Created
June 30, 2024 22:24
-
-
Save wheel5up/8adc21485708eae7877a92ac73c7edac to your computer and use it in GitHub Desktop.
Content Pack for Graylog ingesting pihole data from sqlite
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"v": 1, | |
"id": "55e40bda-92c9-4094-b028-506d3c63ef36", | |
"rev": 1, | |
"name": "pihole", | |
"summary": "This content pack shows data from pi-hole", | |
"description": "This content pack expects data formed from an extraction script run on the pi-hole host.\n", | |
"vendor": "johnstephenwheeler@gmail.com", | |
"url": "", | |
"parameters": [], | |
"entities": [ | |
{ | |
"v": "1", | |
"type": { | |
"name": "lookup_cache", | |
"version": "1" | |
}, | |
"id": "d8660197-8863-4c73-b002-cc98416f1789", | |
"data": { | |
"_scope": { | |
"@type": "string", | |
"@value": "DEFAULT" | |
}, | |
"name": { | |
"@type": "string", | |
"@value": "ph-hole-query-type-cache" | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "ph-hole query-type cache" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "ph-hole DNS query types" | |
}, | |
"configuration": { | |
"type": { | |
"@type": "string", | |
"@value": "guava_cache" | |
}, | |
"max_size": { | |
"@type": "integer", | |
"@value": 1000 | |
}, | |
"expire_after_access": { | |
"@type": "long", | |
"@value": 0 | |
}, | |
"expire_after_access_unit": { | |
"@type": "string", | |
"@value": "SECONDS" | |
}, | |
"expire_after_write": { | |
"@type": "long", | |
"@value": 0 | |
} | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "lookup_table", | |
"version": "1" | |
}, | |
"id": "cd85f4cb-f592-4225-a0f7-e22a17f98631", | |
"data": { | |
"default_single_value_type": { | |
"@type": "string", | |
"@value": "NULL" | |
}, | |
"cache_name": { | |
"@type": "string", | |
"@value": "93461823-b3a1-4129-bb66-69f491116063" | |
}, | |
"name": { | |
"@type": "string", | |
"@value": "status-name" | |
}, | |
"default_multi_value_type": { | |
"@type": "string", | |
"@value": "NULL" | |
}, | |
"default_multi_value": { | |
"@type": "string", | |
"@value": "" | |
}, | |
"data_adapter_name": { | |
"@type": "string", | |
"@value": "a97f7e7a-3027-41a1-b190-341f460dc8ac" | |
}, | |
"_scope": { | |
"@type": "string", | |
"@value": "DEFAULT" | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "ph-hole DNS query status name" | |
}, | |
"default_single_value": { | |
"@type": "string", | |
"@value": "" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "ph-hole DNS query status name" | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "lookup_table", | |
"version": "1" | |
}, | |
"id": "af224e43-f229-49cb-9c81-b02e1d9ae373", | |
"data": { | |
"default_single_value_type": { | |
"@type": "string", | |
"@value": "NULL" | |
}, | |
"cache_name": { | |
"@type": "string", | |
"@value": "d8660197-8863-4c73-b002-cc98416f1789" | |
}, | |
"name": { | |
"@type": "string", | |
"@value": "query_type" | |
}, | |
"default_multi_value_type": { | |
"@type": "string", | |
"@value": "NULL" | |
}, | |
"default_multi_value": { | |
"@type": "string", | |
"@value": "" | |
}, | |
"data_adapter_name": { | |
"@type": "string", | |
"@value": "e75e0564-c2b8-45e1-ac79-f3b8fc277b1f" | |
}, | |
"_scope": { | |
"@type": "string", | |
"@value": "DEFAULT" | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "ph-hole DNS query type" | |
}, | |
"default_single_value": { | |
"@type": "string", | |
"@value": "" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "ph-hole DNS query type lookup" | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "lookup_table", | |
"version": "1" | |
}, | |
"id": "ec681641-735d-4943-8b33-a3485bc69f19", | |
"data": { | |
"default_single_value_type": { | |
"@type": "string", | |
"@value": "NULL" | |
}, | |
"cache_name": { | |
"@type": "string", | |
"@value": "00805863-b8a7-425d-a34b-c6c914fb2664" | |
}, | |
"name": { | |
"@type": "string", | |
"@value": "reply-name" | |
}, | |
"default_multi_value_type": { | |
"@type": "string", | |
"@value": "NULL" | |
}, | |
"default_multi_value": { | |
"@type": "string", | |
"@value": "" | |
}, | |
"data_adapter_name": { | |
"@type": "string", | |
"@value": "0e2d923d-507c-4270-9268-fc81e5db534e" | |
}, | |
"_scope": { | |
"@type": "string", | |
"@value": "DEFAULT" | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "pi hole reply name table" | |
}, | |
"default_single_value": { | |
"@type": "string", | |
"@value": "" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "lookup reply type converting to name" | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "pipeline_rule", | |
