Wednesday, July 6, 2022
  • Login
  • Register
IT Skills You Need
  • Home
  • Monitoring
  • DevOps
  • AI
  • Big-data
  • Automation
  • Agile
  • ITIL
  • AIOps
No Result
View All Result
  • Home
  • Monitoring
  • DevOps
  • AI
  • Big-data
  • Automation
  • Agile
  • ITIL
  • AIOps
No Result
View All Result
IT Skills You Need
No Result
View All Result
Home Monitoring

Forti-elk – Analyze your Network Log Data

admin by admin
31 May 2022
in Monitoring
0 0
0
Forti-elk – Analyze your Network Log Data
0
SHARES
4
VIEWS
Share on FacebookShare on Twitter

Zen Networks –

Forti-elk – Analyze your Network Log Data

FortiGate is one of the most popular NGFW (Next-Generation Firewalls). This project’s primary purpose is to create an open-source log monitoring platform dedicated to FortiGate based on this firewall’s logs.

It is based on ELK, which stands for Elasticsearch, Logstash, and Kibana.

This should be considered a free alternative to Forti Analyzer from a functional point of view.

What is FortiGate?

FortiGate next-generation firewalls (NGFW) from Fortinet provide enterprises with the best protection against web-based network threats, including known and undiscovered threats and intrusion methods. FortiGate firewalls seamlessly interact with FortiGuard Labs security services, whether deployed on-premise, through virtual hardware, or in the cloud, to extend and reinforce an enterprise’s total security efforts from the network edge to the core.

What is Forti-elk?

Forti-elk is a free alternative to FortiAnalyzer from a functional point of view. Forti-elk platforms combine network logging, analysis, automated workflows, and compliance reporting into a single system to detect advanced threats. All that allows you to understand security events throughout the entire network better.

Forti-elk Configurations:

Before using this project, make sure you have:

  • One or multiple Fortigate firewalls are configured with the required filtering and identification features.
  • Installed Elasticsearch, Logstash and Kibana instances.

In this project, we will cover:

  • Fortigate configuration in order to send logs to a specified host/port. We’ve chosen port 5517. But, it can be any valid port.
  • Logstash configuration to parse Fortigate logs
  • Kibana visualizations and dashboard to leverage these logs

 

Fortigate Configurations:

FortiGate-VM-1 # config log syslogd setting

FortiGate-VM-1 (setting) # show full-configuration

config log syslogd setting

    set status enable

    set server "192.168.1.70"

    set mode udp

    set port 5517

    set facility local7

    set source-ip ''

    set format default

end
FortiGate-VM-1 # config log setting 
FortiGate-VM-1 (setting) # show full-configuration 
config log setting
set resolve-ip disable
set resolve-port enable
set log-user-in-upper disable
set fwpolicy-implicit-log enable
set fwpolicy6-implicit-log disable
set log-invalid-packet disable
set local-in-allow enable
set local-in-deny-unicast enable
set local-in-deny-broadcast enable
set local-out enable
set daemon-log disable
set neighbor-event disable
set brief-traffic-format disable
set user-anonymize disable
set expolicy-implicit-log disable
set log-policy-comment disable
set log-policy-name enable
end

 

Logstash Configurations:

copy this configuration to this path /etc/logstash/conf.d/

input {
udp {
port => 5517
type => "forti_log"
}
}


filter {
if [type] == "forti_log" {
kv {
source => "message"
exclude_keys => [ "type", "subtype" ] }
geoip { source => "dst" }
geoip { source => "dstip" }
geoip { source => "src" }
geoip { source => "srcip" }

mutate {

rename => [ "dst", "dst_ip" ]
rename => [ "dstip", "dst_ip" ]
rename => [ "dstport", "dst_port" ]
rename => [ "devname", "device_id" ]
rename => [ "status", "action" ]
rename => [ "src", "src_ip" ]
rename => [ "srcip", "src_ip" ]
rename => [ "zone", "src_intf" ]
rename => [ "srcintf", "src_intf" ]
rename => [ "srcport", "src_port" ]
rename => [ "rcvd", "byte_recieved" ]
rename => [ "rcvdbyte", "bytes_recieved" ]
rename => [ "sentbyte", "bytes_sent" ]
rename => [ "sent", "bytes_sent" ]
convert => ["bytes_recieved", "integer"]
convert => ["bytes_sent", "integer"]
remove_field => [ "msg" ]
}
}
}

output {
if [type] == "forti_log" {
elasticsearch {
hosts => "localhost:9200"
index => "forti-%{+YYYY.MM.dd}"
}
}
}

Elasticsearch is listening to localhost:9200 in our case. If you have separated the ELK stack in a larger setup, then you have to change localhost to the Elasticsearch server address.

