This repository has been archived by the owner on Jul 28, 2021. It is now read-only.
/
synlite_suricata.kibana.7.1.x.json
9689 lines (9689 loc) · 817 KB
/
synlite_suricata.kibana.7.1.x.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
[
{
"_id": "suricata_stats-*",
"_type": "index-pattern",
"_source": {
"title": "suricata_stats-*",
"timeFieldName": "@timestamp",
"fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"event.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.subtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.ipaddr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.expectations\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dcerpc_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dcerpc_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dhcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dnp3\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dns_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dns_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.failed_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.failed_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ftp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ftp-data\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.http\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ikev2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.imap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.krb5_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.krb5_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.modbus\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.msn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.nfs_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.nfs_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ntp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.smb\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.smtp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ssh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.tftp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.tls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dcerpc_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dcerpc_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dhcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dnp3\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dns_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dns_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ftp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ftp-data\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.http\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ikev2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.krb5_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.krb5_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.modbus\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.nfs_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.nfs_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ntp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.smb\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.smtp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ssh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.tftp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.tls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.capture.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.capture.kernel_drops\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.capture.kernel_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.avg_pkt_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.dce.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.erspan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ethernet\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.erspan.header_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.erspan.too_many_vlan_layers\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.erspan.unsupported_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ethernet.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version0_flags\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version0_hdr_too_big\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version0_malformed_sre_hdr\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version0_recur\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_chksum\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_flags\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_hdr_too_big\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_malformed_sre_hdr\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_no_key\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_recur\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_route\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_ssr\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_wrong_protocol\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.wrong_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.ipv4_trunc_pkt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.ipv4_unknown_ver\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.unknown_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.unknown_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.experimentation_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.ipv6_trunc_pkt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.ipv6_unknown_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.mld_message_with_invalid_hl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.unassigned_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.unknown_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.unknown_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ieee8021ah.header_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipraw.invalid_ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.frag_ignored\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.frag_overlap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.frag_pkt_too_large\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.hlen_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.icmpv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.iplen_smaller_than_hlen\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_duplicate\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_eol_required\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_invalid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_invalid_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_malformed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_pad_required\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_unknown\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.trunc_pkt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.wrong_ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.data_after_none_header\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.dstopts_only_padding\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.dstopts_unknown_opt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_ah_res_not_null\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_ah\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_dh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_eh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_fh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_hh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_rh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_invalid_optlen\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_useless_fh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.fh_non_zero_reserved_field\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.frag_ignored\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.frag_overlap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.frag_pkt_too_large\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.hopopts_only_padding\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.hopopts_unknown_opt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.icmpv4\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.ipv4_in_ipv6_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.ipv4_in_ipv6_wrong_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.ipv6_in_ipv6_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.ipv6_in_ipv6_wrong_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.rh_type_0\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.trunc_exthdr\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.trunc_pkt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.unknown_next_header\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.wrong_ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.zero_len_padn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ltnull.