"version": "1" | |
}, | |
"id": "ca14803b-5350-4f66-987e-cba49cc1846f", | |
"data": { | |
"title": { | |
"@type": "string", | |
"@value": "JSON Parser" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "Rule to grab the JSON fields" | |
}, | |
"source": { | |
"@type": "string", | |
"@value": "rule \"JSON Parser\" \nwhen\n true\nthen\n// debug(to_string($message.facility));\n// debug(to_string($message.message));\n let json_string = regex(\"pi-hole[2]* zabbix: (.*)\",to_string($message.message))[\"0\"];\n set_fields(to_map(parse_json(to_string(json_string))));\n// debug(concat(\"The json: \",to_string(json_string)));\nend" | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "lookup_adapter", | |
"version": "1" | |
}, | |
"id": "e75e0564-c2b8-45e1-ac79-f3b8fc277b1f", | |
"data": { | |
"_scope": { | |
"@type": "string", | |
"@value": "DEFAULT" | |
}, | |
"name": { | |
"@type": "string", | |
"@value": "query-type" | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "query-type" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "pihole query type mapping" | |
}, | |
"configuration": { | |
"type": { | |
"@type": "string", | |
"@value": "csvfile" | |
}, | |
"path": { | |
"@type": "string", | |
"@value": "/usr/share/graylog/data/query-type.csv" | |
}, | |
"separator": { | |
"@type": "string", | |
"@value": "," | |
}, | |
"quotechar": { | |
"@type": "string", | |
"@value": "\"" | |
}, | |
"key_column": { | |
"@type": "string", | |
"@value": "type" | |
}, | |
"value_column": { | |
"@type": "string", | |
"@value": "query_type" | |
}, | |
"check_interval": { | |
"@type": "long", | |
"@value": 86400 | |
}, | |
"case_insensitive_lookup": { | |
"@type": "boolean", | |
"@value": false | |
} | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "dashboard", | |
"version": "2" | |
}, | |
"id": "3109d23e-ef8e-45f9-b6d9-9596afdf81e2", | |
"data": { | |
"summary": { | |
"@type": "string", | |
"@value": "" | |
}, | |
"search": { | |
"queries": [ | |
{ | |
"id": "a4ae53a5-4eff-4f7e-a7e2-68b4d239158f", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"filters": [], | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"search_types": [ | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": false, | |
"row_groups": [ | |
{ | |
"type": "time", | |
"fields": [ | |
"timestamp" | |
], | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
], | |
"type": "pivot", | |
"id": "48803e6d-e8ce-4e8d-9a61-6f9082f8e048", | |
"filters": [], | |
"column_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"gl2_remote_ip" | |
], | |
"limit": 15 | |
} | |
], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "status_type:Allowed" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": true, | |
"row_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"domain" | |
], | |
"limit": 15 | |
} | |
], | |
"type": "pivot", | |
"id": "8af4cdf2-cb68-4286-a0fa-abc729416730", | |
"filters": [], | |
"column_groups": [], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": true, | |
"row_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"query_type" | |
], | |
"limit": 15 | |
} | |
], | |
"type": "pivot", | |
"id": "b697d04e-fddf-4eba-b0eb-d6731e5fe957", | |
"filters": [], | |
"column_groups": [], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": true, | |
"row_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"status_detail" | |
], | |
"limit": 18 | |
} | |
], | |
"type": "pivot", | |
"id": "cbd4afab-2eec-4621-be55-ff30a5fa500c", | |
"filters": [], | |
"column_groups": [], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": true, | |
"row_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"client_name" | |
], | |
"limit": 15 | |
} | |
], | |
"type": "pivot", | |
"id": "166f336e-59d2-40d5-9246-c5930a991aa6", | |
"filters": [], | |
"column_groups": [], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": false, | |
"row_groups": [ | |
{ | |
"type": "time", | |
"fields": [ | |
"timestamp" | |
], | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
], | |
"type": "pivot", | |
"id": "1842fbcf-6958-421d-b1e6-f19cb7fab279", | |
"filters": [], | |
"column_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"client_name" | |
], | |
"limit": 15 | |
} | |
], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "status_type:Blocked" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null,a | |
"rollup": true, | |
"row_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"domain" | |
], | |
"limit": 15 | |
} | |