Start the logstash with this command:

/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/fortigate.conf

Kibana Configurations:

Go to Management. Then, Saved Objects. Click on import in order to import Index, dashboard and visualizations that exit in the Kibana folder.

index.json
[
{
"_id": "447b2e10-d137-11e8-9f6e-95c9c5cb15a3",
"_type": "index-pattern",
"_source": {
"title": "forti*",
"timeFieldName": "@timestamp",
"fields": "[{"name":"<185>date","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"<188>date","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"<189>date","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"<190>date","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@timestamp","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"@version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"@version.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"_id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_index","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_score","type":"number","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_source","type":"_source","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"action","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"action.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"app","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"app.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"appact","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"appact.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"appcat","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"appcat.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"appid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"appid.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"applist","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"applist.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"apprisk","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"apprisk.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"authproto","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"authproto.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"authserver","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"authserver.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"bandwidth","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"bandwidth.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"bytes_recieved","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"bytes_sent","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cfgattr","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"cfgattr.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cfgobj","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"cfgobj.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cfgpath","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"cfgpath.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cfgtid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"cfgtid.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"community","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"community.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"countapp","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"countapp.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"cpu","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"cpu.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"craction","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"craction.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"crlevel","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"crlevel.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"crscore","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"crscore.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"devcategory","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"devcategory.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"device_id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"device_id.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"devid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"devid.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"devtype","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"devtype.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"direction","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"direction.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"disk","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"disk.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"disklograte","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"disklograte.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dst_ip","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dst_ip.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dst_port","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dst_port.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dstcountry","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dstcountry.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dstdevcategory","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dstdevcategory.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dstdevtype","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dstdevtype.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dstintf","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dstintf.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dstintfrole","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dstintfrole.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dstmac","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dstmac.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dstosname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dstosname.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dstosversion","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dstosversion.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"dstserver","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"dstserver.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"duration","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"duration.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"eventtime","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"eventtime.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"eventtype","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"eventtype.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"fazlograte","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"fazlograte.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"field","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"field.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.city_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.city_name.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.continent_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.continent_code.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.country_code2","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.country_code2.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.country_code3","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.country_code3.