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ltnull.unsupported_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.bad_label_implicit_null\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.bad_label_reserved\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.bad_label_router_alert\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.header_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.unknown_payload_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.ip4_pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.ip6_pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.unsup_proto\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.vju_pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.wrong_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.pppoe.malformed_tags\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.pppoe.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.pppoe.wrong_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.sctp.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.sll.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.hlen_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.invalid_optlen\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.opt_duplicate\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.opt_invalid_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.udp.hlen_invalid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.udp.hlen_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.udp.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.vlan.header_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.vlan.too_many_layers\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.vlan.unknown_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.gre\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.icmpv4\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.icmpv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ieee8021ah\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.invalid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipraw.invalid_ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipv4\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipv4_in_ipv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipv6_in_ipv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ltnull.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ltnull.unsupported_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.max_pkt_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.mpls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.null\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.pkts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ppp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.pppoe\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.raw\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.sctp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.sll\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.teredo\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.vlan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.vlan_qinq\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv4.fragments\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv4.reassembled\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv4.timeouts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv6.fragments\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv6.reassembled\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv6.timeouts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.max_frag_hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.alert\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.engines.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.engines.last_reload\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.engines.rules_failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.engines.rules_loaded\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.dns.memcap_global\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.dns.memcap_state\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.dns.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.file_store.open_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.emerg_mode_entered\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.emerg_mode_over\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.icmpv4\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.icmpv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.memcap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.spare\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.tcp_reuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.bypassed_pruned\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.closed_pruned\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.est_pruned\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_checked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_notimeout\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_removed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_timeout\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_timeout_inuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.new_pruned\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_busy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_checked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_empty\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_maxlen\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_skipped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.ftp.memcap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.ftp.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.http.memcap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.http.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.insert_data_normal_fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.insert_data_overlap_fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.insert_list_fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.invalid_checksum\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.midstream_pickups\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.no_flow\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.overlap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.overlap_diff_data\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.pkt_on_wrong_thread\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.pseudo\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.pseudo_failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.reassembly_gap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.reassembly_memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.rst\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.segment_memcap_drop\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.sessions\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.ssn_memcap_drop\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.stream_depth_reached\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.syn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.synack\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]"
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"index-pattern": "6.5.0"
},
"_references": []
},
{
"_id": "suricata-*",
"_type": "index-pattern",
"_source": {
"title": "suricata-*",
"timeFieldName": "@timestamp",
"fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.cve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.affected_product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.attack_target\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.created_at\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.deployment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.former_category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.signature_severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.tag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.updated_at\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.rev\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.target.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.target.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"app_proto\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.client_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.client_mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.dhcp_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.dns_servers\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.next_server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.params\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.relay_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.routers\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.subnet_mask\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.aa\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.rdata\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.rrname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.rrtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.authorities.rrname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.authorities.rrtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.authorities.ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.flags\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.A\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.AAAA\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.CNAME\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.PTR\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.SRV\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.TXT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.qr\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ra\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rd\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rdata\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rrname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rrtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.tc\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.tx_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.subtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.gaps\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.stored\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.tx_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.age\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.alerted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes_toclient\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes_toserver\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toclient\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toserver\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_charset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_datetime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_language\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_range\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.allow\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.authorization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.cache_control\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.connection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_language\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_range\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.dnt\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.etag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.expires\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_refer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.last_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.link\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.max_forwards\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.org_src_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.origin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.pragma\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.proxy_authenticate\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.proxy_authorization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.range\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.redirect\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.refresh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.retry_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.set_cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.te\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.trailer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.transfer_encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.true_client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.upgrade\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_app\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_app_ver\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_os_ver\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.vary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.via\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.www_authenticate\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_authenticated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_bluecoat_via\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_flash_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_forwarded_proto\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_requested_with\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.xff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icmp_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icmp_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_iface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.age\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.end\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.max_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.min_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.pkts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.start\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.file_tx\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.hhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.procedure\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.ipaddr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proto\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_icmp_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_icmp_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.auth_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.creds.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.creds.machine_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.creds.uid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.xid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.access\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.accessed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.changed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.client_dialects\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.client_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.created\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.call_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.frag_cnt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.interfaces.ack_reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.interfaces.ack_result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.interfaces.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.interfaces.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.opnum\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.req\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.res\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.stub_data_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dialect\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.disposition\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.kerberos.realm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.kerberos.snames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.modified\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.ntlmssp.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.ntlmssp.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.ntlmssp.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.request.native_lm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.request.native_os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.response.native_lm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.response.native_os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.server_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.session_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.status_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.tree_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.client.proto_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.client.software_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.server.proto_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.server.software_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.ecn\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.tcp_flags_tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.tcp_flags_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tftp.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tftp.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tftp.packet\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.certificate\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.chain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.fingerprint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.issuerdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.ja3.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.ja3.string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.notafter\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.notbefore\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.session_resumed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.sni\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traffic_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tx_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.applayer.anomaly.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.http.anomaly.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.smtp.anomaly.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.tcp.retransmission.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.tls.anomaly.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vlan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