], | |
"type": "pivot", | |
"id": "f0b9ea95-d9f3-471f-a9e9-ff7ed9e5c107", | |
"filters": [], | |
"column_groups": [], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": false, | |
"row_groups": [ | |
{ | |
"type": "time", | |
"fields": [ | |
"timestamp" | |
], | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
], | |
"type": "pivot", | |
"id": "f05c5188-2e99-4855-b8ff-4acba5b185b9", | |
"filters": [], | |
"column_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"client" | |
], | |
"limit": 30 | |
} | |
], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": true, | |
"row_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"gl2_remote_ip" | |
], | |
"limit": 15 | |
} | |
], | |
"type": "pivot", | |
"id": "b9edb92f-8d76-482f-b8cf-4f8da54f6a9f", | |
"filters": [], | |
"column_groups": [], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": false, | |
"row_groups": [ | |
{ | |
"type": "time", | |
"fields": [ | |
"timestamp" | |
], | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
], | |
"type": "pivot", | |
"id": "807ec794-f987-415d-b46d-8b411bf81d5d", | |
"filters": [], | |
"column_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"status_detail" | |
], | |
"limit": 15 | |
} | |
], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": true, | |
"row_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"status_type" | |
], | |
"limit": 15 | |
} | |
], | |
"type": "pivot", | |
"id": "9ad7f0c3-6b08-46ae-8d0a-c03c6bc18110", | |
"filters": [], | |
"column_groups": [], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": false, | |
"row_groups": [ | |
{ | |
"type": "time", | |
"fields": [ | |
"timestamp" | |
], | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
], | |
"type": "pivot", | |
"id": "3027ff35-8c29-4281-9bc8-1119807453d0", | |
"filters": [], | |
"column_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"status_type" | |
], | |
"limit": 15 | |
} | |
], | |
"sort": [] | |
}, | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "status_type:Blocked" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": true, | |
"row_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"client_name" | |
], | |
"limit": 30 | |
} | |
], | |
"type": "pivot", | |
"id": "14b821ed-64a8-43fd-b2f9-5f016c69a924", | |
"filters": [], | |
"column_groups": [], | |
"sort": [] | |
} | |
] | |
}, | |
{ | |
"id": "c9fbcdf8-876c-4928-ab58-57bd60a1065f", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"filters": [], | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"search_types": [ | |
{ | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"name": "chart", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"column_limit": null, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"row_limit": null, | |
"series": [ | |
{ | |
"type": "count", | |
"id": "count()", | |
"field": null | |
} | |
], | |
"filter": null, | |
"rollup": false, | |
"row_groups": [ | |
{ | |
"type": "time", | |
"fields": [ | |
"timestamp" | |
], | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
], | |
"type": "pivot", | |
"id": "19b96236-ed4b-4ad7-99a5-97c177c06799", | |
"filters": [], | |
"column_groups": [ | |
{ | |
"type": "values", | |
"fields": [ | |
"domain" | |
], | |
"limit": 15 | |
} | |
], | |
"sort": [] | |
} | |
] | |
}, | |
{ | |
"id": "dbcfb156-0bf8-4d7c-8e4c-2dfd8024526b", | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"filters": [], | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"search_types": [ | |
{ | |
"query": null, | |
"name": null, | |
"timerange": null, | |
"offset": 0, | |
"streams": [], | |
"filter": null, | |
"decorators": [], | |
"type": "messages", | |
"id": "42309923-125f-4078-92c4-ca4501ac58b7", | |
"limit": 150, | |
"filters": [] | |
} | |
] | |
} | |
], | |
"parameters": [], | |
"requires": {}, | |
"owner": "admin", | |
"created_at": "2024-06-24T23:59:15.022Z" | |
}, | |
"created_at": "2024-05-09T21:11:17.460Z", | |
"requires": {}, | |
"state": { | |
"a4ae53a5-4eff-4f7e-a7e2-68b4d239158f": { | |
"selected_fields": null, | |
"static_message_list_id": null, | |
"titles": { | |
"widget": { | |
"46a35bf7-31fd-4296-9a2f-959407153fa7": "Request Type", | |
"528f4374-0b14-4618-9071-b28c04aa48f9": "Message Count", | |
"5c9c82e4-1cb1-4fd1-962f-6c6f129a5b68": "Query Status Detail", | |
"c5a4ae3d-5185-4dc4-a3c8-c06bca071cea": "Top Clients", | |
"582f376a-452a-47f3-a64f-e501a9c175c8": "Status details", | |
"259718e9-421e-46c5-8692-dfaa964897be": "Blocked vs Allowed (copy)", | |