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.country_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.country_name.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.dma_code","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.ip","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.ip.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.latitude","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.location.lat","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.location.lon","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.longitude","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.postal_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.postal_code.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.region_code","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.region_code.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.region_name","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.region_name.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"geoip.timezone","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"geoip.timezone.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"group","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"group.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"host","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"host.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"hostname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"hostname.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"incidentserialno","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"incidentserialno.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"interface","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"interface.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"level","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"level.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"log","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"log.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"logdesc","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"logdesc.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"logid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"logid.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"masterdstmac","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"masterdstmac.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"mastersrcmac","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"mastersrcmac.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"mem","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"mem.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"message","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"message.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"method","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"method.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"osname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"osname.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"osversion","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"osversion.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"policyid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"policyid.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"policyname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"policyname.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"policytype","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"policytype.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"poluuid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"poluuid.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"profile","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"profile.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"proto","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"proto.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"rcvdpkt","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"rcvdpkt.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"reason","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"reason.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"scertcname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"scertcname.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"sentpkt","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"sentpkt.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"service","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"service.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"sessionid","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"sessionid.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"setuprate","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"setuprate.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"sn","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"sn.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"src_intf","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"src_intf.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"src_ip","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"src_ip.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"src_port","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"src_port.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"srccountry","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"srccountry.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"srcintfrole","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"srcintfrole.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"srcmac","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"srcmac.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"srcname","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"srcname.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"srcserver","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"srcserver.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"state","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"state.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"tags","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"tags.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"time","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"time.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"totalsession","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"totalsession.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"trandisp","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"trandisp.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"type.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"ui","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"ui.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"url.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"user","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"user.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"utmaction","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"utmaction.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"vd","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"vd.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"version","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"version.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true}]",
