile_map\",\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors|OpenMapTiles|Elastic Maps Service

\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.coordinates\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":[0,0],\"precision\":2,\"customLabel\":\"logstash src/dest\"}}]}"},"coreMigrationVersion":"7.13.1","id":"f1bc75d0-6239-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974338282,99],"type":"visualization","updated_at":"2021-05-25T20:25:38.282Z","version":"WzQwLDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"logstash_inputcontrols","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_inputcontrols\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1611928563867\",\"fieldName\":\"machine.ram\",\"parent\":\"\",\"label\":\"Logstash RAM\",\"type\":\"range\",\"options\":{\"decimalPlaces\":0,\"step\":1024},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1611928586274\",\"fieldName\":\"machine.os.raw\",\"parent\":\"\",\"label\":\"Logstash OS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"7.13.1","id":"d79fe3d0-6239-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"control_0_index_pattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"control_1_index_pattern","type":"index-pattern"}],"sort":[1621974340341,25],"type":"visualization","updated_at":"2021-05-25T20:25:40.341Z","version":"WzQ0LDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"logstash_markdown","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_markdown\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":true,\"markdown\":\"Kibana is built with JS https://www.javascript.com/\"},\"aggs\":[]}"},"coreMigrationVersion":"7.13.1","id":"318375a0-6240-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[],"sort":[1621974341379,22],"type":"visualization","updated_at":"2021-05-25T20:25:41.379Z","version":"WzQ2LDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"logstash_vegaviz","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_vegaviz\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n/*\\n\\nWelcome to Vega visualizations. Here you can design your own dataviz from scratch using a declarative language called Vega, or its simpler form Vega-Lite. In Vega, you have the full control of what data is loaded, even from multiple sources, how that data is transformed, and what visual elements are used to show it. Use help icon to view Vega examples, tutorials, and other docs. Use the wrench icon to reformat this text, or to remove comments.\\n\\nThis example graph shows the document count in all indexes in the current time range. You might need to adjust the time filter in the upper right corner.\\n*/\\n\\n $schema: https://vega.github.io/schema/vega-lite/v2.json\\n title: Event counts from all indexes\\n\\n // Define the data source\\n data: {\\n url: {\\n/*\\nAn object instead of a string for the \\\"url\\\" param is treated as an Elasticsearch query. Anything inside this object is not part of the Vega language, but only understood by Kibana and Elasticsearch server. This query counts the number of documents per time interval, assuming you have a @timestamp field in your data.\\n\\nKibana has a special handling for the fields surrounded by \\\"%\\\". They are processed before the the query is sent to Elasticsearch. This way the query becomes context aware, and can use the time range and the dashboard filters.\\n*/\\n\\n // Apply dashboard context filters when set\\n %context%: true\\n // Filter the time picker (upper right corner) with this field\\n %timefield%: @timestamp\\n\\n/*\\nSee .search() documentation for : https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/api-reference.html#api-search\\n*/\\n\\n // Which index to search\\n index: logstash-*\\n // Aggregate data by the time field into time buckets, counting the number of documents in each bucket.\\n body: {\\n aggs: {\\n time_buckets: {\\n date_histogram: {\\n // Use date histogram aggregation on @timestamp field\\n field: @timestamp\\n // The interval value will depend on the daterange picker (true), or use an integer to set an approximate bucket count\\n interval: {%autointerval%: true}\\n // Make sure we get an entire range, even if it has no data\\n extended_bounds: {\\n // Use the current time range's start and end\\n min: {%timefilter%: \\\"min\\\"}\\n max: {%timefilter%: \\\"max\\\"}\\n }\\n // Use this for linear (e.g. line, area) graphs. Without it, empty buckets will not show up\\n min_doc_count: 13\\n }\\n }\\n }\\n // Speed up the response by only including aggregation results\\n size: 0\\n }\\n }\\n/*\\nElasticsearch will return results in this format:\\n\\naggregations: {\\n time_buckets: {\\n buckets: [\\n {\\n key_as_string: 2015-11-30T22:00:00.000Z\\n key: 1448920800000\\n doc_count: 0\\n },\\n {\\n key_as_string: 2015-11-30T23:00:00.000Z\\n key: 1448924400000\\n doc_count: 0\\n }\\n ...\\n ]\\n }\\n}\\n\\nFor our graph, we only need the list of bucket values. Use the format.property to discard everything else.\\n*/\\n format: {property: \\\"aggregations.time_buckets.buckets\\\"}\\n }\\n\\n // \\\"mark\\\" is the graphics element used to show our data. Other mark values are: area, bar, circle, line, point, rect, rule, square, text, and tick. See https://vega.github.io/vega-lite/docs/mark.html\\n mark: line\\n\\n // \\\"encoding\\\" tells the \\\"mark\\\" what data to use and in what way. See https://vega.github.io/vega-lite/docs/encoding.html\\n encoding: {\\n x: {\\n // The \\\"key\\\" value is the timestamp in milliseconds. Use it for X axis.\\n field: key\\n type: temporal\\n axis: {title: false} // Customize X axis format\\n }\\n y: {\\n // The \\\"doc_count\\\" is the count per bucket. Use it for Y axis.\\n field: doc_count\\n type: quantitative\\n axis: {title: \\\"Document count\\\"}\\n }\\n }\\n}\\n\"},\"aggs\":[]}"},"coreMigrationVersion":"7.13.1","id":"e461eb20-6245-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[],"sort":[1621974342396,17],"type":"visualization","updated_at":"2021-05-25T20:25:42.396Z","version":"WzQ4LDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_regionmap","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_regionmap\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"https://maps.elastic.co/v6.7?locale=en#file/world_countries\",\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"type\":\"id\",\"name\":\"iso2\",\"description\":\"ISO 3166-1 alpha-2 code\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors|OpenMapTiles|Elastic Maps Service

\"}},\"selectedLayer\":{\"name\":\"World Countries\",\"origin\":\"elastic_maps_service\",\"id\":\"world_countries\",\"created_at\":\"2017-04-26T17:12:15.978370\",\"attribution\":\"Made with NaturalEarth | Elastic Maps Service\",\"fields\":[{\"type\":\"id\",\"name\":\"iso2\",\"description\":\"ISO 3166-1 alpha-2 code\"},{\"type\":\"id\",\"name\":\"iso3\",\"description\":\"ISO 3166-1 alpha-3 code\"},{\"type\":\"property\",\"name\":\"name\",\"description\":\"name\"}],\"format\":{\"type\":\"geojson\"},\"layerId\":\"elastic_maps_service.World Countries\",\"isEMS\":true}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.dest\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.1","id":"25bdc750-6242-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974343416,19],"type":"visualization","updated_at":"2021-05-25T20:25:43.416Z","version":"WzUwLDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_verticalbarchart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_verticalbarchart\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"row\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-09-18T06:38:43.311Z\",\"to\":\"2015-09-26T04:02:51.104Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"scaleMetricValues\":true}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"response.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response code\"}}]}"},"coreMigrationVersion":"7.13.1","id":"71dd7bc0-6248-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974344441,16],"type":"visualization","updated_at":"2021-05-25T20:25:44.441Z","version":"WzUyLDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_metricviz","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_metricviz\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"schema\":\"group\",\"params\":{\"field\":\"bytes_scripted\",\"ranges\":[{\"from\":0,\"to\":10000},{\"from\":10001,\"to\":300000}]}}]}"},"coreMigrationVersion":"7.13.1","id":"6aea48a0-6240-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974346488,27],"type":"visualization","updated_at":"2021-05-25T20:25:46.488Z","version":"WzU2LDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_piechart","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"machine.os.raw\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"title\":\"logstash_piechart\",\"type\":\"pie\"}"},"coreMigrationVersion":"7.13.1","id":"32b681f0-6241-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974347523,29],"type":"visualization","updated_at":"2021-05-25T20:25:47.523Z","version":"WzU4LDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_tagcloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_tagcloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.srcdest\",\"size\":23,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.1","id":"ccca99e0-6244-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974348553,33],"type":"visualization","updated_at":"2021-05-25T20:25:48.553Z","version":"WzYwLDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"title":"logstash_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q='machine.os.raw:win xp' , index=logstash-*)\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"7.13.1","id":"a4d7be80-6245-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[],"sort":[1621974349582,34],"type":"visualization","updated_at":"2021-05-25T20:25:49.582Z","version":"WzYyLDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"logstash_tsvb","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_tsvb\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"machine.os.raw\",\"template\":\"{{machine.os.raw}}\",\"index_pattern\":\"logstash-*\",\"query_string\":{\"query\":\"machine.os.raw :\\\"win xp\\\" \",\"language\":\"lucene\"},\"id\":\"aa43ceb0-6248-11eb-9a82-ef1c6e6c0265\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":1,\"ignore_panel_filters\":1}],\"use_kibana_indexes\":false},\"aggs\":[]}"},"coreMigrationVersion":"7.13.1","id":"c94d8440-6248-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[],"sort":[1621974351638,79],"type":"visualization","updated_at":"2021-05-25T20:25:51.638Z","version":"WzY2LDJd"} -{"attributes":{"columns":["bytes_scripted"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"machine.os.raw :\\\"win xp\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"logstash_scripted_saved_search","version":1},"coreMigrationVersion":"7.13.1","id":"db6226f0-61c0-11eb-aebf-c306684b328d","migrationVersion":{"search":"7.9.3"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974329204,4],"type":"search","updated_at":"2021-05-25T20:25:29.204Z","version":"WzIyLDJd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"14\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":105},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":24,\"x\":0,\"y\":120},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"18\",\"w\":24,\"x\":24,\"y\":120},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"19\",\"w\":24,\"x\":0,\"y\":135},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"20\",\"w\":24,\"x\":24,\"y\":135},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"logstash_dashboardwithtime","version":1},"coreMigrationVersion":"7.13.1","id":"154944b0-6249-11eb-aebf-c306684b328d","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"36b91810-6239-11eb-aebf-c306684b328d","name":"1:panel_1","type":"visualization"},{"id":"0a274320-61cc-11eb-aebf-c306684b328d","name":"2:panel_2","type":"visualization"},{"id":"e4aef350-623d-11eb-aebf-c306684b328d","name":"3:panel_3","type":"visualization"},{"id":"f92e5630-623e-11eb-aebf-c306684b328d","name":"4:panel_4","type":"visualization"},{"id":"9853d4d0-623d-11eb-aebf-c306684b328d","name":"5:panel_5","type":"visualization"},{"id":"6ecb33b0-623d-11eb-aebf-c306684b328d","name":"6:panel_6","type":"visualization"},{"id":"b8e35c80-623c-11eb-aebf-c306684b328d","name":"7:panel_7","type":"visualization"},{"id":"f1bc75d0-6239-11eb-aebf-c306684b328d","name":"8:panel_8","type":"visualization"},{"id":"0d8a8860-623a-11eb-aebf-c306684b328d","name":"9:panel_9","type":"visualization"},{"id":"d79fe3d0-6239-11eb-aebf-c306684b328d","name":"10:panel_10","type":"visualization"},{"id":"318375a0-6240-11eb-aebf-c306684b328d","name":"11:panel_11","type":"visualization"},{"id":"e461eb20-6245-11eb-aebf-c306684b328d","name":"12:panel_12","type":"visualization"},{"id":"25bdc750-6242-11eb-aebf-c306684b328d","name":"13:panel_13","type":"visualization"},{"id":"71dd7bc0-6248-11eb-aebf-c306684b328d","name":"14:panel_14","type":"visualization"},{"id":"6aea48a0-6240-11eb-aebf-c306684b328d","name":"15:panel_15","type":"visualization"},{"id":"32b681f0-6241-11eb-aebf-c306684b328d","name":"16:panel_16","type":"visualization"},{"id":"ccca99e0-6244-11eb-aebf-c306684b328d","name":"17:panel_17","type":"visualization"},{"id":"a4d7be80-6245-11eb-aebf-c306684b328d","name":"18:panel_18","type":"visualization"},{"id":"c94d8440-6248-11eb-aebf-c306684b328d","name":"19:panel_19","type":"visualization"},{"id":"db6226f0-61c0-11eb-aebf-c306684b328d","name":"20:panel_20","type":"search"}],"sort":[1621974353701,76],"type":"dashboard","updated_at":"2021-05-25T20:25:53.701Z","version":"WzcwLDJd"} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"26e2cf99-d931-4320-9e15-9dbc148f3534":{"columnOrder":["6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e","beb72af1-239c-46d8-823b-b00d1e2ace43"],"columns":{"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e":{"dataType":"string","isBucketed":true,"label":"Top values of url.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"beb72af1-239c-46d8-823b-b00d1e2ace43","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"url.raw"},"beb72af1-239c-46d8-823b-b00d1e2ace43":{"dataType":"number","isBucketed":false,"label":"Unique count of geo.srcdest","operationType":"unique_count","scale":"ratio","sourceField":"geo.srcdest"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e","6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e","6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e"],"layerId":"26e2cf99-d931-4320-9e15-9dbc148f3534","legendDisplay":"default","metric":"beb72af1-239c-46d8-823b-b00d1e2ace43","nestedLegend":false,"numberDisplay":"percent"}],"shape":"donut"}},"title":"lens_pie_chart","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.1","id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1621977672552,193],"type":"lens","updated_at":"2021-05-25T21:21:12.552Z","version":"WzIxNCwyXQ=="} -{"attributes":{"description":null,"state":{"datasourceStates":{"indexpattern":{"layers":{"a3ac0e3d-63ec-49b2-882a-b34680a967ba":{"columnOrder":["352a2c02-aa6f-4a35-b776-45c3715a6c5e","8ef68cbb-e039-49d6-b15e-be81559f4b55","14fad6b1-6a7c-4ae8-ae4b-d9569e31e04a"],"columns":{"14fad6b1-6a7c-4ae8-ae4b-d9569e31e04a":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"352a2c02-aa6f-4a35-b776-45c3715a6c5e":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"14fad6b1-6a7c-4ae8-ae4b-d9569e31e04a","type":"column"},"orderDirection":"desc","otherBucket":true,"size":67},"scale":"ordinal","sourceField":"geo.srcdest"},"8ef68cbb-e039-49d6-b15e-be81559f4b55":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["14fad6b1-6a7c-4ae8-ae4b-d9569e31e04a"],"layerId":"a3ac0e3d-63ec-49b2-882a-b34680a967ba","position":"top","seriesType":"bar_percentage_stacked","showGridlines":false,"splitAccessor":"352a2c02-aa6f-4a35-b776-45c3715a6c5e","xAccessor":"8ef68cbb-e039-49d6-b15e-be81559f4b55"}],"legend":{"isVisible":true,"position":"top","showSingleSeries":true},"preferredSeriesType":"bar_percentage_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_bar_verticalpercentage","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"aa4b8da0-bd9f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-a3ac0e3d-63ec-49b2-882a-b34680a967ba","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622143924918,560],"type":"lens","updated_at":"2021-05-27T19:32:04.918Z","version":"WzE5NzEsMl0="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"037b7937-790b-4d2d-94a5-7f5837a6ef05":{"columnOrder":["b3d46616-75e0-419e-97ea-91148961ef94","025a0fb3-dc44-4f5c-b517-2d71d3f26f14","c476db14-0cc1-40ec-863e-d2779256a407"],"columns":{"025a0fb3-dc44-4f5c-b517-2d71d3f26f14":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"b3d46616-75e0-419e-97ea-91148961ef94":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"c476db14-0cc1-40ec-863e-d2779256a407","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"geo.srcdest"},"c476db14-0cc1-40ec-863e-d2779256a407":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"lucene","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["c476db14-0cc1-40ec-863e-d2779256a407"],"layerId":"037b7937-790b-4d2d-94a5-7f5837a6ef05","position":"top","seriesType":"bar_stacked","showGridlines":false,"splitAccessor":"b3d46616-75e0-419e-97ea-91148961ef94","xAccessor":"025a0fb3-dc44-4f5c-b517-2d71d3f26f14"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_barchart_vertical","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"2d3f1250-bd9f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-037b7937-790b-4d2d-94a5-7f5837a6ef05","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1621977692152,134],"type":"lens","updated_at":"2021-05-25T21:21:32.152Z","version":"WzIyNywyXQ=="} -{"attributes":{"description":null,"state":{"datasourceStates":{"indexpattern":{"layers":{"212688dc-e7d7-4875-a221-09e6191bdcf7":{"columnOrder":["05410186-83c4-460a-82bf-dd7e9d998c9f","e8659feb-1db4-4706-9147-ac1fd513a1ba","c9a32fd0-a465-44fb-8adc-b957fb72cad5"],"columns":{"05410186-83c4-460a-82bf-dd7e9d998c9f":{"dataType":"string","isBucketed":true,"label":"Top values of extension.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"c9a32fd0-a465-44fb-8adc-b957fb72cad5","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"extension.raw"},"c9a32fd0-a465-44fb-8adc-b957fb72cad5":{"dataType":"number","isBucketed":false,"label":"Average of bytes","operationType":"average","scale":"ratio","sourceField":"bytes"},"e8659feb-1db4-4706-9147-ac1fd513a1ba":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["c9a32fd0-a465-44fb-8adc-b957fb72cad5"],"layerId":"212688dc-e7d7-4875-a221-09e6191bdcf7","position":"top","seriesType":"bar_horizontal_stacked","showGridlines":false,"splitAccessor":"05410186-83c4-460a-82bf-dd7e9d998c9f","xAccessor":"e8659feb-1db4-4706-9147-ac1fd513a1ba"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_horizontal_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_barhorizontal_stacked","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"edd5a560-bda4-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-212688dc-e7d7-4875-a221-09e6191bdcf7","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622055636010,504],"type":"lens","updated_at":"2021-05-26T19:00:36.010Z","version":"WzExMzQsMl0="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"7ab04fd4-04da-4023-8899-d94620193607":{"columnOrder":["0ab2d5f8-11f0-4b25-b8bb-3127a3b8d4c7","9eb851dd-31f6-481a-84d1-9ecce53a6ad2","f6b271a7-509b-4c37-b7b6-ac5be4bcb49a"],"columns":{"0ab2d5f8-11f0-4b25-b8bb-3127a3b8d4c7":{"dataType":"string","isBucketed":true,"label":"Top values of request.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"f6b271a7-509b-4c37-b7b6-ac5be4bcb49a","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"request.raw"},"9eb851dd-31f6-481a-84d1-9ecce53a6ad2":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"f6b271a7-509b-4c37-b7b6-ac5be4bcb49a":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["f6b271a7-509b-4c37-b7b6-ac5be4bcb49a"],"layerId":"7ab04fd4-04da-4023-8899-d94620193607","position":"top","seriesType":"bar_horizontal_percentage_stacked","showGridlines":false,"splitAccessor":"0ab2d5f8-11f0-4b25-b8bb-3127a3b8d4c7","xAccessor":"9eb851dd-31f6-481a-84d1-9ecce53a6ad2"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_horizontal_percentage_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_barhorizontalpercentage","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"2c25a450-bda5-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-7ab04fd4-04da-4023-8899-d94620193607","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1621980267288,251],"type":"lens","updated_at":"2021-05-25T22:04:27.288Z","version":"WzQxNiwyXQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"037b7937-790b-4d2d-94a5-7f5837a6ef05":{"columnOrder":["b3d46616-75e0-419e-97ea-91148961ef94","025a0fb3-dc44-4f5c-b517-2d71d3f26f14","c476db14-0cc1-40ec-863e-d2779256a407"],"columns":{"025a0fb3-dc44-4f5c-b517-2d71d3f26f14":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"b3d46616-75e0-419e-97ea-91148961ef94":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"c476db14-0cc1-40ec-863e-d2779256a407","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"geo.srcdest"},"c476db14-0cc1-40ec-863e-d2779256a407":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"lucene","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["c476db14-0cc1-40ec-863e-d2779256a407"],"layerId":"037b7937-790b-4d2d-94a5-7f5837a6ef05","position":"top","seriesType":"bar_stacked","showGridlines":false,"splitAccessor":"b3d46616-75e0-419e-97ea-91148961ef94","xAccessor":"025a0fb3-dc44-4f5c-b517-2d71d3f26f14"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_dashboard_logstash","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"e79116e0-bd9e-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-037b7937-790b-4d2d-94a5-7f5837a6ef05","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1621977575250,175],"type":"lens","updated_at":"2021-05-25T21:19:35.250Z","version":"WzE1NCwyXQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"72783e5f-aa7b-4b8a-b26c-a3e4d051340e":{"columnOrder":["0f619652-9ff1-453b-ae1f-7371baa82f55"],"columns":{"0f619652-9ff1-453b-ae1f-7371baa82f55":{"dataType":"number","isBucketed":false,"label":"Average of phpmemory","operationType":"average","params":{"format":{"id":"percent","params":{"decimals":10}}},"scale":"ratio","sourceField":"phpmemory"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"accessor":"0f619652-9ff1-453b-ae1f-7371baa82f55","layerId":"72783e5f-aa7b-4b8a-b26c-a3e4d051340e"}},"title":"lens_metric","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.13.1","id":"974fb950-bda5-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-72783e5f-aa7b-4b8a-b26c-a3e4d051340e","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1621980447079,289],"type":"lens","updated_at":"2021-05-25T22:07:27.079Z","version":"WzUyMSwyXQ=="} -{"attributes":{"description":null,"state":{"datasourceStates":{"indexpattern":{"layers":{"bb478774-f9e8-4380-bf3a-f4a89a4d79b5":{"columnOrder":["4573ae8f-8f9d-4918-b496-c08f7102c6e1","cebdc6c5-3587-4f57-879c-dd63ea99cf03"],"columns":{"4573ae8f-8f9d-4918-b496-c08f7102c6e1":{"dataType":"string","isBucketed":true,"label":"Top values of machine.os.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"cebdc6c5-3587-4f57-879c-dd63ea99cf03","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"machine.os.raw"},"cebdc6c5-3587-4f57-879c-dd63ea99cf03":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["4573ae8f-8f9d-4918-b496-c08f7102c6e1"],"layerId":"bb478774-f9e8-4380-bf3a-f4a89a4d79b5","legendDisplay":"default","metric":"cebdc6c5-3587-4f57-879c-dd63ea99cf03","nestedLegend":false,"numberDisplay":"percent"}],"shape":"pie"}},"title":"lens_piechart","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.1","id":"51b63040-bda5-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-bb478774-f9e8-4380-bf3a-f4a89a4d79b5","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1621980390953,279],"type":"lens","updated_at":"2021-05-25T22:06:30.953Z","version":"WzQ5NCwyXQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"a1b85651-db29-441f-8f08-cf1b9b6f7bf1":{"columnOrder":["2b3bdc32-0be0-49dc-993d-4630b0bd1185","b85cc0a7-0b18-4b08-b7f0-c617f80cf903","03203126-8286-444d-b5b3-4f399eaf2c26","44305317-61e8-4600-9f3c-ac4070e0c529"],"columns":{"03203126-8286-444d-b5b3-4f399eaf2c26":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"2b3bdc32-0be0-49dc-993d-4630b0bd1185":{"dataType":"string","isBucketed":true,"label":"Top values of extension.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"44305317-61e8-4600-9f3c-ac4070e0c529","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"extension.raw"},"44305317-61e8-4600-9f3c-ac4070e0c529":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"b85cc0a7-0b18-4b08-b7f0-c617f80cf903":{"dataType":"string","isBucketed":true,"label":"Top values of machine.os.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"44305317-61e8-4600-9f3c-ac4070e0c529","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"machine.os.raw"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"2b3bdc32-0be0-49dc-993d-4630b0bd1185","isTransposed":false},{"columnId":"b85cc0a7-0b18-4b08-b7f0-c617f80cf903","isTransposed":false},{"columnId":"03203126-8286-444d-b5b3-4f399eaf2c26","isTransposed":false},{"columnId":"44305317-61e8-4600-9f3c-ac4070e0c529","isTransposed":false}],"layerId":"a1b85651-db29-441f-8f08-cf1b9b6f7bf1"}},"title":"lens_table","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.13.1","id":"b00679c0-bda5-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-a1b85651-db29-441f-8f08-cf1b9b6f7bf1","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1621980488543,306],"type":"lens","updated_at":"2021-05-25T22:08:08.543Z","version":"WzU1NiwyXQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"4fbb51e9-1f99-4b5e-b59d-60fcb547b1d9":{"columnOrder":["08a1af05-743d-480e-9056-3405b1bdda7d","bae35990-75c2-487f-94eb-d8e03d2eda33"],"columns":{"08a1af05-743d-480e-9056-3405b1bdda7d":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"bae35990-75c2-487f-94eb-d8e03d2eda33","type":"column"},"orderDirection":"desc","otherBucket":true,"size":25},"scale":"ordinal","sourceField":"geo.srcdest"},"bae35990-75c2-487f-94eb-d8e03d2eda33":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["08a1af05-743d-480e-9056-3405b1bdda7d","08a1af05-743d-480e-9056-3405b1bdda7d","08a1af05-743d-480e-9056-3405b1bdda7d"],"layerId":"4fbb51e9-1f99-4b5e-b59d-60fcb547b1d9","legendDisplay":"default","metric":"bae35990-75c2-487f-94eb-d8e03d2eda33","nestedLegend":false,"numberDisplay":"percent"}],"shape":"treemap"}},"title":"lens_treemap","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.1","id":"652ade10-bd9f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-4fbb51e9-1f99-4b5e-b59d-60fcb547b1d9","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1621977785972,208],"type":"lens","updated_at":"2021-05-25T21:23:05.972Z","version":"WzI3MywyXQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"e84503c1-4dbd-4ac6-9ac9-ad938654680f":{"columnOrder":["38c73fd4-6330-4162-8a7b-1a059f005da8","e8d4dad2-ac30-4741-aca0-904eb1fc8455","70433aa7-3c2c-4e6c-b8cf-4218c995cff5"],"columns":{"38c73fd4-6330-4162-8a7b-1a059f005da8":{"dataType":"string","isBucketed":true,"label":"Top values of url.