"02e509d6-4fb7-4a38-93ec-8d2cd4e4f643": "Top Blocked Domains", | |
"3e37c340-f6dc-4887-b646-31d7450a09ad": "Blocked vs Allowed", | |
"3655a167-a902-489e-8b8d-4755afa6dcff": "DNS Server", | |
"d0a7b334-72f6-49e5-9430-23a4c71106da": "By Hostname", | |
"61a3ac2c-e664-4ccf-8fa7-a9bb1867de1c": "Blocked vs Allowed", | |
"accb0452-8fdf-4e14-a467-e4db90ba7258": "Top Blocked by Client", | |
"53969f67-f0c7-4006-8d65-07d840658c4e": "By Client IP", | |
"98fbe942-1a5d-4074-a47f-6d5f9cbcc280": "Top Permitted Domains" | |
} | |
}, | |
"widgets": [ | |
{ | |
"id": "582f376a-452a-47f3-a64f-e501a9c175c8", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "bar", | |
"column_limit": 15, | |
"event_annotation": false, | |
"row_limit": null, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"timestamp" | |
], | |
"type": "time", | |
"config": { | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [ | |
{ | |
"fields": [ | |
"status_detail" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"visualization_config": { | |
"barmode": "stack" | |
}, | |
"formatting_settings": null, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "259718e9-421e-46c5-8692-dfaa964897be", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "bar", | |
"column_limit": 15, | |
"event_annotation": false, | |
"row_limit": null, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"timestamp" | |
], | |
"type": "time", | |
"config": { | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [ | |
{ | |
"fields": [ | |
"gl2_remote_ip" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"visualization_config": { | |
"barmode": "stack" | |
}, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
}, | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "(Empty Value)", | |
"chart_color": "#f57f17" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "5c9c82e4-1cb1-4fd1-962f-6c6f129a5b68", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "pie", | |
"column_limit": null, | |
"event_annotation": false, | |
"row_limit": 18, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"status_detail" | |
], | |
"type": "values", | |
"config": { | |
"limit": 18 | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": true, | |
"column_pivots": [], | |
"visualization_config": null, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "98fbe942-1a5d-4074-a47f-6d5f9cbcc280", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "status_type:Allowed" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "table", | |
"column_limit": null, | |
"event_annotation": false, | |
"row_limit": 15, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"domain" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [], | |
"visualization_config": { | |
"pinned_columns": [] | |
}, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
}, | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "(Empty Value)", | |
"chart_color": "#f57f17" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "3e37c340-f6dc-4887-b646-31d7450a09ad", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "pie", | |
"column_limit": null, | |
"event_annotation": false, | |
"row_limit": 15, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"status_type" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": true, | |
"column_pivots": [], | |
"visualization_config": null, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "46a35bf7-31fd-4296-9a2f-959407153fa7", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "pie", | |
"column_limit": null, | |
"event_annotation": false, | |
"row_limit": 15, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"query_type" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": true, | |
"column_pivots": [], | |
"visualization_config": null, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "02e509d6-4fb7-4a38-93ec-8d2cd4e4f643", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "status_type:Blocked" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "table", | |
"column_limit": null, | |
"event_annotation": false, | |
"row_limit": 15, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"domain" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [], | |
"visualization_config": { | |
"pinned_columns": [] | |
}, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
}, | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "(Empty Value)", | |
"chart_color": "#f57f17" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "c5a4ae3d-5185-4dc4-a3c8-c06bca071cea", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "table", | |