"fieldFormatMap": "{\"log.severity\":{\"id\":\"color\",\"params\":{\"fieldType\":\"string\",\"colors\":[{\"range\":\"-Infinity:Infinity\",\"regex\":\"emergency\",\"text\":\"#880000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"alert\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"critical\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"error\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"warning\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"notice\",\"text\":\"#8800ff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"informational\",\"text\":\"#2200aa\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"debug\",\"text\":\"#888888\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"undetermined\",\"text\":\"#000000\",\"background\":\"\"}]}},\"flow.bytes\":{\"id\":\"bytes\",\"params\":{\"pattern\":\"0,0.[00]b\"}},\"flow.bytes_toclient\":{\"id\":\"bytes\",\"params\":{\"pattern\":\"0,0.[00]b\"}},\"flow.bytes_toserver\":{\"id\":\"bytes\",\"params\":{\"pattern\":\"0,0.[00]b\"}},\"flow_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"alert.signature_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://doc.emergingthreats.net/bin/view/Main/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"service_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"src_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"src_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"src_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.alerted\":{\"id\":\"boolean\"},\"alert.cve\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://nvd.nist.gov/vuln/detail/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dns.rcode\":{\"id\":\"color\",\"params\":{\"fieldType\":\"string\",\"colors\":[{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOERROR\",\"text\":\"#009900\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FORMERR\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SERVFAIL\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NXDOMAIN\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOTIMP\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"REFUSED\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"YXDOMAIN\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"YXRRSET\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NXRRSET\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOTAUTH\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOTZONE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADVERS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADKEY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADTIME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADMODE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADNAME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADALG\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADTRUNC\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADCOOKIE\",\"text\":\"#44aaff\",\"background\":\"\"}]}},\"nfs.status\":{\"id\":\"color\",\"params\":{\"fieldType\":\"string\",\"colors\":[{\"range\":\"-Infinity:Infinity\",\"regex\":\"OK\",\"text\":\"#009900\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_PERM\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOENT\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_IO\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NXIO\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_ACCES\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_EXIST\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_XDEV\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NODEV\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOTDIR\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_ISDIR\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_INVAL\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_FBIG\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOSPC\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_ROFS\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_MLINK\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NAMETOOLONG\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOTEMPTY\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_DQUOT\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_STALE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_REMOTE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BADHANDLE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOT_SYNC\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BAD_COOKIE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOTSUPP\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_TOOSMALL\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_SERVERFAULT\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BADTYPE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_JUKEBOX\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_DELAY\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_SAME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_DENIED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_EXPIRED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_LOCKED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_GRACE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_FHEXPIRED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_SHARE_DENIED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_WRONGSEC\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_CLID_INUSE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_RESOURCE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_MOVED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOFILEHANDLE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_MINOR_VERS_MISMATCH\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_STALE_CLIENTID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_STALE_STATEID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_OLD_STATEID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BAD_STATEID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BAD_SEQID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOT_SAME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_LOCK_RANGE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_SYMLINK\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_READDIR_NOSPC\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_LEASE_MOVED\",\"text\":\"#44aaff\",\"background\":\"\"}]}},\"smb.status\":{\"id\":\"color\",\"params\":{\"fieldType\":\"string\",\"colors\":[{\"range\":\"-Infinity:Infinity\",\"regex\":\"SUCCESS\",\"text\":\"#009900\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_SMB\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_BAD_TID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_BAD_COMMAND\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_BAD_UID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_USE_STANDARD\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BUFFER_OVERFLOW\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_MORE_FILES\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"STOPPED_ON_SYMLINK\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOT_IMPLEMENTED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_PARAMETER\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_SUCH_DEVICE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_DEVICE_REQUEST\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"MORE_PROCESSING_REQUIRED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ACCESS_DENIED\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BUFFER_TOO_SMALL\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_NAME_NOT_FOUND\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_NAME_COLLISION\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_PATH_NOT_FOUND\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BAD_IMPERSONATION_LEVEL\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"IO_TIMEOUT\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