"fieldFormatMap": "{"bytes_recieved":{"id":"bytes"},"bytes_sent":{"id":"bytes"}}"
}
}
]
Visualize.json
[
{
"_id": "9076b6b0-d153-11e8-9f6e-95c9c5cb15a3",
"_type": "visualization",
"_source": {
"title": "bytes recieved per country map",
"visState": "{"title":"bytes recieved per country map","type":"region_map","params":{"legendPosition":"bottomright","addTooltip":true,"colorSchema":"Yellow to Red","selectedLayer":{"attribution":"<p><a href=\"http://www.naturalearthdata.com/about/terms-of-use\">Made with NaturalEarth</a>|<a href=\"https://www.elastic.co/elastic-maps-service\">Elastic Maps Service</a></p>&#10;","weight":1,"name":"World Countries","url":"https://vector.maps.elastic.co/blob/5659313586569216?elastic_tile_service_tos=agree&my_app_version=6.4.2&license=a693b9e0-7904-479d-bc80-5f4bb0ec7503","format":{"type":"geojson"},"fields":[{"name":"iso2","description":"Two letter abbreviation"},{"name":"name","description":"Country name"},{"name":"iso3","description":"Three letter abbreviation"}],"created_at":"2017-04-26T17:12:15.978370","tags":[],"id":5659313586569216,"layerId":"elastic_maps_service.World Countries","isEMS":true},"emsHotLink":"https://maps.elastic.co/v2#file/World Countries","selectedJoinField":{"name":"name","description":"Country name"},"isDisplayWarning":true,"wms":{"enabled":false,"options":{"format":"image/png","transparent":true},"baseLayersAreLoaded":{"_c":[],"_s":1,"_d":true,"_v":true,"_h":0,"_n":false},"tmsLayers":[{"id":"road_map","url":"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.2&license=a693b9e0-7904-479d-bc80-5f4bb0ec7503","minZoom":0,"maxZoom":18,"attribution":"<p>&#169; <a href=\"http://www.openstreetmap.org/copyright\">OpenStreetMap</a> contributors | <a href=\"https://www.elastic.co/elastic-maps-service\">Elastic Maps Service</a></p>&#10;","subdomains":[]}],"selectedTmsLayer":{"id":"road_map","url":"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.2&license=a693b9e0-7904-479d-bc80-5f4bb0ec7503","minZoom":0,"maxZoom":18,"attribution":"<p>&#169; <a href=\"http://www.openstreetmap.org/copyright\">OpenStreetMap</a> contributors | <a href=\"https://www.elastic.co/elastic-maps-service\">Elastic Maps Service</a></p>&#10;","subdomains":[]}},"mapZoom":2,"mapCenter":[0,0],"outlineWeight":1,"showAllShapes":true},"aggs":[{"id":"1","enabled":true,"type":"sum","schema":"metric","params":{"field":"bytes_recieved"}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"dstcountry.keyword","size":18,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}",
"uiStateJSON": "{"mapZoom":2,"mapCenter":[-13.752724664396988,-14.062500000000002]}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"query":"","language":"lucene"},"filter":[{"meta":{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","negate":true,"disabled":false,"alias":null,"type":"phrase","key":"dstcountry.keyword","value":"Reserved","params":{"query":"Reserved","type":"phrase"}},"query":{"match":{"dstcountry.keyword":{"query":"Reserved","type":"phrase"}}},"$state":{"store":"appState"}}]}"
}
}
},
{
"_id": "45febed0-d14d-11e8-9f6e-95c9c5cb15a3",
"_type": "visualization",
"_source": {
"title": "user bytes recieved",
"visState": "{"title":"user bytes recieved","type":"pie","params":{"addLegend":true,"addTooltip":true,"isDonut":false,"labels":{"last_level":true,"show":true,"truncate":100,"values":true},"legendPosition":"right","type":"pie"},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"user.keyword","size":10,"orderAgg":{"id":"2-orderAgg","enabled":true,"type":"max","schema":"orderAgg","params":{"field":"bytes_recieved"}},"order":"desc","orderBy":"custom","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"query":"","language":"lucene"},"filter":[{"meta":{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","negate":true,"disabled":false,"alias":null,"type":"phrase","key":"user.keyword","value":"admin","params":{"query":"admin","type":"phrase"}},"query":{"match":{"user.keyword":{"query":"admin","type":"phrase"}}},"$state":{"store":"appState"}},{"meta":{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","negate":true,"disabled":false,"alias":null,"type":"phrase","key":"user","value":"ntp_daemon","params":{"query":"ntp_daemon","type":"phrase"}},"query":{"match":{"user":{"query":"ntp_daemon","type":"phrase"}}},"$state":{"store":"appState"}}]}"
}
}
},
{
"_id": "5b3ede50-f237-11e8-aa51-2b28ce25fee5",
"_type": "visualization",
"_source": {
"title": "action on users",
"visState": "{"title":"action on users","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":false,"labels":{"show":true,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"action.keyword","size":9,"order":"desc","orderBy":"_key","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}},{"id":"3","enabled":true,"type":"terms","schema":"segment","params":{"field":"user.keyword","size":8,"order":"desc","orderBy":"_key","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"query":"","language":"lucene"},"filter":[{"meta":{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","negate":true,"disabled":false,"alias":null,"type":"phrase","key":"user.keyword","value":"admin","params":{"query":"admin","type":"phrase"}},"query":{"match":{"user.keyword":{"query":"admin","type":"phrase"}}},"$state":{"store":"appState"}}]}"
}
}
},
{
"_id": "df383710-f232-11e8-aa51-2b28ce25fee5",
"_type": "visualization",
"_source": {
"title": "Allowed Policies",
"visState": "{"aggs":[{"enabled":true,"id":"1","params":{"field":"bytes_recieved"},"schema":"metric","type":"sum"},{"enabled":true,"id":"3","params":{"field":"policyname.keyword","missingBucket":false,"missingBucketLabel":"Missing","order":"desc","orderAgg":{"enabled":true,"id":"3-orderAgg","params":{},"schema":{"aggFilter":["!top_hits","!percentiles","!median","!std_dev","!derivative","!moving_avg","!serial_diff","!cumulative_sum","!avg_bucket","!max_bucket","!min_bucket","!sum_bucket"],"deprecate":false,"editor":false,"group":"none","hideCustomLabel":true,"max":null,"min":0,"name":"orderAgg","params":[],"title":"Order Agg"},"type":"count"},"orderBy":"custom","otherBucket":false,"otherBucketLabel":"Other","size":8},"schema":"segment","type":"terms"}],"params":{"addLegend":true,"addTooltip":true,"isDonut":false,"labels":{"last_level":true,"show":true,"truncate":100,"values":true},"legendPosition":"right","type":"pie"},"title":"Allowed Policies","type":"pie"}",
"uiStateJSON": "{"vis":{"legendOpen":true}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"language":"lucene","query":""},"filter":[]}"
}
}
},
{
"_id": "edd24db0-d158-11e8-9f6e-95c9c5cb15a3",
"_type": "visualization",
"_source": {
"title": "bytes sent and recieved per user",
"visState": "{"title":"bytes sent and recieved per user","type":"table","params":{"perPage":10,"showMetricsAtAllLevels":false,"showPartialRows":false,"showTotal":true,"sort":{"columnIndex":null,"direction":null},"totalFunc":"sum"},"aggs":[{"id":"1","enabled":true,"type":"sum","schema":"metric","params":{"field":"bytes_recieved"}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"user.keyword","size":7,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}},{"id":"3","enabled":true,"type":"sum","schema":"metric","params":{"field":"bytes_sent"}}]}",