"column_limit": null, | |
"event_annotation": false, | |
"row_limit": 15, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"client_name" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [], | |
"visualization_config": { | |
"pinned_columns": [] | |
}, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
}, | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "(Empty Value)", | |
"chart_color": "#f57f17" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "accb0452-8fdf-4e14-a467-e4db90ba7258", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "status_type:Blocked" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "table", | |
"column_limit": null, | |
"event_annotation": false, | |
"row_limit": 30, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"client_name" | |
], | |
"type": "values", | |
"config": { | |
"limit": 30 | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [], | |
"visualization_config": { | |
"pinned_columns": [] | |
}, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
}, | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "(Empty Value)", | |
"chart_color": "#f57f17" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "61a3ac2c-e664-4ccf-8fa7-a9bb1867de1c", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "bar", | |
"column_limit": 15, | |
"event_annotation": false, | |
"row_limit": null, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"timestamp" | |
], | |
"type": "time", | |
"config": { | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [ | |
{ | |
"fields": [ | |
"status_type" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"visualization_config": { | |
"barmode": "stack" | |
}, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
}, | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "(Empty Value)", | |
"chart_color": "#f57f17" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "d0a7b334-72f6-49e5-9430-23a4c71106da", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "bar", | |
"column_limit": 15, | |
"event_annotation": false, | |
"row_limit": null, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"timestamp" | |
], | |
"type": "time", | |
"config": { | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [ | |
{ | |
"fields": [ | |
"client_name" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"visualization_config": { | |
"barmode": "stack" | |
}, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
}, | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "(Empty Value)", | |
"chart_color": "#f57f17" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "3655a167-a902-489e-8b8d-4755afa6dcff", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "pie", | |
"column_limit": null, | |
"event_annotation": false, | |
"row_limit": 15, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"gl2_remote_ip" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": true, | |
"column_pivots": [], | |
"visualization_config": null, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
}, | |
{ | |
"id": "53969f67-f0c7-4006-8d65-07d840658c4e", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "bar", | |
"column_limit": 30, | |
"event_annotation": false, | |
"row_limit": null, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"timestamp" | |
], | |
"type": "time", | |
"config": { | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [ | |
{ | |
"fields": [ | |
"client" | |
], | |
"type": "values", | |
"config": { | |
"limit": 30 | |
} | |
} | |
], | |
"visualization_config": { | |
"barmode": "stack" | |
}, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
}, | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "(Empty Value)", | |
"chart_color": "#f57f17" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
} | |
], | |
"widget_mapping": { | |
"46a35bf7-31fd-4296-9a2f-959407153fa7": [ | |
"b697d04e-fddf-4eba-b0eb-d6731e5fe957" | |
], | |
"5c9c82e4-1cb1-4fd1-962f-6c6f129a5b68": [ | |
"cbd4afab-2eec-4621-be55-ff30a5fa500c" | |
], | |
"c5a4ae3d-5185-4dc4-a3c8-c06bca071cea": [ | |
"166f336e-59d2-40d5-9246-c5930a991aa6" | |
], | |
"582f376a-452a-47f3-a64f-e501a9c175c8": [ | |
"807ec794-f987-415d-b46d-8b411bf81d5d" | |
], | |
"259718e9-421e-46c5-8692-dfaa964897be": [ | |
"48803e6d-e8ce-4e8d-9a61-6f9082f8e048" | |
], | |
"02e509d6-4fb7-4a38-93ec-8d2cd4e4f643": [ | |
"f0b9ea95-d9f3-471f-a9e9-ff7ed9e5c107" | |
], | |
"3e37c340-f6dc-4887-b646-31d7450a09ad": [ | |
"9ad7f0c3-6b08-46ae-8d0a-c03c6bc18110" | |
], | |
"3655a167-a902-489e-8b8d-4755afa6dcff": [ | |