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"70433aa7-3c2c-4e6c-b8cf-4218c995cff5","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"url.raw"},"70433aa7-3c2c-4e6c-b8cf-4218c995cff5":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"e8d4dad2-ac30-4741-aca0-904eb1fc8455":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["70433aa7-3c2c-4e6c-b8cf-4218c995cff5"],"layerId":"e84503c1-4dbd-4ac6-9ac9-ad938654680f","position":"top","seriesType":"line","showGridlines":false,"splitAccessor":"38c73fd4-6330-4162-8a7b-1a059f005da8","xAccessor":"e8d4dad2-ac30-4741-aca0-904eb1fc8455"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_line_chart","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"7f3b5fb0-be2f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-e84503c1-4dbd-4ac6-9ac9-ad938654680f","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622039677230,345],"type":"lens","updated_at":"2021-05-26T14:34:37.230Z","version":"WzY1OSwyXQ=="} -{"attributes":{"fieldAttrs":"{\"speaker\":{\"count\":1},\"text_entry\":{\"count\":6},\"type\":{\"count\":3}}","fields":"[]","runtimeFieldMap":"{}","title":"shakespeare"},"coreMigrationVersion":"7.13.1","id":"4e937b20-619d-11eb-aebf-c306684b328d","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1621974324538,82],"type":"index-pattern","updated_at":"2021-05-25T20:25:24.538Z","version":"WzksMl0="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"d35680ce-c285-4fae-89d6-1245671bbc78":{"columnOrder":["2bcbffbe-c24d-4e74-8a03-9a6da7db70c0","6b00fde6-bfaa-4da1-beeb-bfd85a4cb2ff","8319857d-a03b-4158-bdf1-2a788e510445"],"columns":{"2bcbffbe-c24d-4e74-8a03-9a6da7db70c0":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"6b00fde6-bfaa-4da1-beeb-bfd85a4cb2ff":{"dataType":"number","isBucketed":false,"label":"Average of bytes","operationType":"average","scale":"ratio","sourceField":"bytes"},"8319857d-a03b-4158-bdf1-2a788e510445":{"dataType":"number","isBucketed":false,"label":"Sum of bytes_scripted","operationType":"sum","params":{"format":{"id":"number","params":{"decimals":2}}},"scale":"ratio","sourceField":"bytes_scripted"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["6b00fde6-bfaa-4da1-beeb-bfd85a4cb2ff","8319857d-a03b-4158-bdf1-2a788e510445"],"layerId":"d35680ce-c285-4fae-89d6-1245671bbc78","position":"top","seriesType":"area","showGridlines":false,"xAccessor":"2bcbffbe-c24d-4e74-8a03-9a6da7db70c0","yConfig":[{"axisMode":"auto","forAccessor":"8319857d-a03b-4158-bdf1-2a788e510445"}]}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"area","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_area_chart","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-d35680ce-c285-4fae-89d6-1245671bbc78","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622039778542,361],"type":"lens","updated_at":"2021-05-26T14:36:18.542Z","version":"WzcwNCwyXQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"70bd567e-8e67-4696-a406-313b06344fa9":{"columnOrder":["96ddedfb-043b-479e-a746-600e72ab546e","d325b7da-4266-4035-9b13-5f853615149a","2fc1391b-17d1-4c49-9ddc-06ff307e3520","1cc6f19c-cbcb-4abd-b56d-1a2f9deae5f3"],"columns":{"1cc6f19c-cbcb-4abd-b56d-1a2f9deae5f3":{"dataType":"number","isBucketed":false,"label":"Average of machine.ram","operationType":"average","scale":"ratio","sourceField":"machine.ram"},"2fc1391b-17d1-4c49-9ddc-06ff307e3520":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"96ddedfb-043b-479e-a746-600e72ab546e":{"dataType":"string","isBucketed":true,"label":"Top values of machine.os.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"2fc1391b-17d1-4c49-9ddc-06ff307e3520","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"machine.os.raw"},"d325b7da-4266-4035-9b13-5f853615149a":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["2fc1391b-17d1-4c49-9ddc-06ff307e3520","1cc6f19c-cbcb-4abd-b56d-1a2f9deae5f3"],"layerId":"70bd567e-8e67-4696-a406-313b06344fa9","position":"top","seriesType":"area_stacked","showGridlines":false,"splitAccessor":"96ddedfb-043b-479e-a746-600e72ab546e","xAccessor":"d325b7da-4266-4035-9b13-5f853615149a"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"area_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_area_stacked","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"dd315430-be2f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-70bd567e-8e67-4696-a406-313b06344fa9","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622039834870,378],"type":"lens","updated_at":"2021-05-26T14:37:14.870Z","version":"WzczOCwyXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\"},\"panelIndex\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"26e2cf99-d931-4320-9e15-9dbc148f3534\":{\"columns\":{\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\":{\"label\":\"Top values of url.raw\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"url.raw\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"beb72af1-239c-46d8-823b-b00d1e2ace43\":{\"label\":\"Unique count of geo.srcdest\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"geo.srcdest\",\"isBucketed\":false}},\"columnOrder\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"beb72af1-239c-46d8-823b-b00d1e2ace43\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"26e2cf99-d931-4320-9e15-9dbc148f3534\",\"groups\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\"],\"metric\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534\"}]},\"enhancements\":{}},\"panelRefName\":\"panel_2e80716f-c1b6-46f2-be2b-35db744b5031\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"da8843e0-6789-4aae-bcd0-81f270538719\"},\"panelIndex\":\"da8843e0-6789-4aae-bcd0-81f270538719\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_da8843e0-6789-4aae-bcd0-81f270538719\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},\"panelIndex\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"869754a7-edf0-478f-a7f1-80374f63108a\"},\"panelIndex\":\"869754a7-edf0-478f-a7f1-80374f63108a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_869754a7-edf0-478f-a7f1-80374f63108a\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"67111cf4-338e-453f-8621-e8dea64082d1\"},\"panelIndex\":\"67111cf4-338e-453f-8621-e8dea64082d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67111cf4-338e-453f-8621-e8dea64082d1\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},\"panelIndex\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":15,\"i\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\"},\"panelIndex\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_88847944-ae1b-45fd-b102-3b45f9bea04b\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":15,\"i\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\"},\"panelIndex\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5a7924c7-eac0-4573-9199-fecec5b82e9e\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":60,\"w\":24,\"h\":15,\"i\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\"},\"panelIndex\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f8f49591-f071-4a96-b1ed-cd65daff5648\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":60,\"w\":24,\"h\":15,\"i\":\"9f357f47-c2a0-421f-a456-9583c40837ab\"},\"panelIndex\":\"9f357f47-c2a0-421f-a456-9583c40837ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9f357f47-c2a0-421f-a456-9583c40837ab\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":75,\"w\":24,\"h\":15,\"i\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\"},\"panelIndex\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6cb383e9-1e80-44f9-80d5-7b8c585668db\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":75,\"w\":24,\"h\":15,\"i\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\"},\"panelIndex\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_57f5f0bf-6610-4599-aad4-37484640b5e2\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":15,\"i\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},\"panelIndex\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":15,\"i\":\"dd1718fd-74ee-4032-851b-db97e893825d\"},\"panelIndex\":\"dd1718fd-74ee-4032-851b-db97e893825d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd1718fd-74ee-4032-851b-db97e893825d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":105,\"w\":24,\"h\":15,\"i\":\"98a556ee-078b-4e03-93a8-29996133cdcb\"},\"panelIndex\":\"98a556ee-078b-4e03-93a8-29996133cdcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\":{\"columns\":{\"ce9117a2-773c-474c-8fb1-18940cf58b38\":{\"label\":\"Top values of type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"a3d10552-e352-40d0-a156-e86112c0501a\":{\"label\":\"Top values of _type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"_type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"9c5db2f3-9eb0-4667-9a74-3318301de251\":{\"label\":\"Sum of bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"a3d10552-e352-40d0-a156-e86112c0501a\",\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\",\"accessors\":[\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"splitAccessor\":\"a3d10552-e352-40d0-a156-e86112c0501a\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd\"}]},\"enhancements\":{}}},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":105,\"w\":24,\"h\":15,\"i\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},\"panelIndex\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},{\"version\":\"7.13.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":120,\"w\":24,\"h\":15,\"i\":\"dcc0defa-3376-465c-9b5b-2ba69528848c\"},\"panelIndex\":\"dcc0defa-3376-465c-9b5b-2ba69528848c\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.56},\"mapBuffer\":{\"minLon\":-210.32666,\"minLat\":-64.8435,\"maxLon\":210.32666,\"maxLat\":95.13806},\"isLayerTOCOpen\":true,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_dcc0defa-3376-465c-9b5b-2ba69528848c\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"lens_maps_dashboard_logstash","version":1},"coreMigrationVersion":"7.13.1","id":"16d86080-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:panel_2e80716f-c1b6-46f2-be2b-35db744b5031","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534","type":"index-pattern"},{"id":"aa4b8da0-bd9f-11eb-9520-1b4c3ca6a781","name":"da8843e0-6789-4aae-bcd0-81f270538719:panel_da8843e0-6789-4aae-bcd0-81f270538719","type":"lens"},{"id":"2d3f1250-bd9f-11eb-9520-1b4c3ca6a781","name":"adcd4418-7299-4efa-b369-5f71a7b4ebe0:panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0","type":"lens"},{"id":"edd5a560-bda4-11eb-9520-1b4c3ca6a781","name":"869754a7-edf0-478f-a7f1-80374f63108a:panel_869754a7-edf0-478f-a7f1-80374f63108a","type":"lens"},{"id":"2c25a450-bda5-11eb-9520-1b4c3ca6a781","name":"67111cf4-338e-453f-8621-e8dea64082d1:panel_67111cf4-338e-453f-8621-e8dea64082d1","type":"lens"},{"id":"e79116e0-bd9e-11eb-9520-1b4c3ca6a781","name":"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d:panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d","type":"lens"},{"id":"974fb950-bda5-11eb-9520-1b4c3ca6a781","name":"88847944-ae1b-45fd-b102-3b45f9bea04b:panel_88847944-ae1b-45fd-b102-3b45f9bea04b","type":"lens"},{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"5a7924c7-eac0-4573-9199-fecec5b82e9e:panel_5a7924c7-eac0-4573-9199-fecec5b82e9e","type":"lens"},{"id":"51b63040-bda5-11eb-9520-1b4c3ca6a781","name":"f8f49591-f071-4a96-b1ed-cd65daff5648:panel_f8f49591-f071-4a96-b1ed-cd65daff5648","type":"lens"},{"id":"b00679c0-bda5-11eb-9520-1b4c3ca6a781","name":"9f357f47-c2a0-421f-a456-9583c40837ab:panel_9f357f47-c2a0-421f-a456-9583c40837ab","type":"lens"},{"id":"652ade10-bd9f-11eb-9520-1b4c3ca6a781","name":"6cb383e9-1e80-44f9-80d5-7b8c585668db:panel_6cb383e9-1e80-44f9-80d5-7b8c585668db","type":"lens"},{"id":"7f3b5fb0-be2f-11eb-9520-1b4c3ca6a781","name":"57f5f0bf-6610-4599-aad4-37484640b5e2:panel_57f5f0bf-6610-4599-aad4-37484640b5e2","type":"lens"},{"id":"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781","name":"32d3ab66-52e1-44e3-8c1f-1dccff3c5692:panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692","type":"lens"},{"id":"dd315430-be2f-11eb-9520-1b4c3ca6a781","name":"dd1718fd-74ee-4032-851b-db97e893825d:panel_dd1718fd-74ee-4032-851b-db97e893825d","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd","type":"index-pattern"},{"id":"0dbbf8b0-be3c-11eb-9520-1b4c3ca6a781","name":"62a0f0b0-3589-4cef-807b-b1b4258b7a9b:panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b","type":"lens"},{"id":"0c5974f0-be5c-11eb-9520-1b4c3ca6a781","name":"dcc0defa-3376-465c-9b5b-2ba69528848c:panel_dcc0defa-3376-465c-9b5b-2ba69528848c","type":"map"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622058829451,686],"type":"dashboard","updated_at":"2021-05-26T19:53:49.451Z","version":"WzExOTEsMl0="} -{"attributes":{"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","title":".kibana"},"coreMigrationVersion":"7.13.1","id":"1773aa90-be66-11eb-9520-1b4c3ca6a781","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1622063125441,526],"type":"index-pattern","updated_at":"2021-05-26T21:05:25.441Z","version":"WzE2NzUsMl0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shakespeare_areachart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"shakespeare_areachart\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"data\":{\"id\":\"2\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"play_name\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"play_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.1","id":"185283c0-619e-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974345456,21],"type":"visualization","updated_at":"2021-05-25T20:25:45.456Z","version":"WzU0LDJd"} -{"attributes":{"color":"#f44fcf","description":"","name":"shakespeare"},"coreMigrationVersion":"7.13.1","id":"42b4cec0-be32-11eb-9520-1b4c3ca6a781","references":[],"sort":[1622040864176,414],"type":"tag","updated_at":"2021-05-26T14:54:24.176Z","version":"Wzg0NCwyXQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3338dd55-4007-4be5-908d-25722b6174cb":{"columnOrder":["6c83b0c2-5834-4619-888c-9e8a08e47d42","b25e7497-c188-4c25-b002-1fd5bd69e76d"],"columns":{"6c83b0c2-5834-4619-888c-9e8a08e47d42":{"dataType":"string","isBucketed":true,"label":"Top values of speaker","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"b25e7497-c188-4c25-b002-1fd5bd69e76d","type":"column"},"orderDirection":"desc","otherBucket":false,"size":90},"scale":"ordinal","sourceField":"speaker"},"b25e7497-c188-4c25-b002-1fd5bd69e76d":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["6c83b0c2-5834-4619-888c-9e8a08e47d42","6c83b0c2-5834-4619-888c-9e8a08e47d42","6c83b0c2-5834-4619-888c-9e8a08e47d42"],"layerId":"3338dd55-4007-4be5-908d-25722b6174cb","legendDisplay":"default","metric":"b25e7497-c188-4c25-b002-1fd5bd69e76d","nestedLegend":false,"numberDisplay":"percent"}],"palette":{"name":"complimentary","type":"palette"},"shape":"treemap"}},"title":"lens_shakespeare_treemap","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.1","id":"31e9f2f0-be32-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-3338dd55-4007-4be5-908d-25722b6174cb","type":"index-pattern"},{"id":"42b4cec0-be32-11eb-9520-1b4c3ca6a781","name":"tag-ref-42b4cec0-be32-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622040944080,421],"type":"lens","updated_at":"2021-05-26T14:55:44.080Z","version":"Wzg3OSwyXQ=="} -{"attributes":{"accessCount":0,"accessDate":1622059178542,"createDate":1622059178542,"url":"/app/dashboards#/view/73398a90-619e-11eb-aebf-c306684b328d?embed=true&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:%272015-09-20T01:56:56.132Z%27,to:%272015-09-21T11:18:20.471Z%27))&_a=(description:%27%27,filters:!(),fullScreenMode:!f,options:(darkTheme:!f,hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(enhancements:()),gridData:(h:15,i:%271%27,w:24,x:0,y:0),id:%27185283c0-619e-11eb-aebf-c306684b328d%27,panelIndex:%271%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%272%27,w:24,x:24,y:0),id:%2733736660-619e-11eb-aebf-c306684b328d%27,panelIndex:%272%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%273%27,w:24,x:0,y:15),id:%27622ac7f0-619e-11eb-aebf-c306684b328d%27,panelIndex:%273%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%274%27,w:24,x:24,y:15),id:%27712ebbe0-619d-11eb-aebf-c306684b328d%27,panelIndex:%274%27,type:search,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%275%27,w:24,x:0,y:30),id:ddacc820-619d-11eb-aebf-c306684b328d,panelIndex:%275%27,type:search,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%276%27,w:24,x:24,y:30),id:f852d570-619d-11eb-aebf-c306684b328d,panelIndex:%276%27,type:search,version:%277.13.1%27)),query:(language:kuery,query:%27%27),tags:!(),timeRestore:!f,title:shakespeare_dashboard,viewMode:view)"},"coreMigrationVersion":"7.13.1","id":"32a03249ec3a048108d4b5a427a37fc8","references":[],"sort":[1622059178544,731],"type":"url","updated_at":"2021-05-26T19:59:38.544Z","version":"WzEyODYsMl0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shakespeare_piechart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"shakespeare_piechart\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"play_name\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.1","id":"33736660-619e-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974350604,31],"type":"visualization","updated_at":"2021-05-25T20:25:50.604Z","version":"WzY0LDJd"} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"a7a8f2fb-066e-4023-9755-821e84560b4a":{"columnOrder":["ee46f645-0af0-4b5d-8ed3-2557c98c9c12","91859a54-9b88-4478-8c80-0779fe165fba","62a4dea1-fab9-45ff-93e0-b99cfff719d5"],"columns":{"62a4dea1-fab9-45ff-93e0-b99cfff719d5":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"91859a54-9b88-4478-8c80-0779fe165fba":{"dataType":"string","isBucketed":true,"label":"Top values of play_name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"62a4dea1-fab9-45ff-93e0-b99cfff719d5","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"play_name"},"ee46f645-0af0-4b5d-8ed3-2557c98c9c12":{"dataType":"string","isBucketed":true,"label":"Top values of speaker","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"62a4dea1-fab9-45ff-93e0-b99cfff719d5","type":"column"},"orderDirection":"desc","otherBucket":true,"size":25},"scale":"ordinal","sourceField":"speaker"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["ee46f645-0af0-4b5d-8ed3-2557c98c9c12","ee46f645-0af0-4b5d-8ed3-2557c98c9c12","ee46f645-0af0-4b5d-8ed3-2557c98c9c12","ee46f645-0af0-4b5d-8ed3-2557c98c9c12","91859a54-9b88-4478-8c80-0779fe165fba"],"layerId":"a7a8f2fb-066e-4023-9755-821e84560b4a","legendDisplay":"default","metric":"62a4dea1-fab9-45ff-93e0-b99cfff719d5","nestedLegend":false,"numberDisplay":"percent"}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"pie"}},"title":"lens_shakespeare_piechart","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.1","id":"b5bd5050-be31-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-a7a8f2fb-066e-4023-9755-821e84560b4a","type":"index-pattern"},{"id":"42b4cec0-be32-11eb-9520-1b4c3ca6a781","name":"tag-ref-42b4cec0-be32-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622040892536,425],"type":"lens","updated_at":"2021-05-26T14:54:52.536Z","version":"Wzg2NSwyXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"c4b1daae-a3af-4136-969e-8485d4ba53f9\"},\"panelIndex\":\"c4b1daae-a3af-4136-969e-8485d4ba53f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c4b1daae-a3af-4136-969e-8485d4ba53f9\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"f092b002-182e-49b8-bcc4-58f5233e041b\"},\"panelIndex\":\"f092b002-182e-49b8-bcc4-58f5233e041b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f092b002-182e-49b8-bcc4-58f5233e041b\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"lens_shakespeare_dashboard","version":1},"coreMigrationVersion":"7.13.1","id":"43fae350-be32-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b5bd5050-be31-11eb-9520-1b4c3ca6a781","name":"c4b1daae-a3af-4136-969e-8485d4ba53f9:panel_c4b1daae-a3af-4136-969e-8485d4ba53f9","type":"lens"},{"id":"31e9f2f0-be32-11eb-9520-1b4c3ca6a781","name":"f092b002-182e-49b8-bcc4-58f5233e041b:panel_f092b002-182e-49b8-bcc4-58f5233e041b","type":"lens"},{"id":"42b4cec0-be32-11eb-9520-1b4c3ca6a781","name":"tag-42b4cec0-be32-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622040866315,411],"type":"dashboard","updated_at":"2021-05-26T14:54:26.315Z","version":"Wzg0NywyXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"14\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":105},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":24,\"x\":0,\"y\":120},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"18\",\"w\":24,\"x\":24,\"y\":120},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"19\",\"w\":24,\"x\":0,\"y\":135},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"20\",\"w\":24,\"x\":24,\"y\":135},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"logstash_dashboard_withouttime","version":1},"coreMigrationVersion":"7.13.1","id":"5d3410c0-6249-11eb-aebf-c306684b328d","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"36b91810-6239-11eb-aebf-c306684b328d","name":"1:panel_1","type":"visualization"},{"id":"0a274320-61cc-11eb-aebf-c306684b328d","name":"2:panel_2","type":"visualization"},{"id":"e4aef350-623d-11eb-aebf-c306684b328d","name":"3:panel_3","type":"visualization"},{"id":"f92e5630-623e-11eb-aebf-c306684b328d","name":"4:panel_4","type":"visualization"},{"id":"9853d4d0-623d-11eb-aebf-c306684b328d","name":"5:panel_5","type":"visualization"},{"id":"6ecb33b0-623d-11eb-aebf-c306684b328d","name":"6:panel_6","type":"visualization"},{"id":"b8e35c80-623c-11eb-aebf-c306684b328d","name":"7:panel_7","type":"visualization"},{"id":"f1bc75d0-6239-11eb-aebf-c306684b328d","name":"8:panel_8","type":"visualization"},{"id":"0d8a8860-623a-11eb-aebf-c306684b328d","name":"9:panel_9","type":"visualization"},{"id":"d79fe3d0-6239-11eb-aebf-c306684b328d","name":"10:panel_10","type":"visualization"},{"id":"318375a0-6240-11eb-aebf-c306684b328d","name":"11:panel_11","type":"visualization"},{"id":"e461eb20-6245-11eb-aebf-c306684b328d","name":"12:panel_12","type":"visualization"},{"id":"25bdc750-6242-11eb-aebf-c306684b328d","name":"13:panel_13","type":"visualization"},{"id":"71dd7bc0-6248-11eb-aebf-c306684b328d","name":"14:panel_14","type":"visualization"},{"id":"6aea48a0-6240-11eb-aebf-c306684b328d","name":"15:panel_15","type":"visualization"},{"id":"32b681f0-6241-11eb-aebf-c306684b328d","name":"16:panel_16","type":"visualization"},{"id":"ccca99e0-6244-11eb-aebf-c306684b328d","name":"17:panel_17","type":"visualization"},{"id":"a4d7be80-6245-11eb-aebf-c306684b328d","name":"18:panel_18","type":"visualization"},{"id":"c94d8440-6248-11eb-aebf-c306684b328d","name":"19:panel_19","type":"visualization"},{"id":"db6226f0-61c0-11eb-aebf-c306684b328d","name":"20:panel_20","type":"search"}],"sort":[1621974354739,55],"type":"dashboard","updated_at":"2021-05-25T20:25:54.739Z","version":"WzcyLDJd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shakespeare_tag_cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"shakespeare_tag_cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"multiple\",\"minFontSize\":59,\"maxFontSize\":100,\"showLabel\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.1","id":"622ac7f0-619e-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.0"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974330073,6],"type":"visualization","updated_at":"2021-05-25T20:25:30.073Z","version":"WzI0LDJd"} -{"attributes":{"numLinks":4,"numVertices":5,"title":"logstash_graph","version":1,"wsState":"\"{\\\"selectedFields\\\":[{\\\"name\\\":\\\"machine.os.raw\\\",\\\"hopSize\\\":5,\\\"lastValidHopSize\\\":5,\\\"color\\\":\\\"#B9A888\\\",\\\"selected\\\":true,\\\"iconClass\\\":\\\"fa-folder-open-o\\\"},{\\\"name\\\":\\\"response.raw\\\",\\\"hopSize\\\":5,\\\"lastValidHopSize\\\":5,\\\"color\\\":\\\"#D6BF57\\\",\\\"selected\\\":true,\\\"iconClass\\\":\\\"fa-folder-open-o\\\"}],\\\"blocklist\\\":[],\\\"vertices\\\":[{\\\"x\\\":461.96184642905024,\\\"y\\\":284.02313214227325,\\\"label\\\":\\\"osx\\\",\\\"color\\\":\\\"#B9A888\\\",\\\"field\\\":\\\"machine.os.raw\\\",\\\"term\\\":\\\"osx\\\",\\\"parent\\\":null,\\\"size\\\":15},{\\\"x\\\":383.946159835112,\\\"y\\\":375.6063135315976,\\\"label\\\":\\\"503\\\",\\\"color\\\":\\\"#D6BF57\\\",\\\"field\\\":\\\"response.raw\\\",\\\"term\\\":\\\"503\\\",\\\"parent\\\":null,\\\"size\\\":15},{\\\"x\\\":287.104700756828,\\\"y\\\":324.1245253249895,\\\"label\\\":\\\"win 7\\\",\\\"color\\\":\\\"#B9A888\\\",\\\"field\\\":\\\"machine.os.raw\\\",\\\"term\\\":\\\"win 7\\\",\\\"parent\\\":null,\\\"size\\\":15},{\\\"x\\\":487.9986107998273,\\\"y\\\":407.07546535764254,\\\"label\\\":\\\"ios\\\",\\\"color\\\":\\\"#B9A888\\\",\\\"field\\\":\\\"machine.os.raw\\\",\\\"term\\\":\\\"ios\\\",\\\"parent\\\":null,\\\"size\\\":15},{\\\"x\\\":302.35059551806023,\\\"y\\\":211.66825720913607,\\\"label\\\":\\\"200\\\",\\\"color\\\":\\\"#D6BF57\\\",\\\"field\\\":\\\"response.raw\\\",\\\"term\\\":\\\"200\\\",\\\"parent\\\":null,\\\"size\\\":15}],\\\"links\\\":[{\\\"weight\\\":0.000881324009872165,\\\"width\\\":7.983523640193488,\\\"source\\\":4,\\\"target\\\":2},{\\\"weight\\\":0.000023386835221992895,\\\"width\\\":2,\\\"source\\\":1,\\\"target\\\":0},{\\\"weight\\\":0.0011039286029480653,\\\"width\\\":2,\\\"source\\\":1,\\\"target\\\":2},{\\\"weight\\\":0.000045596928960694605,\\\"width\\\":2,\\\"source\\\":1,\\\"target\\\":3}],\\\"urlTemplates\\\":[{\\\"url\\\":\\\"/app/discover#/?_a=(columns%3A!(_source)%2Cindex%3A%2756b34100-619d-11eb-aebf-c306684b328d%27%2Cinterval%3Aauto%2Cquery%3A(language%3Akuery%2Cquery%3A{{gquery}})%2Csort%3A!(_score%2Cdesc))\\\",\\\"description\\\":\\\"Machine OS win 7\\\",\\\"isDefault\\\":false,\\\"encoderID\\\":\\\"kql\\\",\\\"iconClass\\\":\\\"fa-share-alt\\\"}],\\\"exploreControls\\\":{\\\"useSignificance\\\":true,\\\"sampleSize\\\":2000,\\\"timeoutMillis\\\":5000,\\\"maxValuesPerDoc\\\":1,\\\"minDocCount\\\":3},\\\"indexPatternRefName\\\":\\\"indexPattern_0\\\"}\""},"coreMigrationVersion":"7.13.1","id":"6afc4b40-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"graph-workspace":"7.11.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexPattern_0","type":"index-pattern"}],"sort":[1622058970616,690],"type":"graph-workspace","updated_at":"2021-05-26T19:56:10.616Z","version":"WzEyMTUsMl0="} -{"attributes":{"accessibility:disableAnimations":true,"buildNum":null,"dateFormat:tz":"UTC","defaultIndex":"56b34100-619d-11eb-aebf-c306684b328d","visualization:visualize:legacyChartsLibrary":true},"coreMigrationVersion":"7.13.1","id":"7.13.1","migrationVersion":{"config":"7.13.0"},"references":[],"sort":[1621977169980,125],"type":"config","updated_at":"2021-05-25T21:12:49.980Z","version":"Wzg2LDJd"} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"text_entry\",\"value\":\"Christendom.\",\"params\":{\"query\":\"Christendom.\",\"type\":\"phrase\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"text_entry\":{\"query\":\"Christendom.