_IS_A_DIRECTORY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOT_SUPPORTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NETWORK_NAME_DELETED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"USER_SESSION_DELETED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NETWORK_SESSION_EXPIRED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_TOO_MANY_UIDS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DISK_FULL\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ILLEGAL_FUNCTION\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_SUCH_FILE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_PATH_INVALID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_PATH_SYNTAX_BAD\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DFS_EXIT_PATH_FOUND\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"REDIRECTOR_NOT_STARTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"TOO_MANY_OPENED_FILES\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_LOCK_SEQUENCE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_VIEW_SIZE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ALREADY_COMMITTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PORT_CONNECTION_REFUSED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"THREAD_IS_TERMINATING\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DELETE_PENDING\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PRIVILEGE_NOT_HELD\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"LOGON_FAILURE\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_RENAMED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PROCESS_IS_TERMINATING\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"CANNOT_DELETE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_DELETED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_BAD_FID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_HANDLE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_TYPE_MISMATCH\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PORT_DISCONNECTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_PORT_HANDLE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_CLOSED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"HANDLE_NOT_CLOSABLE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SECTION_TOO_BIG\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"TOO_MANY_PAGING_FILES\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INSUFF_SERVER_RESOURCES\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_INVALID_ACCESS\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DATA_ERROR\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DIRECTORY_NOT_EMPTY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOT_SAME_DEVICE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"UNSUCCESSFUL\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SHARING_VIOLATION\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"LOCK_NOT_GRANTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"END_OF_FILE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_INVALID_LEVEL\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_NEGATIVE_SEEK\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"RANGE_NOT_LOCKED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_NO_MORE_SIDS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_CANCEL_VIOLATION\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_ATOMIC_LOCKS_NOT_SUPPORTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_INFO_CLASS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_PIPE_STATE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_READ_MODE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_CANNOT_COPY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INSTANCE_NOT_AVAILABLE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_NOT_AVAILABLE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_BUSY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_CLOSING\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_EMPTY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_DISCONNECTED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"EA_TOO_LARGE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_EAS_DIDNT_FIT\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"EAS_NOT_SUPPORTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_EA_ACCESS_DENIED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOTIFY_ENUM_DIR\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"WRONG_PASSWORD\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PATH_NOT_COVERED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NETWORK_ACCESS_DENIED\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BAD_NETWORK_NAME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BAD_DEVICE_TYPE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PRINT_QUEUE_FULL\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_SPOOL_SPACE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PRINT_CANCELLED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"UNEXPECTED_NETWORK_ERROR\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"REQUEST_NOT_ACCEPTED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"TOO_MANY_SESSIONS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_USE_MPX\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_CONTINUE_MPX\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ACCOUNT_DISABLED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ACCOUNT_EXPIRED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_WORKSTATION\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_LOGON_HOURS\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PASSWORD_EXPIRED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PASSWORD_MUST_CHANGE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_NO_SUPPORT\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"MEDIA_WRITE_PROTECTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_MEDIA_IN_DEVICE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_DEVICE_STATE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"CRC_ERROR\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DISK_CORRUPT_ERROR\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NONEXISTENT_SECTOR\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DEVICE_PAPER_EMPTY\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_LOCK_CONFLICT\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"WRONG_VOLUME\",\"text\":\"#eecc00\",\"background\":\"\"}]}},\"http.status\":{\"id\":\"color\",\"params\":{\"fieldType\":\"number\",\"colors\":[{\"range\":\"100-199\",\"regex\":\"<insert regex>\",\"text\":\"#2200aa\",\"background\":\"\"},{\"range\":\"200-299\",\"regex\":\"<insert regex>\",\"text\":\"#009900\",\"background\":\"\"},{\"range\":\"300-399\",\"regex\":\"<insert regex>\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"400-499\",\"regex\":\"<insert regex>\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"500-599\",\"regex\":\"<insert regex>\",\"text\":\"#ff0000\",\"background\":\"\"}]}},\"dns.tx_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"smb.dcerpc.call_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"smb.session_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"smb.tree_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"fileinfo.tx_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"tx_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"alert.source.port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"alert.target.port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"http.http_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}}}"
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"index-pattern": "6.5.0"
},
"_references": []
},
{
"_id": "61eb53a0-6696-11e8-a67b-cd4cf123b2a5",
"_type": "dashboard",
"_source": {
"title": "Suricata: Statistics",
"hits": 0,
"description": "",
"panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":33,\"y\":0,\"w\":9,\"h\":5,\"i\":\"4\"},\"panelIndex\":\"4\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":0,\"y\":5,\"w\":24,\"h\":9,\"i\":\"5\"},\"panelIndex\":\"5\",\"title\":\"Decoder Traffic Volume\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":24,\"y\":5,\"w\":24,\"h\":9,\"i\":\"6\"},\"panelIndex\":\"6\",\"title\":\"Memory Use\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"title\":\"Invalid Packets\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":24,\"y\":23,\"w\":24,\"h\":9,\"i\":\"8\"},\"panelIndex\":\"8\",\"title\":\"TCP Sessions\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":0,\"y\":23,\"w\":24,\"h\":9,\"i\":\"9\"},\"panelIndex\":\"9\",\"title\":\"Alerts Detected\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":0,\"y\":14,\"w\":24,\"h\":9,\"i\":\"10\"},\"panelIndex\":\"10\",\"title\":\"Kernel Drops\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":0,\"y\":32,\"w\":24,\"h\":9,\"i\":\"11\"},\"panelIndex\":\"11\",\"title\":\"IP Versions\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":32,\"w\":24,\"h\":9,\"i\":\"12\"},\"panelIndex\":\"12\",\"title\":\"IP Protocols\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":33,\"h\":4,\"i\":\"13\"},\"panelIndex\":\"13\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":4,\"w\":33,\"h\":1,\"i\":\"14\"},\"panelIndex\":\"14\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_11\"}]",
"optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"dashboard": "7.0.0"
},
"_references": [
{
"name": "panel_0",
"type": "visualization",
"id": "f3890650-648d-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_1",
"type": "visualization",
"id": "f05c2b10-6b09-11e8-82af-6743288b8baf"
},
{
"name": "panel_2",
"type": "visualization",
"id": "340bf770-6b08-11e8-82af-6743288b8baf"
},
{
"name": "panel_3",
"type": "visualization",
"id": "dc43a050-6b08-11e8-82af-6743288b8baf"
},
{
"name": "panel_4",
"type": "visualization",
"id": "f3137eb0-6b10-11e8-82af-6743288b8baf"
},
{
"name": "panel_5",
"type": "visualization",
"id": "30ceccd0-6b13-11e8-82af-6743288b8baf"
},
{
"name": "panel_6",
"type": "visualization",
"id": "3bfa7db0-6b14-11e8-82af-6743288b8baf"
},
{
"name": "panel_7",
"type": "visualization",
"id": "cefaeff0-6b14-11e8-82af-6743288b8baf"
},
{
"name": "panel_8",
"type": "visualization",
"id": "a7797730-6b19-11e8-82af-6743288b8baf"
},
{
"name": "panel_9",
"type": "visualization",
"id": "eac57150-6b1a-11e8-82af-6743288b8baf"
},
{
"name": "panel_10",
"type": "visualization",
"id": "df81d600-7c65-11e9-ab58-c1e5cf60a7ac"
},
{
"name": "panel_11",
"type": "visualization",
"id": "3e1c1990-648f-11e8-9e8d-39632dc6b766"
}
]
},
{
"_id": "cfa96750-6651-11e8-a67b-cd4cf123b2a5",
"_type": "dashboard",
"_source": {
"title": "Suricata: Threats (Public Threats)",
"hits": 0,
"description": "",
"panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"25\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"25\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"29\",\"gridData\":{\"x\":9,\"y\":14,\"w\":12,\"h\":35,\"i\":\"29\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"title\":\"Public Attackers\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"32\",\"gridData\":{\"x\":21,\"y\":14,\"w\":12,\"h\":35,\"i\":\"32\"},\"title\":\"Signatures\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"33\",\"gridData\":{\"x\":41,\"y\":14,\"w\":7,\"h\":37,\"i\":\"33\"},\"title\":\"IP Reputations\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"34\",\"gridData\":{\"x\":33,\"y\":14,\"w\":8,\"h\":35,\"i\":\"34\"},\"title\":\"Vulnerabilities\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"37\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"37\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"38\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":10,\"i\":\"38\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"40\"},\"version\":\"7.0.1\",\"panelIndex\":\"40\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"41\"},\"version\":\"7.0.1\",\"panelIndex\":\"41\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_9\"}]",
"optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"dashboard": "7.0.0"
},
"_references": [
{
"name": "panel_0",
"type": "visualization",
"id": "f3890650-648d-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_1",
"type": "visualization",
"id": "ae0b4b40-6651-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_2",
"type": "visualization",
"id": "4cd37760-663f-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_3",
"type": "visualization",
"id": "21b948b0-665e-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_4",
"type": "visualization",
"id": "40c39a80-665e-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_5",
"type": "visualization",
"id": "34aaa370-665d-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_6",
"type": "visualization",
"id": "ab96faa0-6677-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_7",
"type": "visualization",
"id": "403194e0-6678-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_8",
"type": "visualization",
"id": "a8f699c0-7c67-11e9-ab58-c1e5cf60a7ac"
},
{
"name": "panel_9",
"type": "visualization",
"id": "0ab3ba50-7c66-11e9-ab58-c1e5cf60a7ac"
}
]
},
{
"_id": "076caa20-64aa-11e8-9e8d-39632dc6b766",
"_type": "dashboard",
"_source": {
"title": "Suricata: Alerts (Overview)",
"hits": 0,
"description": "",
"panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":9,\"y\":31,\"w\":13,\"h\":11,\"i\":\"5\"},\"panelIndex\":\"5\",\"title\":\"Clients (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":22,\"y\":31,\"w\":13,\"h\":11,\"i\":\"6\"},\"panelIndex\":\"6\",\"title\":\"Servers (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":35,\"y\":31,\"w\":13,\"h\":11,\"i\":\"10\"},\"panelIndex\":\"10\",\"title\":\"Services (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":35,\"y\":20,\"w\":13,\"h\":11,\"i\":\"15\"},\"panelIndex\":\"15\",\"title\":\"Alert Actions (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":9,\"y\":20,\"w\":13,\"h\":11,\"i\":\"16\"},\"panelIndex\":\"16\",\"title\":\"Alert Categories (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":22,\"y\":20,\"w\":13,\"h\":11,\"i\":\"17\"},\"panelIndex\":\"17\",\"title\":\"Alert Signatures (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":7,\"h\":6,\"i\":\"18\"},\"panelIndex\":\"18\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":16,\"y\":4,\"w\":7,\"h\":6,\"i\":\"19\"},\"panelIndex\":\"19\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":30,\"y\":4,\"w\":7,\"h\":6,\"i\":\"20\"},\"panelIndex\":\"20\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":23,\"y\":4,\"w\":7,\"h\":6,\"i\":\"21\"},\"panelIndex\":\"21\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":37,\"y\":4,\"w\":7,\"h\":6,\"i\":\"22\"},\"panelIndex\":\"22\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"23\"},\"panelIndex\":\"23\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":9,\"y\":10,\"w\":39,\"h\":10,\"i\":\"24\"},\"panelIndex\":\"24\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"27\"},\"version\":\"7.0.1\",\"panelIndex\":\"27\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_14\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"28\"},\"version\":\"7.0.1\",\"panelIndex\":\"28\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_15\"}]",
"optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"dashboard": "7.0.0"
},
"_references": [
{
"name": "panel_0",
"type": "visualization",
"id": "f3890650-648d-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_1",
"type": "visualization",
"id": "682e0b60-6441-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_2",
"type": "visualization",
"id": "e46ea0a0-6440-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_3",
"type": "visualization",
"id": "90fe9860-6447-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_4",
"type": "visualization",
"id": "9abcb3b0-6441-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_5",
"type": "visualization",
"id": "6b89eb20-6442-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_6",
"type": "visualization",
"id": "92815a10-6442-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_7",
"type": "visualization",
"id": "484e91d0-649a-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_8",
"type": "visualization",
"id": "c8438d70-64a2-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_9",
"type": "visualization",
"id": "fb7c0a50-64a2-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_10",
"type": "visualization",
"id": "e1ca2100-64a2-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_11",
"type": "visualization",
"id": "51dae990-64a6-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_12",
"type": "visualization",
"id": "4f5f1750-64aa-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_13",
"type": "visualization",
"id": "10544520-64b0-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_14",
"type": "visualization",
"id": "426aba70-7c66-11e9-ab58-c1e5cf60a7ac"
},
{
"name": "panel_15",
"type": "visualization",
"id": "0f4dc9f0-7c68-11e9-ab58-c1e5cf60a7ac"
}
]
},
{
"_id": "3f15a1f0-6696-11e8-a67b-cd4cf123b2a5",
"_type": "dashboard",
"_source": {
"title": "Suricata: Raw Logs",
"hits": 0,
"description": "",
"panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"4\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"5\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"6\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"title\":\"\",\"panelIndex\":\"7\",\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":28,\"i\":\"7\"},\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":42,\"h\":4,\"i\":\"8\"},\"version\":\"7.0.1\",\"panelIndex\":\"8\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"}]",
"optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"dashboard": "7.0.0"
},
"_references": [
{
"name": "panel_0",
"type": "visualization",
"id": "f3890650-648d-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_1",
"type": "visualization",
"id": "45775610-6a65-11e8-82af-6743288b8baf"
},
{
"name": "panel_2",
"type": "visualization",
"id": "d7e3e230-6a64-11e8-82af-6743288b8baf"
},
{
"name": "panel_3",
"type": "visualization",
"id": "299c4b30-6a65-11e8-82af-6743288b8baf"
},
{
"name": "panel_4",
"type": "search",
"id": "8679ce00-6a69-11e8-82af-6743288b8baf"
},
{
"name": "panel_5",
"type": "visualization",
"id": "acad4b10-7c65-11e9-ab58-c1e5cf60a7ac"
}
]
},
{
"_id": "d9a23fb0-6661-11e8-a67b-cd4cf123b2a5",
"_type": "dashboard",
"_source": {
"title": "Suricata: Threats (High-Risk Clients)",
"hits": 0,
"description": "",
"panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"25\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"25\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"30\",\"gridData\":{\"x\":9,\"y\":14,\"w\":12,\"h\":35,\"i\":\"30\"},\"embeddableConfig\":{\"spy\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"title\":\"High-Risk Clients\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"37\",\"gridData\":{\"x\":33,\"y\":14,\"w\":8,\"h\":35,\"i\":\"37\"},\"title\":\"Vulnerabilities\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"38\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"38\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"39\",\"gridData\":{\"x\":41,\"y\":14,\"w\":7,\"h\":35,\"i\":\"39\"},\"title\":\"IP Reputations\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"40\",\"gridData\":{\"x\":21,\"y\":14,\"w\":12,\"h\":35,\"i\":\"40\"},\"title\":\"Signatures\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":10,\"i\":\"41\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"44\"},\"version\":\"7.0.1\",\"panelIndex\":\"44\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"45\"},\"version\":\"7.0.1\",\"panelIndex\":\"45\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_9\"}]",
"optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"dashboard": "7.0.0"
},
"_references": [
{
"name": "panel_0",
"type": "visualization",
"id": "f3890650-648d-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_1",
"type": "visualization",
"id": "ae0b4b40-6651-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_2",
"type": "visualization",
"id": "913e46a0-664e-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_3",
"type": "visualization",
"id": "9ff9d990-6692-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_4",
"type": "visualization",
"id": "009e4c40-6693-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_5",
"type": "visualization",
"id": "a6c07810-6692-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_6",
"type": "visualization",
"id": "d0e55930-6692-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_7",
"type": "visualization",
"id": "0905a270-6693-11e8-a67b-cd4cf123b2a5"
},
{
"name": "panel_8",
"type": "visualization",
"id": "0ab3ba50-7c66-11e9-ab58-c1e5cf60a7ac"
},
{
"name": "panel_9",
"type": "visualization",
"id": "72967710-7c67-11e9-ab58-c1e5cf60a7ac"
}
]
},
{
"_id": "73c81560-64b9-11e8-9e8d-39632dc6b766",
"_type": "dashboard",
"_source": {
"title": "Suricata: Flows (Overview)",
"hits": 0,
"description": "",
"panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"3\"},\"panelIndex\":\"3\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":39,\"h\":15,\"i\":\"4\"},\"panelIndex\":\"4\",\"title\":\"Flows by Service\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":22,\"y\":19,\"w\":13,\"h\":11,\"i\":\"13\"},\"panelIndex\":\"13\",\"title\":\"Servers (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":35,\"y\":19,\"w\":13,\"h\":11,\"i\":\"14\"},\"panelIndex\":\"14\",\"title\":\"Services (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":9,\"y\":30,\"w\":13,\"h\":11,\"i\":\"18\"},\"panelIndex\":\"18\",\"title\":\"VLANs (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":9,\"y\":19,\"w\":13,\"h\":11,\"i\":\"19\"},\"panelIndex\":\"19\",\"title\":\"Clients (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"22\"},\"panelIndex\":\"22\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"23\"},\"panelIndex\":\"23\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":35,\"y\":30,\"w\":13,\"h\":11,\"i\":\"24\"},\"version\":\"7.0.1\",\"panelIndex\":\"24\",\"embeddableConfig\":{},\"title\":\"Flow States and TCP Flags (bytes)\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":22,\"y\":30,\"w\":13,\"h\":11,\"i\":\"25\"},\"version\":\"7.0.1\",\"panelIndex\":\"25\",\"embeddableConfig\":{},\"title\":\"IP Versions and Protocols (bytes)\",\"panelRefName\":\"panel_10\"}]",
"optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"dashboard": "7.0.0"
},
"_references": [
{
"name": "panel_0",
"type": "visualization",
"id": "f3890650-648d-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_1",
"type": "visualization",
"id": "ed2b5ed0-64b9-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_2",
"type": "visualization",
"id": "dab25cd0-64c4-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_3",
"type": "visualization",
"id": "20fa0c30-6441-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_4",
"type": "visualization",
"id": "3147c7c0-644c-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_5",
"type": "visualization",
"id": "0feaddf0-644d-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_6",
"type": "visualization",
"id": "5b77cd70-6441-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_7",
"type": "visualization",
"id": "85e74c60-7c65-11e9-ab58-c1e5cf60a7ac"
},
{
"name": "panel_8",
"type": "visualization",
"id": "cf1a3360-7c66-11e9-ab58-c1e5cf60a7ac"
},
{
"name": "panel_9",
"type": "visualization",
"id": "780ac400-7cbf-11e9-ab58-c1e5cf60a7ac"
},
{
"name": "panel_10",
"type": "visualization",
"id": "34c16c80-7cbf-11e9-ab58-c1e5cf60a7ac"
}
]
},
{
"_id": "a6bc4a90-64eb-11e8-9e8d-39632dc6b766",
"_type": "search",
"_source": {
"title": "Suricata: Logs (flows)",
"description": "",
"hits": 0,
"columns": [
"flow_id",
"client_hostname",
"server_hostname",
"service_name",
"flow.bytes",
"flow.pkts"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Flow\",\"disabled\":false,\"key\":\"event.subtype\",\"negate\":false,\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"flow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"search": "7.0.0"
},
"_references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "suricata-*"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "suricata-*"
}
]
},
{
"_id": "b1382980-6496-11e8-9e8d-39632dc6b766",
"_type": "search",
"_source": {
"title": "Suricata: Logs (alerts)",
"description": "",
"hits": 0,
"columns": [
"log.severity",
"alert.category",
"alert.signature",
"alert.signature_id",
"alert.action",
"client_hostname",
"server_hostname",
"service_name"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Alert\",\"disabled\":false,\"key\":\"event.subtype\",\"negate\":false,\"params\":{\"query\":\"alert\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"alert\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"alert\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"search": "7.0.0"
},
"_references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "suricata-*"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "suricata-*"
}
]
},
{
"_id": "275fa0a0-6a70-11e8-82af-6743288b8baf",
"_type": "search",
"_source": {
"title": "Suricata: Logs (dns)",
"description": "",
"hits": 0,
"columns": [
"client_hostname",
"server_hostname",
"dns.type",
"dns.rrname",
"dns.rcode",
"dns.rrtype",
"dns.rdata"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"DNS\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"dns\",\"params\":{\"query\":\"dns\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"dns\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"search": "7.0.0"
},
"_references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "suricata-*"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "suricata-*"
}
]
},
{
"_id": "e914b550-6a70-11e8-82af-6743288b8baf",
"_type": "search",
"_source": {
"title": "Suricata: Logs (http)",
"description": "",
"hits": 0,
"columns": [
"client_hostname",
"http.http_method",
"http.hostname",
"http.url",
"http.status"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"HTTP\",\"disabled\":false,\"key\":\"event.subtype\",\"negate\":false,\"params\":{\"query\":\"http\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"http\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"http\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"search": "7.0.0"
},
"_references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "suricata-*"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "suricata-*"
}
]
},
{
"_id": "6dbd0910-823a-11e9-8c3c-4925ccb1fc48",
"_type": "search",
"_source": {
"title": "Suricata: Logs (tls)",
"description": "",
"hits": 0,
"columns": [
"tls.sni",
"service_name",
"tls.version",
"tls.subject"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":\"TLS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"tls\",\"params\":{\"query\":\"tls\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"tls\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"search": "7.0.0"
},
"_references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "suricata-*"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "suricata-*"
}
]
},
{
"_id": "5a4457a0-82c4-11e9-8c3c-4925ccb1fc48",
"_type": "search",
"_source": {
"title": "Suricata: Logs (smb)",
"description": "",
"hits": 0,
"columns": [
"client_hostname",
"server_hostname",
"smb.access",
"smb.command",
"smb.disposition",
"smb.filename",
"smb.function",
"smb.status"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"search": "7.0.0"
},
"_references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "suricata-*"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "suricata-*"
}
]
},
{
"_id": "4d759660-82c9-11e9-8c3c-4925ccb1fc48",
"_type": "search",
"_source": {
"title": "Suricata: Logs (nfs)",
"description": "",
"hits": 0,
"columns": [
"client_hostname",
"server_hostname",
"nfs.type",
"nfs.procedure",
"nfs.filename",
"nfs.status"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"search": "7.0.0"
},
"_references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "suricata-*"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "suricata-*"
}
]
},
{
"_id": "749aa930-82c2-11e9-8c3c-4925ccb1fc48",
"_type": "search",
"_source": {
"title": "Suricata: Logs (ssh)",
"description": "",
"hits": 0,
"columns": [
"client_hostname",
"ssh.client.software_version",
"ssh.client.proto_version",
"server_hostname",
"ssh.server.software_version",
"ssh.server.proto_version"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"search": "7.0.0"
},
"_references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "suricata-*"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "suricata-*"
}
]
},
{
"_id": "8679ce00-6a69-11e8-82af-6743288b8baf",
"_type": "search",
"_source": {
"title": "Suricata: Logs (all)",
"description": "",
"hits": 0,
"columns": [
"node.hostname",
"log.severity",
"event.subtype",
"client_hostname",
"server_hostname",
"service_name",
"flow.bytes",
"flow.pkts"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"search": "7.0.0"
},
"_references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "suricata-*"
}
]
},
{
"_id": "0dd5d540-8221-11e9-8c3c-4925ccb1fc48",
"_type": "dashboard",
"_source": {
"title": "Suricata: SSH (Overview)",
"hits": 0,
"description": "",
"panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"29\"},\"panelIndex\":\"29\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"30\"},\"panelIndex\":\"30\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":47,\"i\":\"31\"},\"panelIndex\":\"31\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":35,\"y\":4,\"w\":13,\"h\":11,\"i\":\"32\"},\"version\":\"7.0.1\",\"panelIndex\":\"32\",\"embeddableConfig\":{},\"title\":\"Client Protocol Versions (records)\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":35,\"y\":15,\"w\":13,\"h\":11,\"i\":\"33\"},\"version\":\"7.0.1\",\"panelIndex\":\"33\",\"embeddableConfig\":{},\"title\":\"Server Protocol Versions (records)\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":22,\"y\":4,\"w\":13,\"h\":11,\"i\":\"34\"},\"version\":\"7.0.1\",\"panelIndex\":\"34\",\"embeddableConfig\":{},\"title\":\"Client Software (records)\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":22,\"y\":15,\"w\":13,\"h\":11,\"i\":\"35\"},\"version\":\"7.0.1\",\"panelIndex\":\"35\",\"embeddableConfig\":{},\"title\":\"Server Software (records)\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":13,\"h\":11,\"i\":\"36\"},\"version\":\"7.0.1\",\"panelIndex\":\"36\",\"embeddableConfig\":{},\"title\":\"Clients (records)\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":9,\"y\":15,\"w\":13,\"h\":11,\"i\":\"37\"},\"version\":\"7.0.1\",\"panelIndex\":\"37\",\"embeddableConfig\":{},\"title\":\"Servers (records)\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":18,\"y\":26,\"w\":10,\"h\":25,\"i\":\"38\"},\"version\":\"7.0.1\",\"panelIndex\":\"38\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":9,\"y\":26,\"w\":9,\"h\":25,\"i\":\"39\"},\"version\":\"7.0.1\",\"panelIndex\":\"39\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":28,\"y\":26,\"w\":9,\"h\":25,\"i\":\"40\"},\"version\":\"7.0.1\",\"panelIndex\":\"40\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":37,\"y\":26,\"w\":10,\"h\":24,\"i\":\"41\"},\"version\":\"7.0.1\",\"panelIndex\":\"41\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_13\"}]",
"optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
}
},
"_meta": {
"savedObjectVersion": 2
},
"_migrationVersion": {
"dashboard": "7.0.0"
},
"_references": [
{
"name": "panel_0",
"type": "visualization",
"id": "f3890650-648d-11e8-9e8d-39632dc6b766"
},
{
"name": "panel_1",
"type": "visualization",
"id": "5eecdda0-82af-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_2",
"type": "visualization",
"id": "7ff11b30-8221-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_3",
"type": "visualization",
"id": "40dd9a60-82bf-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_4",
"type": "visualization",
"id": "3ffcccc0-82be-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_5",
"type": "visualization",
"id": "5aa2b300-82be-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_6",
"type": "visualization",
"id": "9908d200-82be-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_7",
"type": "visualization",
"id": "af9ed550-82be-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_8",
"type": "visualization",
"id": "d3864520-82be-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_9",
"type": "visualization",
"id": "e407e2f0-82be-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_10",
"type": "visualization",
"id": "defd8880-82c0-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_11",
"type": "visualization",
"id": "99a04520-82c0-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_12",
"type": "visualization",
"id": "aff65940-82c0-11e9-8c3c-4925ccb1fc48"
},
{
"name": "panel_13",
"type": "visualization",
"id": "d1d88330-82c0-11e9-8c3c-4925ccb1fc48"
}
]
},
{
"_id": "d41023f0-8221-11e9-8c3c-4925ccb1fc48",
"_type": "dashboard",
"_source": {
"title": "Suricata: SMB (Overview)",
"hits": 0,
"description": "",
"panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"29\"},\"version\":\"7.0.1\",\"panelIndex\":\"29\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"30\"},\"version\":\"7.0.1\",\"panelIndex\":\"30\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":44,\"i\":\"31\"},\"version\":\"7.0.1\",\"panelIndex\":\"31\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":13,\"h\":11,\"i\":\"32\"},\"version\":\"7.0.1\",\"panelIndex\":\"32\",\"embeddableConfig\":{},\"title\":\"Clients (records)\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":9,\"y\":15,\"w\":13,\"h\":11,\"i\":\"33\"},\"version\":\"7.0.1\",\"panelIndex\":\"33\",\"embeddableConfig\":{},\"title\":\"Commands (records)\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":22,\"y\":4,\"w\":13,\"h\":11,\"i\":\"34\"},\"version\":\"7.0.1\",\"panelIndex\":\"34\",\"embeddableConfig\":{},\"title\":\"Servers (records)\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":9,\"y\":26,\"w\":13,\"h\":11,\"i\":\"35\"},\"version\":\"7.0.1\",\"panelIndex\":\"35\",\"embeddableConfig\":{},\"title\":\"Access (records)\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":22,\"y\":15,\"w\":13,\"h\":11,\"i\":\"36\"},\"version\":\"7.0.1\",\"panelIndex\":\"36\",\"embeddableConfig\":{},\"title\":\"Dispositions (records)\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":35,\"y\":4,\"w\":13,\"h\":11,\"i\":\"37\"},\"version\":\"7.0.1\",\"panelIndex\":\"37\",\"embeddableConfig\":{},\"title\":\"Filenames (records)\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":35,\"y\":26,\"w\":13,\"h\":11,\"i\":\"38\"},\"version\":\"7.0.1\",\"panelIndex\":\"38\",\"embeddableConfig\":{},\"title\":\"Functions (records)\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":35,\"y\":15,\"w\":13,\"h\":11,\"i\":\"39\"},\"version\":\"7.0.1\",\"panelIndex\":\"39\",\"embeddableConfig\":{},\"title\":\"Status (records)\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":22,\"y\":26,\"w\":13,\"h\":11,\"i\":\"40\"},\"version\":\"7.0.1\",\"panelIndex\":\"40\",\"embeddableConfig\":{},\"title\":\"Dialects (records)\",\"panelRefName\":\"panel_12\"}]",
"optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
}
},
"_meta": {
"savedObjectVersion": 2