"b9edb92f-8d76-482f-b8cf-4f8da54f6a9f" | |
], | |
"d0a7b334-72f6-49e5-9430-23a4c71106da": [ | |
"1842fbcf-6958-421d-b1e6-f19cb7fab279" | |
], | |
"61a3ac2c-e664-4ccf-8fa7-a9bb1867de1c": [ | |
"3027ff35-8c29-4281-9bc8-1119807453d0" | |
], | |
"accb0452-8fdf-4e14-a467-e4db90ba7258": [ | |
"14b821ed-64a8-43fd-b2f9-5f016c69a924" | |
], | |
"53969f67-f0c7-4006-8d65-07d840658c4e": [ | |
"f05c5188-2e99-4855-b8ff-4acba5b185b9" | |
], | |
"98fbe942-1a5d-4074-a47f-6d5f9cbcc280": [ | |
"8af4cdf2-cb68-4286-a0fa-abc729416730" | |
] | |
}, | |
"positions": { | |
"46a35bf7-31fd-4296-9a2f-959407153fa7": { | |
"col": 4, | |
"row": 19, | |
"height": 4, | |
"width": 3 | |
}, | |
"5c9c82e4-1cb1-4fd1-962f-6c6f129a5b68": { | |
"col": 10, | |
"row": 19, | |
"height": 4, | |
"width": 3 | |
}, | |
"c5a4ae3d-5185-4dc4-a3c8-c06bca071cea": { | |
"col": 1, | |
"row": 23, | |
"height": 4, | |
"width": 3 | |
}, | |
"582f376a-452a-47f3-a64f-e501a9c175c8": { | |
"col": 1, | |
"row": 30, | |
"height": 3, | |
"width": "Infinity" | |
}, | |
"259718e9-421e-46c5-8692-dfaa964897be": { | |
"col": 1, | |
"row": 39, | |
"height": 4, | |
"width": "Infinity" | |
}, | |
"02e509d6-4fb7-4a38-93ec-8d2cd4e4f643": { | |
"col": 10, | |
"row": 23, | |
"height": 4, | |
"width": 3 | |
}, | |
"3e37c340-f6dc-4887-b646-31d7450a09ad": { | |
"col": 1, | |
"row": 19, | |
"height": 4, | |
"width": 3 | |
}, | |
"3655a167-a902-489e-8b8d-4755afa6dcff": { | |
"col": 7, | |
"row": 19, | |
"height": 4, | |
"width": 3 | |
}, | |
"d0a7b334-72f6-49e5-9430-23a4c71106da": { | |
"col": 1, | |
"row": 33, | |
"height": 3, | |
"width": "Infinity" | |
}, | |
"61a3ac2c-e664-4ccf-8fa7-a9bb1867de1c": { | |
"col": 1, | |
"row": 27, | |
"height": 3, | |
"width": "Infinity" | |
}, | |
"accb0452-8fdf-4e14-a467-e4db90ba7258": { | |
"col": 4, | |
"row": 23, | |
"height": 4, | |
"width": 3 | |
}, | |
"53969f67-f0c7-4006-8d65-07d840658c4e": { | |
"col": 1, | |
"row": 36, | |
"height": 3, | |
"width": "Infinity" | |
}, | |
"98fbe942-1a5d-4074-a47f-6d5f9cbcc280": { | |
"col": 7, | |
"row": 23, | |
"height": 4, | |
"width": 3 | |
} | |
}, | |
"formatting": { | |
"highlighting": [ | |
{ | |
"field": "client", | |
"value": "192.168.1.71", | |
"color": { | |
"color": "#ff0040", | |
"type": "static" | |
}, | |
"condition": "equal" | |
} | |
] | |
}, | |
"display_mode_settings": { | |
"positions": {} | |
} | |
}, | |
"c9fbcdf8-876c-4928-ab58-57bd60a1065f": { | |
"selected_fields": null, | |
"static_message_list_id": null, | |
"titles": { | |
"widget": { | |
"0b276b5b-e999-460e-b148-9fddbcc07ec2": "Blocked vs Allowed (copy) (copy)" | |
} | |
}, | |
"widgets": [ | |
{ | |
"id": "0b276b5b-e999-460e-b148-9fddbcc07ec2", | |
"type": "aggregation", | |
"filter": null, | |
"filters": [], | |
"timerange": { | |
"from": 300, | |
"type": "relative" | |
}, | |
"query": { | |
"type": "elasticsearch", | |
"query_string": "" | |
}, | |
"streams": [ | |
"7b337913-218b-4652-aac1-c601e17daaf0" | |
], | |
"config": { | |
"visualization": "bar", | |
"column_limit": 15, | |
"event_annotation": false, | |
"row_limit": null, | |
"row_pivots": [ | |
{ | |
"fields": [ | |
"timestamp" | |
], | |
"type": "time", | |
"config": { | |
"interval": { | |
"type": "auto", | |
"scaling": 1 | |
} | |
} | |
} | |
], | |
"series": [ | |
{ | |
"config": { | |
"name": null | |
}, | |
"function": "count()" | |
} | |
], | |
"rollup": false, | |
"column_pivots": [ | |
{ | |
"fields": [ | |
"domain" | |
], | |
"type": "values", | |
"config": { | |
"limit": 15 | |
} | |
} | |
], | |
"visualization_config": { | |
"barmode": "stack" | |
}, | |
"formatting_settings": { | |
"chart_colors": [ | |
{ | |
"field_name": "Blocked", | |
"chart_color": "#b71c1c" | |
}, | |
{ | |
"field_name": "Allowed", | |
"chart_color": "#33691e" | |
}, | |
{ | |
"field_name": "(Empty Value)", | |
"chart_color": "#f57f17" | |
} | |
] | |
}, | |
"sort": [] | |
} | |
} | |
], | |
"widget_mapping": { | |
"0b276b5b-e999-460e-b148-9fddbcc07ec2": [ | |
"19b96236-ed4b-4ad7-99a5-97c177c06799" | |
] | |
}, | |
"positions": { | |
"0b276b5b-e999-460e-b148-9fddbcc07ec2": { | |
"col": 1, | |
"row": 4, | |
"height": 4, | |
"width": "Infinity" | |
} | |
}, | |
"formatting": { | |
"highlighting": [] | |
}, | |
"display_mode_settings": { | |
"positions": {} | |
} | |
}, | |
"dbcfb156-0bf8-4d7c-8e4c-2dfd8024526b": { | |
"selected_fields": null, | |
"static_message_list_id": null, | |
"titles": {}, | |
"widgets": [ | |
{ | |
"id": "cc12a9ce-9ece-4a4b-98f2-00c37c5b3b32", | |
"type": "messages", | |
"filter": null, | |