"uiStateJSON": "{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"query":"","language":"lucene"},"filter":[{"meta":{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","negate":true,"disabled":false,"alias":null,"type":"phrase","key":"user.keyword","value":"admin","params":{"query":"admin","type":"phrase"}},"query":{"match":{"user.keyword":{"query":"admin","type":"phrase"}}},"$state":{"store":"appState"}},{"meta":{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","negate":true,"disabled":false,"alias":null,"type":"phrase","key":"user.keyword","value":"ntp_daemon","params":{"query":"ntp_daemon","type":"phrase"}},"query":{"match":{"user.keyword":{"query":"ntp_daemon","type":"phrase"}}},"$state":{"store":"appState"}}]}"
}
}
},
{
"_id": "d86f3880-f23b-11e8-aa51-2b28ce25fee5",
"_type": "visualization",
"_source": {
"title": "service bytes",
"visState": "{"aggs":[{"enabled":true,"id":"1","params":{},"schema":"metric","type":"count"},{"enabled":true,"id":"2","params":{"field":"service.keyword","missingBucket":false,"missingBucketLabel":"Missing","order":"desc","orderAgg":{"enabled":true,"id":"2-orderAgg","params":{"field":"bytes_recieved"},"schema":{"aggFilter":["!top_hits","!percentiles","!median","!std_dev","!derivative","!moving_avg","!serial_diff","!cumulative_sum","!avg_bucket","!max_bucket","!min_bucket","!sum_bucket"],"deprecate":false,"editor":false,"group":"none","hideCustomLabel":true,"max":null,"min":0,"name":"orderAgg","params":[],"title":"Order Agg"},"type":"sum"},"orderBy":"custom","otherBucket":false,"otherBucketLabel":"Other","size":12},"schema":"segment","type":"terms"}],"params":{"addLegend":true,"addTooltip":true,"isDonut":false,"labels":{"last_level":true,"show":true,"truncate":100,"values":true},"legendPosition":"right","type":"pie"},"title":"service bytes","type":"pie"}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"query":"","language":"lucene"},"filter":[]}"
}
}
},
{
"_id": "9ebd8130-f238-11e8-aa51-2b28ce25fee5",
"_type": "visualization",
"_source": {
"title": "Block/allow",
"visState": "{"title":"Block/allow","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":false,"labels":{"show":true,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"utmaction.keyword","size":8,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"query":"","language":"lucene"},"filter":[]}"
}
}
},
{
"_id": "cf74bcd0-d13b-11e8-9f6e-95c9c5cb15a3",
"_type": "visualization",
"_source": {
"title": "bytes-recieved-per-IP",
"visState": "{"title":"bytes-recieved-per-IP","type":"pie","params":{"addLegend":true,"addTooltip":true,"isDonut":false,"labels":{"last_level":true,"show":true,"truncate":100,"values":true},"legendPosition":"right","type":"pie"},"aggs":[{"id":"1","enabled":true,"type":"sum","schema":"metric","params":{"field":"bytes_recieved"}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"src_ip.keyword","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"query":"","language":"lucene"},"filter":[]}"
}
}
},
{
"_id": "74321b40-f497-11e8-9e2f-a78fb2d25a38",
"_type": "visualization",
"_source": {
"title": "debit on policy",
"visState": "{"title":"debit on policy","type":"area","params":{"type":"area","grid":{"categoryLines":true,"style":{"color":"#eee"},"valueAxis":null},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Average bytes_recieved"}}],"seriesParams":[{"show":"true","type":"histogram","mode":"normal","data":{"label":"Average bytes_recieved","id":"1"},"drawLinesBetweenPoints":true,"showCircles":true,"interpolate":"linear","valueAxis":"ValueAxis-1"}],"addTooltip":true,"addLegend":true,"legendPosition":"right","times":[],"addTimeMarker":true},"aggs":[{"id":"1","enabled":true,"type":"avg","schema":"metric","params":{"field":"bytes_recieved"}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","enabled":true,"type":"terms","schema":"group","params":{"field":"policyname.keyword","size":5,"order":"desc","orderBy":"_key","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"language":"lucene","query":""},"filter":[]}"
}
}
},
{
"_id": "7e9faef0-d13b-11e8-9f6e-95c9c5cb15a3",
"_type": "visualization",
"_source": {
"title": "app recieved",
"visState": "{"title":"app recieved","type":"pie","params":{"addLegend":true,"addTooltip":true,"isDonut":false,"labels":{"last_level":true,"show":true,"truncate":100,"values":true},"legendPosition":"right","type":"pie"},"aggs":[{"id":"1","enabled":true,"type":"sum","schema":"metric","params":{"field":"bytes_recieved"}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"app.keyword","size":15,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}",
"uiStateJSON": "{"vis":{"legendOpen":true}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":"447b2e10-d137-11e8-9f6e-95c9c5cb15a3","query":{"query":"","language":"lucene"},"filter":[]}"
}
}
}
]
Dashboard.json
[
{
"_id": "84cacb90-d14d-11e8-9f6e-95c9c5cb15a3",
"_type": "dashboard",
"_source": {
"title": "Dashboard",
"hits": 0,
"description": "",
"panelsJSON": "[{"embeddableConfig":{},"gridData":{"h":10,"i":"1","w":17,"x":0,"y":36},"id":"7e9faef0-d13b-11e8-9f6e-95c9c5cb15a3","panelIndex":"1","type":"visualization","version":"6.4.2"},{"embeddableConfig":{},"gridData":{"h":11,"i":"2","w":17,"x":17,"y":25},"id":"cf74bcd0-d13b-11e8-9f6e-95c9c5cb15a3","panelIndex":"2","type":"visualization","version":"6.4.2"},{"embeddableConfig":{"vis":{"legendOpen":true}},"gridData":{"h":10,"i":"3","w":23,"x":0,"y":15},"id":"45febed0-d14d-11e8-9f6e-95c9c5cb15a3","panelIndex":"3","type":"visualization","version":"6.4.2"},{"embeddableConfig":{"mapCenter":[24.04646399966658,1.1425781250000002],"mapZoom":3},"gridData":{"h":15,"i":"4","w":48,"x":0,"y":0},"id":"9076b6b0-d153-11e8-9f6e-95c9c5cb15a3","panelIndex":"4","type":"visualization","version":"6.4.2"},{"embeddableConfig":{},"gridData":{"h":11,"i":"5","w":17,"x":0,"y":25},"id":"9ebd8130-f238-11e8-aa51-2b28ce25fee5","panelIndex":"5","type":"visualization","version":"6.4.2"},{"embeddableConfig":{},"gridData":{"h":10,"i":"6","w":14,"x":34,"y":36},"id":"df383710-f232-11e8-aa51-2b28ce25fee5","panelIndex":"6","type":"visualization","version":"6.4.2"},{"embeddableConfig":{},"gridData":{"h":11,"i":"7","w":14,"x":34,"y":25},"id":"5b3ede50-f237-11e8-aa51-2b28ce25fee5","panelIndex":"7","type":"visualization","version":"6.4.2"},{"embeddableConfig":{},"gridData":{"h":10,"i":"8","w":25,"x":23,"y":15},"id":"edd24db0-d158-11e8-9f6e-95c9c5cb15a3","panelIndex":"8","type":"visualization","version":"6.4.2"},{"embeddableConfig":{},"gridData":{"h":10,"i":"9","w":17,"x":17,"y":36},"id":"d86f3880-f23b-11e8-aa51-2b28ce25fee5","panelIndex":"9","type":"visualization","version":"6.4.2"},{"embeddableConfig":{},"gridData":{"h":15,"i":"10","w":48,"x":0,"y":46},"id":"74321b40-f497-11e8-9e2f-a78fb2d25a38","panelIndex":"10","type":"visualization","version":"6.4.2"}]",
"optionsJSON": "{"darkTheme":false,"hidePanelTitles":false,"useMargins":true}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"query":{"language":"lucene","query":""},"filter":[]}"
}
}
}
]