\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["_score","desc"]],"title":"shakespeare_saved_search","version":1},"coreMigrationVersion":"7.13.1","id":"712ebbe0-619d-11eb-aebf-c306684b328d","migrationVersion":{"search":"7.9.3"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1621974326135,2],"type":"search","updated_at":"2021-05-25T20:25:26.135Z","version":"WzE1LDJd"} -{"attributes":{"columns":["play_name","speaker"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"speaker:\\\"GLOUCESTER\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["_score","desc"]],"title":"shakespeare_saved_lucene_search","version":1},"coreMigrationVersion":"7.13.1","id":"ddacc820-619d-11eb-aebf-c306684b328d","migrationVersion":{"search":"7.9.3"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974328029,8],"type":"search","updated_at":"2021-05-25T20:25:28.029Z","version":"WzE5LDJd"} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"text_entry :\\\"MORDAKE THE EARL OF FIFE, AND ELDEST SON\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["_score","desc"]],"title":"shakespeare_saved_kql_search","version":1},"coreMigrationVersion":"7.13.1","id":"f852d570-619d-11eb-aebf-c306684b328d","migrationVersion":{"search":"7.9.3"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1621974327007,84],"type":"search","updated_at":"2021-05-25T20:25:27.007Z","version":"WzE3LDJd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"shakespeare_dashboard","version":1},"coreMigrationVersion":"7.13.1","id":"73398a90-619e-11eb-aebf-c306684b328d","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"185283c0-619e-11eb-aebf-c306684b328d","name":"1:panel_1","type":"visualization"},{"id":"33736660-619e-11eb-aebf-c306684b328d","name":"2:panel_2","type":"visualization"},{"id":"622ac7f0-619e-11eb-aebf-c306684b328d","name":"3:panel_3","type":"visualization"},{"id":"712ebbe0-619d-11eb-aebf-c306684b328d","name":"4:panel_4","type":"search"},{"id":"ddacc820-619d-11eb-aebf-c306684b328d","name":"5:panel_5","type":"search"},{"id":"f852d570-619d-11eb-aebf-c306684b328d","name":"6:panel_6","type":"search"}],"sort":[1621974332122,91],"type":"dashboard","updated_at":"2021-05-25T20:25:32.122Z","version":"WzI4LDJd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"geo.srcdest\",\"value\":\"IN:US\",\"params\":{\"query\":\"IN:US\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"geo.srcdest\":{\"query\":\"IN:US\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"14\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":105},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":24,\"x\":0,\"y\":120},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"18\",\"w\":24,\"x\":24,\"y\":120},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"19\",\"w\":24,\"x\":0,\"y\":135},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"20\",\"w\":24,\"x\":24,\"y\":135},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"logstash_dashboardwithfilters","version":1},"coreMigrationVersion":"7.13.1","id":"79794f20-6249-11eb-aebf-c306684b328d","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"36b91810-6239-11eb-aebf-c306684b328d","name":"1:panel_1","type":"visualization"},{"id":"0a274320-61cc-11eb-aebf-c306684b328d","name":"2:panel_2","type":"visualization"},{"id":"e4aef350-623d-11eb-aebf-c306684b328d","name":"3:panel_3","type":"visualization"},{"id":"f92e5630-623e-11eb-aebf-c306684b328d","name":"4:panel_4","type":"visualization"},{"id":"9853d4d0-623d-11eb-aebf-c306684b328d","name":"5:panel_5","type":"visualization"},{"id":"6ecb33b0-623d-11eb-aebf-c306684b328d","name":"6:panel_6","type":"visualization"},{"id":"b8e35c80-623c-11eb-aebf-c306684b328d","name":"7:panel_7","type":"visualization"},{"id":"f1bc75d0-6239-11eb-aebf-c306684b328d","name":"8:panel_8","type":"visualization"},{"id":"0d8a8860-623a-11eb-aebf-c306684b328d","name":"9:panel_9","type":"visualization"},{"id":"d79fe3d0-6239-11eb-aebf-c306684b328d","name":"10:panel_10","type":"visualization"},{"id":"318375a0-6240-11eb-aebf-c306684b328d","name":"11:panel_11","type":"visualization"},{"id":"e461eb20-6245-11eb-aebf-c306684b328d","name":"12:panel_12","type":"visualization"},{"id":"25bdc750-6242-11eb-aebf-c306684b328d","name":"13:panel_13","type":"visualization"},{"id":"71dd7bc0-6248-11eb-aebf-c306684b328d","name":"14:panel_14","type":"visualization"},{"id":"6aea48a0-6240-11eb-aebf-c306684b328d","name":"15:panel_15","type":"visualization"},{"id":"32b681f0-6241-11eb-aebf-c306684b328d","name":"16:panel_16","type":"visualization"},{"id":"ccca99e0-6244-11eb-aebf-c306684b328d","name":"17:panel_17","type":"visualization"},{"id":"a4d7be80-6245-11eb-aebf-c306684b328d","name":"18:panel_18","type":"visualization"},{"id":"c94d8440-6248-11eb-aebf-c306684b328d","name":"19:panel_19","type":"visualization"},{"id":"db6226f0-61c0-11eb-aebf-c306684b328d","name":"20:panel_20","type":"search"}],"sort":[1621974355768,123],"type":"dashboard","updated_at":"2021-05-25T20:25:55.768Z","version":"Wzc0LDJd"} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"037b7937-790b-4d2d-94a5-7f5837a6ef05":{"columnOrder":["b3d46616-75e0-419e-97ea-91148961ef94","025a0fb3-dc44-4f5c-b517-2d71d3f26f14","c476db14-0cc1-40ec-863e-d2779256a407"],"columns":{"025a0fb3-dc44-4f5c-b517-2d71d3f26f14":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"b3d46616-75e0-419e-97ea-91148961ef94":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"c476db14-0cc1-40ec-863e-d2779256a407","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"geo.srcdest"},"c476db14-0cc1-40ec-863e-d2779256a407":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"lucene","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["c476db14-0cc1-40ec-863e-d2779256a407"],"layerId":"037b7937-790b-4d2d-94a5-7f5837a6ef05","position":"top","seriesType":"bar_stacked","showGridlines":false,"splitAccessor":"b3d46616-75e0-419e-97ea-91148961ef94","xAccessor":"025a0fb3-dc44-4f5c-b517-2d71d3f26f14"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_verticalstacked","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.1","id":"8dc19b50-be32-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-037b7937-790b-4d2d-94a5-7f5837a6ef05","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622040990089,435],"type":"lens","updated_at":"2021-05-26T14:56:30.089Z","version":"WzkwMywyXQ=="} -{"attributes":{"description":"","hits":0,"timelion_chart_height":275,"timelion_columns":2,"timelion_interval":"auto","timelion_rows":2,"timelion_sheet":[".es(index=logstash-*, \"sum:bytes\")"],"title":"logstash_timelionsheet","version":1},"coreMigrationVersion":"7.13.1","id":"a8961990-be5c-11eb-9520-1b4c3ca6a781","references":[],"sort":[1622059073967,700],"type":"timelion-sheet","updated_at":"2021-05-26T19:57:53.967Z","version":"WzEyMjksMl0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"logstash_timelion_panel","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_timelion_panel\",\"type\":\"timelion\",\"aggs\":[],\"params\":{\"expression\":\".es(index=logstash-*, \\\"sum:bytes\\\")\",\"interval\":\"auto\"}}"},"coreMigrationVersion":"7.13.1","id":"b3a44cd0-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"visualization":"7.13.0"},"references":[],"sort":[1622059092512,699],"type":"visualization","updated_at":"2021-05-26T19:58:12.512Z","version":"WzEyMzUsMl0="} -{"attributes":{"color":"#9170B8","description":"","name":"alltogether"},"coreMigrationVersion":"7.13.1","id":"be808cb0-be32-11eb-9520-1b4c3ca6a781","references":[],"sort":[1622041071870,449],"type":"tag","updated_at":"2021-05-26T14:57:51.870Z","version":"WzkzMCwyXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"4d9e9a01-cdb8-4aef-afcb-50db52247bb1\"},\"panelIndex\":\"4d9e9a01-cdb8-4aef-afcb-50db52247bb1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4d9e9a01-cdb8-4aef-afcb-50db52247bb1\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"d9cab9c8-667e-4d34-821b-cbb070891956\"},\"panelIndex\":\"d9cab9c8-667e-4d34-821b-cbb070891956\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d9cab9c8-667e-4d34-821b-cbb070891956\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"lens_combined_dashboard","version":1},"coreMigrationVersion":"7.13.1","id":"bfb3dc90-be32-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"8dc19b50-be32-11eb-9520-1b4c3ca6a781","name":"4d9e9a01-cdb8-4aef-afcb-50db52247bb1:panel_4d9e9a01-cdb8-4aef-afcb-50db52247bb1","type":"lens"},{"id":"b5bd5050-be31-11eb-9520-1b4c3ca6a781","name":"d9cab9c8-667e-4d34-821b-cbb070891956:panel_d9cab9c8-667e-4d34-821b-cbb070891956","type":"lens"},{"id":"be808cb0-be32-11eb-9520-1b4c3ca6a781","name":"tag-be808cb0-be32-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622041081330,447],"type":"dashboard","updated_at":"2021-05-26T14:58:01.330Z","version":"WzkzOSwyXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\"},\"panelIndex\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"26e2cf99-d931-4320-9e15-9dbc148f3534\":{\"columns\":{\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\":{\"label\":\"Top values of url.raw\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"url.raw\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"beb72af1-239c-46d8-823b-b00d1e2ace43\":{\"label\":\"Unique count of geo.srcdest\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"geo.srcdest\",\"isBucketed\":false}},\"columnOrder\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"beb72af1-239c-46d8-823b-b00d1e2ace43\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"26e2cf99-d931-4320-9e15-9dbc148f3534\",\"groups\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\"],\"metric\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534\"}]},\"enhancements\":{}},\"panelRefName\":\"panel_2e80716f-c1b6-46f2-be2b-35db744b5031\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"da8843e0-6789-4aae-bcd0-81f270538719\"},\"panelIndex\":\"da8843e0-6789-4aae-bcd0-81f270538719\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_da8843e0-6789-4aae-bcd0-81f270538719\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},\"panelIndex\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"869754a7-edf0-478f-a7f1-80374f63108a\"},\"panelIndex\":\"869754a7-edf0-478f-a7f1-80374f63108a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_869754a7-edf0-478f-a7f1-80374f63108a\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"67111cf4-338e-453f-8621-e8dea64082d1\"},\"panelIndex\":\"67111cf4-338e-453f-8621-e8dea64082d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67111cf4-338e-453f-8621-e8dea64082d1\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},\"panelIndex\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":15,\"i\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\"},\"panelIndex\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_88847944-ae1b-45fd-b102-3b45f9bea04b\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":15,\"i\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\"},\"panelIndex\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5a7924c7-eac0-4573-9199-fecec5b82e9e\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":60,\"w\":24,\"h\":15,\"i\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\"},\"panelIndex\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f8f49591-f071-4a96-b1ed-cd65daff5648\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":60,\"w\":24,\"h\":15,\"i\":\"9f357f47-c2a0-421f-a456-9583c40837ab\"},\"panelIndex\":\"9f357f47-c2a0-421f-a456-9583c40837ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9f357f47-c2a0-421f-a456-9583c40837ab\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":75,\"w\":24,\"h\":15,\"i\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\"},\"panelIndex\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6cb383e9-1e80-44f9-80d5-7b8c585668db\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":75,\"w\":24,\"h\":15,\"i\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\"},\"panelIndex\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_57f5f0bf-6610-4599-aad4-37484640b5e2\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":15,\"i\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},\"panelIndex\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":15,\"i\":\"dd1718fd-74ee-4032-851b-db97e893825d\"},\"panelIndex\":\"dd1718fd-74ee-4032-851b-db97e893825d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd1718fd-74ee-4032-851b-db97e893825d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":105,\"w\":24,\"h\":15,\"i\":\"98a556ee-078b-4e03-93a8-29996133cdcb\"},\"panelIndex\":\"98a556ee-078b-4e03-93a8-29996133cdcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\":{\"columns\":{\"ce9117a2-773c-474c-8fb1-18940cf58b38\":{\"label\":\"Top values of type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"a3d10552-e352-40d0-a156-e86112c0501a\":{\"label\":\"Top values of _type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"_type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"9c5db2f3-9eb0-4667-9a74-3318301de251\":{\"label\":\"Sum of bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"a3d10552-e352-40d0-a156-e86112c0501a\",\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\",\"accessors\":[\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"splitAccessor\":\"a3d10552-e352-40d0-a156-e86112c0501a\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd\"}]},\"enhancements\":{}}},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":105,\"w\":24,\"h\":15,\"i\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},\"panelIndex\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},{\"version\":\"7.13.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":120,\"w\":24,\"h\":15,\"i\":\"dcc0defa-3376-465c-9b5b-2ba69528848c\"},\"panelIndex\":\"dcc0defa-3376-465c-9b5b-2ba69528848c\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.56},\"mapBuffer\":{\"minLon\":-210.32666,\"minLat\":-64.8435,\"maxLon\":210.32666,\"maxLat\":95.13806},\"isLayerTOCOpen\":true,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_dcc0defa-3376-465c-9b5b-2ba69528848c\"},{\"version\":\"7.13.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":120,\"w\":24,\"h\":15,\"i\":\"dd21a674-ae3a-40f6-9d68-4e01361ea5e2\"},\"panelIndex\":\"dd21a674-ae3a-40f6-9d68-4e01361ea5e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd21a674-ae3a-40f6-9d68-4e01361ea5e2\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"timelion_lens_maps_dashboard_logstash","version":1},"coreMigrationVersion":"7.13.1","id":"c4ab2030-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:panel_2e80716f-c1b6-46f2-be2b-35db744b5031","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534","type":"index-pattern"},{"id":"aa4b8da0-bd9f-11eb-9520-1b4c3ca6a781","name":"da8843e0-6789-4aae-bcd0-81f270538719:panel_da8843e0-6789-4aae-bcd0-81f270538719","type":"lens"},{"id":"2d3f1250-bd9f-11eb-9520-1b4c3ca6a781","name":"adcd4418-7299-4efa-b369-5f71a7b4ebe0:panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0","type":"lens"},{"id":"edd5a560-bda4-11eb-9520-1b4c3ca6a781","name":"869754a7-edf0-478f-a7f1-80374f63108a:panel_869754a7-edf0-478f-a7f1-80374f63108a","type":"lens"},{"id":"2c25a450-bda5-11eb-9520-1b4c3ca6a781","name":"67111cf4-338e-453f-8621-e8dea64082d1:panel_67111cf4-338e-453f-8621-e8dea64082d1","type":"lens"},{"id":"e79116e0-bd9e-11eb-9520-1b4c3ca6a781","name":"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d:panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d","type":"lens"},{"id":"974fb950-bda5-11eb-9520-1b4c3ca6a781","name":"88847944-ae1b-45fd-b102-3b45f9bea04b:panel_88847944-ae1b-45fd-b102-3b45f9bea04b","type":"lens"},{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"5a7924c7-eac0-4573-9199-fecec5b82e9e:panel_5a7924c7-eac0-4573-9199-fecec5b82e9e","type":"lens"},{"id":"51b63040-bda5-11eb-9520-1b4c3ca6a781","name":"f8f49591-f071-4a96-b1ed-cd65daff5648:panel_f8f49591-f071-4a96-b1ed-cd65daff5648","type":"lens"},{"id":"b00679c0-bda5-11eb-9520-1b4c3ca6a781","name":"9f357f47-c2a0-421f-a456-9583c40837ab:panel_9f357f47-c2a0-421f-a456-9583c40837ab","type":"lens"},{"id":"652ade10-bd9f-11eb-9520-1b4c3ca6a781","name":"6cb383e9-1e80-44f9-80d5-7b8c585668db:panel_6cb383e9-1e80-44f9-80d5-7b8c585668db","type":"lens"},{"id":"7f3b5fb0-be2f-11eb-9520-1b4c3ca6a781","name":"57f5f0bf-6610-4599-aad4-37484640b5e2:panel_57f5f0bf-6610-4599-aad4-37484640b5e2","type":"lens"},{"id":"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781","name":"32d3ab66-52e1-44e3-8c1f-1dccff3c5692:panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692","type":"lens"},{"id":"dd315430-be2f-11eb-9520-1b4c3ca6a781","name":"dd1718fd-74ee-4032-851b-db97e893825d:panel_dd1718fd-74ee-4032-851b-db97e893825d","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd","type":"index-pattern"},{"id":"0dbbf8b0-be3c-11eb-9520-1b4c3ca6a781","name":"62a0f0b0-3589-4cef-807b-b1b4258b7a9b:panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b","type":"lens"},{"id":"0c5974f0-be5c-11eb-9520-1b4c3ca6a781","name":"dcc0defa-3376-465c-9b5b-2ba69528848c:panel_dcc0defa-3376-465c-9b5b-2ba69528848c","type":"map"},{"id":"a4d7be80-6245-11eb-aebf-c306684b328d","name":"dd21a674-ae3a-40f6-9d68-4e01361ea5e2:panel_dd21a674-ae3a-40f6-9d68-4e01361ea5e2","type":"visualization"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622059147790,728],"type":"dashboard","updated_at":"2021-05-26T19:59:07.790Z","version":"WzEyNzAsMl0="} -{"attributes":{"@created":"2021-05-27T19:45:29.712Z","@timestamp":"2021-05-27T19:45:29.712Z","content":"{\"selectedNodes\":[{\"id\":\"element-56d2ba72-f227-4d04-9478-a1d6f0c7e601\",\"position\":{\"left\":20,\"top\":20,\"width\":500,\"height\":300,\"angle\":0,\"parent\":\"group-499b5982-25f4-4894-9540-1874a27d78e7\",\"type\":\"element\"},\"expression\":\"savedLens id=\\\"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781\\\" timerange={timerange from=\\\"now-15y\\\" to=\\\"now\\\"}\\n| render\",\"filter\":null,\"ast\":{\"type\":\"expression\",\"chain\":[{\"type\":\"function\",\"function\":\"savedLens\",\"arguments\":{\"id\":[\"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781\"],\"timerange\":[{\"type\":\"expression\",\"chain\":[{\"type\":\"function\",\"function\":\"timerange\",\"arguments\":{\"from\":[\"now-15y\"],\"to\":[\"now\"]}}]}]}},{\"type\":\"function\",\"function\":\"render\",\"arguments\":{}}]}},{\"id\":\"element-afbaa26e-10e7-47d4-bb41-b061dfdced2b\",\"position\":{\"left\":527,\"top\":20,\"width\":500,\"height\":300,\"angle\":0,\"parent\":\"group-499b5982-25f4-4894-9540-1874a27d78e7\",\"type\":\"element\"},\"expression\":\"savedVisualization id=\\\"0d8a8860-623a-11eb-aebf-c306684b328d\\\" timerange={timerange from=\\\"now-15y\\\" to=\\\"now\\\"}\\n| render\",\"filter\":null,\"ast\":{\"type\":\"expression\",\"chain\":[{\"type\":\"function\",\"function\":\"savedVisualization\",\"arguments\":{\"id\":[\"0d8a8860-623a-11eb-aebf-c306684b328d\"],\"timerange\":[{\"type\":\"expression\",\"chain\":[{\"type\":\"function\",\"function\":\"timerange\",\"arguments\":{\"from\":[\"now-15y\"],\"to\":[\"now\"]}}]}]}},{\"type\":\"function\",\"function\":\"render\",\"arguments\":{}}]}}]}","displayName":"element_canvas","help":"","image":"","name":"elementCanvas"},"coreMigrationVersion":"7.13.1","id":"custom-element-3bc52277-ee01-4cdc-8d2d-f2db6ade1512","references":[],"sort":[1622144729716,605],"type":"canvas-element","updated_at":"2021-05-27T19:45:29.716Z","version":"WzIwMjUsMl0="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\"},\"panelIndex\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"26e2cf99-d931-4320-9e15-9dbc148f3534\":{\"columns\":{\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\":{\"label\":\"Top values of url.raw\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"url.raw\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"beb72af1-239c-46d8-823b-b00d1e2ace43\":{\"label\":\"Unique count of geo.srcdest\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"geo.srcdest\",\"isBucketed\":false}},\"columnOrder\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"beb72af1-239c-46d8-823b-b00d1e2ace43\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"26e2cf99-d931-4320-9e15-9dbc148f3534\",\"groups\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\"],\"metric\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534\"}]},\"enhancements\":{}},\"panelRefName\":\"panel_2e80716f-c1b6-46f2-be2b-35db744b5031\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"da8843e0-6789-4aae-bcd0-81f270538719\"},\"panelIndex\":\"da8843e0-6789-4aae-bcd0-81f270538719\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_da8843e0-6789-4aae-bcd0-81f270538719\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},\"panelIndex\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"869754a7-edf0-478f-a7f1-80374f63108a\"},\"panelIndex\":\"869754a7-edf0-478f-a7f1-80374f63108a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_869754a7-edf0-478f-a7f1-80374f63108a\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"67111cf4-338e-453f-8621-e8dea64082d1\"},\"panelIndex\":\"67111cf4-338e-453f-8621-e8dea64082d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67111cf4-338e-453f-8621-e8dea64082d1\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},\"panelIndex\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":15,\"i\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\"},\"panelIndex\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_88847944-ae1b-45fd-b102-3b45f9bea04b\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":15,\"i\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\"},\"panelIndex\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5a7924c7-eac0-4573-9199-fecec5b82e9e\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":60,\"w\":24,\"h\":15,\"i\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\"},\"panelIndex\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f8f49591-f071-4a96-b1ed-cd65daff5648\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":60,\"w\":24,\"h\":15,\"i\":\"9f357f47-c2a0-421f-a456-9583c40837ab\"},\"panelIndex\":\"9f357f47-c2a0-421f-a456-9583c40837ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9f357f47-c2a0-421f-a456-9583c40837ab\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":75,\"w\":24,\"h\":15,\"i\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\"},\"panelIndex\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6cb383e9-1e80-44f9-80d5-7b8c585668db\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":75,\"w\":24,\"h\":15,\"i\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\"},\"panelIndex\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_57f5f0bf-6610-4599-aad4-37484640b5e2\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":15,\"i\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},\"panelIndex\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":15,\"i\":\"dd1718fd-74ee-4032-851b-db97e893825d\"},\"panelIndex\":\"dd1718fd-74ee-4032-851b-db97e893825d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd1718fd-74ee-4032-851b-db97e893825d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":105,\"w\":24,\"h\":15,\"i\":\"98a556ee-078b-4e03-93a8-29996133cdcb\"},\"panelIndex\":\"98a556ee-078b-4e03-93a8-29996133cdcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\":{\"columns\":{\"ce9117a2-773c-474c-8fb1-18940cf58b38\":{\"label\":\"Top values of type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"a3d10552-e352-40d0-a156-e86112c0501a\":{\"label\":\"Top values of _type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"_type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"9c5db2f3-9eb0-4667-9a74-3318301de251\":{\"label\":\"Sum of bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"a3d10552-e352-40d0-a156-e86112c0501a\",\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\",\"accessors\":[\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"splitAccessor\":\"a3d10552-e352-40d0-a156-e86112c0501a\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd\"}]},\"enhancements\":{}}},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":105,\"w\":24,\"h\":15,\"i\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},\"panelIndex\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"lens_dashboard_logstash","version":1},"coreMigrationVersion":"7.13.1","id":"f458b9f0-bd9e-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:panel_2e80716f-c1b6-46f2-be2b-35db744b5031","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534","type":"index-pattern"},{"id":"aa4b8da0-bd9f-11eb-9520-1b4c3ca6a781","name":"da8843e0-6789-4aae-bcd0-81f270538719:panel_da8843e0-6789-4aae-bcd0-81f270538719","type":"lens"},{"id":"2d3f1250-bd9f-11eb-9520-1b4c3ca6a781","name":"adcd4418-7299-4efa-b369-5f71a7b4ebe0:panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0","type":"lens"},{"id":"edd5a560-bda4-11eb-9520-1b4c3ca6a781","name":"869754a7-edf0-478f-a7f1-80374f63108a:panel_869754a7-edf0-478f-a7f1-80374f63108a","type":"lens"},{"id":"2c25a450-bda5-11eb-9520-1b4c3ca6a781","name":"67111cf4-338e-453f-8621-e8dea64082d1:panel_67111cf4-338e-453f-8621-e8dea64082d1","type":"lens"},{"id":"e79116e0-bd9e-11eb-9520-1b4c3ca6a781","name":"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d:panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d","type":"lens"},{"id":"974fb950-bda5-11eb-9520-1b4c3ca6a781","name":"88847944-ae1b-45fd-b102-3b45f9bea04b:panel_88847944-ae1b-45fd-b102-3b45f9bea04b","type":"lens"},{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"5a7924c7-eac0-4573-9199-fecec5b82e9e:panel_5a7924c7-eac0-4573-9199-fecec5b82e9e","type":"lens"},{"id":"51b63040-bda5-11eb-9520-1b4c3ca6a781","name":"f8f49591-f071-4a96-b1ed-cd65daff5648:panel_f8f49591-f071-4a96-b1ed-cd65daff5648","type":"lens"},{"id":"b00679c0-bda5-11eb-9520-1b4c3ca6a781","name":"9f357f47-c2a0-421f-a456-9583c40837ab:panel_9f357f47-c2a0-421f-a456-9583c40837ab","type":"lens"},{"id":"652ade10-bd9f-11eb-9520-1b4c3ca6a781","name":"6cb383e9-1e80-44f9-80d5-7b8c585668db:panel_6cb383e9-1e80-44f9-80d5-7b8c585668db","type":"lens"},{"id":"7f3b5fb0-be2f-11eb-9520-1b4c3ca6a781","name":"57f5f0bf-6610-4599-aad4-37484640b5e2:panel_57f5f0bf-6610-4599-aad4-37484640b5e2","type":"lens"},{"id":"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781","name":"32d3ab66-52e1-44e3-8c1f-1dccff3c5692:panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692","type":"lens"},{"id":"dd315430-be2f-11eb-9520-1b4c3ca6a781","name":"dd1718fd-74ee-4032-851b-db97e893825d:panel_dd1718fd-74ee-4032-851b-db97e893825d","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd","type":"index-pattern"},{"id":"0dbbf8b0-be3c-11eb-9520-1b4c3ca6a781","name":"62a0f0b0-3589-4cef-807b-b1b4258b7a9b:panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b","type":"lens"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1622045107288,482],"type":"dashboard","updated_at":"2021-05-26T16:05:07.288Z","version":"WzEwNTcsMl0="} -{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"Target.process.parent.pgid\":{\"id\":\"string\"},\"Target.process.parent.pid\":{\"id\":\"string\"},\"Target.process.parent.ppid\":{\"id\":\"string\"},\"Target.process.parent.thread.id\":{\"id\":\"string\"},\"Target.process.pgid\":{\"id\":\"string\"},\"Target.process.pid\":{\"id\":\"string\"},\"Target.process.ppid\":{\"id\":\"string\"},\"Target.process.thread.id\":{\"id\":\"string\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"},\"process.parent.pgid\":{\"id\":\"string\"},\"process.parent.pid\":{\"id\":\"string\"},\"process.parent.ppid\":{\"id\":\"string\"},\"process.parent.thread.id\":{\"id\":\"string\"},\"process.pgid\":{\"id\":\"string\"},\"process.pid\":{\"id\":\"string\"},\"process.ppid\":{\"id\":\"string\"},\"process.thread.id\":{\"id\":\"string\"},\"destination.bytes\":{\"id\":\"bytes\"},\"destination.port\":{\"id\":\"string\"},\"http.request.body.bytes\":{\"id\":\"bytes\"},\"http.request.bytes\":{\"id\":\"bytes\"},\"http.response.body.bytes\":{\"id\":\"bytes\"},\"http.response.bytes\":{\"id\":\"bytes\"},\"http.response.status_code\":{\"id\":\"string\"},\"network.bytes\":{\"id\":\"bytes\"},\"source.bytes\":{\"id\":\"bytes\"},\"source.port\":{\"id\":\"string\"}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.cross_session\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.parent_to_child\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.self_injection\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.thread_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.unique_key_v1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_pids\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.code_page\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.error_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.file_extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"rule.author\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.license\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.framework\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"event.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.load_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.resolved_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.request.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.response.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.iana_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.transport\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"package.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"7.13.1","id":"logs-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1622059318492,759],"type":"index-pattern","updated_at":"2021-05-26T20:01:58.492Z","version":"WzEzOTcsMl0="} -{"attributes":{"description":"this is a logstash saved query","filters":[],"query":{"language":"kuery","query":"extension.raw :\"gif\" and machine.os.raw :\"ios\" "},"timefilter":{"from":"2015-09-20T01:56:56.132Z","refreshInterval":{"pause":true,"value":0},"to":"2015-09-21T11:18:20.471Z"},"title":"logstash_saved_query"},"coreMigrationVersion":"7.13.1","id":"logstash_saved_query","references":[],"sort":[1622059242432,736],"type":"query","updated_at":"2021-05-26T20:00:42.432Z","version":"WzEzMDAsMl0="} -{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.histogram\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.disks.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.endpoint_drive\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.fstype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.mount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.threads\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.uptime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.endpoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.system\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.configurations.antivirus_registration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.configurations.antivirus_registration.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.antivirus_registration.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.events.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.events.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.logging\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.logging.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.logging.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.malware\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.streaming\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.streaming.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.streaming.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"metrics-*"},"coreMigrationVersion":"7.13.1","id":"metrics-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1622059318495,824],"type":"index-pattern","updated_at":"2021-05-26T20:01:58.495Z","version":"WzEzOTgsMl0="} -{"attributes":{"description":"Shakespeare query","filters":[],"query":{"language":"kuery","query":"speaker : \"OTHELLO\" and play_name :\"Othello\" "},"title":"shakespeare_current_query"},"coreMigrationVersion":"7.13.1","id":"shakespeare_current_query","references":[],"sort":[1622059292632,753],"type":"query","updated_at":"2021-05-26T20:01:32.632Z","version":"WzEzNDUsMl0="} -{"attributes":{"@created":"2021-05-27T18:53:18.432Z","@timestamp":"2021-05-27T19:46:12.539Z","assets":{},"colors":["#37988d","#c19628","#b83c6f","#3f9939","#1785b0","#ca5f35","#45bdb0","#f2bc33","#e74b8b","#4fbf48","#1ea6dc","#fd7643","#72cec3","#f5cc5d","#ec77a8","#7acf74","#4cbce4","#fd986f","#a1ded7","#f8dd91","#f2a4c5","#a6dfa2","#86d2ed","#fdba9f","#000000","#444444","#777777","#BBBBBB","#FFFFFF","rgba(255,255,255,0)"],"css":".canvasPage {\n\n}","height":720,"isWriteable":true,"name":"logstash-canvas-workpad","page":1,"pages":[{"elements":[{"expression":"savedLens id=\"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781\" timerange={timerange from=\"now-15y\" to=\"now\"}\n| render","filter":null,"id":"element-56d2ba72-f227-4d04-9478-a1d6f0c7e601","position":{"angle":0,"height":300,"left":20,"parent":null,"top":20,"width":500}},{"expression":"savedVisualization id=\"0d8a8860-623a-11eb-aebf-c306684b328d\" timerange={timerange from=\"now-15y\" to=\"now\"}\n| render","filter":null,"id":"element-afbaa26e-10e7-47d4-bb41-b061dfdced2b","position":{"angle":0,"height":300,"left":527,"parent":null,"top":20,"width":500}}],"groups":[],"id":"page-0f9ef2da-2868-4c0b-9223-fd3c9e53d6c9","style":{"background":"#FFF"},"transition":{}},{"elements":[{"expression":"image dataurl=null mode=\"contain\"\n| render","id":"element-c5534ef7-68c4-46bc-b35a-9e43a7f118c3","position":{"angle":0,"height":107,"left":20,"parent":null,"top":20,"width":132}},{"expression":"filters\n| essql query=\"SELECT machine.os.raw FROM \\\"logstash-*\\\"\"\n| pointseries x=\"machine.os.raw\" y=\"size(machine.os.raw)\" color=\"machine.os.raw\" size=\"sum(machine.os.raw)\"\n| plot defaultStyle={seriesStyle points=5 fill=1}\n| render","id":"element-5f7a3312-0e77-471c-9b8f-f98cb38075fb","position":{"angle":0,"height":192,"left":221,"parent":null,"top":56,"width":451}},{"expression":"timefilterControl compact=true column=@timestamp\n| render","filter":"timefilter from=\"now-29y\" to=now column=@timestamp","id":"element-6e00dcf4-06fe-4bd9-9315-d32d9d3fac5f","position":{"angle":0,"height":50,"left":221,"parent":null,"top":-1,"width":500}},{"expression":"filters\n| esdocs index=\"logstash-*\" fields=\"@timestamp, response.raw\"\n| pointseries x=\"size(response.raw)\" y=\"@timestamp\" color=\"response.raw\"\n| plot\n| render","id":"element-20281fac-1c3a-4ee3-9132-44379fb60b74","position":{"angle":0,"height":262,"left":51,"parent":null,"top":304,"width":590}},{"expression":"filters\n| timelion query=\".es(index=logstash-*, metric=sum:bytes)\"\n| pointseries x=\"@timestamp\" y=\"sum(value)\"\n| plot defaultStyle={seriesStyle lines=3}\n| render","id":"element-337b0548-5d6d-44cd-a324-eb50d63c7bd0","position":{"angle":0,"height":309,"left":648,"parent":null,"top":290,"width":369}},{"expression":"savedLens id=\"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781\" timerange={timerange from=\"now-15y\" to=\"now\"}\n| render","filter":null,"id":"element-353e5583-0dbb-4a6b-bac7-3b2a6b305397","position":{"angle":0,"height":181.99999999999997,"left":855,"parent":"group-d2618a19-3982-414e-93df-b2cb165b7c7e","top":15.000000000000014,"width":76.961271102284}},{"expression":"savedVisualization id=\"0d8a8860-623a-11eb-aebf-c306684b328d\" timerange={timerange from=\"now-15y\" to=\"now\"}\n| render","filter":null,"id":"element-0e5501a6-9e87-42bc-b539-1e697e62051b","position":{"angle":0,"height":181.99999999999997,"left":933.038728897716,"parent":"group-d2618a19-3982-414e-93df-b2cb165b7c7e","top":15.000000000000014,"width":76.961271102284}}],"groups":[],"id":"page-59c3cf09-1811-4324-995b-7336c1c11ab8","style":{"background":"#FFF"},"transition":{}}],"variables":[],"width":1080},"coreMigrationVersion":"7.13.1","id":"workpad-f2024ca3-e366-447a-b3af-7db4400646ef","migrationVersion":{"canvas-workpad":"7.0.0"},"references":[],"sort":[1622144772545,622],"type":"canvas-workpad","updated_at":"2021-05-27T19:46:12.545Z","version":"WzIwNTEsMl0="} -{"exportedCount":71,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file +{"attributes":{"accessCount":0,"accessDate":1621977234367,"createDate":1621977234367,"url":"/app/dashboards#/view/154944b0-6249-11eb-aebf-c306684b328d?embed=true&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15y,to:now))&_a=(description:%27%27,filters:!(),fullScreenMode:!f,options:(darkTheme:!f,hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(enhancements:()),gridData:(h:15,i:%271%27,w:24,x:0,y:0),id:%2736b91810-6239-11eb-aebf-c306684b328d%27,panelIndex:%271%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:(),vis:!n),gridData:(h:15,i:%272%27,w:24,x:24,y:0),id:%270a274320-61cc-11eb-aebf-c306684b328d%27,panelIndex:%272%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%273%27,w:24,x:0,y:15),id:e4aef350-623d-11eb-aebf-c306684b328d,panelIndex:%273%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%274%27,w:24,x:24,y:15),id:f92e5630-623e-11eb-aebf-c306684b328d,panelIndex:%274%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:(),vis:!n),gridData:(h:15,i:%275%27,w:24,x:0,y:30),id:%279853d4d0-623d-11eb-aebf-c306684b328d%27,panelIndex:%275%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:(),vis:!n),gridData:(h:15,i:%276%27,w:24,x:24,y:30),id:%276ecb33b0-623d-11eb-aebf-c306684b328d%27,panelIndex:%276%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:(),vis:!n),gridData:(h:15,i:%277%27,w:24,x:0,y:45),id:b8e35c80-623c-11eb-aebf-c306684b328d,panelIndex:%277%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%278%27,w:24,x:24,y:45),id:f1bc75d0-6239-11eb-aebf-c306684b328d,panelIndex:%278%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%279%27,w:24,x:0,y:60),id:%270d8a8860-623a-11eb-aebf-c306684b328d%27,panelIndex:%279%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2710%27,w:24,x:24,y:60),id:d79fe3d0-6239-11eb-aebf-c306684b328d,panelIndex:%2710%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2711%27,w:24,x:0,y:75),id:%27318375a0-6240-11eb-aebf-c306684b328d%27,panelIndex:%2711%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2712%27,w:24,x:24,y:75),id:e461eb20-6245-11eb-aebf-c306684b328d,panelIndex:%2712%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2713%27,w:24,x:0,y:90),id:%2725bdc750-6242-11eb-aebf-c306684b328d%27,panelIndex:%2713%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2714%27,w:24,x:24,y:90),id:%2771dd7bc0-6248-11eb-aebf-c306684b328d%27,panelIndex:%2714%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2715%27,w:24,x:0,y:105),id:%276aea48a0-6240-11eb-aebf-c306684b328d%27,panelIndex:%2715%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2716%27,w:24,x:24,y:105),id:%2732b681f0-6241-11eb-aebf-c306684b328d%27,panelIndex:%2716%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2717%27,w:24,x:0,y:120),id:ccca99e0-6244-11eb-aebf-c306684b328d,panelIndex:%2717%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2718%27,w:24,x:24,y:120),id:a4d7be80-6245-11eb-aebf-c306684b328d,panelIndex:%2718%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2719%27,w:24,x:0,y:135),id:c94d8440-6248-11eb-aebf-c306684b328d,panelIndex:%2719%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%2720%27,w:24,x:24,y:135),id:db6226f0-61c0-11eb-aebf-c306684b328d,panelIndex:%2720%27,type:search,version:%277.13.1%27)),query:(language:lucene,query:%27%27),tags:!(),timeRestore:!f,title:logstash_dashboardwithtime,viewMode:view)"},"coreMigrationVersion":"7.13.2","id":"058bc10f0578013fc41ddedc9a1dcd1e","references":[],"sort":[1623693556928,448],"type":"url","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NDUsNF0="} +{"attributes":{"color":"#ba898f","description":"","name":"By value tag"},"coreMigrationVersion":"7.13.2","id":"07f48f70-ca29-11eb-bf5e-3de94e83d4f0","references":[],"sort":[1623415891791,116],"type":"tag","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0MzEsNF0="} +{"attributes":{"fieldAttrs":"{\"ip\":{\"count\":2},\"geo.dest\":{\"count\":1}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"logstash-*"},"coreMigrationVersion":"7.13.2","id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1623415891791,120],"type":"index-pattern","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0MzMsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"60aaea59-d871-4e90-9ff3-78946d6bef90\"},\"panelIndex\":\"60aaea59-d871-4e90-9ff3-78946d6bef90\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"2174c5fe-75d2-43ae-9c79-1a7cc7bbbaea\":{\"columns\":{\"65625f0d-e7f1-4370-b939-7db27af74de7\":{\"label\":\"Top values of geo.srcdest\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"geo.srcdest\",\"isBucketed\":true,\"params\":{\"size\":18,\"orderBy\":{\"type\":\"column\",\"columnId\":\"553a353f-dac5-4a52-a25d-52c6e1462597\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"553a353f-dac5-4a52-a25d-52c6e1462597\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"65625f0d-e7f1-4370-b939-7db27af74de7\",\"553a353f-dac5-4a52-a25d-52c6e1462597\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"2174c5fe-75d2-43ae-9c79-1a7cc7bbbaea\",\"groups\":[\"65625f0d-e7f1-4370-b939-7db27af74de7\",\"65625f0d-e7f1-4370-b939-7db27af74de7\",\"65625f0d-e7f1-4370-b939-7db27af74de7\"],\"metric\":\"553a353f-dac5-4a52-a25d-52c6e1462597\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"43fcac20-ca27-11eb-bf5e-3de94e83d4f0\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"43fcac20-ca27-11eb-bf5e-3de94e83d4f0\",\"name\":\"indexpattern-datasource-layer-2174c5fe-75d2-43ae-9c79-1a7cc7bbbaea\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"9ed45b8b-534b-4fac-9fee-436896b90039\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"name\":\"circular drilldown\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\"}}]}},\"type\":\"lens\"}}]","timeRestore":false,"title":"lens_panel_drilldown","version":1},"coreMigrationVersion":"7.13.2","id":"35ce3b30-ca29-11eb-bf5e-3de94e83d4f0","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"indexpattern-datasource-layer-2174c5fe-75d2-43ae-9c79-1a7cc7bbbaea","type":"index-pattern"},{"id":"08dec860-ca29-11eb-bf5e-3de94e83d4f0","name":"drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:9ed45b8b-534b-4fac-9fee-436896b90039:dashboardId","type":"dashboard"},{"id":"07f48f70-ca29-11eb-bf5e-3de94e83d4f0","name":"tag-07f48f70-ca29-11eb-bf5e-3de94e83d4f0","type":"tag"}],"sort":[1623415891791,125],"type":"dashboard","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0MzQsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"095e13b2-d0ac-47db-a62b-0aca28931402\"},\"panelIndex\":\"095e13b2-d0ac-47db-a62b-0aca28931402\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f61694eb-94ed-495d-9ce8-63592f040b0b\":{\"columns\":{\"75ddcdb4-3050-4545-b401-509384b0d532\":{\"label\":\"Top values of machine.os.raw\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"machine.os.raw\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2f97b0f5-f0ff-40f2-abb0-bb7d1081a126\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"273e31ef-7c2d-4d0e-9063-5528f4011a51\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"2f97b0f5-f0ff-40f2-abb0-bb7d1081a126\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"2eb30654-0ead-40ac-92ab-d8d113e25ac5\":{\"label\":\"Average of bytes\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"75ddcdb4-3050-4545-b401-509384b0d532\",\"273e31ef-7c2d-4d0e-9063-5528f4011a51\",\"2f97b0f5-f0ff-40f2-abb0-bb7d1081a126\",\"2eb30654-0ead-40ac-92ab-d8d113e25ac5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f61694eb-94ed-495d-9ce8-63592f040b0b\",\"accessors\":[\"2f97b0f5-f0ff-40f2-abb0-bb7d1081a126\",\"2eb30654-0ead-40ac-92ab-d8d113e25ac5\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"273e31ef-7c2d-4d0e-9063-5528f4011a51\",\"splitAccessor\":\"75ddcdb4-3050-4545-b401-509384b0d532\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"43fcac20-ca27-11eb-bf5e-3de94e83d4f0\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"43fcac20-ca27-11eb-bf5e-3de94e83d4f0\",\"name\":\"indexpattern-datasource-layer-f61694eb-94ed-495d-9ce8-63592f040b0b\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"da7ad2b6-1e4a-40b5-9123-d0ec2bde858d\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"name\":\"lens_panel_drilldown\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\"}}]}},\"type\":\"lens\"}},{\"version\":\"7.13.1\",\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"153bb2dc-c4f5-4fcc-a45a-4e61cdaad8c2\"},\"panelIndex\":\"153bb2dc-c4f5-4fcc-a45a-4e61cdaad8c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true},\\\"id\\\":\\\"16b378f6-4b68-4d17-8be4-3da333440869\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"43fcac20-ca27-11eb-bf5e-3de94e83d4f0\\\",\\\"geoField\\\":\\\"geo.coordinates\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1,\\\"id\\\":\\\"86ff9ac9-9ccf-44b0-8b90-a4b779f5bc38\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[\\\"extension\\\",\\\"geo.dest\\\",\\\"response\\\"],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\"},\\\"id\\\":\\\"3d062d54-73de-4be7-8ae2-11e9b385f7d9\\\",\\\"label\\\":\\\"\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[]}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.38,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15y\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.38},\"mapBuffer\":{\"minLon\":-214.7723,\"minLat\":-74.644155,\"maxLon\":214.7723,\"maxLat\":102.864625},\"isLayerTOCOpen\":true,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"b10e564b-7d42-45f5-8c26-a9220c405834\",\"triggers\":[\"CONTEXT_MENU_TRIGGER\"],\"action\":{\"name\":\"URL drilldown\",\"config\":{\"url\":{\"template\":\"http://localhost:5601/app/discover#/view/0abce1c0-ca2a-11eb-bf5e-3de94e83d4f0?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15y,to:now))&_a=(columns:!(),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'43fcac20-ca27-11eb-bf5e-3de94e83d4f0',key:geo.srcdest,negate:!f,params:!('IN:CN'),type:phrases,value:'IN:CN'),query:(bool:(minimum_should_match:1,should:!((match_phrase:(geo.srcdest:'IN:CN'))))))),index:'43fcac20-ca27-11eb-bf5e-3de94e83d4f0',interval:auto,query:(language:kuery,query:''),sort:!(!('@timestamp',desc)))\"},\"openInNewTab\":true,\"encodeUrl\":true},\"factoryId\":\"URL_DRILLDOWN\"}}]}},\"type\":\"map\"}},{\"version\":\"7.13.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"5de83d82-bbd1-4d30-be61-dd6724f32c07\"},\"panelIndex\":\"5de83d82-bbd1-4d30-be61-dd6724f32c07\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"annotations\":[{\"fields\":\"response.raw\",\"template\":\"{{response.raw}}\",\"index_pattern\":\"logstash-*\",\"query_string\":{\"query\":\"response.raw :\\\"404\\\" \",\"language\":\"kuery\"},\"color\":\"#F00\",\"icon\":\"fa-bomb\",\"id\":\"37395960-ca28-11eb-9eac-2f3ccefcbeef\",\"ignore_global_filters\":1,\"ignore_panel_filters\":1,\"time_field\":\"@timestamp\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logstash-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"23d04651-266f-4f0a-8eef-6f190f0a84af\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"name\":\"dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\"}}]}},\"type\":\"visualization\"}},{\"version\":\"7.13.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"a254a623-a9af-4372-851b-572fa95b0902\"},\"panelIndex\":\"a254a623-a9af-4372-851b-572fa95b0902\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n/*\\n\\nWelcome to Vega visualizations. Here you can design your own dataviz from scratch using a declarative language called Vega, or its simpler form Vega-Lite. In Vega, you have the full control of what data is loaded, even from multiple sources, how that data is transformed, and what visual elements are used to show it. Use help icon to view Vega examples, tutorials, and other docs. Use the wrench icon to reformat this text, or to remove comments.\\n\\nThis example graph shows the document count in all indexes in the current time range. You might need to adjust the time filter in the upper right corner.\\n*/\\n\\n $schema: https://vega.github.io/schema/vega-lite/v4.json\\n title: Event counts from all indexes\\n\\n // Define the data source\\n data: {\\n url: {\\n/*\\nAn object instead of a string for the \\\"url\\\" param is treated as an Elasticsearch query. Anything inside this object is not part of the Vega language, but only understood by Kibana and Elasticsearch server. This query counts the number of documents per time interval, assuming you have a @timestamp field in your data.\\n\\nKibana has a special handling for the fields surrounded by \\\"%\\\". They are processed before the the query is sent to Elasticsearch. This way the query becomes context aware, and can use the time range and the dashboard filters.\\n*/\\n\\n // Apply dashboard context filters when set\\n %context%: true\\n // Filter the time picker (upper right corner) with this field\\n %timefield%: @timestamp\\n\\n/*\\nSee .search() documentation for : https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/api-reference.html#api-search\\n*/\\n\\n // Which index to search\\n index: _all\\n // Aggregate data by the time field into time buckets, counting the number of documents in each bucket.\\n body: {\\n aggs: {\\n time_buckets: {\\n date_histogram: {\\n // Use date histogram aggregation on @timestamp field\\n field: @timestamp\\n // The interval value will depend on the daterange picker (true), or use an integer to set an approximate bucket count\\n interval: {%autointerval%: true}\\n // Make sure we get an entire range, even if it has no data\\n extended_bounds: {\\n // Use the current time range's start and end\\n min: {%timefilter%: \\\"min\\\"}\\n max: {%timefilter%: \\\"max\\\"}\\n }\\n // Use this for linear (e.g. line, area) graphs. Without it, empty buckets will not show up\\n min_doc_count: 0\\n }\\n }\\n }\\n // Speed up the response by only including aggregation results\\n size: 0\\n }\\n }\\n/*\\nElasticsearch will return results in this format:\\n\\naggregations: {\\n time_buckets: {\\n buckets: [\\n {\\n key_as_string: 2015-11-30T22:00:00.000Z\\n key: 1448920800000\\n doc_count: 0\\n },\\n {\\n key_as_string: 2015-11-30T23:00:00.000Z\\n key: 1448924400000\\n doc_count: 0\\n }\\n ...\\n ]\\n }\\n}\\n\\nFor our graph, we only need the list of bucket values. Use the format.property to discard everything else.\\n*/\\n format: {property: \\\"aggregations.time_buckets.buckets\\\"}\\n }\\n\\n // \\\"mark\\\" is the graphics element used to show our data. Other mark values are: area, bar, circle, line, point, rect, rule, square, text, and tick. See https://vega.github.io/vega-lite/docs/mark.html\\n mark: line\\n\\n // \\\"encoding\\\" tells the \\\"mark\\\" what data to use and in what way. See https://vega.github.io/vega-lite/docs/encoding.html\\n encoding: {\\n x: {\\n // The \\\"key\\\" value is the timestamp in milliseconds. Use it for X axis.\\n field: key\\n type: temporal\\n axis: {title: false} // Customize X axis format\\n }\\n y: {\\n // The \\\"doc_count\\\" is the count per bucket. Use it for Y axis.\\n field: doc_count\\n type: quantitative\\n axis: {title: \\\"Document count\\\"}\\n }\\n }\\n}\\n\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"43fcac20-ca27-11eb-bf5e-3de94e83d4f0\",\"key\":\"geo.srcdest\",\"negate\":false,\"params\":{\"query\":\"CN:CN\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"geo.srcdest\":\"CN:CN\"}}}]}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"cfd2521d-15a0-4c64-b0ab-d2dc18f396e3\",\"triggers\":[\"CONTEXT_MENU_TRIGGER\"],\"action\":{\"name\":\"URL\",\"config\":{\"url\":{\"template\":\"http://localhost:5601/app/discover#/view/4acce030-ca2a-11eb-bf5e-3de94e83d4f0?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15y,to:now))&_a=(columns:!(),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'43fcac20-ca27-11eb-bf5e-3de94e83d4f0',key:ip,negate:!f,params:(query:'57.237.11.219'),type:phrase),query:(match_phrase:(ip:'57.237.11.219')))),index:'43fcac20-ca27-11eb-bf5e-3de94e83d4f0',interval:auto,query:(language:kuery,query:''),sort:!(!('@timestamp',desc)))\"},\"openInNewTab\":true,\"encodeUrl\":true},\"factoryId\":\"URL_DRILLDOWN\"}}]}},\"type\":\"visualization\"}},{\"version\":\"7.13.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"7f0506ed-1f30-410f-bcd7-3f70623aa5ba\"},\"panelIndex\":\"7f0506ed-1f30-410f-bcd7-3f70623aa5ba\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":true},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"geo.srcdest\",\"size\":77},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"43fcac20-ca27-11eb-bf5e-3de94e83d4f0\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"}}]","timeRestore":false,"title":"logstash_by_value_dashboard","version":1},"coreMigrationVersion":"7.13.2","id":"08dec860-ca29-11eb-bf5e-3de94e83d4f0","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"indexpattern-datasource-layer-f61694eb-94ed-495d-9ce8-63592f040b0b","type":"index-pattern"},{"id":"35ce3b30-ca29-11eb-bf5e-3de94e83d4f0","name":"drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:da7ad2b6-1e4a-40b5-9123-d0ec2bde858d:dashboardId","type":"dashboard"},{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"35ce3b30-ca29-11eb-bf5e-3de94e83d4f0","name":"drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:23d04651-266f-4f0a-8eef-6f190f0a84af:dashboardId","type":"dashboard"},{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"07f48f70-ca29-11eb-bf5e-3de94e83d4f0","name":"tag-07f48f70-ca29-11eb-bf5e-3de94e83d4f0","type":"tag"}],"sort":[1623415891791,134],"type":"dashboard","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0MzUsNF0="} +{"attributes":{"fieldAttrs":"{\"machine.os\":{\"count\":1},\"spaces\":{\"count\":1},\"type\":{\"count\":1},\"bytes_scripted\":{\"count\":1}}","fields":"[{\"count\":1,\"script\":\"doc['bytes'].value*1024\",\"lang\":\"painless\",\"name\":\"bytes_scripted\",\"type\":\"number\",\"scripted\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"logstash-*"},"coreMigrationVersion":"7.13.2","id":"56b34100-619d-11eb-aebf-c306684b328d","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1623693556928,449],"type":"index-pattern","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NDYsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_scriptedfieldviz","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"logstash_scriptedfieldviz\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":true,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"schema\":\"group\",\"params\":{\"field\":\"bytes_scripted\",\"ranges\":[{\"from\":0,\"to\":40000},{\"from\":40001,\"to\":20000000}]}}]}"},"coreMigrationVersion":"7.13.2","id":"0a274320-61cc-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,451],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NDcsNF0="} +{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"geo.srcdest\",\"value\":\"IN:CN\",\"params\":[\"IN:CN\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"geo.srcdest\":\"IN:CN\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"search_saved","version":1},"coreMigrationVersion":"7.13.2","id":"0abce1c0-ca2a-11eb-bf5e-3de94e83d4f0","migrationVersion":{"search":"7.9.3"},"references":[{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1623415891791,137],"type":"search","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0MzYsNF0="} +{"attributes":{"color":"#81a93f","description":"","name":"logstash_tag"},"coreMigrationVersion":"7.13.2","id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","references":[],"sort":[1623693556928,452],"type":"tag","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NDgsNF0="} +{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"4c2394ca-a6a2-4f8d-9631-259eb3a9627f\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"geo.coordinates\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"7555324e-e793-4b7d-a9d2-cd63e6b7fe3d\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"tooltipProperties\":[\"geo.srcdest\",\"machine.os\",\"type\"],\"sortField\":\"bytes_scripted\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"6a493d8b-a220-46bc-8906-a1a7569799e0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"extension.raw\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"CATEGORICAL\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"machine.os.raw\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"CATEGORICAL\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"BLENDED_VECTOR\",\"joins\":[]}]","mapStateJSON":"{\"zoom\":1.56,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15y\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"logstash_maps","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"7.13.2","id":"0c5974f0-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"map":"7.12.0"},"references":[{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"layer_1_source_index_pattern","type":"index-pattern"}],"sort":[1623693556928,455],"type":"map","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NDksNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logstash_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"bucket\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-07-24T08:58:14.175Z\",\"to\":\"2015-11-11T13:28:17.223Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.2","id":"0d8a8860-623a-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,457],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTAsNF0="} +{"attributes":{"description":null,"state":{"datasourceStates":{"indexpattern":{"layers":{"35fd070e-5bbc-4906-bf69-8548a213d7a0":{"columnOrder":["2bf7969f-0371-4df2-a398-0a191e428ce5","aab812d6-609b-444d-9990-1e67f85fd85d","e9829e8a-c484-4c9d-b489-f1eb3fb138d2","4fc9fb3b-29a5-4679-ab3c-90d5daaf0661"],"columns":{"2bf7969f-0371-4df2-a398-0a191e428ce5":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"4fc9fb3b-29a5-4679-ab3c-90d5daaf0661":{"dataType":"number","isBucketed":false,"label":"Moving average of Median of bytes","operationType":"moving_average","params":{"window":5},"references":["e9829e8a-c484-4c9d-b489-f1eb3fb138d2"],"scale":"ratio"},"aab812d6-609b-444d-9990-1e67f85fd85d":{"dataType":"number","isBucketed":false,"label":"Average of bytes","operationType":"average","scale":"ratio","sourceField":"bytes"},"e9829e8a-c484-4c9d-b489-f1eb3fb138d2":{"dataType":"number","isBucketed":false,"label":"Median of bytes","operationType":"median","scale":"ratio","sourceField":"bytes"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["aab812d6-609b-444d-9990-1e67f85fd85d","4fc9fb3b-29a5-4679-ab3c-90d5daaf0661"],"layerId":"35fd070e-5bbc-4906-bf69-8548a213d7a0","position":"top","seriesType":"bar_stacked","showGridlines":false,"xAccessor":"2bf7969f-0371-4df2-a398-0a191e428ce5"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_barvertical_stacked_average","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"0dbbf8b0-be3c-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-35fd070e-5bbc-4906-bf69-8548a213d7a0","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,461],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTEsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_area_chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_area_chart\",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2010-01-28T19:25:55.242Z\",\"to\":\"2021-01-28T19:40:55.242Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"machine.os.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"machine OS\"}}]}"},"coreMigrationVersion":"7.13.2","id":"36b91810-6239-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,463],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTIsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_horizontal","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_horizontal\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"no of documents\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"no of documents\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"no of documents\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-07-24T08:58:14.175Z\",\"to\":\"2015-11-11T13:28:17.223Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"agent.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"extension.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.2","id":"e4aef350-623d-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,465],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTMsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_linechart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_linechart\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"radiusRatio\":51,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-09-18T06:38:43.311Z\",\"to\":\"2015-09-26T04:02:51.104Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"radius\",\"params\":{\"field\":\"bytes\",\"customLabel\":\"bubbles\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"machine.os.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.2","id":"f92e5630-623e-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,467],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTQsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_heatmap","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0% - 25%\":\"rgb(255,255,204)\",\"25% - 50%\":\"rgb(254,217,118)\",\"50% - 75%\":\"rgb(253,141,60)\",\"75% - 100%\":\"rgb(227,27,28)\"}}}","version":1,"visState":"{\"title\":\"logstash_heatmap\",\"type\":\"heatmap\",\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Yellow to Red\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":true,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"#555\"}}],\"row\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-07-24T08:58:14.175Z\",\"to\":\"2015-11-11T13:28:17.223Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"machine.os.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"response.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.2","id":"9853d4d0-623d-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,469],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTUsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_goalchart","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 33\":\"rgb(0,104,55)\",\"33 - 67\":\"rgb(255,255,190)\",\"67 - 100\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"title\":\"logstash_goalchart\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":true,\"gaugeType\":\"Circle\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000},{\"from\":10001,\"to\":20000},{\"from\":20001,\"to\":30000}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60},\"minAngle\":0,\"maxAngle\":6.283185307179586}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"group\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-07-24T08:58:14.175Z\",\"to\":\"2015-11-11T13:28:17.223Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"7.13.2","id":"6ecb33b0-623d-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,471],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTYsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_gauge","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 50\":\"rgb(0,104,55)\",\"50 - 75\":\"rgb(255,255,190)\",\"75 - 100\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"title\":\"logstash_gauge\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":50},{\"from\":50,\"to\":75},{\"from\":75,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"\",\"fontSize\":60,\"labelColor\":true},\"alignment\":\"horizontal\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"schema\":\"group\",\"params\":{\"field\":\"bytes\",\"ranges\":[{\"from\":0,\"to\":10001},{\"from\":10002,\"to\":1000000}],\"json\":\"\"}}]}"},"coreMigrationVersion":"7.13.2","id":"b8e35c80-623c-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,473],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTcsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_coordinatemaps","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_coordinatemaps\",\"type\":\"tile_map\",\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors|OpenMapTiles|Elastic Maps Service

\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.coordinates\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":[0,0],\"precision\":2,\"customLabel\":\"logstash src/dest\"}}]}"},"coreMigrationVersion":"7.13.2","id":"f1bc75d0-6239-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,475],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTgsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"logstash_inputcontrols","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_inputcontrols\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1611928563867\",\"fieldName\":\"machine.ram\",\"parent\":\"\",\"label\":\"Logstash RAM\",\"type\":\"range\",\"options\":{\"decimalPlaces\":0,\"step\":1024},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1611928586274\",\"fieldName\":\"machine.os.raw\",\"parent\":\"\",\"label\":\"Logstash OS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"7.13.2","id":"d79fe3d0-6239-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"control_0_index_pattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"control_1_index_pattern","type":"index-pattern"}],"sort":[1623693556928,478],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NTksNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"logstash_markdown","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_markdown\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":true,\"markdown\":\"Kibana is built with JS https://www.javascript.com/\"},\"aggs\":[]}"},"coreMigrationVersion":"7.13.2","id":"318375a0-6240-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[],"sort":[1623693556928,479],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjAsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"logstash_vegaviz","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_vegaviz\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n/*\\n\\nWelcome to Vega visualizations. Here you can design your own dataviz from scratch using a declarative language called Vega, or its simpler form Vega-Lite. In Vega, you have the full control of what data is loaded, even from multiple sources, how that data is transformed, and what visual elements are used to show it. Use help icon to view Vega examples, tutorials, and other docs. Use the wrench icon to reformat this text, or to remove comments.\\n\\nThis example graph shows the document count in all indexes in the current time range. You might need to adjust the time filter in the upper right corner.\\n*/\\n\\n $schema: https://vega.github.io/schema/vega-lite/v2.json\\n title: Event counts from all indexes\\n\\n // Define the data source\\n data: {\\n url: {\\n/*\\nAn object instead of a string for the \\\"url\\\" param is treated as an Elasticsearch query. Anything inside this object is not part of the Vega language, but only understood by Kibana and Elasticsearch server. This query counts the number of documents per time interval, assuming you have a @timestamp field in your data.\\n\\nKibana has a special handling for the fields surrounded by \\\"%\\\". They are processed before the the query is sent to Elasticsearch. This way the query becomes context aware, and can use the time range and the dashboard filters.\\n*/\\n\\n // Apply dashboard context filters when set\\n %context%: true\\n // Filter the time picker (upper right corner) with this field\\n %timefield%: @timestamp\\n\\n/*\\nSee .search() documentation for : https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/api-reference.html#api-search\\n*/\\n\\n // Which index to search\\n index: logstash-*\\n // Aggregate data by the time field into time buckets, counting the number of documents in each bucket.\\n body: {\\n aggs: {\\n time_buckets: {\\n date_histogram: {\\n // Use date histogram aggregation on @timestamp field\\n field: @timestamp\\n // The interval value will depend on the daterange picker (true), or use an integer to set an approximate bucket count\\n interval: {%autointerval%: true}\\n // Make sure we get an entire range, even if it has no data\\n extended_bounds: {\\n // Use the current time range's start and end\\n min: {%timefilter%: \\\"min\\\"}\\n max: {%timefilter%: \\\"max\\\"}\\n }\\n // Use this for linear (e.g. line, area) graphs. Without it, empty buckets will not show up\\n min_doc_count: 13\\n }\\n }\\n }\\n // Speed up the response by only including aggregation results\\n size: 0\\n }\\n }\\n/*\\nElasticsearch will return results in this format:\\n\\naggregations: {\\n time_buckets: {\\n buckets: [\\n {\\n key_as_string: 2015-11-30T22:00:00.000Z\\n key: 1448920800000\\n doc_count: 0\\n },\\n {\\n key_as_string: 2015-11-30T23:00:00.000Z\\n key: 1448924400000\\n doc_count: 0\\n }\\n ...\\n ]\\n }\\n}\\n\\nFor our graph, we only need the list of bucket values. Use the format.property to discard everything else.\\n*/\\n format: {property: \\\"aggregations.time_buckets.buckets\\\"}\\n }\\n\\n // \\\"mark\\\" is the graphics element used to show our data. Other mark values are: area, bar, circle, line, point, rect, rule, square, text, and tick. See https://vega.github.io/vega-lite/docs/mark.html\\n mark: line\\n\\n // \\\"encoding\\\" tells the \\\"mark\\\" what data to use and in what way. See https://vega.github.io/vega-lite/docs/encoding.html\\n encoding: {\\n x: {\\n // The \\\"key\\\" value is the timestamp in milliseconds. Use it for X axis.\\n field: key\\n type: temporal\\n axis: {title: false} // Customize X axis format\\n }\\n y: {\\n // The \\\"doc_count\\\" is the count per bucket. Use it for Y axis.\\n field: doc_count\\n type: quantitative\\n axis: {title: \\\"Document count\\\"}\\n }\\n }\\n}\\n\"},\"aggs\":[]}"},"coreMigrationVersion":"7.13.2","id":"e461eb20-6245-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[],"sort":[1623693556928,480],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjEsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_regionmap","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_regionmap\",\"type\":\"region_map\",\"params\":{\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"emsHotLink\":\"https://maps.elastic.co/v6.7?locale=en#file/world_countries\",\"isDisplayWarning\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[0,0],\"mapZoom\":2,\"outlineWeight\":1,\"selectedJoinField\":{\"type\":\"id\",\"name\":\"iso2\",\"description\":\"ISO 3166-1 alpha-2 code\"},\"showAllShapes\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors|OpenMapTiles|Elastic Maps Service

\"}},\"selectedLayer\":{\"name\":\"World Countries\",\"origin\":\"elastic_maps_service\",\"id\":\"world_countries\",\"created_at\":\"2017-04-26T17:12:15.978370\",\"attribution\":\"Made with NaturalEarth | Elastic Maps Service\",\"fields\":[{\"type\":\"id\",\"name\":\"iso2\",\"description\":\"ISO 3166-1 alpha-2 code\"},{\"type\":\"id\",\"name\":\"iso3\",\"description\":\"ISO 3166-1 alpha-3 code\"},{\"type\":\"property\",\"name\":\"name\",\"description\":\"name\"}],\"format\":{\"type\":\"geojson\"},\"layerId\":\"elastic_maps_service.World Countries\",\"isEMS\":true}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.dest\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.2","id":"25bdc750-6242-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,482],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjIsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_verticalbarchart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_verticalbarchart\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"row\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2015-09-18T06:38:43.311Z\",\"to\":\"2015-09-26T04:02:51.104Z\",\"mode\":\"absolute\"},\"useNormalizedEsInterval\":true,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"scaleMetricValues\":true}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"response.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response code\"}}]}"},"coreMigrationVersion":"7.13.2","id":"71dd7bc0-6248-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,484],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjMsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_metricviz","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_metricviz\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"range\",\"schema\":\"group\",\"params\":{\"field\":\"bytes_scripted\",\"ranges\":[{\"from\":0,\"to\":10000},{\"from\":10001,\"to\":300000}]}}]}"},"coreMigrationVersion":"7.13.2","id":"6aea48a0-6240-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,486],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjQsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_piechart","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"machine.os.raw\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"title\":\"logstash_piechart\",\"type\":\"pie\"}"},"coreMigrationVersion":"7.13.2","id":"32b681f0-6241-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,488],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjUsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logstash_tagcloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_tagcloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geo.srcdest\",\"size\":23,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.2","id":"ccca99e0-6244-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,490],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjYsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"title":"logstash_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q='machine.os.raw:win xp' , index=logstash-*)\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"7.13.2","id":"a4d7be80-6245-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[],"sort":[1623693556928,491],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjcsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"logstash_tsvb","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_tsvb\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"machine.os.raw\",\"template\":\"{{machine.os.raw}}\",\"index_pattern\":\"logstash-*\",\"query_string\":{\"query\":\"machine.os.raw :\\\"win xp\\\" \",\"language\":\"lucene\"},\"id\":\"aa43ceb0-6248-11eb-9a82-ef1c6e6c0265\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":1,\"ignore_panel_filters\":1}],\"use_kibana_indexes\":false},\"aggs\":[]}"},"coreMigrationVersion":"7.13.2","id":"c94d8440-6248-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[],"sort":[1623693556928,492],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjgsNF0="} +{"attributes":{"columns":["bytes_scripted"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"machine.os.raw :\\\"win xp\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"logstash_scripted_saved_search","version":1},"coreMigrationVersion":"7.13.2","id":"db6226f0-61c0-11eb-aebf-c306684b328d","migrationVersion":{"search":"7.9.3"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,494],"type":"search","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NjksNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"14\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":105},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":24,\"x\":0,\"y\":120},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"18\",\"w\":24,\"x\":24,\"y\":120},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"19\",\"w\":24,\"x\":0,\"y\":135},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"20\",\"w\":24,\"x\":24,\"y\":135},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"logstash_dashboardwithtime","version":1},"coreMigrationVersion":"7.13.2","id":"154944b0-6249-11eb-aebf-c306684b328d","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"36b91810-6239-11eb-aebf-c306684b328d","name":"1:panel_1","type":"visualization"},{"id":"0a274320-61cc-11eb-aebf-c306684b328d","name":"2:panel_2","type":"visualization"},{"id":"e4aef350-623d-11eb-aebf-c306684b328d","name":"3:panel_3","type":"visualization"},{"id":"f92e5630-623e-11eb-aebf-c306684b328d","name":"4:panel_4","type":"visualization"},{"id":"9853d4d0-623d-11eb-aebf-c306684b328d","name":"5:panel_5","type":"visualization"},{"id":"6ecb33b0-623d-11eb-aebf-c306684b328d","name":"6:panel_6","type":"visualization"},{"id":"b8e35c80-623c-11eb-aebf-c306684b328d","name":"7:panel_7","type":"visualization"},{"id":"f1bc75d0-6239-11eb-aebf-c306684b328d","name":"8:panel_8","type":"visualization"},{"id":"0d8a8860-623a-11eb-aebf-c306684b328d","name":"9:panel_9","type":"visualization"},{"id":"d79fe3d0-6239-11eb-aebf-c306684b328d","name":"10:panel_10","type":"visualization"},{"id":"318375a0-6240-11eb-aebf-c306684b328d","name":"11:panel_11","type":"visualization"},{"id":"e461eb20-6245-11eb-aebf-c306684b328d","name":"12:panel_12","type":"visualization"},{"id":"25bdc750-6242-11eb-aebf-c306684b328d","name":"13:panel_13","type":"visualization"},{"id":"71dd7bc0-6248-11eb-aebf-c306684b328d","name":"14:panel_14","type":"visualization"},{"id":"6aea48a0-6240-11eb-aebf-c306684b328d","name":"15:panel_15","type":"visualization"},{"id":"32b681f0-6241-11eb-aebf-c306684b328d","name":"16:panel_16","type":"visualization"},{"id":"ccca99e0-6244-11eb-aebf-c306684b328d","name":"17:panel_17","type":"visualization"},{"id":"a4d7be80-6245-11eb-aebf-c306684b328d","name":"18:panel_18","type":"visualization"},{"id":"c94d8440-6248-11eb-aebf-c306684b328d","name":"19:panel_19","type":"visualization"},{"id":"db6226f0-61c0-11eb-aebf-c306684b328d","name":"20:panel_20","type":"search"}],"sort":[1623693556928,515],"type":"dashboard","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NzAsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"26e2cf99-d931-4320-9e15-9dbc148f3534":{"columnOrder":["6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e","beb72af1-239c-46d8-823b-b00d1e2ace43"],"columns":{"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e":{"dataType":"string","isBucketed":true,"label":"Top values of url.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"beb72af1-239c-46d8-823b-b00d1e2ace43","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"url.raw"},"beb72af1-239c-46d8-823b-b00d1e2ace43":{"dataType":"number","isBucketed":false,"label":"Unique count of geo.srcdest","operationType":"unique_count","scale":"ratio","sourceField":"geo.srcdest"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e","6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e","6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e"],"layerId":"26e2cf99-d931-4320-9e15-9dbc148f3534","legendDisplay":"default","metric":"beb72af1-239c-46d8-823b-b00d1e2ace43","nestedLegend":false,"numberDisplay":"percent"}],"shape":"donut"}},"title":"lens_pie_chart","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.2","id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,519],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NzEsNF0="} +{"attributes":{"description":null,"state":{"datasourceStates":{"indexpattern":{"layers":{"a3ac0e3d-63ec-49b2-882a-b34680a967ba":{"columnOrder":["352a2c02-aa6f-4a35-b776-45c3715a6c5e","8ef68cbb-e039-49d6-b15e-be81559f4b55","14fad6b1-6a7c-4ae8-ae4b-d9569e31e04a"],"columns":{"14fad6b1-6a7c-4ae8-ae4b-d9569e31e04a":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"352a2c02-aa6f-4a35-b776-45c3715a6c5e":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"14fad6b1-6a7c-4ae8-ae4b-d9569e31e04a","type":"column"},"orderDirection":"desc","otherBucket":true,"size":67},"scale":"ordinal","sourceField":"geo.srcdest"},"8ef68cbb-e039-49d6-b15e-be81559f4b55":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["14fad6b1-6a7c-4ae8-ae4b-d9569e31e04a"],"layerId":"a3ac0e3d-63ec-49b2-882a-b34680a967ba","position":"top","seriesType":"bar_percentage_stacked","showGridlines":false,"splitAccessor":"352a2c02-aa6f-4a35-b776-45c3715a6c5e","xAccessor":"8ef68cbb-e039-49d6-b15e-be81559f4b55"}],"legend":{"isVisible":true,"position":"top","showSingleSeries":true},"preferredSeriesType":"bar_percentage_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_bar_verticalpercentage","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"aa4b8da0-bd9f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-a3ac0e3d-63ec-49b2-882a-b34680a967ba","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,523],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NzIsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"037b7937-790b-4d2d-94a5-7f5837a6ef05":{"columnOrder":["b3d46616-75e0-419e-97ea-91148961ef94","025a0fb3-dc44-4f5c-b517-2d71d3f26f14","c476db14-0cc1-40ec-863e-d2779256a407"],"columns":{"025a0fb3-dc44-4f5c-b517-2d71d3f26f14":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"b3d46616-75e0-419e-97ea-91148961ef94":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"c476db14-0cc1-40ec-863e-d2779256a407","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"geo.srcdest"},"c476db14-0cc1-40ec-863e-d2779256a407":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"lucene","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["c476db14-0cc1-40ec-863e-d2779256a407"],"layerId":"037b7937-790b-4d2d-94a5-7f5837a6ef05","position":"top","seriesType":"bar_stacked","showGridlines":false,"splitAccessor":"b3d46616-75e0-419e-97ea-91148961ef94","xAccessor":"025a0fb3-dc44-4f5c-b517-2d71d3f26f14"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_barchart_vertical","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"2d3f1250-bd9f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-037b7937-790b-4d2d-94a5-7f5837a6ef05","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,527],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NzMsNF0="} +{"attributes":{"description":null,"state":{"datasourceStates":{"indexpattern":{"layers":{"212688dc-e7d7-4875-a221-09e6191bdcf7":{"columnOrder":["05410186-83c4-460a-82bf-dd7e9d998c9f","e8659feb-1db4-4706-9147-ac1fd513a1ba","c9a32fd0-a465-44fb-8adc-b957fb72cad5"],"columns":{"05410186-83c4-460a-82bf-dd7e9d998c9f":{"dataType":"string","isBucketed":true,"label":"Top values of extension.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"c9a32fd0-a465-44fb-8adc-b957fb72cad5","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"extension.raw"},"c9a32fd0-a465-44fb-8adc-b957fb72cad5":{"dataType":"number","isBucketed":false,"label":"Average of bytes","operationType":"average","scale":"ratio","sourceField":"bytes"},"e8659feb-1db4-4706-9147-ac1fd513a1ba":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["c9a32fd0-a465-44fb-8adc-b957fb72cad5"],"layerId":"212688dc-e7d7-4875-a221-09e6191bdcf7","position":"top","seriesType":"bar_horizontal_stacked","showGridlines":false,"splitAccessor":"05410186-83c4-460a-82bf-dd7e9d998c9f","xAccessor":"e8659feb-1db4-4706-9147-ac1fd513a1ba"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_horizontal_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_barhorizontal_stacked","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"edd5a560-bda4-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-212688dc-e7d7-4875-a221-09e6191bdcf7","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,531],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NzQsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"7ab04fd4-04da-4023-8899-d94620193607":{"columnOrder":["0ab2d5f8-11f0-4b25-b8bb-3127a3b8d4c7","9eb851dd-31f6-481a-84d1-9ecce53a6ad2","f6b271a7-509b-4c37-b7b6-ac5be4bcb49a"],"columns":{"0ab2d5f8-11f0-4b25-b8bb-3127a3b8d4c7":{"dataType":"string","isBucketed":true,"label":"Top values of request.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"f6b271a7-509b-4c37-b7b6-ac5be4bcb49a","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"request.raw"},"9eb851dd-31f6-481a-84d1-9ecce53a6ad2":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"f6b271a7-509b-4c37-b7b6-ac5be4bcb49a":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["f6b271a7-509b-4c37-b7b6-ac5be4bcb49a"],"layerId":"7ab04fd4-04da-4023-8899-d94620193607","position":"top","seriesType":"bar_horizontal_percentage_stacked","showGridlines":false,"splitAccessor":"0ab2d5f8-11f0-4b25-b8bb-3127a3b8d4c7","xAccessor":"9eb851dd-31f6-481a-84d1-9ecce53a6ad2"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_horizontal_percentage_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_barhorizontalpercentage","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"2c25a450-bda5-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-7ab04fd4-04da-4023-8899-d94620193607","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,535],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NzUsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"037b7937-790b-4d2d-94a5-7f5837a6ef05":{"columnOrder":["b3d46616-75e0-419e-97ea-91148961ef94","025a0fb3-dc44-4f5c-b517-2d71d3f26f14","c476db14-0cc1-40ec-863e-d2779256a407"],"columns":{"025a0fb3-dc44-4f5c-b517-2d71d3f26f14":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"b3d46616-75e0-419e-97ea-91148961ef94":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"c476db14-0cc1-40ec-863e-d2779256a407","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"geo.srcdest"},"c476db14-0cc1-40ec-863e-d2779256a407":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"lucene","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["c476db14-0cc1-40ec-863e-d2779256a407"],"layerId":"037b7937-790b-4d2d-94a5-7f5837a6ef05","position":"top","seriesType":"bar_stacked","showGridlines":false,"splitAccessor":"b3d46616-75e0-419e-97ea-91148961ef94","xAccessor":"025a0fb3-dc44-4f5c-b517-2d71d3f26f14"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_visualization","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"e79116e0-bd9e-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-037b7937-790b-4d2d-94a5-7f5837a6ef05","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693677171,767],"type":"lens","updated_at":"2021-06-14T18:01:17.171Z","version":"WzE3NDEsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"72783e5f-aa7b-4b8a-b26c-a3e4d051340e":{"columnOrder":["0f619652-9ff1-453b-ae1f-7371baa82f55"],"columns":{"0f619652-9ff1-453b-ae1f-7371baa82f55":{"dataType":"number","isBucketed":false,"label":"Average of phpmemory","operationType":"average","params":{"format":{"id":"percent","params":{"decimals":10}}},"scale":"ratio","sourceField":"phpmemory"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"accessor":"0f619652-9ff1-453b-ae1f-7371baa82f55","layerId":"72783e5f-aa7b-4b8a-b26c-a3e4d051340e"}},"title":"lens_metric","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.13.2","id":"974fb950-bda5-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-72783e5f-aa7b-4b8a-b26c-a3e4d051340e","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,543],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NzcsNF0="} +{"attributes":{"description":null,"state":{"datasourceStates":{"indexpattern":{"layers":{"bb478774-f9e8-4380-bf3a-f4a89a4d79b5":{"columnOrder":["4573ae8f-8f9d-4918-b496-c08f7102c6e1","cebdc6c5-3587-4f57-879c-dd63ea99cf03"],"columns":{"4573ae8f-8f9d-4918-b496-c08f7102c6e1":{"dataType":"string","isBucketed":true,"label":"Top values of machine.os.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"cebdc6c5-3587-4f57-879c-dd63ea99cf03","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"machine.os.raw"},"cebdc6c5-3587-4f57-879c-dd63ea99cf03":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["4573ae8f-8f9d-4918-b496-c08f7102c6e1"],"layerId":"bb478774-f9e8-4380-bf3a-f4a89a4d79b5","legendDisplay":"default","metric":"cebdc6c5-3587-4f57-879c-dd63ea99cf03","nestedLegend":false,"numberDisplay":"percent"}],"shape":"pie"}},"title":"lens_piechart","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.2","id":"51b63040-bda5-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-bb478774-f9e8-4380-bf3a-f4a89a4d79b5","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,547],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NzgsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"a1b85651-db29-441f-8f08-cf1b9b6f7bf1":{"columnOrder":["2b3bdc32-0be0-49dc-993d-4630b0bd1185","b85cc0a7-0b18-4b08-b7f0-c617f80cf903","03203126-8286-444d-b5b3-4f399eaf2c26","44305317-61e8-4600-9f3c-ac4070e0c529"],"columns":{"03203126-8286-444d-b5b3-4f399eaf2c26":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"2b3bdc32-0be0-49dc-993d-4630b0bd1185":{"dataType":"string","isBucketed":true,"label":"Top values of extension.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"44305317-61e8-4600-9f3c-ac4070e0c529","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"extension.raw"},"44305317-61e8-4600-9f3c-ac4070e0c529":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"b85cc0a7-0b18-4b08-b7f0-c617f80cf903":{"dataType":"string","isBucketed":true,"label":"Top values of machine.os.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"44305317-61e8-4600-9f3c-ac4070e0c529","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"machine.os.raw"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"2b3bdc32-0be0-49dc-993d-4630b0bd1185","isTransposed":false},{"columnId":"b85cc0a7-0b18-4b08-b7f0-c617f80cf903","isTransposed":false},{"columnId":"03203126-8286-444d-b5b3-4f399eaf2c26","isTransposed":false},{"columnId":"44305317-61e8-4600-9f3c-ac4070e0c529","isTransposed":false}],"layerId":"a1b85651-db29-441f-8f08-cf1b9b6f7bf1"}},"title":"lens_table","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.13.2","id":"b00679c0-bda5-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-a1b85651-db29-441f-8f08-cf1b9b6f7bf1","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,551],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2NzksNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"4fbb51e9-1f99-4b5e-b59d-60fcb547b1d9":{"columnOrder":["08a1af05-743d-480e-9056-3405b1bdda7d","bae35990-75c2-487f-94eb-d8e03d2eda33"],"columns":{"08a1af05-743d-480e-9056-3405b1bdda7d":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"bae35990-75c2-487f-94eb-d8e03d2eda33","type":"column"},"orderDirection":"desc","otherBucket":true,"size":25},"scale":"ordinal","sourceField":"geo.srcdest"},"bae35990-75c2-487f-94eb-d8e03d2eda33":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["08a1af05-743d-480e-9056-3405b1bdda7d","08a1af05-743d-480e-9056-3405b1bdda7d","08a1af05-743d-480e-9056-3405b1bdda7d"],"layerId":"4fbb51e9-1f99-4b5e-b59d-60fcb547b1d9","legendDisplay":"default","metric":"bae35990-75c2-487f-94eb-d8e03d2eda33","nestedLegend":false,"numberDisplay":"percent"}],"shape":"treemap"}},"title":"lens_treemap","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.2","id":"652ade10-bd9f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-4fbb51e9-1f99-4b5e-b59d-60fcb547b1d9","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,555],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODAsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"e84503c1-4dbd-4ac6-9ac9-ad938654680f":{"columnOrder":["38c73fd4-6330-4162-8a7b-1a059f005da8","e8d4dad2-ac30-4741-aca0-904eb1fc8455","70433aa7-3c2c-4e6c-b8cf-4218c995cff5"],"columns":{"38c73fd4-6330-4162-8a7b-1a059f005da8":{"dataType":"string","isBucketed":true,"label":"Top values of url.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"70433aa7-3c2c-4e6c-b8cf-4218c995cff5","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"url.raw"},"70433aa7-3c2c-4e6c-b8cf-4218c995cff5":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"e8d4dad2-ac30-4741-aca0-904eb1fc8455":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["70433aa7-3c2c-4e6c-b8cf-4218c995cff5"],"layerId":"e84503c1-4dbd-4ac6-9ac9-ad938654680f","position":"top","seriesType":"line","showGridlines":false,"splitAccessor":"38c73fd4-6330-4162-8a7b-1a059f005da8","xAccessor":"e8d4dad2-ac30-4741-aca0-904eb1fc8455"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_line_chart","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"7f3b5fb0-be2f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-e84503c1-4dbd-4ac6-9ac9-ad938654680f","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,559],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODEsNF0="} +{"attributes":{"fieldAttrs":"{\"speaker\":{\"count\":1},\"text_entry\":{\"count\":6},\"type\":{\"count\":3}}","fields":"[]","runtimeFieldMap":"{}","title":"shakespeare"},"coreMigrationVersion":"7.13.2","id":"4e937b20-619d-11eb-aebf-c306684b328d","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1623693556928,560],"type":"index-pattern","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODIsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"d35680ce-c285-4fae-89d6-1245671bbc78":{"columnOrder":["2bcbffbe-c24d-4e74-8a03-9a6da7db70c0","6b00fde6-bfaa-4da1-beeb-bfd85a4cb2ff","8319857d-a03b-4158-bdf1-2a788e510445"],"columns":{"2bcbffbe-c24d-4e74-8a03-9a6da7db70c0":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"6b00fde6-bfaa-4da1-beeb-bfd85a4cb2ff":{"dataType":"number","isBucketed":false,"label":"Average of bytes","operationType":"average","scale":"ratio","sourceField":"bytes"},"8319857d-a03b-4158-bdf1-2a788e510445":{"dataType":"number","isBucketed":false,"label":"Sum of bytes_scripted","operationType":"sum","params":{"format":{"id":"number","params":{"decimals":2}}},"scale":"ratio","sourceField":"bytes_scripted"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["6b00fde6-bfaa-4da1-beeb-bfd85a4cb2ff","8319857d-a03b-4158-bdf1-2a788e510445"],"layerId":"d35680ce-c285-4fae-89d6-1245671bbc78","position":"top","seriesType":"area","showGridlines":false,"xAccessor":"2bcbffbe-c24d-4e74-8a03-9a6da7db70c0","yConfig":[{"axisMode":"auto","forAccessor":"8319857d-a03b-4158-bdf1-2a788e510445"}]}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"area","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_area_chart","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-d35680ce-c285-4fae-89d6-1245671bbc78","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,564],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODMsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"70bd567e-8e67-4696-a406-313b06344fa9":{"columnOrder":["96ddedfb-043b-479e-a746-600e72ab546e","d325b7da-4266-4035-9b13-5f853615149a","2fc1391b-17d1-4c49-9ddc-06ff307e3520","1cc6f19c-cbcb-4abd-b56d-1a2f9deae5f3"],"columns":{"1cc6f19c-cbcb-4abd-b56d-1a2f9deae5f3":{"dataType":"number","isBucketed":false,"label":"Average of machine.ram","operationType":"average","scale":"ratio","sourceField":"machine.ram"},"2fc1391b-17d1-4c49-9ddc-06ff307e3520":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"96ddedfb-043b-479e-a746-600e72ab546e":{"dataType":"string","isBucketed":true,"label":"Top values of machine.os.raw","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"2fc1391b-17d1-4c49-9ddc-06ff307e3520","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"machine.os.raw"},"d325b7da-4266-4035-9b13-5f853615149a":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["2fc1391b-17d1-4c49-9ddc-06ff307e3520","1cc6f19c-cbcb-4abd-b56d-1a2f9deae5f3"],"layerId":"70bd567e-8e67-4696-a406-313b06344fa9","position":"top","seriesType":"area_stacked","showGridlines":false,"splitAccessor":"96ddedfb-043b-479e-a746-600e72ab546e","xAccessor":"d325b7da-4266-4035-9b13-5f853615149a"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"area_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_area_stacked","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"dd315430-be2f-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-70bd567e-8e67-4696-a406-313b06344fa9","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,568],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODQsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\"},\"panelIndex\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"26e2cf99-d931-4320-9e15-9dbc148f3534\":{\"columns\":{\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\":{\"label\":\"Top values of url.raw\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"url.raw\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"beb72af1-239c-46d8-823b-b00d1e2ace43\":{\"label\":\"Unique count of geo.srcdest\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"geo.srcdest\",\"isBucketed\":false}},\"columnOrder\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"beb72af1-239c-46d8-823b-b00d1e2ace43\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"26e2cf99-d931-4320-9e15-9dbc148f3534\",\"groups\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\"],\"metric\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534\"}]},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_2e80716f-c1b6-46f2-be2b-35db744b5031\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"da8843e0-6789-4aae-bcd0-81f270538719\"},\"panelIndex\":\"da8843e0-6789-4aae-bcd0-81f270538719\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_da8843e0-6789-4aae-bcd0-81f270538719\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},\"panelIndex\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"869754a7-edf0-478f-a7f1-80374f63108a\"},\"panelIndex\":\"869754a7-edf0-478f-a7f1-80374f63108a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_869754a7-edf0-478f-a7f1-80374f63108a\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"67111cf4-338e-453f-8621-e8dea64082d1\"},\"panelIndex\":\"67111cf4-338e-453f-8621-e8dea64082d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67111cf4-338e-453f-8621-e8dea64082d1\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},\"panelIndex\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":15,\"i\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\"},\"panelIndex\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_88847944-ae1b-45fd-b102-3b45f9bea04b\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":15,\"i\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\"},\"panelIndex\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5a7924c7-eac0-4573-9199-fecec5b82e9e\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":60,\"w\":24,\"h\":15,\"i\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\"},\"panelIndex\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f8f49591-f071-4a96-b1ed-cd65daff5648\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":60,\"w\":24,\"h\":15,\"i\":\"9f357f47-c2a0-421f-a456-9583c40837ab\"},\"panelIndex\":\"9f357f47-c2a0-421f-a456-9583c40837ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9f357f47-c2a0-421f-a456-9583c40837ab\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":75,\"w\":24,\"h\":15,\"i\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\"},\"panelIndex\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6cb383e9-1e80-44f9-80d5-7b8c585668db\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":75,\"w\":24,\"h\":15,\"i\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\"},\"panelIndex\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_57f5f0bf-6610-4599-aad4-37484640b5e2\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":15,\"i\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},\"panelIndex\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":15,\"i\":\"dd1718fd-74ee-4032-851b-db97e893825d\"},\"panelIndex\":\"dd1718fd-74ee-4032-851b-db97e893825d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd1718fd-74ee-4032-851b-db97e893825d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":105,\"w\":24,\"h\":15,\"i\":\"98a556ee-078b-4e03-93a8-29996133cdcb\"},\"panelIndex\":\"98a556ee-078b-4e03-93a8-29996133cdcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\":{\"columns\":{\"ce9117a2-773c-474c-8fb1-18940cf58b38\":{\"label\":\"Top values of type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"a3d10552-e352-40d0-a156-e86112c0501a\":{\"label\":\"Top values of _type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"_type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"9c5db2f3-9eb0-4667-9a74-3318301de251\":{\"label\":\"Sum of bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"a3d10552-e352-40d0-a156-e86112c0501a\",\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\",\"accessors\":[\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"splitAccessor\":\"a3d10552-e352-40d0-a156-e86112c0501a\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd\"}]},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":105,\"w\":24,\"h\":15,\"i\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},\"panelIndex\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},{\"version\":\"7.13.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":120,\"w\":24,\"h\":15,\"i\":\"dcc0defa-3376-465c-9b5b-2ba69528848c\"},\"panelIndex\":\"dcc0defa-3376-465c-9b5b-2ba69528848c\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.56},\"mapBuffer\":{\"minLon\":-210.32666,\"minLat\":-64.8435,\"maxLon\":210.32666,\"maxLat\":95.13806},\"isLayerTOCOpen\":true,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_dcc0defa-3376-465c-9b5b-2ba69528848c\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"lens_maps_dashboard_logstash","version":1},"coreMigrationVersion":"7.13.2","id":"16d86080-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:panel_2e80716f-c1b6-46f2-be2b-35db744b5031","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534","type":"index-pattern"},{"id":"aa4b8da0-bd9f-11eb-9520-1b4c3ca6a781","name":"da8843e0-6789-4aae-bcd0-81f270538719:panel_da8843e0-6789-4aae-bcd0-81f270538719","type":"lens"},{"id":"2d3f1250-bd9f-11eb-9520-1b4c3ca6a781","name":"adcd4418-7299-4efa-b369-5f71a7b4ebe0:panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0","type":"lens"},{"id":"edd5a560-bda4-11eb-9520-1b4c3ca6a781","name":"869754a7-edf0-478f-a7f1-80374f63108a:panel_869754a7-edf0-478f-a7f1-80374f63108a","type":"lens"},{"id":"2c25a450-bda5-11eb-9520-1b4c3ca6a781","name":"67111cf4-338e-453f-8621-e8dea64082d1:panel_67111cf4-338e-453f-8621-e8dea64082d1","type":"lens"},{"id":"e79116e0-bd9e-11eb-9520-1b4c3ca6a781","name":"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d:panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d","type":"lens"},{"id":"974fb950-bda5-11eb-9520-1b4c3ca6a781","name":"88847944-ae1b-45fd-b102-3b45f9bea04b:panel_88847944-ae1b-45fd-b102-3b45f9bea04b","type":"lens"},{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"5a7924c7-eac0-4573-9199-fecec5b82e9e:panel_5a7924c7-eac0-4573-9199-fecec5b82e9e","type":"lens"},{"id":"51b63040-bda5-11eb-9520-1b4c3ca6a781","name":"f8f49591-f071-4a96-b1ed-cd65daff5648:panel_f8f49591-f071-4a96-b1ed-cd65daff5648","type":"lens"},{"id":"b00679c0-bda5-11eb-9520-1b4c3ca6a781","name":"9f357f47-c2a0-421f-a456-9583c40837ab:panel_9f357f47-c2a0-421f-a456-9583c40837ab","type":"lens"},{"id":"652ade10-bd9f-11eb-9520-1b4c3ca6a781","name":"6cb383e9-1e80-44f9-80d5-7b8c585668db:panel_6cb383e9-1e80-44f9-80d5-7b8c585668db","type":"lens"},{"id":"7f3b5fb0-be2f-11eb-9520-1b4c3ca6a781","name":"57f5f0bf-6610-4599-aad4-37484640b5e2:panel_57f5f0bf-6610-4599-aad4-37484640b5e2","type":"lens"},{"id":"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781","name":"32d3ab66-52e1-44e3-8c1f-1dccff3c5692:panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692","type":"lens"},{"id":"dd315430-be2f-11eb-9520-1b4c3ca6a781","name":"dd1718fd-74ee-4032-851b-db97e893825d:panel_dd1718fd-74ee-4032-851b-db97e893825d","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd","type":"index-pattern"},{"id":"0dbbf8b0-be3c-11eb-9520-1b4c3ca6a781","name":"62a0f0b0-3589-4cef-807b-b1b4258b7a9b:panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b","type":"lens"},{"id":"0c5974f0-be5c-11eb-9520-1b4c3ca6a781","name":"dcc0defa-3376-465c-9b5b-2ba69528848c:panel_dcc0defa-3376-465c-9b5b-2ba69528848c","type":"map"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,590],"type":"dashboard","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODUsNF0="} +{"attributes":{"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","title":".kibana"},"coreMigrationVersion":"7.13.2","id":"1773aa90-be66-11eb-9520-1b4c3ca6a781","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1623693556928,591],"type":"index-pattern","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODYsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shakespeare_areachart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"shakespeare_areachart\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"stacked\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"data\":{\"id\":\"2\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"play_name\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"play_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"2\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.2","id":"185283c0-619e-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,593],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODcsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"by_reference_logstash","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"by_reference_logstash\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"radiusRatio\":0,\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2014-07-15T12:33:21.084Z\",\"to\":\"2019-01-28T03:18:12.440Z\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"response.raw\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}]}"},"coreMigrationVersion":"7.13.2","id":"1885abb0-ca2b-11eb-bf5e-3de94e83d4f0","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623415891791,140],"type":"visualization","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0MzgsNF0="} +{"attributes":{"color":"#f44fcf","description":"","name":"shakespeare"},"coreMigrationVersion":"7.13.2","id":"42b4cec0-be32-11eb-9520-1b4c3ca6a781","references":[],"sort":[1623693556928,594],"type":"tag","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODgsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3338dd55-4007-4be5-908d-25722b6174cb":{"columnOrder":["6c83b0c2-5834-4619-888c-9e8a08e47d42","b25e7497-c188-4c25-b002-1fd5bd69e76d"],"columns":{"6c83b0c2-5834-4619-888c-9e8a08e47d42":{"dataType":"string","isBucketed":true,"label":"Top values of speaker","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"b25e7497-c188-4c25-b002-1fd5bd69e76d","type":"column"},"orderDirection":"desc","otherBucket":false,"size":90},"scale":"ordinal","sourceField":"speaker"},"b25e7497-c188-4c25-b002-1fd5bd69e76d":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["6c83b0c2-5834-4619-888c-9e8a08e47d42","6c83b0c2-5834-4619-888c-9e8a08e47d42","6c83b0c2-5834-4619-888c-9e8a08e47d42"],"layerId":"3338dd55-4007-4be5-908d-25722b6174cb","legendDisplay":"default","metric":"b25e7497-c188-4c25-b002-1fd5bd69e76d","nestedLegend":false,"numberDisplay":"percent"}],"palette":{"name":"complimentary","type":"palette"},"shape":"treemap"}},"title":"lens_shakespeare_treemap","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.2","id":"31e9f2f0-be32-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-3338dd55-4007-4be5-908d-25722b6174cb","type":"index-pattern"},{"id":"42b4cec0-be32-11eb-9520-1b4c3ca6a781","name":"tag-ref-42b4cec0-be32-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,598],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2ODksNF0="} +{"attributes":{"accessCount":0,"accessDate":1622059178542,"createDate":1622059178542,"url":"/app/dashboards#/view/73398a90-619e-11eb-aebf-c306684b328d?embed=true&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:%272015-09-20T01:56:56.132Z%27,to:%272015-09-21T11:18:20.471Z%27))&_a=(description:%27%27,filters:!(),fullScreenMode:!f,options:(darkTheme:!f,hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(enhancements:()),gridData:(h:15,i:%271%27,w:24,x:0,y:0),id:%27185283c0-619e-11eb-aebf-c306684b328d%27,panelIndex:%271%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%272%27,w:24,x:24,y:0),id:%2733736660-619e-11eb-aebf-c306684b328d%27,panelIndex:%272%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%273%27,w:24,x:0,y:15),id:%27622ac7f0-619e-11eb-aebf-c306684b328d%27,panelIndex:%273%27,type:visualization,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%274%27,w:24,x:24,y:15),id:%27712ebbe0-619d-11eb-aebf-c306684b328d%27,panelIndex:%274%27,type:search,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%275%27,w:24,x:0,y:30),id:ddacc820-619d-11eb-aebf-c306684b328d,panelIndex:%275%27,type:search,version:%277.13.1%27),(embeddableConfig:(enhancements:()),gridData:(h:15,i:%276%27,w:24,x:24,y:30),id:f852d570-619d-11eb-aebf-c306684b328d,panelIndex:%276%27,type:search,version:%277.13.1%27)),query:(language:kuery,query:%27%27),tags:!(),timeRestore:!f,title:shakespeare_dashboard,viewMode:view)"},"coreMigrationVersion":"7.13.2","id":"32a03249ec3a048108d4b5a427a37fc8","references":[],"sort":[1623693556928,599],"type":"url","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTAsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shakespeare_piechart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"shakespeare_piechart\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"play_name\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.2","id":"33736660-619e-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,601],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTEsNF0="} +{"attributes":{"color":"#7b01cf","description":"","name":"By reference"},"coreMigrationVersion":"7.13.2","id":"39d2c190-ca2b-11eb-bf5e-3de94e83d4f0","references":[],"sort":[1623415891791,147],"type":"tag","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0NDIsNF0="} +{"attributes":{"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","title":"shakespeare"},"coreMigrationVersion":"7.13.2","id":"39d52f60-ca27-11eb-bf5e-3de94e83d4f0","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1623415891791,148],"type":"index-pattern","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0NDMsNF0="} +{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"ip\",\"params\":{\"query\":\"57.237.11.219\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"ip\":\"57.237.11.219\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"drilldown_saved_search","version":1},"coreMigrationVersion":"7.13.2","id":"4acce030-ca2a-11eb-bf5e-3de94e83d4f0","migrationVersion":{"search":"7.9.3"},"references":[{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1623415891791,151],"type":"search","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0NDQsNF0="} +{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"e0d51731-2bb3-4fed-92af-65f93c3e7e58\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"geo.coordinates\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"id\":\"142e0a6b-53c9-4f66-a65d-fced755318de\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"ca96ce4a-4e73-46a5-bcc8-99a39d227030\",\"label\":null,\"minZoom\":9,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#CA8EAE\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#934193\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"BLENDED_VECTOR\",\"joins\":[]}]","mapStateJSON":"{\"zoom\":1.38,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"2014-07-15T12:33:21.084Z\",\"to\":\"2019-01-28T03:18:12.440Z\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"Logstash_map_by_reference","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"7.13.2","id":"a53a2db0-ca2b-11eb-bf5e-3de94e83d4f0","migrationVersion":{"map":"7.12.0"},"references":[{"id":"39d2c190-ca2b-11eb-bf5e-3de94e83d4f0","name":"tag-ref-39d2c190-ca2b-11eb-bf5e-3de94e83d4f0","type":"tag"},{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"layer_1_source_index_pattern","type":"index-pattern"}],"sort":[1623415891791,154],"type":"map","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0NDUsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.12.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"7c29a321-2a9a-412b-9ed1-1d0a1f66ea63\"},\"panelIndex\":\"7c29a321-2a9a-412b-9ed1-1d0a1f66ea63\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.12.1\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"f2d1feb1-d807-46b1-90ac-96d4a9edb6b1\"},\"panelIndex\":\"f2d1feb1-d807-46b1-90ac-96d4a9edb6b1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.12.1\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"a3530107-8b1c-4e94-8f99-e239fa40a09c\"},\"panelIndex\":\"a3530107-8b1c-4e94-8f99-e239fa40a09c\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"b14188e0-53d6-433e-874f-b1be7c97487c\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"name\":\"by_reference_going_to_value\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\"}},{\"eventId\":\"60cba413-1793-4dd3-b072-9d53655d5522\",\"triggers\":[\"SELECT_RANGE_TRIGGER\"],\"action\":{\"name\":\"Goto_Discover\",\"config\":{\"url\":{\"template\":\"http://localhost:5601/app/discover#/view/b3288100-ca2c-11eb-bf5e-3de94e83d4f0?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15y,to:now))&_a=(columns:!(),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'43fcac20-ca27-11eb-bf5e-3de94e83d4f0',key:geo.dest,negate:!f,params:(query:US),type:phrase),query:(match_phrase:(geo.dest:US)))),index:'43fcac20-ca27-11eb-bf5e-3de94e83d4f0',interval:auto,query:(language:kuery,query:''),sort:!(!('@timestamp',desc)))\"},\"openInNewTab\":true,\"encodeUrl\":true},\"factoryId\":\"URL_DRILLDOWN\"}}]}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.12.1\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"77245314-9495-4625-9f53-0946150e26d4\"},\"panelIndex\":\"77245314-9495-4625-9f53-0946150e26d4\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.38},\"mapBuffer\":{\"minLon\":-214.7723,\"minLat\":-74.644155,\"maxLon\":214.7723,\"maxLat\":102.864625},\"isLayerTOCOpen\":true,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"9b61b9d4-20a3-4bca-9697-1097c524a943\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"name\":\"By_reference_to_value\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\"}}]}}},\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"by_reference_drilldown","version":1},"coreMigrationVersion":"7.13.2","id":"3b844220-ca2b-11eb-bf5e-3de94e83d4f0","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"08dec860-ca29-11eb-bf5e-3de94e83d4f0","name":"drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:b14188e0-53d6-433e-874f-b1be7c97487c:dashboardId","type":"dashboard"},{"id":"35ce3b30-ca29-11eb-bf5e-3de94e83d4f0","name":"drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:9b61b9d4-20a3-4bca-9697-1097c524a943:dashboardId","type":"dashboard"},{"id":"4acce030-ca2a-11eb-bf5e-3de94e83d4f0","name":"panel_0","type":"search"},{"id":"0abce1c0-ca2a-11eb-bf5e-3de94e83d4f0","name":"panel_1","type":"search"},{"id":"1885abb0-ca2b-11eb-bf5e-3de94e83d4f0","name":"panel_2","type":"visualization"},{"id":"a53a2db0-ca2b-11eb-bf5e-3de94e83d4f0","name":"panel_3","type":"map"},{"id":"39d2c190-ca2b-11eb-bf5e-3de94e83d4f0","name":"tag-39d2c190-ca2b-11eb-bf5e-3de94e83d4f0","type":"tag"}],"sort":[1623415891791,162],"type":"dashboard","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0NDYsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"a7a8f2fb-066e-4023-9755-821e84560b4a":{"columnOrder":["ee46f645-0af0-4b5d-8ed3-2557c98c9c12","91859a54-9b88-4478-8c80-0779fe165fba","62a4dea1-fab9-45ff-93e0-b99cfff719d5"],"columns":{"62a4dea1-fab9-45ff-93e0-b99cfff719d5":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"91859a54-9b88-4478-8c80-0779fe165fba":{"dataType":"string","isBucketed":true,"label":"Top values of play_name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"62a4dea1-fab9-45ff-93e0-b99cfff719d5","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"play_name"},"ee46f645-0af0-4b5d-8ed3-2557c98c9c12":{"dataType":"string","isBucketed":true,"label":"Top values of speaker","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"62a4dea1-fab9-45ff-93e0-b99cfff719d5","type":"column"},"orderDirection":"desc","otherBucket":true,"size":25},"scale":"ordinal","sourceField":"speaker"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["ee46f645-0af0-4b5d-8ed3-2557c98c9c12","ee46f645-0af0-4b5d-8ed3-2557c98c9c12","ee46f645-0af0-4b5d-8ed3-2557c98c9c12","ee46f645-0af0-4b5d-8ed3-2557c98c9c12","91859a54-9b88-4478-8c80-0779fe165fba"],"layerId":"a7a8f2fb-066e-4023-9755-821e84560b4a","legendDisplay":"default","metric":"62a4dea1-fab9-45ff-93e0-b99cfff719d5","nestedLegend":false,"numberDisplay":"percent"}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"pie"}},"title":"lens_shakespeare_piechart","visualizationType":"lnsPie"},"coreMigrationVersion":"7.13.2","id":"b5bd5050-be31-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-a7a8f2fb-066e-4023-9755-821e84560b4a","type":"index-pattern"},{"id":"42b4cec0-be32-11eb-9520-1b4c3ca6a781","name":"tag-ref-42b4cec0-be32-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,605],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTIsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"c4b1daae-a3af-4136-969e-8485d4ba53f9\"},\"panelIndex\":\"c4b1daae-a3af-4136-969e-8485d4ba53f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c4b1daae-a3af-4136-969e-8485d4ba53f9\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"f092b002-182e-49b8-bcc4-58f5233e041b\"},\"panelIndex\":\"f092b002-182e-49b8-bcc4-58f5233e041b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f092b002-182e-49b8-bcc4-58f5233e041b\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"lens_shakespeare_dashboard","version":1},"coreMigrationVersion":"7.13.2","id":"43fae350-be32-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"b5bd5050-be31-11eb-9520-1b4c3ca6a781","name":"c4b1daae-a3af-4136-969e-8485d4ba53f9:panel_c4b1daae-a3af-4136-969e-8485d4ba53f9","type":"lens"},{"id":"31e9f2f0-be32-11eb-9520-1b4c3ca6a781","name":"f092b002-182e-49b8-bcc4-58f5233e041b:panel_f092b002-182e-49b8-bcc4-58f5233e041b","type":"lens"},{"id":"42b4cec0-be32-11eb-9520-1b4c3ca6a781","name":"tag-42b4cec0-be32-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,609],"type":"dashboard","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTMsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"14\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":105},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":24,\"x\":0,\"y\":120},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"18\",\"w\":24,\"x\":24,\"y\":120},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"19\",\"w\":24,\"x\":0,\"y\":135},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"20\",\"w\":24,\"x\":24,\"y\":135},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"logstash_dashboard_withouttime","version":1},"coreMigrationVersion":"7.13.2","id":"5d3410c0-6249-11eb-aebf-c306684b328d","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"36b91810-6239-11eb-aebf-c306684b328d","name":"1:panel_1","type":"visualization"},{"id":"0a274320-61cc-11eb-aebf-c306684b328d","name":"2:panel_2","type":"visualization"},{"id":"e4aef350-623d-11eb-aebf-c306684b328d","name":"3:panel_3","type":"visualization"},{"id":"f92e5630-623e-11eb-aebf-c306684b328d","name":"4:panel_4","type":"visualization"},{"id":"9853d4d0-623d-11eb-aebf-c306684b328d","name":"5:panel_5","type":"visualization"},{"id":"6ecb33b0-623d-11eb-aebf-c306684b328d","name":"6:panel_6","type":"visualization"},{"id":"b8e35c80-623c-11eb-aebf-c306684b328d","name":"7:panel_7","type":"visualization"},{"id":"f1bc75d0-6239-11eb-aebf-c306684b328d","name":"8:panel_8","type":"visualization"},{"id":"0d8a8860-623a-11eb-aebf-c306684b328d","name":"9:panel_9","type":"visualization"},{"id":"d79fe3d0-6239-11eb-aebf-c306684b328d","name":"10:panel_10","type":"visualization"},{"id":"318375a0-6240-11eb-aebf-c306684b328d","name":"11:panel_11","type":"visualization"},{"id":"e461eb20-6245-11eb-aebf-c306684b328d","name":"12:panel_12","type":"visualization"},{"id":"25bdc750-6242-11eb-aebf-c306684b328d","name":"13:panel_13","type":"visualization"},{"id":"71dd7bc0-6248-11eb-aebf-c306684b328d","name":"14:panel_14","type":"visualization"},{"id":"6aea48a0-6240-11eb-aebf-c306684b328d","name":"15:panel_15","type":"visualization"},{"id":"32b681f0-6241-11eb-aebf-c306684b328d","name":"16:panel_16","type":"visualization"},{"id":"ccca99e0-6244-11eb-aebf-c306684b328d","name":"17:panel_17","type":"visualization"},{"id":"a4d7be80-6245-11eb-aebf-c306684b328d","name":"18:panel_18","type":"visualization"},{"id":"c94d8440-6248-11eb-aebf-c306684b328d","name":"19:panel_19","type":"visualization"},{"id":"db6226f0-61c0-11eb-aebf-c306684b328d","name":"20:panel_20","type":"search"}],"sort":[1623693556928,630],"type":"dashboard","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTQsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shakespeare_tag_cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"shakespeare_tag_cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"multiple\",\"minFontSize\":59,\"maxFontSize\":100,\"showLabel\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.13.2","id":"622ac7f0-619e-11eb-aebf-c306684b328d","migrationVersion":{"visualization":"7.13.1"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,632],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTUsNF0="} +{"attributes":{"numLinks":4,"numVertices":5,"title":"logstash_graph","version":1,"wsState":"\"{\\\"selectedFields\\\":[{\\\"name\\\":\\\"machine.os.raw\\\",\\\"hopSize\\\":5,\\\"lastValidHopSize\\\":5,\\\"color\\\":\\\"#B9A888\\\",\\\"selected\\\":true,\\\"iconClass\\\":\\\"fa-folder-open-o\\\"},{\\\"name\\\":\\\"response.raw\\\",\\\"hopSize\\\":5,\\\"lastValidHopSize\\\":5,\\\"color\\\":\\\"#D6BF57\\\",\\\"selected\\\":true,\\\"iconClass\\\":\\\"fa-folder-open-o\\\"}],\\\"blocklist\\\":[],\\\"vertices\\\":[{\\\"x\\\":461.96184642905024,\\\"y\\\":284.02313214227325,\\\"label\\\":\\\"osx\\\",\\\"color\\\":\\\"#B9A888\\\",\\\"field\\\":\\\"machine.os.raw\\\",\\\"term\\\":\\\"osx\\\",\\\"parent\\\":null,\\\"size\\\":15},{\\\"x\\\":383.946159835112,\\\"y\\\":375.6063135315976,\\\"label\\\":\\\"503\\\",\\\"color\\\":\\\"#D6BF57\\\",\\\"field\\\":\\\"response.raw\\\",\\\"term\\\":\\\"503\\\",\\\"parent\\\":null,\\\"size\\\":15},{\\\"x\\\":287.104700756828,\\\"y\\\":324.1245253249895,\\\"label\\\":\\\"win 7\\\",\\\"color\\\":\\\"#B9A888\\\",\\\"field\\\":\\\"machine.os.raw\\\",\\\"term\\\":\\\"win 7\\\",\\\"parent\\\":null,\\\"size\\\":15},{\\\"x\\\":487.9986107998273,\\\"y\\\":407.07546535764254,\\\"label\\\":\\\"ios\\\",\\\"color\\\":\\\"#B9A888\\\",\\\"field\\\":\\\"machine.os.raw\\\",\\\"term\\\":\\\"ios\\\",\\\"parent\\\":null,\\\"size\\\":15},{\\\"x\\\":302.35059551806023,\\\"y\\\":211.66825720913607,\\\"label\\\":\\\"200\\\",\\\"color\\\":\\\"#D6BF57\\\",\\\"field\\\":\\\"response.raw\\\",\\\"term\\\":\\\"200\\\",\\\"parent\\\":null,\\\"size\\\":15}],\\\"links\\\":[{\\\"weight\\\":0.000881324009872165,\\\"width\\\":7.983523640193488,\\\"source\\\":4,\\\"target\\\":2},{\\\"weight\\\":0.000023386835221992895,\\\"width\\\":2,\\\"source\\\":1,\\\"target\\\":0},{\\\"weight\\\":0.0011039286029480653,\\\"width\\\":2,\\\"source\\\":1,\\\"target\\\":2},{\\\"weight\\\":0.000045596928960694605,\\\"width\\\":2,\\\"source\\\":1,\\\"target\\\":3}],\\\"urlTemplates\\\":[{\\\"url\\\":\\\"/app/discover#/?_a=(columns%3A!(_source)%2Cindex%3A%2756b34100-619d-11eb-aebf-c306684b328d%27%2Cinterval%3Aauto%2Cquery%3A(language%3Akuery%2Cquery%3A{{gquery}})%2Csort%3A!(_score%2Cdesc))\\\",\\\"description\\\":\\\"Machine OS win 7\\\",\\\"isDefault\\\":false,\\\"encoderID\\\":\\\"kql\\\",\\\"iconClass\\\":\\\"fa-share-alt\\\"}],\\\"exploreControls\\\":{\\\"useSignificance\\\":true,\\\"sampleSize\\\":2000,\\\"timeoutMillis\\\":5000,\\\"maxValuesPerDoc\\\":1,\\\"minDocCount\\\":3},\\\"indexPatternRefName\\\":\\\"indexPattern_0\\\"}\""},"coreMigrationVersion":"7.13.2","id":"6afc4b40-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"graph-workspace":"7.11.0"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexPattern_0","type":"index-pattern"}],"sort":[1623693556928,634],"type":"graph-workspace","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTYsNF0="} +{"attributes":{"buildNum":39457,"defaultIndex":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0"},"coreMigrationVersion":"7.13.2","id":"7.12.1","migrationVersion":{"config":"7.13.0"},"references":[],"sort":[1623415891791,170],"type":"config","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0NTAsNF0="} +{"attributes":{"accessibility:disableAnimations":true,"buildNum":null,"dateFormat:tz":"UTC","defaultIndex":"56b34100-619d-11eb-aebf-c306684b328d","visualization:visualize:legacyChartsLibrary":true},"coreMigrationVersion":"7.13.2","id":"7.13.1","migrationVersion":{"config":"7.13.0"},"references":[],"sort":[1623693556928,635],"type":"config","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTcsNF0="} +{"attributes":{"buildNum":40943,"defaultIndex":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0"},"coreMigrationVersion":"7.13.2","id":"7.13.2","migrationVersion":{"config":"7.13.0"},"references":[],"sort":[1623693652730,748],"type":"config","updated_at":"2021-06-14T18:00:52.730Z","version":"WzE3MjQsNF0="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"text_entry\",\"value\":\"Christendom.\",\"params\":{\"query\":\"Christendom.\",\"type\":\"phrase\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"text_entry\":{\"query\":\"Christendom.\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["_score","desc"]],"title":"shakespeare_saved_search","version":1},"coreMigrationVersion":"7.13.2","id":"712ebbe0-619d-11eb-aebf-c306684b328d","migrationVersion":{"search":"7.9.3"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1623693556928,638],"type":"search","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTgsNF0="} +{"attributes":{"columns":["play_name","speaker"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"speaker:\\\"GLOUCESTER\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["_score","desc"]],"title":"shakespeare_saved_lucene_search","version":1},"coreMigrationVersion":"7.13.2","id":"ddacc820-619d-11eb-aebf-c306684b328d","migrationVersion":{"search":"7.9.3"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,640],"type":"search","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE2OTksNF0="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"text_entry :\\\"MORDAKE THE EARL OF FIFE, AND ELDEST SON\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["_score","desc"]],"title":"shakespeare_saved_kql_search","version":1},"coreMigrationVersion":"7.13.2","id":"f852d570-619d-11eb-aebf-c306684b328d","migrationVersion":{"search":"7.9.3"},"references":[{"id":"4e937b20-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623693556928,642],"type":"search","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDAsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"shakespeare_dashboard","version":1},"coreMigrationVersion":"7.13.2","id":"73398a90-619e-11eb-aebf-c306684b328d","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"185283c0-619e-11eb-aebf-c306684b328d","name":"1:panel_1","type":"visualization"},{"id":"33736660-619e-11eb-aebf-c306684b328d","name":"2:panel_2","type":"visualization"},{"id":"622ac7f0-619e-11eb-aebf-c306684b328d","name":"3:panel_3","type":"visualization"},{"id":"712ebbe0-619d-11eb-aebf-c306684b328d","name":"4:panel_4","type":"search"},{"id":"ddacc820-619d-11eb-aebf-c306684b328d","name":"5:panel_5","type":"search"},{"id":"f852d570-619d-11eb-aebf-c306684b328d","name":"6:panel_6","type":"search"}],"sort":[1623693556928,649],"type":"dashboard","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDEsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"geo.srcdest\",\"value\":\"IN:US\",\"params\":{\"query\":\"IN:US\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"geo.srcdest\":{\"query\":\"IN:US\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":30},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":30},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":45},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":45},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"9\",\"w\":24,\"x\":0,\"y\":60},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":60},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":90},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"14\",\"w\":24,\"x\":24,\"y\":90},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"15\",\"w\":24,\"x\":0,\"y\":105},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":105},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":24,\"x\":0,\"y\":120},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"18\",\"w\":24,\"x\":24,\"y\":120},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"19\",\"w\":24,\"x\":0,\"y\":135},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":15,\"i\":\"20\",\"w\":24,\"x\":24,\"y\":135},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"logstash_dashboardwithfilters","version":1},"coreMigrationVersion":"7.13.2","id":"79794f20-6249-11eb-aebf-c306684b328d","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"36b91810-6239-11eb-aebf-c306684b328d","name":"1:panel_1","type":"visualization"},{"id":"0a274320-61cc-11eb-aebf-c306684b328d","name":"2:panel_2","type":"visualization"},{"id":"e4aef350-623d-11eb-aebf-c306684b328d","name":"3:panel_3","type":"visualization"},{"id":"f92e5630-623e-11eb-aebf-c306684b328d","name":"4:panel_4","type":"visualization"},{"id":"9853d4d0-623d-11eb-aebf-c306684b328d","name":"5:panel_5","type":"visualization"},{"id":"6ecb33b0-623d-11eb-aebf-c306684b328d","name":"6:panel_6","type":"visualization"},{"id":"b8e35c80-623c-11eb-aebf-c306684b328d","name":"7:panel_7","type":"visualization"},{"id":"f1bc75d0-6239-11eb-aebf-c306684b328d","name":"8:panel_8","type":"visualization"},{"id":"0d8a8860-623a-11eb-aebf-c306684b328d","name":"9:panel_9","type":"visualization"},{"id":"d79fe3d0-6239-11eb-aebf-c306684b328d","name":"10:panel_10","type":"visualization"},{"id":"318375a0-6240-11eb-aebf-c306684b328d","name":"11:panel_11","type":"visualization"},{"id":"e461eb20-6245-11eb-aebf-c306684b328d","name":"12:panel_12","type":"visualization"},{"id":"25bdc750-6242-11eb-aebf-c306684b328d","name":"13:panel_13","type":"visualization"},{"id":"71dd7bc0-6248-11eb-aebf-c306684b328d","name":"14:panel_14","type":"visualization"},{"id":"6aea48a0-6240-11eb-aebf-c306684b328d","name":"15:panel_15","type":"visualization"},{"id":"32b681f0-6241-11eb-aebf-c306684b328d","name":"16:panel_16","type":"visualization"},{"id":"ccca99e0-6244-11eb-aebf-c306684b328d","name":"17:panel_17","type":"visualization"},{"id":"a4d7be80-6245-11eb-aebf-c306684b328d","name":"18:panel_18","type":"visualization"},{"id":"c94d8440-6248-11eb-aebf-c306684b328d","name":"19:panel_19","type":"visualization"},{"id":"db6226f0-61c0-11eb-aebf-c306684b328d","name":"20:panel_20","type":"search"}],"sort":[1623693556928,671],"type":"dashboard","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDIsNF0="} +{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"037b7937-790b-4d2d-94a5-7f5837a6ef05":{"columnOrder":["b3d46616-75e0-419e-97ea-91148961ef94","025a0fb3-dc44-4f5c-b517-2d71d3f26f14","c476db14-0cc1-40ec-863e-d2779256a407"],"columns":{"025a0fb3-dc44-4f5c-b517-2d71d3f26f14":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"b3d46616-75e0-419e-97ea-91148961ef94":{"dataType":"string","isBucketed":true,"label":"Top values of geo.srcdest","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"c476db14-0cc1-40ec-863e-d2779256a407","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"geo.srcdest"},"c476db14-0cc1-40ec-863e-d2779256a407":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"lucene","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"layers":[{"accessors":["c476db14-0cc1-40ec-863e-d2779256a407"],"layerId":"037b7937-790b-4d2d-94a5-7f5837a6ef05","position":"top","seriesType":"bar_stacked","showGridlines":false,"splitAccessor":"b3d46616-75e0-419e-97ea-91148961ef94","xAccessor":"025a0fb3-dc44-4f5c-b517-2d71d3f26f14"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide"}},"title":"lens_verticalstacked","visualizationType":"lnsXY"},"coreMigrationVersion":"7.13.2","id":"8dc19b50-be32-11eb-9520-1b4c3ca6a781","migrationVersion":{"lens":"7.13.1"},"references":[{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"indexpattern-datasource-layer-037b7937-790b-4d2d-94a5-7f5837a6ef05","type":"index-pattern"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-ref-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,675],"type":"lens","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDMsNF0="} +{"attributes":{"description":"","hits":0,"timelion_chart_height":275,"timelion_columns":2,"timelion_interval":"auto","timelion_rows":2,"timelion_sheet":[".es(index=logstash-*, \"sum:bytes\")"],"title":"logstash_timelionsheet","version":1},"coreMigrationVersion":"7.13.2","id":"a8961990-be5c-11eb-9520-1b4c3ca6a781","references":[],"sort":[1623693556928,676],"type":"timelion-sheet","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDQsNF0="} +{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"geo.dest\",\"params\":{\"query\":\"US\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"geo.dest\":\"US\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"drilldown_logstash","version":1},"coreMigrationVersion":"7.13.2","id":"b3288100-ca2c-11eb-bf5e-3de94e83d4f0","migrationVersion":{"search":"7.9.3"},"references":[{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"43fcac20-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1623415891791,216],"type":"search","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0NjMsNF0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"logstash_timelion_panel","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logstash_timelion_panel\",\"type\":\"timelion\",\"aggs\":[],\"params\":{\"expression\":\".es(index=logstash-*, \\\"sum:bytes\\\")\",\"interval\":\"auto\"}}"},"coreMigrationVersion":"7.13.2","id":"b3a44cd0-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"visualization":"7.13.1"},"references":[],"sort":[1623693556928,677],"type":"visualization","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDUsNF0="} +{"attributes":{"color":"#9170B8","description":"","name":"alltogether"},"coreMigrationVersion":"7.13.2","id":"be808cb0-be32-11eb-9520-1b4c3ca6a781","references":[],"sort":[1623693556928,678],"type":"tag","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDYsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"4d9e9a01-cdb8-4aef-afcb-50db52247bb1\"},\"panelIndex\":\"4d9e9a01-cdb8-4aef-afcb-50db52247bb1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4d9e9a01-cdb8-4aef-afcb-50db52247bb1\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"d9cab9c8-667e-4d34-821b-cbb070891956\"},\"panelIndex\":\"d9cab9c8-667e-4d34-821b-cbb070891956\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d9cab9c8-667e-4d34-821b-cbb070891956\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"lens_combined_dashboard","version":1},"coreMigrationVersion":"7.13.2","id":"bfb3dc90-be32-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"8dc19b50-be32-11eb-9520-1b4c3ca6a781","name":"4d9e9a01-cdb8-4aef-afcb-50db52247bb1:panel_4d9e9a01-cdb8-4aef-afcb-50db52247bb1","type":"lens"},{"id":"b5bd5050-be31-11eb-9520-1b4c3ca6a781","name":"d9cab9c8-667e-4d34-821b-cbb070891956:panel_d9cab9c8-667e-4d34-821b-cbb070891956","type":"lens"},{"id":"be808cb0-be32-11eb-9520-1b4c3ca6a781","name":"tag-be808cb0-be32-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,682],"type":"dashboard","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDcsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\"},\"panelIndex\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"26e2cf99-d931-4320-9e15-9dbc148f3534\":{\"columns\":{\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\":{\"label\":\"Top values of url.raw\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"url.raw\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"beb72af1-239c-46d8-823b-b00d1e2ace43\":{\"label\":\"Unique count of geo.srcdest\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"geo.srcdest\",\"isBucketed\":false}},\"columnOrder\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"beb72af1-239c-46d8-823b-b00d1e2ace43\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"26e2cf99-d931-4320-9e15-9dbc148f3534\",\"groups\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\"],\"metric\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534\"}]},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_2e80716f-c1b6-46f2-be2b-35db744b5031\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"da8843e0-6789-4aae-bcd0-81f270538719\"},\"panelIndex\":\"da8843e0-6789-4aae-bcd0-81f270538719\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_da8843e0-6789-4aae-bcd0-81f270538719\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},\"panelIndex\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"869754a7-edf0-478f-a7f1-80374f63108a\"},\"panelIndex\":\"869754a7-edf0-478f-a7f1-80374f63108a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_869754a7-edf0-478f-a7f1-80374f63108a\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"67111cf4-338e-453f-8621-e8dea64082d1\"},\"panelIndex\":\"67111cf4-338e-453f-8621-e8dea64082d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67111cf4-338e-453f-8621-e8dea64082d1\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},\"panelIndex\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":15,\"i\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\"},\"panelIndex\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_88847944-ae1b-45fd-b102-3b45f9bea04b\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":15,\"i\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\"},\"panelIndex\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5a7924c7-eac0-4573-9199-fecec5b82e9e\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":60,\"w\":24,\"h\":15,\"i\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\"},\"panelIndex\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f8f49591-f071-4a96-b1ed-cd65daff5648\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":60,\"w\":24,\"h\":15,\"i\":\"9f357f47-c2a0-421f-a456-9583c40837ab\"},\"panelIndex\":\"9f357f47-c2a0-421f-a456-9583c40837ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9f357f47-c2a0-421f-a456-9583c40837ab\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":75,\"w\":24,\"h\":15,\"i\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\"},\"panelIndex\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6cb383e9-1e80-44f9-80d5-7b8c585668db\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":75,\"w\":24,\"h\":15,\"i\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\"},\"panelIndex\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_57f5f0bf-6610-4599-aad4-37484640b5e2\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":15,\"i\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},\"panelIndex\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":15,\"i\":\"dd1718fd-74ee-4032-851b-db97e893825d\"},\"panelIndex\":\"dd1718fd-74ee-4032-851b-db97e893825d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd1718fd-74ee-4032-851b-db97e893825d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":105,\"w\":24,\"h\":15,\"i\":\"98a556ee-078b-4e03-93a8-29996133cdcb\"},\"panelIndex\":\"98a556ee-078b-4e03-93a8-29996133cdcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\":{\"columns\":{\"ce9117a2-773c-474c-8fb1-18940cf58b38\":{\"label\":\"Top values of type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"a3d10552-e352-40d0-a156-e86112c0501a\":{\"label\":\"Top values of _type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"_type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"9c5db2f3-9eb0-4667-9a74-3318301de251\":{\"label\":\"Sum of bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"a3d10552-e352-40d0-a156-e86112c0501a\",\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\",\"accessors\":[\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"splitAccessor\":\"a3d10552-e352-40d0-a156-e86112c0501a\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd\"}]},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":105,\"w\":24,\"h\":15,\"i\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},\"panelIndex\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},{\"version\":\"7.13.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":120,\"w\":24,\"h\":15,\"i\":\"dcc0defa-3376-465c-9b5b-2ba69528848c\"},\"panelIndex\":\"dcc0defa-3376-465c-9b5b-2ba69528848c\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.56},\"mapBuffer\":{\"minLon\":-210.32666,\"minLat\":-64.8435,\"maxLon\":210.32666,\"maxLat\":95.13806},\"isLayerTOCOpen\":true,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_dcc0defa-3376-465c-9b5b-2ba69528848c\"},{\"version\":\"7.13.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":120,\"w\":24,\"h\":15,\"i\":\"dd21a674-ae3a-40f6-9d68-4e01361ea5e2\"},\"panelIndex\":\"dd21a674-ae3a-40f6-9d68-4e01361ea5e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd21a674-ae3a-40f6-9d68-4e01361ea5e2\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"timelion_lens_maps_dashboard_logstash","version":1},"coreMigrationVersion":"7.13.2","id":"c4ab2030-be5c-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:panel_2e80716f-c1b6-46f2-be2b-35db744b5031","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534","type":"index-pattern"},{"id":"aa4b8da0-bd9f-11eb-9520-1b4c3ca6a781","name":"da8843e0-6789-4aae-bcd0-81f270538719:panel_da8843e0-6789-4aae-bcd0-81f270538719","type":"lens"},{"id":"2d3f1250-bd9f-11eb-9520-1b4c3ca6a781","name":"adcd4418-7299-4efa-b369-5f71a7b4ebe0:panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0","type":"lens"},{"id":"edd5a560-bda4-11eb-9520-1b4c3ca6a781","name":"869754a7-edf0-478f-a7f1-80374f63108a:panel_869754a7-edf0-478f-a7f1-80374f63108a","type":"lens"},{"id":"2c25a450-bda5-11eb-9520-1b4c3ca6a781","name":"67111cf4-338e-453f-8621-e8dea64082d1:panel_67111cf4-338e-453f-8621-e8dea64082d1","type":"lens"},{"id":"e79116e0-bd9e-11eb-9520-1b4c3ca6a781","name":"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d:panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d","type":"lens"},{"id":"974fb950-bda5-11eb-9520-1b4c3ca6a781","name":"88847944-ae1b-45fd-b102-3b45f9bea04b:panel_88847944-ae1b-45fd-b102-3b45f9bea04b","type":"lens"},{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"5a7924c7-eac0-4573-9199-fecec5b82e9e:panel_5a7924c7-eac0-4573-9199-fecec5b82e9e","type":"lens"},{"id":"51b63040-bda5-11eb-9520-1b4c3ca6a781","name":"f8f49591-f071-4a96-b1ed-cd65daff5648:panel_f8f49591-f071-4a96-b1ed-cd65daff5648","type":"lens"},{"id":"b00679c0-bda5-11eb-9520-1b4c3ca6a781","name":"9f357f47-c2a0-421f-a456-9583c40837ab:panel_9f357f47-c2a0-421f-a456-9583c40837ab","type":"lens"},{"id":"652ade10-bd9f-11eb-9520-1b4c3ca6a781","name":"6cb383e9-1e80-44f9-80d5-7b8c585668db:panel_6cb383e9-1e80-44f9-80d5-7b8c585668db","type":"lens"},{"id":"7f3b5fb0-be2f-11eb-9520-1b4c3ca6a781","name":"57f5f0bf-6610-4599-aad4-37484640b5e2:panel_57f5f0bf-6610-4599-aad4-37484640b5e2","type":"lens"},{"id":"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781","name":"32d3ab66-52e1-44e3-8c1f-1dccff3c5692:panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692","type":"lens"},{"id":"dd315430-be2f-11eb-9520-1b4c3ca6a781","name":"dd1718fd-74ee-4032-851b-db97e893825d:panel_dd1718fd-74ee-4032-851b-db97e893825d","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd","type":"index-pattern"},{"id":"0dbbf8b0-be3c-11eb-9520-1b4c3ca6a781","name":"62a0f0b0-3589-4cef-807b-b1b4258b7a9b:panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b","type":"lens"},{"id":"0c5974f0-be5c-11eb-9520-1b4c3ca6a781","name":"dcc0defa-3376-465c-9b5b-2ba69528848c:panel_dcc0defa-3376-465c-9b5b-2ba69528848c","type":"map"},{"id":"a4d7be80-6245-11eb-aebf-c306684b328d","name":"dd21a674-ae3a-40f6-9d68-4e01361ea5e2:panel_dd21a674-ae3a-40f6-9d68-4e01361ea5e2","type":"visualization"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,705],"type":"dashboard","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDgsNF0="} +{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"speaker :\\\"DUKE VINCENTIO\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"drilldown_shakes","version":1},"coreMigrationVersion":"7.13.2","id":"c4b9cc00-ca2a-11eb-bf5e-3de94e83d4f0","migrationVersion":{"search":"7.9.3"},"references":[{"id":"39d52f60-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1623415891791,218],"type":"search","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0NjQsNF0="} +{"attributes":{"@created":"2021-05-27T19:45:29.712Z","@timestamp":"2021-05-27T19:45:29.712Z","content":"{\"selectedNodes\":[{\"id\":\"element-56d2ba72-f227-4d04-9478-a1d6f0c7e601\",\"position\":{\"left\":20,\"top\":20,\"width\":500,\"height\":300,\"angle\":0,\"parent\":\"group-499b5982-25f4-4894-9540-1874a27d78e7\",\"type\":\"element\"},\"expression\":\"savedLens id=\\\"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781\\\" timerange={timerange from=\\\"now-15y\\\" to=\\\"now\\\"}\\n| render\",\"filter\":null,\"ast\":{\"type\":\"expression\",\"chain\":[{\"type\":\"function\",\"function\":\"savedLens\",\"arguments\":{\"id\":[\"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781\"],\"timerange\":[{\"type\":\"expression\",\"chain\":[{\"type\":\"function\",\"function\":\"timerange\",\"arguments\":{\"from\":[\"now-15y\"],\"to\":[\"now\"]}}]}]}},{\"type\":\"function\",\"function\":\"render\",\"arguments\":{}}]}},{\"id\":\"element-afbaa26e-10e7-47d4-bb41-b061dfdced2b\",\"position\":{\"left\":527,\"top\":20,\"width\":500,\"height\":300,\"angle\":0,\"parent\":\"group-499b5982-25f4-4894-9540-1874a27d78e7\",\"type\":\"element\"},\"expression\":\"savedVisualization id=\\\"0d8a8860-623a-11eb-aebf-c306684b328d\\\" timerange={timerange from=\\\"now-15y\\\" to=\\\"now\\\"}\\n| render\",\"filter\":null,\"ast\":{\"type\":\"expression\",\"chain\":[{\"type\":\"function\",\"function\":\"savedVisualization\",\"arguments\":{\"id\":[\"0d8a8860-623a-11eb-aebf-c306684b328d\"],\"timerange\":[{\"type\":\"expression\",\"chain\":[{\"type\":\"function\",\"function\":\"timerange\",\"arguments\":{\"from\":[\"now-15y\"],\"to\":[\"now\"]}}]}]}},{\"type\":\"function\",\"function\":\"render\",\"arguments\":{}}]}}]}","displayName":"element_canvas","help":"","image":"","name":"elementCanvas"},"coreMigrationVersion":"7.13.2","id":"custom-element-3bc52277-ee01-4cdc-8d2d-f2db6ade1512","references":[],"sort":[1623693556928,706],"type":"canvas-element","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MDksNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"ced0a5ea-3ec2-4274-8431-6e76d85637f6\"},\"panelIndex\":\"ced0a5ea-3ec2-4274-8431-6e76d85637f6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6a3b206a-4ac3-4d67-b2b9-c6b543a11ea3\":{\"columns\":{\"f70668f8-ae97-4b64-867f-b0c9b77914ef\":{\"label\":\"Top values of speaker\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"speaker\",\"isBucketed\":true,\"params\":{\"size\":39,\"orderBy\":{\"type\":\"column\",\"columnId\":\"fbf256d9-cae7-4244-8504-b73a5666e917\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fbf256d9-cae7-4244-8504-b73a5666e917\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"f70668f8-ae97-4b64-867f-b0c9b77914ef\",\"fbf256d9-cae7-4244-8504-b73a5666e917\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_percentage_stacked\",\"layers\":[{\"layerId\":\"6a3b206a-4ac3-4d67-b2b9-c6b543a11ea3\",\"accessors\":[\"fbf256d9-cae7-4244-8504-b73a5666e917\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_percentage_stacked\",\"showGridlines\":false,\"splitAccessor\":\"f70668f8-ae97-4b64-867f-b0c9b77914ef\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"39d52f60-ca27-11eb-bf5e-3de94e83d4f0\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"39d52f60-ca27-11eb-bf5e-3de94e83d4f0\",\"name\":\"indexpattern-datasource-layer-6a3b206a-4ac3-4d67-b2b9-c6b543a11ea3\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"2b9a2bad-d6aa-4d3b-a692-fd96c3fb0ac1\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"name\":\"We_like_lens\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true},\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\"}}]}},\"type\":\"lens\"}},{\"version\":\"7.13.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"5e4cf03a-13bb-4aa7-8326-b47a19e88968\"},\"panelIndex\":\"5e4cf03a-13bb-4aa7-8326-b47a19e88968\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"play_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":788,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"39d52f60-ca27-11eb-bf5e-3de94e83d4f0\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"c5e2a416-2985-4f44-a6b6-70bb95d3bcdd\",\"triggers\":[\"CONTEXT_MENU_TRIGGER\"],\"action\":{\"name\":\"shakespeare_discover\",\"config\":{\"url\":{\"template\":\"http://localhost:5601/app/discover#/view/c4b9cc00-ca2a-11eb-bf5e-3de94e83d4f0?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15y,to:now))&_a=(columns:!(),filters:!(),index:'39d52f60-ca27-11eb-bf5e-3de94e83d4f0',interval:auto,query:(language:kuery,query:'speaker%20:%22DUKE%20VINCENTIO%22%20'),sort:!())\"},\"openInNewTab\":true,\"encodeUrl\":true},\"factoryId\":\"URL_DRILLDOWN\"}},{\"eventId\":\"de71a757-6401-4b05-9d8d-475fedc0cd47\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"name\":\"drilldown_timebased\",\"config\":{\"url\":{\"template\":\"http://localhost:5601/app/discover#/view/b3288100-ca2c-11eb-bf5e-3de94e83d4f0?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15y,to:now))&_a=(columns:!(),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'43fcac20-ca27-11eb-bf5e-3de94e83d4f0',key:geo.dest,negate:!f,params:(query:US),type:phrase),query:(match_phrase:(geo.dest:US)))),index:'43fcac20-ca27-11eb-bf5e-3de94e83d4f0',interval:auto,query:(language:kuery,query:''),sort:!(!('@timestamp',desc)))\"},\"openInNewTab\":true,\"encodeUrl\":true},\"factoryId\":\"URL_DRILLDOWN\"}}]}},\"type\":\"visualization\"}}]","timeRestore":false,"title":"nontimebased_shakespeare_drilldown","version":1},"coreMigrationVersion":"7.13.2","id":"e9eb20f0-ca2a-11eb-bf5e-3de94e83d4f0","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"39d52f60-ca27-11eb-bf5e-3de94e83d4f0","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"39d52f60-ca27-11eb-bf5e-3de94e83d4f0","name":"indexpattern-datasource-layer-6a3b206a-4ac3-4d67-b2b9-c6b543a11ea3","type":"index-pattern"},{"id":"08dec860-ca29-11eb-bf5e-3de94e83d4f0","name":"drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:2b9a2bad-d6aa-4d3b-a692-fd96c3fb0ac1:dashboardId","type":"dashboard"},{"id":"39d52f60-ca27-11eb-bf5e-3de94e83d4f0","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"07f48f70-ca29-11eb-bf5e-3de94e83d4f0","name":"tag-07f48f70-ca29-11eb-bf5e-3de94e83d4f0","type":"tag"}],"sort":[1623415891791,224],"type":"dashboard","updated_at":"2021-06-11T12:51:31.791Z","version":"WzE0NjUsNF0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\"},\"panelIndex\":\"2e80716f-c1b6-46f2-be2b-35db744b5031\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"26e2cf99-d931-4320-9e15-9dbc148f3534\":{\"columns\":{\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\":{\"label\":\"Top values of url.raw\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"url.raw\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"beb72af1-239c-46d8-823b-b00d1e2ace43\":{\"label\":\"Unique count of geo.srcdest\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"geo.srcdest\",\"isBucketed\":false}},\"columnOrder\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"beb72af1-239c-46d8-823b-b00d1e2ace43\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"26e2cf99-d931-4320-9e15-9dbc148f3534\",\"groups\":[\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\",\"6adde1a2-4c6f-47eb-95cc-5c6a9d863a6e\"],\"metric\":\"beb72af1-239c-46d8-823b-b00d1e2ace43\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534\"}]},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_2e80716f-c1b6-46f2-be2b-35db744b5031\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"da8843e0-6789-4aae-bcd0-81f270538719\"},\"panelIndex\":\"da8843e0-6789-4aae-bcd0-81f270538719\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_da8843e0-6789-4aae-bcd0-81f270538719\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":15,\"i\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},\"panelIndex\":\"adcd4418-7299-4efa-b369-5f71a7b4ebe0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":15,\"i\":\"869754a7-edf0-478f-a7f1-80374f63108a\"},\"panelIndex\":\"869754a7-edf0-478f-a7f1-80374f63108a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_869754a7-edf0-478f-a7f1-80374f63108a\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"67111cf4-338e-453f-8621-e8dea64082d1\"},\"panelIndex\":\"67111cf4-338e-453f-8621-e8dea64082d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67111cf4-338e-453f-8621-e8dea64082d1\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},\"panelIndex\":\"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":45,\"w\":24,\"h\":15,\"i\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\"},\"panelIndex\":\"88847944-ae1b-45fd-b102-3b45f9bea04b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_88847944-ae1b-45fd-b102-3b45f9bea04b\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":15,\"i\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\"},\"panelIndex\":\"5a7924c7-eac0-4573-9199-fecec5b82e9e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5a7924c7-eac0-4573-9199-fecec5b82e9e\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":60,\"w\":24,\"h\":15,\"i\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\"},\"panelIndex\":\"f8f49591-f071-4a96-b1ed-cd65daff5648\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f8f49591-f071-4a96-b1ed-cd65daff5648\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":60,\"w\":24,\"h\":15,\"i\":\"9f357f47-c2a0-421f-a456-9583c40837ab\"},\"panelIndex\":\"9f357f47-c2a0-421f-a456-9583c40837ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9f357f47-c2a0-421f-a456-9583c40837ab\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":75,\"w\":24,\"h\":15,\"i\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\"},\"panelIndex\":\"6cb383e9-1e80-44f9-80d5-7b8c585668db\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6cb383e9-1e80-44f9-80d5-7b8c585668db\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":75,\"w\":24,\"h\":15,\"i\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\"},\"panelIndex\":\"57f5f0bf-6610-4599-aad4-37484640b5e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_57f5f0bf-6610-4599-aad4-37484640b5e2\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":90,\"w\":24,\"h\":15,\"i\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},\"panelIndex\":\"32d3ab66-52e1-44e3-8c1f-1dccff3c5692\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":90,\"w\":24,\"h\":15,\"i\":\"dd1718fd-74ee-4032-851b-db97e893825d\"},\"panelIndex\":\"dd1718fd-74ee-4032-851b-db97e893825d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd1718fd-74ee-4032-851b-db97e893825d\"},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":105,\"w\":24,\"h\":15,\"i\":\"98a556ee-078b-4e03-93a8-29996133cdcb\"},\"panelIndex\":\"98a556ee-078b-4e03-93a8-29996133cdcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\":{\"columns\":{\"ce9117a2-773c-474c-8fb1-18940cf58b38\":{\"label\":\"Top values of type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"a3d10552-e352-40d0-a156-e86112c0501a\":{\"label\":\"Top values of _type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"_type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"9c5db2f3-9eb0-4667-9a74-3318301de251\":{\"label\":\"Sum of bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"a3d10552-e352-40d0-a156-e86112c0501a\",\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"999a2d60-cb2a-451c-8d71-80d7e92e70fd\",\"accessors\":[\"cf07d1f1-d3fd-41f7-812c-d8587ec75959\",\"9c5db2f3-9eb0-4667-9a74-3318301de251\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"ce9117a2-773c-474c-8fb1-18940cf58b38\",\"splitAccessor\":\"a3d10552-e352-40d0-a156-e86112c0501a\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"56b34100-619d-11eb-aebf-c306684b328d\",\"name\":\"indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd\"}]},\"enhancements\":{},\"type\":\"lens\"}},{\"version\":\"7.13.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":105,\"w\":24,\"h\":15,\"i\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"},\"panelIndex\":\"62a0f0b0-3589-4cef-807b-b1b4258b7a9b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"2015-09-20T01:56:56.132Z","timeRestore":true,"timeTo":"2015-09-21T11:18:20.471Z","title":"lens_dashboard_logstash","version":1},"coreMigrationVersion":"7.13.2","id":"f458b9f0-bd9e-11eb-9520-1b4c3ca6a781","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:panel_2e80716f-c1b6-46f2-be2b-35db744b5031","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"2e80716f-c1b6-46f2-be2b-35db744b5031:indexpattern-datasource-layer-26e2cf99-d931-4320-9e15-9dbc148f3534","type":"index-pattern"},{"id":"aa4b8da0-bd9f-11eb-9520-1b4c3ca6a781","name":"da8843e0-6789-4aae-bcd0-81f270538719:panel_da8843e0-6789-4aae-bcd0-81f270538719","type":"lens"},{"id":"2d3f1250-bd9f-11eb-9520-1b4c3ca6a781","name":"adcd4418-7299-4efa-b369-5f71a7b4ebe0:panel_adcd4418-7299-4efa-b369-5f71a7b4ebe0","type":"lens"},{"id":"edd5a560-bda4-11eb-9520-1b4c3ca6a781","name":"869754a7-edf0-478f-a7f1-80374f63108a:panel_869754a7-edf0-478f-a7f1-80374f63108a","type":"lens"},{"id":"2c25a450-bda5-11eb-9520-1b4c3ca6a781","name":"67111cf4-338e-453f-8621-e8dea64082d1:panel_67111cf4-338e-453f-8621-e8dea64082d1","type":"lens"},{"id":"e79116e0-bd9e-11eb-9520-1b4c3ca6a781","name":"13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d:panel_13f21ad2-9b2d-4aa2-a908-b62e1bdedc1d","type":"lens"},{"id":"974fb950-bda5-11eb-9520-1b4c3ca6a781","name":"88847944-ae1b-45fd-b102-3b45f9bea04b:panel_88847944-ae1b-45fd-b102-3b45f9bea04b","type":"lens"},{"id":"21905950-bd9f-11eb-9520-1b4c3ca6a781","name":"5a7924c7-eac0-4573-9199-fecec5b82e9e:panel_5a7924c7-eac0-4573-9199-fecec5b82e9e","type":"lens"},{"id":"51b63040-bda5-11eb-9520-1b4c3ca6a781","name":"f8f49591-f071-4a96-b1ed-cd65daff5648:panel_f8f49591-f071-4a96-b1ed-cd65daff5648","type":"lens"},{"id":"b00679c0-bda5-11eb-9520-1b4c3ca6a781","name":"9f357f47-c2a0-421f-a456-9583c40837ab:panel_9f357f47-c2a0-421f-a456-9583c40837ab","type":"lens"},{"id":"652ade10-bd9f-11eb-9520-1b4c3ca6a781","name":"6cb383e9-1e80-44f9-80d5-7b8c585668db:panel_6cb383e9-1e80-44f9-80d5-7b8c585668db","type":"lens"},{"id":"7f3b5fb0-be2f-11eb-9520-1b4c3ca6a781","name":"57f5f0bf-6610-4599-aad4-37484640b5e2:panel_57f5f0bf-6610-4599-aad4-37484640b5e2","type":"lens"},{"id":"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781","name":"32d3ab66-52e1-44e3-8c1f-1dccff3c5692:panel_32d3ab66-52e1-44e3-8c1f-1dccff3c5692","type":"lens"},{"id":"dd315430-be2f-11eb-9520-1b4c3ca6a781","name":"dd1718fd-74ee-4032-851b-db97e893825d:panel_dd1718fd-74ee-4032-851b-db97e893825d","type":"lens"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"56b34100-619d-11eb-aebf-c306684b328d","name":"98a556ee-078b-4e03-93a8-29996133cdcb:indexpattern-datasource-layer-999a2d60-cb2a-451c-8d71-80d7e92e70fd","type":"index-pattern"},{"id":"0dbbf8b0-be3c-11eb-9520-1b4c3ca6a781","name":"62a0f0b0-3589-4cef-807b-b1b4258b7a9b:panel_62a0f0b0-3589-4cef-807b-b1b4258b7a9b","type":"lens"},{"id":"e6994960-bd9e-11eb-9520-1b4c3ca6a781","name":"tag-e6994960-bd9e-11eb-9520-1b4c3ca6a781","type":"tag"}],"sort":[1623693556928,727],"type":"dashboard","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MTAsNF0="} +{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"Target.process.parent.pgid\":{\"id\":\"string\"},\"Target.process.parent.pid\":{\"id\":\"string\"},\"Target.process.parent.ppid\":{\"id\":\"string\"},\"Target.process.parent.thread.id\":{\"id\":\"string\"},\"Target.process.pgid\":{\"id\":\"string\"},\"Target.process.pid\":{\"id\":\"string\"},\"Target.process.ppid\":{\"id\":\"string\"},\"Target.process.thread.id\":{\"id\":\"string\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"},\"process.parent.pgid\":{\"id\":\"string\"},\"process.parent.pid\":{\"id\":\"string\"},\"process.parent.ppid\":{\"id\":\"string\"},\"process.parent.thread.id\":{\"id\":\"string\"},\"process.pgid\":{\"id\":\"string\"},\"process.pid\":{\"id\":\"string\"},\"process.ppid\":{\"id\":\"string\"},\"process.thread.id\":{\"id\":\"string\"},\"destination.bytes\":{\"id\":\"bytes\"},\"destination.port\":{\"id\":\"string\"},\"http.request.body.bytes\":{\"id\":\"bytes\"},\"http.request.bytes\":{\"id\":\"bytes\"},\"http.response.body.bytes\":{\"id\":\"bytes\"},\"http.response.bytes\":{\"id\":\"bytes\"},\"http.response.status_code\":{\"id\":\"string\"},\"network.bytes\":{\"id\":\"bytes\"},\"source.bytes\":{\"id\":\"bytes\"},\"source.port\":{\"id\":\"string\"}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.cross_session\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.parent_to_child\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.self_injection\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.thread_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.unique_key_v1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_pids\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_details.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.code_page\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.error_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.file_extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_details.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"rule.author\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.license\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.framework\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"event.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.load_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.resolved_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.request.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.response.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.iana_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.transport\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"package.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"7.13.2","id":"logs-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1623693556928,728],"type":"index-pattern","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MTEsNF0="} +{"attributes":{"description":"this is a logstash saved query","filters":[],"query":{"language":"kuery","query":"extension.raw :\"gif\" and machine.os.raw :\"ios\" "},"timefilter":{"from":"2015-09-20T01:56:56.132Z","refreshInterval":{"pause":true,"value":0},"to":"2015-09-21T11:18:20.471Z"},"title":"logstash_saved_query"},"coreMigrationVersion":"7.13.2","id":"logstash_saved_query","references":[],"sort":[1623693556928,729],"type":"query","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MTIsNF0="} +{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.histogram\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.disks.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.endpoint_drive\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.fstype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.mount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.threads\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.uptime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.endpoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.system\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.configurations.antivirus_registration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.configurations.antivirus_registration.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.antivirus_registration.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.events.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.events.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.logging\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.logging.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.logging.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.malware\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.streaming\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.streaming.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.streaming.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"metrics-*"},"coreMigrationVersion":"7.13.2","id":"metrics-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1623693556928,730],"type":"index-pattern","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MTMsNF0="} +{"attributes":{"description":"Shakespeare query","filters":[],"query":{"language":"kuery","query":"speaker : \"OTHELLO\" and play_name :\"Othello\" "},"title":"shakespeare_current_query"},"coreMigrationVersion":"7.13.2","id":"shakespeare_current_query","references":[],"sort":[1623693556928,731],"type":"query","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MTQsNF0="} +{"attributes":{"@created":"2021-05-27T18:53:18.432Z","@timestamp":"2021-05-27T19:46:12.539Z","assets":{},"colors":["#37988d","#c19628","#b83c6f","#3f9939","#1785b0","#ca5f35","#45bdb0","#f2bc33","#e74b8b","#4fbf48","#1ea6dc","#fd7643","#72cec3","#f5cc5d","#ec77a8","#7acf74","#4cbce4","#fd986f","#a1ded7","#f8dd91","#f2a4c5","#a6dfa2","#86d2ed","#fdba9f","#000000","#444444","#777777","#BBBBBB","#FFFFFF","rgba(255,255,255,0)"],"css":".canvasPage {\n\n}","height":720,"isWriteable":true,"name":"logstash-canvas-workpad","page":1,"pages":[{"elements":[{"expression":"savedLens id=\"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781\" timerange={timerange from=\"now-15y\" to=\"now\"}\n| render","filter":null,"id":"element-56d2ba72-f227-4d04-9478-a1d6f0c7e601","position":{"angle":0,"height":300,"left":20,"parent":null,"top":20,"width":500}},{"expression":"savedVisualization id=\"0d8a8860-623a-11eb-aebf-c306684b328d\" timerange={timerange from=\"now-15y\" to=\"now\"}\n| render","filter":null,"id":"element-afbaa26e-10e7-47d4-bb41-b061dfdced2b","position":{"angle":0,"height":300,"left":527,"parent":null,"top":20,"width":500}}],"groups":[],"id":"page-0f9ef2da-2868-4c0b-9223-fd3c9e53d6c9","style":{"background":"#FFF"},"transition":{}},{"elements":[{"expression":"image dataurl=null mode=\"contain\"\n| render","id":"element-c5534ef7-68c4-46bc-b35a-9e43a7f118c3","position":{"angle":0,"height":107,"left":20,"parent":null,"top":20,"width":132}},{"expression":"filters\n| essql query=\"SELECT machine.os.raw FROM \\\"logstash-*\\\"\"\n| pointseries x=\"machine.os.raw\" y=\"size(machine.os.raw)\" color=\"machine.os.raw\" size=\"sum(machine.os.raw)\"\n| plot defaultStyle={seriesStyle points=5 fill=1}\n| render","id":"element-5f7a3312-0e77-471c-9b8f-f98cb38075fb","position":{"angle":0,"height":192,"left":221,"parent":null,"top":56,"width":451}},{"expression":"timefilterControl compact=true column=@timestamp\n| render","filter":"timefilter from=\"now-29y\" to=now column=@timestamp","id":"element-6e00dcf4-06fe-4bd9-9315-d32d9d3fac5f","position":{"angle":0,"height":50,"left":221,"parent":null,"top":-1,"width":500}},{"expression":"filters\n| esdocs index=\"logstash-*\" fields=\"@timestamp, response.raw\"\n| pointseries x=\"size(response.raw)\" y=\"@timestamp\" color=\"response.raw\"\n| plot\n| render","id":"element-20281fac-1c3a-4ee3-9132-44379fb60b74","position":{"angle":0,"height":262,"left":51,"parent":null,"top":304,"width":590}},{"expression":"filters\n| timelion query=\".es(index=logstash-*, metric=sum:bytes)\"\n| pointseries x=\"@timestamp\" y=\"sum(value)\"\n| plot defaultStyle={seriesStyle lines=3}\n| render","id":"element-337b0548-5d6d-44cd-a324-eb50d63c7bd0","position":{"angle":0,"height":309,"left":648,"parent":null,"top":290,"width":369}},{"expression":"savedLens id=\"bb9e5bb0-be2f-11eb-9520-1b4c3ca6a781\" timerange={timerange from=\"now-15y\" to=\"now\"}\n| render","filter":null,"id":"element-353e5583-0dbb-4a6b-bac7-3b2a6b305397","position":{"angle":0,"height":181.99999999999997,"left":855,"parent":"group-d2618a19-3982-414e-93df-b2cb165b7c7e","top":15.000000000000014,"width":76.961271102284}},{"expression":"savedVisualization id=\"0d8a8860-623a-11eb-aebf-c306684b328d\" timerange={timerange from=\"now-15y\" to=\"now\"}\n| render","filter":null,"id":"element-0e5501a6-9e87-42bc-b539-1e697e62051b","position":{"angle":0,"height":181.99999999999997,"left":933.038728897716,"parent":"group-d2618a19-3982-414e-93df-b2cb165b7c7e","top":15.000000000000014,"width":76.961271102284}}],"groups":[],"id":"page-59c3cf09-1811-4324-995b-7336c1c11ab8","style":{"background":"#FFF"},"transition":{}}],"variables":[],"width":1080},"coreMigrationVersion":"7.13.2","id":"workpad-f2024ca3-e366-447a-b3af-7db4400646ef","migrationVersion":{"canvas-workpad":"7.0.0"},"references":[],"sort":[1623693556928,732],"type":"canvas-workpad","updated_at":"2021-06-14T17:59:16.928Z","version":"WzE3MTUsNF0="} +{"exportedCount":87,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts b/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts index b83263eafd9d9c..47fc2b756e8e86 100644 --- a/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts +++ b/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts @@ -48,7 +48,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { await PageObjects.savedObjects.clickImportDone(); const importedSavedObjects = await testSubjects.getVisibleText('exportAllObjects'); // verifying the count of saved objects after importing .ndjson - await expect(importedSavedObjects).to.be('Export 72 objects'); + await expect(importedSavedObjects).to.be('Export 88 objects'); }); }); } diff --git a/x-pack/test/functional_with_es_ssl/apps/ml/alert_flyout.ts b/x-pack/test/functional_with_es_ssl/apps/ml/alert_flyout.ts index 777e6fd598f454..ba7243efe1773f 100644 --- a/x-pack/test/functional_with_es_ssl/apps/ml/alert_flyout.ts +++ b/x-pack/test/functional_with_es_ssl/apps/ml/alert_flyout.ts @@ -67,8 +67,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { let testJobId = ''; - // Failing: See https://github.com/elastic/kibana/issues/102012 - describe.skip('anomaly detection alert', function () { + describe('anomaly detection alert', function () { this.tags('ciGroup13'); before(async () => { @@ -119,11 +118,11 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { await ml.testExecution.logTestStep('should preview the alert condition'); await ml.alerting.assertPreviewButtonState(false); - await ml.alerting.setTestInterval('2y'); + await ml.alerting.setTestInterval('5y'); await ml.alerting.assertPreviewButtonState(true); // don't check the exact number provided by the backend, just make sure it's > 0 - await ml.alerting.checkPreview(/Found [1-9]\d* anomalies in the last 2y/); + await ml.alerting.checkPreview(/Found [1-9]\d* anomal(y|ies) in the last 5y/); await ml.testExecution.logTestStep('should create an alert'); await pageObjects.triggersActionsUI.setAlertName('ml-test-alert'); diff --git a/x-pack/test/functional_with_es_ssl/apps/uptime/alert_flyout.ts b/x-pack/test/functional_with_es_ssl/apps/uptime/alert_flyout.ts index 7d235d9e181082..bbd212b61e4394 100644 --- a/x-pack/test/functional_with_es_ssl/apps/uptime/alert_flyout.ts +++ b/x-pack/test/functional_with_es_ssl/apps/uptime/alert_flyout.ts @@ -11,7 +11,8 @@ import { delay } from 'bluebird'; import { FtrProviderContext } from '../../ftr_provider_context'; export default ({ getPageObjects, getService }: FtrProviderContext) => { - describe('uptime alerts', () => { + // FLAKY: https://github.com/elastic/kibana/issues/101984 + describe.skip('uptime alerts', () => { const pageObjects = getPageObjects(['common', 'uptime']); const supertest = getService('supertest'); const retry = getService('retry'); diff --git a/x-pack/test/observability_api_integration/basic/tests/annotations.ts b/x-pack/test/observability_api_integration/basic/tests/annotations.ts index 05bfba42dd59ca..4a2c7b68f612e9 100644 --- a/x-pack/test/observability_api_integration/basic/tests/annotations.ts +++ b/x-pack/test/observability_api_integration/basic/tests/annotations.ts @@ -6,7 +6,7 @@ */ import expect from '@kbn/expect'; -import { JsonObject } from 'src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { FtrProviderContext } from '../../common/ftr_provider_context'; // eslint-disable-next-line import/no-default-export diff --git a/x-pack/test/observability_api_integration/trial/tests/annotations.ts b/x-pack/test/observability_api_integration/trial/tests/annotations.ts index 1ea3460060bc9f..b1ef717ddfd88b 100644 --- a/x-pack/test/observability_api_integration/trial/tests/annotations.ts +++ b/x-pack/test/observability_api_integration/trial/tests/annotations.ts @@ -6,7 +6,7 @@ */ import expect from '@kbn/expect'; -import { JsonObject } from 'src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { Annotation } from '../../../../plugins/observability/common/annotations'; import { FtrProviderContext } from '../../common/ftr_provider_context'; diff --git a/x-pack/test/security_solution_endpoint/apps/endpoint/policy_details.ts b/x-pack/test/security_solution_endpoint/apps/endpoint/policy_details.ts index 44348d1ad0d9c4..ae60935013d272 100644 --- a/x-pack/test/security_solution_endpoint/apps/endpoint/policy_details.ts +++ b/x-pack/test/security_solution_endpoint/apps/endpoint/policy_details.ts @@ -21,7 +21,8 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { const testSubjects = getService('testSubjects'); const policyTestResources = getService('policyTestResources'); - describe('When on the Endpoint Policy Details Page', function () { + // FLAKY: https://github.com/elastic/kibana/issues/100296 + describe.skip('When on the Endpoint Policy Details Page', function () { describe('with an invalid policy id', () => { it('should display an error', async () => { await pageObjects.policy.navigateToPolicyDetails('invalid-id'); @@ -756,8 +757,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { }); }); - // FLAKY: https://github.com/elastic/kibana/issues/100296 - describe.skip('when on Ingest Policy Edit Package Policy page', async () => { + describe('when on Ingest Policy Edit Package Policy page', async () => { let policyInfo: PolicyTestResourceInfo; beforeEach(async () => { // Create a policy and navigate to Ingest app diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/events.ts b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/events.ts index 073bc44e89e61f..b3aeb55eb38a12 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/events.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/events.ts @@ -6,7 +6,7 @@ */ import expect from '@kbn/expect'; -import { JsonObject } from 'src/plugins/kibana_utils/common'; +import { JsonObject } from '@kbn/common-utils'; import { eventsIndexPattern } from '../../../../plugins/security_solution/common/endpoint/constants'; import { eventIDSafeVersion, diff --git a/yarn.lock b/yarn.lock index a9a81585000b5e..353527731cb04e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2620,6 +2620,10 @@ version "0.0.0" uid "" +"@kbn/common-utils@link:bazel-bin/packages/kbn-common-utils": + version "0.0.0" + uid "" + "@kbn/config-schema@link:bazel-bin/packages/kbn-config-schema": version "0.0.0" uid "" @@ -20300,9 +20304,9 @@ normalize-url@^3.0.0: integrity sha512-U+JJi7duF1o+u2pynbp2zXDW2/PADgC30f0GsHZtRh+HOcXHnw137TrNlyxxRvWW5fjKd3bcLHPxofWuCjaeZg== normalize-url@^4.1.0: - version "4.5.0" - resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.5.0.tgz#453354087e6ca96957bd8f5baf753f5982142129" - integrity sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ== + version "4.5.1" + resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-4.5.1.tgz#0dd90cf1288ee1d1313b87081c9a5932ee48518a" + integrity sha512-9UZCFRHQdNrfTpGg8+1INIg93B6zE0aXMVFkw1WFwvO4SlZywU6aLg5Of0Ap/PgcbSw4LNxvMWXMeugwMCX0AA== now-and-later@^2.0.0: version "2.0.0"