"filters": [], | |
"timerange": null, | |
"query": null, | |
"streams": [], | |
"config": { | |
"fields": [ | |
"timestamp", | |
"source" | |
], | |
"show_message_row": true, | |
"show_summary": true, | |
"decorators": [], | |
"sort": [ | |
{ | |
"type": "pivot", | |
"field": "timestamp", | |
"direction": "Descending" | |
} | |
] | |
} | |
} | |
], | |
"widget_mapping": { | |
"cc12a9ce-9ece-4a4b-98f2-00c37c5b3b32": [ | |
"42309923-125f-4078-92c4-ca4501ac58b7" | |
] | |
}, | |
"positions": { | |
"cc12a9ce-9ece-4a4b-98f2-00c37c5b3b32": { | |
"col": 1, | |
"row": 1, | |
"height": 5, | |
"width": "Infinity" | |
} | |
}, | |
"formatting": null, | |
"display_mode_settings": { | |
"positions": {} | |
} | |
} | |
}, | |
"properties": [], | |
"owner": "admin", | |
"title": { | |
"@type": "string", | |
"@value": "Pi-hole" | |
}, | |
"type": "DASHBOARD", | |
"description": { | |
"@type": "string", | |
"@value": "" | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "lookup_cache", | |
"version": "1" | |
}, | |
"id": "93461823-b3a1-4129-bb66-69f491116063", | |
"data": { | |
"_scope": { | |
"@type": "string", | |
"@value": "DEFAULT" | |
}, | |
"name": { | |
"@type": "string", | |
"@value": "pi-hole-status-name-cache" | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "pi-hole status-name cache" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "ph-hole status name cache" | |
}, | |
"configuration": { | |
"type": { | |
"@type": "string", | |
"@value": "guava_cache" | |
}, | |
"max_size": { | |
"@type": "integer", | |
"@value": 1000 | |
}, | |
"expire_after_access": { | |
"@type": "long", | |
"@value": 0 | |
}, | |
"expire_after_access_unit": { | |
"@type": "string", | |
"@value": "SECONDS" | |
}, | |
"expire_after_write": { | |
"@type": "long", | |
"@value": 0 | |
} | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "pipeline_rule", | |
"version": "1" | |
}, | |
"id": "686b0113-0154-4881-a37e-8bc1a93a3410", | |
"data": { | |
"title": { | |
"@type": "string", | |
"@value": "DNS reply type lookup" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "lookup table to translate repy-type to a name" | |
}, | |
"source": { | |
"@type": "string", | |
"@value": "rule \"DNS reply type lookup\"\n\nwhen\n has_field(\"reply_type\")\n then\n// debug(\"get in reply name rule\");\n let new_type = lookup_value(\"reply-name\", to_string($message.reply_type));\n// debug(new_type);\n set_field(\"reply_name\", new_type);\nend" | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "pipeline_rule", | |
"version": "1" | |
}, | |
"id": "04b1d38e-265c-463c-82c4-1b91068204ee", | |
"data": { | |
"title": { | |
"@type": "string", | |
"@value": "DNS query type lookup" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "pihole stats query type lookup" | |
}, | |
"source": { | |
"@type": "string", | |
"@value": "rule \"DNS query type lookup\"\n\nwhen\n has_field(\"type\")\nthen\n let new_type = lookup_value(\"query_type\", to_string($message.type));\n set_field(\"query_type\", new_type);\nend" | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "lookup_adapter", | |
"version": "1" | |
}, | |
"id": "0e2d923d-507c-4270-9268-fc81e5db534e", | |
"data": { | |
"_scope": { | |
"@type": "string", | |
"@value": "DEFAULT" | |
}, | |
"name": { | |
"@type": "string", | |
"@value": "reply-name" | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "pihole DNS reply type name" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "pihole DNS reply type name" | |
}, | |
"configuration": { | |
"type": { | |
"@type": "string", | |
"@value": "csvfile" | |
}, | |
"path": { | |
"@type": "string", | |
"@value": "/usr/share/graylog/data/reply-name.csv" | |
}, | |
"separator": { | |
"@type": "string", | |
"@value": "," | |
}, | |
"quotechar": { | |
"@type": "string", | |
"@value": "\"" | |
}, | |
"key_column": { | |
"@type": "string", | |
"@value": "ID" | |
}, | |
"value_column": { | |
"@type": "string", | |
"@value": "reply_name" | |
}, | |
"check_interval": { | |
"@type": "long", | |
"@value": 86400 | |
}, | |
"case_insensitive_lookup": { | |
"@type": "boolean", | |
"@value": false | |
} | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "pipeline_rule", | |
"version": "1" | |
}, | |
"id": "ce5ef9bd-1bdb-4b82-9aa9-78e2eda29c2e", | |
"data": { | |
"title": { | |
"@type": "string", | |
"@value": "DNS query status lookup" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "Lookup status value and return at query status" | |
}, | |
"source": { | |
"@type": "string", | |