 

Make sure that the time is the same on both Fortigate and Kibana server.

Forti-elk

 

Forti-elk

 

Forti-elk


News


Forti-elk

Forti-elk – Analyze your Network Log Data

LEARN MORE
Partners Posts


network discovery

Handy Tips #29: Discovering hosts and services with network discovery

LEARN MORE
Partners Posts


Jira Service management

Using Jira Service Management to improve HR

LEARN MORE
News


ELK Stack

ELK Stack: A Tutorial to Install Elasticsearch and Kibana on Docker

LEARN MORE
Tags: AutomationDevOpsMonitoring

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe
AzureFunBytes Episode 62 – Supercharge your Java Apps on Azure with @rorypreddy

AzureFunBytes Episode 62 – Supercharge your Java Apps on Azure with @rorypreddy

2 December 2021

Polygon Annotation in Fashion for Image Segmentation

7 December 2021

How Big Data is Changing the World of Investing

16 March 2022
7 Tips for Easier Remote PI Planning [During COVID-19]

7 Tips for Easier Remote PI Planning [During COVID-19]

21 July 2020
Introduction to Cloud Computing for Machine Learning Beginners

Introduction to Cloud Computing for Machine Learning Beginners

10 January 2022
Tame the Alert Storm

Tame the Alert Storm

24 August 2021
Easy Agile named in Top 100 Fastest Growing Companies in Australia!

Easy Agile named in Top 100 Fastest Growing Companies in Australia!

30 November 2021

How to Get the Most From the 4 Key Agile Meetings

1 June 2021

Approaching Classification With Neural Networks

30 April 2022

Easy Agile Podcast Ep.6 – Chris Stone, The Virtual Agile Coach

20 December 2020

Budgeting in a Lean Agile world

4 August 2021

Givebutter: App spotlight

13 December 2021

Is Security Better with Open-Source Software?

5 February 2021

AI-Powered Cyberattacks: Hackers Are Weaponizing Artificial Intelligence

14 January 2022

Most Important SQL Queries for Beginners

20 May 2022

How to write internal documentation that works

4 February 2022
IT Skills You Need

© 2022 IT SKILLS YOU NEED

Navigate Site

  • Activity
  • Classifieds
  • Groups
  • Home
  • Members

Follow Us

No Result
View All Result
  • Home

© 2022 IT SKILLS YOU NEED

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms bellow to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.