Giters

rocknsm / rock

Automated deployment scripts for the RockNSM network hunting distribution.

Home Page:http://rocknsm.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

No Data in Kibana

zeon121 opened this issue · comments

commented

Hi

I installed rocknsm on a VM, all went smooth, I sent traffic over monitor interface, i can see bro logs increasing and data in bro logs matching the traffic but i dont see any data in Kibana, How do i troubleshoot where is the problem ? rockctl shows status of all services as active and green

thanks
zeon

commented

I did a quick check in Kibana query console
this is what i get
GET /_search
{
"query": {
"match_all": {}
}
}
Response
{
"took" : 20,
"timed_out" : false,
"_shards" : {
"total" : 7,
"successful" : 7,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 184,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "index-pattern:b6c2fb00-1fea-11e8-82ea-3daef40316d8",
"_score" : 1.0,
"_source" : {
"index-pattern" : {
"title" : "suricata-",
"timeFieldName" : "@timestamp",
"fields" : """[{"name":"@meta.geoip_dest.as_org","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.asn","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.city_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.continent_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.country_code2","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.country_code3","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.country_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.dma_code","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.ip","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.latitude","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.location.lat","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.location.lon","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.longitude","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.postal_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.region_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.region_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_dest.timezone","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.as_org","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.asn","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.city_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.continent_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.country_code2","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.country_code3","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.country_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.dma_code","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.ip","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.latitude","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.location.lat","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.location.lon","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.longitude","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.postal_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.region_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.region_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@meta.geoip_src.timezone","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@timestamp","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@Version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"@version.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"_id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_index","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_score","type":"number","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_source","type":"_source","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"agent.ephemeral_id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"agent.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"agent.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"agent.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.action","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.category","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.gid","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.metadata.affected_product","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.metadata.attack_target","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.metadata.created_at","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.metadata.deployment","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.metadata.former_category","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.metadata.performance_impact","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.metadata.signature_severity","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.metadata.tag","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.metadata.updated_at","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.rev","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.severity","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.signature","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"alert.signature_id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"app_proto","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"app_proto_orig","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"app_proto_tc","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"app_proto_ts","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cloud.account.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cloud.availability_zone","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cloud.instance.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cloud.instance.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cloud.machine.type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cloud.provider","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cloud.region","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"container.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"container.image.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"container.image.tag","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"container.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"container.runtime","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dest_ip","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dest_port","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"destination.domain","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"destination.hostname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"destination.ip","type":"ip","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"destination.mac","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"destination.port","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"destination.subdomain","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"device.hostname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"device.ip","type":"ip","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"device.mac","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"device.serial_number","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"device.timezone.offset.sec","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"device.type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"device.vendor","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"device.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.aa","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.answers.rdata","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.answers.rrname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.answers.rrtype","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.answers.ttl","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.authorities.rrname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.authorities.rrtype","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.authorities.ttl","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.flags","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.grouped.A","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.grouped.AAAA","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.grouped.CNAME","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.grouped.PTR","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.grouped.TXT","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.qr","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.ra","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.rcode","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.rd","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.rrname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.rrtype","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.tc","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.tx_id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dns.version","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"error.code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"error.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"error.message","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"event.action","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.category","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.created","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.dataset","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.duration","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.hash","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.module","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.raw","type":"string","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"event.risk_score","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.severity","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"event_type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.ctime","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.device","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.extension","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.gid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.group","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.inode","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.mode","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.mtime","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.owner","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.path","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"file.path.raw","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.size","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.target_path","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"file.target_path.raw","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"file.uid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.filename","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.gaps","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.magic","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.md5","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.sha1","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.sha256","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.size","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.state","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.stored","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fileinfo.tx_id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.age","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.alerted","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.bytes_toclient","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.bytes_toserver","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.end","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.pkts_toclient","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.pkts_toserver","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.reason","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.start","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow.state","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"flow_id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"ftp-data.command","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"ftp-data.filename","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geo.city_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geo.continent_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geo.country_iso_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geo.location","type":"geo_point","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geo.region_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.architecture","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.ip","type":"ip","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.mac","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.os.family","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.os.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.os.platform","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.os.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.timezone.offset.sec","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host.type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.hostname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.http_content_type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.http_method","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.http_port","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.http_refer","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.http_user_agent","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"http.http_user_agent.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.length","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.protocol","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.redirect","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.request.method","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.response.body","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"http.response.status_code","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.status","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.url","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"http.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"icmp_code","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"icmp_type","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"in_iface","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"kubernetes.container.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"kubernetes.namespace","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"kubernetes.pod.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"log.file.path","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"log.level","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"log.line","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"log.message","type":"string","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"log.offset","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"message","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"metadata.flowbits","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"metadata.flowints.applayer.anomaly.count","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"metadata.flowints.http.anomaly.count","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"metadata.flowints.tcp.retransmission.count","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"metadata.flowints.tls.anomaly.count","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"network.direction","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"network.forwarded_ip","type":"ip","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"network.inbound.bytes","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"network.inbound.packets","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"network.outbound.bytes","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"network.outbound.packets","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"network.protocol","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"network.total.bytes","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"network.total.packets","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"offset","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"organization.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"organization.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"os.family","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"os.kernel","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"os.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"os.platform","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"os.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"parent_id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"pcap_cnt","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"process.args","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"process.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"process.pid","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"process.ppid","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"process.title","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"proto","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"response_icmp_code","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"response_icmp_type","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"service.ephemeral_id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"service.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"service.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"service.state","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"service.type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"service.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.command","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.dialect","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.filename","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.fuid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.session_id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.share","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.status","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.status_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smb.tree_id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"smtp.helo","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"source.domain","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"source.hostname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"source.ip","type":"ip","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"source.mac","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"source.port","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"source.subdomain","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"src_ip","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"src_port","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.expectations","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.dcerpc_tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.dcerpc_udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.dhcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.dns_tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.dns_udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.failed_tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.failed_udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.ftp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.ftp-data","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.http","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.ikev2","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.imap","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.krb5_tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.krb5_udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.msn","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.nfs_tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.nfs_udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.ntp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.smb","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.smtp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.ssh","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.tftp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.flow.tls","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.dcerpc_tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.dcerpc_udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.dhcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.dns_tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.dns_udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.ftp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.ftp-data","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.http","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.ikev2","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.krb5_tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.krb5_udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.nfs_tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.nfs_udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.ntp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.smb","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.smtp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.ssh","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.tftp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.app_layer.tx.tls","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.capture.errors","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.capture.kernel_drops","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.capture.kernel_packets","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.avg_pkt_size","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.bytes","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.dce.pkt_too_small","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.erspan","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ethernet","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.gre","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.icmpv4","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.icmpv6","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ieee8021ah","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.invalid","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ipraw.invalid_ip_version","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ipv4","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ipv4_in_ipv6","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ipv6","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ipv6_in_ipv6","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ltnull.pkt_too_small","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ltnull.unsupported_type","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.max_pkt_size","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.mpls","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.null","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.pkts","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.ppp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.pppoe","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.raw","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.sctp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.sll","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.teredo","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.vlan","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.decoder.vlan_qinq","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.defrag.ipv4.fragments","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.defrag.ipv4.reassembled","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.defrag.ipv4.timeouts","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.defrag.ipv6.fragments","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.defrag.ipv6.reassembled","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.defrag.ipv6.timeouts","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.defrag.max_frag_hits","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.detect.alert","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.detect.engines.id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.detect.engines.last_reload","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.detect.engines.rules_failed","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.detect.engines.rules_loaded","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.dns.memcap_global","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.dns.memcap_state","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.dns.memuse","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.file_store.open_files","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.emerg_mode_entered","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.emerg_mode_over","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.icmpv4","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.icmpv6","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.memcap","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.memuse","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.spare","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.tcp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.tcp_reuse","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow.udp","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.bypassed_pruned","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.closed_pruned","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.est_pruned","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.flows_checked","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.flows_notimeout","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.flows_removed","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.flows_timeout","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.flows_timeout_inuse","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.new_pruned","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.rows_busy","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.rows_checked","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.rows_empty","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.rows_maxlen","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.flow_mgr.rows_skipped","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.ftp.memcap","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.ftp.memuse","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.http.memcap","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.http.memuse","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.insert_data_normal_fail","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.insert_data_overlap_fail","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.insert_list_fail","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.invalid_checksum","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.memuse","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.midstream_pickups","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.no_flow","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.overlap","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.overlap_diff_data","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.pkt_on_wrong_thread","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.pseudo","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.pseudo_failed","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.reassembly_gap","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.reassembly_memuse","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.rst","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.segment_memcap_drop","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.sessions","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.ssn_memcap_drop","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.stream_depth_reached","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.syn","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.tcp.synack","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"stats.uptime","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tags","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.ack","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.cwr","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.ecn","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.fin","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.psh","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.rst","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.state","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.syn","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.tcp_flags","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.tcp_flags_tc","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tcp.tcp_flags_ts","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.certificates","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"tls.ciphersuite","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.fingerprint","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.from_proto","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.issuerdn","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.notafter","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.notbefore","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.serial","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.servername","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.session_resumed","type":"boolean","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.sni","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.subject","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tls.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tunnel.depth","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tunnel.dest_ip","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tunnel.dest_port","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tunnel.proto","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tunnel.src_ip","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tunnel.src_port","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tx_id","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url.fragment","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url.host.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url.href","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"url.href.raw","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url.password","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url.path","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"url.path.raw","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url.port","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url.query","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"url.query.raw","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url.scheme","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url.username","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user.email","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user.hash","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user.id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.device","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.major","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.minor","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.os.major","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.os.minor","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.os.name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.os.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.patch","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user_agent.raw","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"user_agent.version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"vlan","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"pcap.query","type":"string","count":0,"scripted":true,"script":"if (doc['event_type'].value == 'flow' || doc['event_type'].value == 'alert' )\n{ \n\n String api_endpoint = '/app/docket/api/uri/';\n String retVal = "";\n String host1 = doc['src_ip'].value;\n String host2 = doc['dest_ip'].value;\n String timestamp = doc['@timestamp'].value.toString();\n timestamp = timestamp.substring(0,timestamp.indexOf('Z'));\n String begin = timestamp.substring(0,timestamp.indexOf('.')) + 'Z';\n\n retVal = api_endpoint + \n 'host/' + host1 + \n '/host/' + host2 + \n '/after/' + begin + '/' ;\n String proto = doc['proto'].value.toUpperCase();\n String port1 = "";\n String port2 = "";\n if (proto == "TCP" || proto == "UDP" || proto == "SCTP") {\n port1 = doc['src_port'].value.toString();\n port2 = doc['dest_port'].value.toString();\n retVal += '/port/' + port1 + '/port/' + port2;\n} else if (proto == "IPv6-ICMP" || proto == "IPv4-ICMP") {\n port1 = doc['icmp_type'].value.toString();\n port2 = doc['icmp_code'].value.toString();\n retVal += '/port/' + port1 + '/port/' + port2;\n}\n\n return retVal;\n}\nreturn '';","lang":"painless","searchable":true,"aggregatable":true,"readFromDocValues":false}]""",
"fieldFormatMap" : """{"dest_port":{"id":"number","params":{"pattern":"0"}},"alert.signature_id":{"id":"number","params":{"pattern":"0"}},"icmp_code":{"id":"number","params":{"pattern":"0"}},"src_port":{"id":"number","params":{"pattern":"0"}},"icmp_type":{"id":"number","params":{"pattern":"0"}},"duration":{"id":"duration","params":{"outputFormat":"asSeconds"}},"@timestamp":{"id":"date","params":{"pattern":"YYYY-MM-DDTHH:mm:ss.SSS"}},"flow.end":{"id":"date","params":{"pattern":"YYYY-MM-DDTHH:mm:ss.SSS"}},"flow.start":{"id":"date","params":{"pattern":"YYYY-MM-DDTHH:mm:ss.SSS"}},"timestamp":{"id":"date","params":{"pattern":"YYYY-MM-DDTHH:mm:ss.SSS"}},"Query PCAP":{"id":"url","params":{"labelTemplate":"Docket PCAP"}},"Docket PCAP":{"id":"url","params":{"labelTemplate":"Query PCAP"}},"flow.bytes_toclient":{"id":"bytes"},"flow.bytes_toserver":{"id":"bytes"},"stats.decoder.bytes":{"id":"bytes"},"network.inbound.bytes":{"id":"bytes"},"network.outbound.bytes":{"id":"bytes"},"network.total.bytes":{"id":"bytes"},"destination.port":{"id":"number","params":{"pattern":"0"}},"http.http_port":{"id":"number","params":{"pattern":"0"}},"source.port":{"id":"number","params":{"pattern":"0"}},"url.port":{"id":"number","params":{"pattern":"0"}},"pcap.query":{"id":"url","params":{"urlTemplate":"{{rawValue}}","labelTemplate":"Query PCAP"}}}"""
},
"type" : "index-pattern",
"references" : [ ],
"migrationVersion" : {
"index-pattern" : "6.5.0"
},
"updated_at" : "2019-08-30T00:31:35.493Z"
}
},
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "space:default",
"_score" : 1.0,
"_source" : {
"space" : {
"name" : "Default",
"description" : "This is your default space!",
"color" : "#00bfb3",
"disabledFeatures" : [ ],
"_reserved" : true
},
"type" : "space",
"migrationVersion" : {
"space" : "6.6.0"
},
"updated_at" : "2019-08-30T00:31:30.332Z"
}
},
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "search:6ba93ab0-202d-11e8-82ea-3daef40316d8",
"_score" : 1.0,
"_source" : {
"search" : {
"title" : "Bro - Files - Common Exploit Types",
"description" : "",
"hits" : 0,
"columns" : [
"@meta.related_ids",
"files.mime_type",
"files.source",
"files.tx_hosts",
"files.rx_hosts",
"files.total_bytes",
"files.analyzers",
"files.md5",
"files.sha1"
],
"sort" : [
"@timestamp",
"desc"
],
"version" : 1,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : """{"index":"146c2580-1fdf-11e8-82ea-3daef40316d8","highlightAll":true,"version":true,"query":{"language":"lucene","query":"@meta.stream: files AND files.mime_type: ( "application/java-archive" OR "application/x-java-applet" OR "application/x-java-jnlp-file" OR "application/x-dosexec" OR "application/msword" OR "application/vnd.openxmlformats-officedocument.wordprocessingml.document" OR "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" OR "application/vnd.openxmlformats-officedocument.presentationml.presentation" OR "application/pdf" )"},"filter":[]}"""
}
},
"type" : "search",
"references" : [ ],
"migrationVersion" : {
"search" : "7.0.0"
},
"updated_at" : "2019-08-30T00:31:41.821Z"
}
},
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "search:009f6e00-2024-11e8-82ea-3daef40316d8",
"_score" : 1.0,
"_source" : {
"search" : {
"title" : "Bro - Connections",
"description" : "",
"hits" : 0,
"columns" : [
"conn.id_orig_h",
"conn.id_orig_p",
"conn.id_resp_h",
"conn.id_resp_p",
"conn.service",
"Docket PCAP",
"conn.duration",
"conn.orig_pkts",
"conn.orig_bytes",
"conn.resp_pkts",
"conn.resp_bytes"
],
"sort" : [
"@timestamp",
"desc"
],
"version" : 1,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : """{"index":"146c2580-1fdf-11e8-82ea-3daef40316d8","highlightAll":true,"version":true,"query":{"language":"lucene","query":"@meta.stream: conn"},"filter":[]}"""
}
},
"type" : "search",
"references" : [ ],
"migrationVersion" : {
"search" : "7.0.0"
},
"updated_at" : "2019-08-30T00:31:36.567Z"
}
},
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "search:61983d10-2036-11e8-82ea-3daef40316d8",
"_score" : 1.0,
"_source" : {
"search" : {
"title" : "Bro - HTTP",
"description" : "",
"hits" : 0,
"columns" : [
"http.id_orig_h",
"http.id_orig_p",
"http.id_resp_h",
"http.id_resp_p",
"http.method",
"http.host",
"http.uri",
"http.referrer",
"http.status_code",
"http.status_msg",
"http.user_agent",
"http.version"
],
"sort" : [
"@timestamp",
"desc"
],
"version" : 1,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : """{"index":"146c2580-1fdf-11e8-82ea-3daef40316d8","highlightAll":true,"version":true,"query":{"query":"@meta.stream: http","language":"lucene"},"filter":[]}"""
}
},
"type" : "search",
"references" : [ ],
"migrationVersion" : {
"search" : "7.0.0"
},
"updated_at" : "2019-08-30T00:31:40.785Z"
}
},
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "search:34e42cb0-7d3f-11e7-bb02-a1e09360c6cb",
"_score" : 1.0,
"_source" : {
"search" : {
"title" : "HTTP Host and User Agent",
"description" : "",
"hits" : 0,
"columns" : [
"http.method",
"http.host",
"http.user_agent"
],
"sort" : [
"@timestamp",
"desc"
],
"version" : 1,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : """{"index":"146c2580-1fdf-11e8-82ea-3daef40316d8","highlightAll":true,"version":true,"query":{"query":{"query_string":{"query":"@meta.stream:http AND exists:(http.host AND http.user_agent)","analyze_wildcard":true}},"language":"lucene"},"filter":[]}"""
}
},
"type" : "search",
"references" : [ ],
"migrationVersion" : {
"search" : "7.0.0"
},
"updated_at" : "2019-08-30T00:31:39.721Z"
}
},
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "search:0236ba60-2025-11e8-82ea-3daef40316d8",
"_score" : 1.0,
"_source" : {
"search" : {
"title" : "Bro - DNS NXDOMAIN",
"description" : "",
"hits" : 0,
"columns" : [
"dns.id_orig_h",
"dns.id_resp_h",
"dns.qtype_name",
"dns.query",
"dns.rcode_name",
"dns.answers",
"Docket PCAP"
],
"sort" : [
"@timestamp",
"desc"
],
"version" : 1,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : """{"index":"146c2580-1fdf-11e8-82ea-3daef40316d8","highlightAll":true,"version":true,"query":{"language":"lucene","query":"@meta.stream: dns AND dns.rcode_name:NXDOMAIN"},"filter":[]}"""
}
},
"type" : "search",
"references" : [ ],
"migrationVersion" : {
"search" : "7.0.0"
},
"updated_at" : "2019-08-30T00:31:37.578Z"
}
},
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "search:188b5070-203c-11e8-82ea-3daef40316d8",
"_score" : 1.0,
"_source" : {
"search" : {
"title" : "Bro - SSL",
"description" : "",
"hits" : 0,
"columns" : [
"@meta.related_ids",
"ssl.subject",
"ssl.server_name",
"ssl.issuer",
"ssl.validation_status",
"ssl.version",
"ssl.cipher",
"ssl.established"
],
"sort" : [
"@timestamp",
"desc"
],
"version" : 1,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : """{"index":"146c2580-1fdf-11e8-82ea-3daef40316d8","highlightAll":true,"version":true,"query":{"query":"@meta.stream: ssl","language":"lucene"},"filter":[]}"""
}
},
"type" : "search",
"references" : [ ],
"migrationVersion" : {
"search" : "7.0.0"
},
"updated_at" : "2019-08-30T00:31:38.595Z"
}
},
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "search:6bccb450-4755-11e8-bb80-b7240cd6c2af",
"_score" : 1.0,
"_source" : {
"search" : {
"title" : "Signatures",
"description" : "",
"hits" : 0,
"columns" : [
"_source"
],
"sort" : [
"@timestamp",
"desc"
],
"version" : 1,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : """{"index":"b6c2fb00-1fea-11e8-82ea-3daef40316d8","highlightAll":true,"version":true,"query":{"query":"alert.signature: * fields: alert.signature","language":"lucene"},"filter":[]}"""
}
},
"type" : "search",
"references" : [ ],
"migrationVersion" : {
"search" : "7.0.0"
},
"updated_at" : "2019-08-30T00:31:42.845Z"
}
},
{
"_index" : ".kibana_1",
"_type" : "_doc",
"_id" : "search:eeee1f80-1a48-11e7-8392-7b28763af41c",
"_score" : 1.0,
"_source" : {
"search" : {
"title" : "Network Event Type",
"description" : "",
"hits" : 0,
"columns" : [
"_source"
],
"sort" : [
"@timestamp",
"desc"
],
"version" : 1,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : """{"index":"146c2580-1fdf-11e8-82ea-3daef40316d8","query":{"query":{"query_string":{"query":"@meta.event_type:network","analyze_wildcard":true}},"language":"lucene"},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"":{}},"require_field_match":false,"fragment_size":2147483647}}"""
}
},
"type" : "search",
"references" : [ ],
"migrationVersion" : {
"search" : "7.0.0"
},
"updated_at" : "2019-08-30T00:31:57.567Z"
}
}
]
}
}

commented

@zeon121 we use https://community.rocknsm.io for issues that are in the support realm. We have a bigger community of users there that can also jump in and help with issues like this.