"@value": "rule \"DNS query status lookup\"\n\nwhen\n has_field(\"status\")\n then\n// debug(\"get in status name rule\");\n// debug($message.status);\n// let new_type = lookup_value(\"status-name\", to_string($message.status));\n let type_array = split(\"\\\\|\",to_string(lookup_value(\"status-name\",to_string($message.status))));\n// debug(type_array);\n// let type_array = split(\"|\",to_string(new_type));\n// debug(type_array[1]);\n// debug(type_array[0]);\n set_field(\"status_type\", type_array[0]);\n set_field(\"status_detail\",type_array[1]);\nend" | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "pipeline", | |
"version": "1" | |
}, | |
"id": "9ce93f41-4e2b-441b-ab05-050fec055e65", | |
"data": { | |
"title": { | |
"@type": "string", | |
"@value": "pihole stats" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "pihole stats" | |
}, | |
"source": { | |
"@type": "string", | |
"@value": "pipeline \"pihole stats\"\nstage 0 match either\nrule \"JSON Parser\"\nstage 1 match pass\nrule \"DNS query status lookup\"\nrule \"DNS reply type lookup\"\nrule \"DNS query type lookup\"\nend" | |
}, | |
"connected_streams": [ | |
{ | |
"@type": "string", | |
"@value": "7b337913-218b-4652-aac1-c601e17daaf0" | |
} | |
] | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "lookup_adapter", | |
"version": "1" | |
}, | |
"id": "a97f7e7a-3027-41a1-b190-341f460dc8ac", | |
"data": { | |
"_scope": { | |
"@type": "string", | |
"@value": "DEFAULT" | |
}, | |
"name": { | |
"@type": "string", | |
"@value": "query-status" | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "pihole query status mapping" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "pihole query status mapping table" | |
}, | |
"configuration": { | |
"type": { | |
"@type": "string", | |
"@value": "csvfile" | |
}, | |
"path": { | |
"@type": "string", | |
"@value": "/usr/share/graylog/data/status-type.csv" | |
}, | |
"separator": { | |
"@type": "string", | |
"@value": "," | |
}, | |
"quotechar": { | |
"@type": "string", | |
"@value": "\"" | |
}, | |
"key_column": { | |
"@type": "string", | |
"@value": "status" | |
}, | |
"value_column": { | |
"@type": "string", | |
"@value": "status_name" | |
}, | |
"check_interval": { | |
"@type": "long", | |
"@value": 86400 | |
}, | |
"case_insensitive_lookup": { | |
"@type": "boolean", | |
"@value": false | |
} | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "stream", | |
"version": "1" | |
}, | |
"id": "7b337913-218b-4652-aac1-c601e17daaf0", | |
"data": { | |
"alarm_callbacks": [], | |
"outputs": [], | |
"remove_matches": { | |
"@type": "boolean", | |
"@value": true | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "piholestats" | |
}, | |
"stream_rules": [ | |
{ | |
"type": { | |
"@type": "string", | |
"@value": "EXACT" | |
}, | |
"field": { | |
"@type": "string", | |
"@value": "facility" | |
}, | |
"value": { | |
"@type": "string", | |
"@value": "local2" | |
}, | |
"inverted": { | |
"@type": "boolean", | |
"@value": false | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "pihole status facility" | |
} | |
} | |
], | |
"alert_conditions": [], | |
"matching_type": { | |
"@type": "string", | |
"@value": "AND" | |
}, | |
"disabled": { | |
"@type": "boolean", | |
"@value": false | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "pihole detail JSON logs" | |
}, | |
"default_stream": { | |
"@type": "boolean", | |
"@value": false | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
}, | |
{ | |
"v": "1", | |
"type": { | |
"name": "lookup_cache", | |
"version": "1" | |
}, | |
"id": "00805863-b8a7-425d-a34b-c6c914fb2664", | |
"data": { | |
"_scope": { | |
"@type": "string", | |
"@value": "DEFAULT" | |
}, | |
"name": { | |
"@type": "string", | |
"@value": "pihole-reply-name-cache" | |
}, | |
"title": { | |
"@type": "string", | |
"@value": "pihole reply name cache" | |
}, | |
"description": { | |
"@type": "string", | |
"@value": "pihole reply name cache" | |
}, | |
"configuration": { | |
"type": { | |
"@type": "string", | |
"@value": "guava_cache" | |
}, | |
"max_size": { | |
"@type": "integer", | |
"@value": 1000 | |
}, | |
"expire_after_access": { | |
"@type": "long", | |
"@value": 0 | |
}, | |
"expire_after_access_unit": { | |
"@type": "string", | |
"@value": "SECONDS" | |
}, | |
"expire_after_write": { | |
"@type": "long", | |
"@value": 0 | |
} | |
} | |
}, | |
"constraints": [ | |
{ | |
"type": "server-version", | |
"version": ">=5.0.12+4e4681c" | |
} | |
] | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment