diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 1f76f456598..c7dcee22fbf 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -434,3 +434,4 @@ /packages/zscaler_zia @elastic/security-service-integrations /packages/zscaler_zpa @elastic/security-service-integrations /packages/cisco_meraki_metrics @elastic/obs-infraobs-integrations +/packages/panw_metrics @elastic/obs-infraobs-integrations \ No newline at end of file diff --git a/packages/panw_metrics/_dev/build/build.yml b/packages/panw_metrics/_dev/build/build.yml new file mode 100644 index 00000000000..2bfcfc223b0 --- /dev/null +++ b/packages/panw_metrics/_dev/build/build.yml @@ -0,0 +1,3 @@ +dependencies: + ecs: + reference: "git@v8.11.0" diff --git a/packages/panw_metrics/_dev/build/docs/README.md b/packages/panw_metrics/_dev/build/docs/README.md new file mode 100644 index 00000000000..8c4117e60e5 --- /dev/null +++ b/packages/panw_metrics/_dev/build/docs/README.md @@ -0,0 +1,69 @@ +# Palo Alto Networks Integration + +This integration periodically fetches metrics from [Palo Alto Networks](https://www.paloaltonetworks.com/) firewalls and management systems. + +## Compatibility + +The integration uses the [Pango](https://github.com/PaloAltoNetworks/pango) library to collect metrics from Palo Alto Networks firewalls. + +## Configuration + +This integration is designed to work with a single firewall at a time. Support for multiple firewalls within one integration policy is not available and has not been tested with Panorama. To collect metrics from multiple firewalls, create a separate integration policy for each firewall, specifying the respective host IP and API key. + +## Metrics + +### interfaces + +The `interfaces` dataset collects detailed network interface statistics from Palo Alto Networks firewalls. It provides information about interface status, traffic throughput, packet counts, error rates, and configuration details, including physical, logical, and high-availability (HA) interfaces. + +{{event "interfaces"}} + +The fields reported are: + +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + +{{fields "interfaces"}} + +### routing + +The `routing` dataset gathers comprehensive routing information from Palo Alto Networks devices. It includes details about routing protocols (with a focus on BGP), static and dynamic routes, next hops, AS numbers, and peer states. This dataset provides insights into the device's routing table and its interactions with other network devices. + +{{event "routing"}} + +The fields reported are: + +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + +{{fields "routing"}} + +### system + +The `system` dataset collects a wide range of system-level metrics from Palo Alto Networks firewalls. This includes CPU usage, memory utilization, disk space, load averages, and process statistics. It also provides information about system uptime, licensed features, file system usage, and hardware component status (such as fans, thermal sensors, and power supplies). + +{{event "system"}} + +The fields reported are: + +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + +{{fields "system"}} + +### vpn + +The `vpn` dataset gathers detailed Virtual Private Network (VPN) statistics from Palo Alto Networks devices. It covers both GlobalProtect and IPsec VPN technologies, providing information about active VPN sessions, user connections, tunnel status, encryption details, and performance metrics. This dataset offers insights into VPN usage, security, and performance. + +{{event "vpn"}} + +The fields reported are: + +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + +{{fields "vpn"}} \ No newline at end of file diff --git a/packages/panw_metrics/changelog.yml b/packages/panw_metrics/changelog.yml new file mode 100644 index 00000000000..155156b998b --- /dev/null +++ b/packages/panw_metrics/changelog.yml @@ -0,0 +1,6 @@ +# newer versions go on top +- version: "0.1.0" + changes: + - description: Initial draft of the package + type: enhancement + link: https://github.com/elastic/integrations/pull/11099 diff --git a/packages/panw_metrics/data_stream/interfaces/agent/stream/stream.yml.hbs b/packages/panw_metrics/data_stream/interfaces/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..9d01314874a --- /dev/null +++ b/packages/panw_metrics/data_stream/interfaces/agent/stream/stream.yml.hbs @@ -0,0 +1,20 @@ +metricsets: ["interfaces"] +period: {{period}} +host_ip: {{host_ip}} +port: {{port}} +api_key: {{api_key}} +api_debug_mode: {{api_debug_mode}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/interfaces/fields/base-fields.yml b/packages/panw_metrics/data_stream/interfaces/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/panw_metrics/data_stream/interfaces/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/panw_metrics/data_stream/interfaces/fields/ecs.yml b/packages/panw_metrics/data_stream/interfaces/fields/ecs.yml new file mode 100644 index 00000000000..f08476cb0c7 --- /dev/null +++ b/packages/panw_metrics/data_stream/interfaces/fields/ecs.yml @@ -0,0 +1,12 @@ +- external: ecs + name: agent.id + dimension: true +- external: ecs + name: container.id + dimension: true +- external: ecs + name: host.name + dimension: true +- external: ecs + name: host.id + dimension: true diff --git a/packages/panw_metrics/data_stream/interfaces/fields/fields.yml b/packages/panw_metrics/data_stream/interfaces/fields/fields.yml new file mode 100644 index 00000000000..2cf998c2725 --- /dev/null +++ b/packages/panw_metrics/data_stream/interfaces/fields/fields.yml @@ -0,0 +1,549 @@ +- name: panw.interfaces + type: group + fields: + - name: physical + type: group + fields: + - name: name + type: keyword + dimension: true + description: > + Physical interface name + + - name: id + type: keyword + dimension: true + description: > + Physical interface ID + + - name: type + type: keyword + description: > + Physical interface type + + - name: mac + type: keyword + description: > + Physical MAC address + + - name: speed + type: keyword + description: > + Physical interface speed + + - name: duplex + type: keyword + description: > + Duplex configuration, e.g., "full" or "half" + + - name: state + type: keyword + description: > + Physical interface state: up/down + + - name: mode + type: keyword + description: > + Physical interface mode, e.g., autoneg + + - name: full_state + type: keyword + dimension: true + description: > + Physical full state, speed/duplex/state, e.g., "1000/full/up" + + - name: ae_member + type: keyword + description: > + For aggregate interfaces, the array of member interfaces + + - name: logical + type: group + fields: + - name: name + type: keyword + dimension: true + description: > + Logical interface name + + - name: id + type: keyword + dimension: true + description: > + Logical interface ID + + - name: tag + type: integer + description: > + VLAN tag associated with this interface + + - name: vsys + type: integer + description: > + Virtual system to which this interface belongs + + - name: zone + type: keyword + dimension: true + description: > + Logical zone, e.g., "inside" or "outside" + + - name: fwd + type: keyword + description: > + Indicates if the interface is used for forwarding + + - name: ip + type: keyword + description: > + Logical IP Address with subnet mask, e.g., 111.222.333.10/29. Can also be "N/A" + + - name: addr + type: keyword + description: > + Used to store additional static IP addresses + + - name: dyn_addr + type: keyword + description: > + Dynamic addresses, e.g., generated by DHCP + + - name: addr6 + type: keyword + description: > + Logical IPv6 address + + - name: ha + type: group + fields: + - name: enabled + type: boolean + description: > + HA enabled + + - name: mode + type: keyword + dimension: true + description: > + HA mode, e.g., "active-active" or "active-passive" + + - name: running_sync + type: keyword + dimension: true + description: > + Indicates the sychronization status of the HA pair, e.g., "synchronized", "not-synchronized", "synchronizing" + + - name: running_sync_enabled + type: boolean + description: > + Indicates if running configuration synchronization is enabled + + - name: local_info + type: group + fields: + - name: version + type: long + description: > + HA configuration info version + + - name: state + type: keyword + description: > + HA state of the local device, e.g., "active" or "passive" + + - name: state_duration + type: long + unit: s + metric_type: gauge + description: > + Duration in seconds of the current state + + - name: mgmt_ip + type: keyword + description: > + HA local info management IP, in CIDR format. + + - name: preemptive + type: keyword + description: > + Indicates whether the firewall is configured to preemptively take over as the active unit in an HA setup. This is a yes/no value which the beat is not converting to a boolean, so it will be a keyword. + + - name: mode + type: keyword + description: > + HA mode, e.g., "active-active" or "active-passive" + + - name: platform_model + type: keyword + dimension: true + description: > + Platform model of the local device + + - name: state_sync + type: keyword + description: > + Status of HA synchronization, e.g., "complete" + + - name: state_sync_type + type: keyword + description: > + Type of interface used for HA synchronization + + - name: ha1_ipaddr + type: keyword + description: > + IP Address of HA1 interface, used for heartbeat and management synchronization, in CIDR format. + + - name: ha1_macaddr + type: keyword + description: > + HA local info HA1 MAC address + + - name: ha1_port + type: keyword + description: > + Indicates which interface is used for HA1 traffic, e.g., "dedicated-ha1" + + - name: ha1_backup_ipaddr + type: keyword + description: > + The backup IP address for the HA1 interface, in CIDR format. + + - name: ha1_backup_macaddr + type: keyword + description: > + HA local info HA1 backup MAC address + + - name: ha1_backup_port + type: keyword + description: > + HA local info HA1 backup port, e.g. "management" + + - name: ha1_backup_gateway + type: keyword + description: > + Default gateway for the backup HA1 interface + + - name: ha2_ipaddr + type: keyword + description: > + HA local info HA2 IP address, in CIDR format. + + - name: ha2_macaddr + type: keyword + description: > + HA local info HA2 MAC address + + - name: ha2_port + type: keyword + description: > + Indicates which interface is used for HA1 traffic, e.g., "dedicated-ha2" + + - name: build_rel + type: keyword + description: > + The PAN-OS software version running on the firewall + + - name: url_version + type: keyword + description: > + The version of the URL filtering database + + - name: app_version + type: keyword + description: > + The version of the application database + + - name: iot_version + type: keyword + description: > + HA local info IoT database version + + - name: av_version + type: keyword + description: > + The version of the antivirus database + + - name: threat_version + type: keyword + description: > + HA local info threat version + + - name: vpn_client_version + type: keyword + description: > + Version of the VPN client (if installed) + + - name: gp_client_version + type: keyword + description: > + Version of the GlobalProtect client software + + - name: peer_info + type: group + fields: + - name: conn_status + type: keyword + description: > + Overall status of the HA connections ("up" means all connections are operational) + + - name: state + type: keyword + description: > + Current operational state of the peer firewall (passive means it is in standby mode and not handling traffic) + + - name: state_duration + type: long + metric_type: gauge + unit: s + description: > + How long the peer has been in the current state in seconds + + - name: mgmt_ip + type: keyword + description: > + Management IP address of the peer firewall. This is in CIDR format. + + - name: preemptive + type: keyword + description: > + Indicates if preemption is enabled on the peer firewall + + - name: mode + type: keyword + description: > + HA mode configured on the peer firewall, e.g. "Active-Passive" + + - name: platform_model + type: keyword + dimension: true + description: > + Model of the peer firewall + + - name: priority + type: long + description: > + HA priority value of the peer firewall + + - name: ha1_ipaddr + type: ip + description: > + IP address of the HA1 interface on the peer, in CIDR format. + + - name: ha1_macaddr + type: keyword + description: > + HA1 MAC address of the peer + + - name: ha1_backup_ipaddr + type: ip + description: > + HA peer info HA1 backup IP address, in CIDR format. + + - name: ha1_backup_macaddr + type: keyword + description: > + HA peer info HA1 backup MAC address + + - name: ha2_ipaddr + type: keyword + description: > + HA peer info HA2 IP address, in CIDR format. + + - name: ha2_macaddr + type: keyword + description: > + HA peer info HA2 MAC address + + - name: conn_ha1 + type: group + fields: + - name: status + type: keyword + description: > + Peer HA1 connection status, e.g., "up" + + - name: primary + type: keyword + description: > + Specifies if the HA1 connection is primary + + - name: description + type: keyword + description: > + Description of the connection type ,e.g., "heartbeat status" + + - name: conn_ha2 + type: group + fields: + - name: status + type: keyword + description: > + HA peer info connection HA2 status + + - name: primary + type: keyword + description: > + Specifies if the HA2 connection is primary + + - name: description + type: keyword + description: > + HA peer info connection HA2 description + + - name: conn_ha1_backup + type: group + fields: + - name: status + type: keyword + description: > + HA peer info connection HA1 backup status, e.g., "up" means it is operational + + - name: description + type: keyword + description: > + HA peer info connection HA1 backup description + + - name: link_monitoring + type: group + fields: + - name: enabled + type: boolean + description: > + Indicates if link monitoring is enabled + + - name: failure_condition + type: keyword + description: > + Condition that triggers a link monitoring failure, e.g., "any" + + - name: group + type: group + fields: + - name: name + type: keyword + description: > + Name of the link monitoring group + + - name: enabled + type: boolean + description: > + Indicates if the link monitoring group is enabled + + - name: failure_condition + type: keyword + description: > + Condition that triggers a failure in the link monitoring group + + - name: interface + type: group + fields: + - name: name + type: keyword + description: > + Name of the interface in the link monitoring group + + - name: status + type: keyword + description: > + Status of the interface in the link monitoring group + + - name: ipsec_tunnel + type: group + fields: + - name: id + type: keyword + dimension: true + description: > + ID of the IPsec tunnel + + - name: name + type: keyword + dimension: true + description: > + Name of the IPsec tunnel + + - name: gw + type: keyword + description: > + Gateway of the IPsec tunnel + + - name: TSi_ip + type: ip + description: > + Traffic Selector Initiator IP. This is the local IP (0.0.0.0 means any IP address) + + - name: TSi_prefix + type: keyword + description: > + Network prefix for the TSi IP, 0 means no specific network is defined. + + - name: TSi_proto + type: keyword + description: > + Protocol associated with the TSi (0 means any protocol) + + - name: TSi_port + type: long + description: > + Port number associated with TSi (0 means any port) + + - name: TSr_ip + type: ip + description: > + Traffic Selector Responder IP. + + - name: TSr_prefix + type: keyword + description: > + Network prefix for the TSr IP. Similar to TSi_prefix + + - name: TSr_proto + type: keyword + description: > + TSr protocol of the IPsec tunnel + + - name: TSr_port + type: long + description: > + TSr port of the IPsec tunnel + + - name: proto + type: keyword + description: > + Protocol of the IPsec tunnel + + - name: mode + type: keyword + description: > + This specifies the IPsec mode. e.g., 'tunl' + + - name: dh + type: keyword + description: > + Diffie-Hellman group of the IPsec tunnel + + - name: enc + type: keyword + description: > + Encryption algorithm of the IPsec tunnel + + - name: hash + type: keyword + description: > + Hash algorithm of the IPsec tunnel + + - name: life.sec + type: long + unit: s + metric_type: gauge + description: > + The lifetime of the IPsec Security Association (SA) in seconds + + - name: kb + type: long + unit: byte + metric_type: gauge + description: > + Traffic volume limit for SA rekeying + diff --git a/packages/panw_metrics/data_stream/interfaces/manifest.yml b/packages/panw_metrics/data_stream/interfaces/manifest.yml new file mode 100644 index 00000000000..78af3b92827 --- /dev/null +++ b/packages/panw_metrics/data_stream/interfaces/manifest.yml @@ -0,0 +1,33 @@ +title: "Palo Alto Networks Interfaces metrics" +type: metrics +streams: + - input: panw/metrics + title: Palo Alto Networks Interfaces metrics + description: Collect interfaces metrics from Palo Alto Networks with Elastic Agent. + vars: + - name: period + type: text + title: Period + default: 10s + multi: false + required: true + show_user: true + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - panw_metrics-interfaces + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/fleet/current/elastic-agent-processor-configuration.html) for details. +elasticsearch: + source_mode: synthetic + index_mode: time_series \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/interfaces/sample_event.json b/packages/panw_metrics/data_stream/interfaces/sample_event.json new file mode 100644 index 00000000000..698b4f3f1c3 --- /dev/null +++ b/packages/panw_metrics/data_stream/interfaces/sample_event.json @@ -0,0 +1,114 @@ +{ + "@timestamp": "2024-02-08T10:15:30.123Z", + "agent": { + "ephemeral_id": "a1b2c3d4-e5f6-4321-a987-1234567890ab", + "id": "9876543210-abcdef-0987654321", + "name": "panw-agent-01", + "type": "metricbeat", + "version": "8.16.0" + }, + "data_stream": { + "namespace": "default", + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "2ea50bee-9250-43d1-8d70-949f242aa275", + "snapshot": false, + "version": "8.16.0" + }, + "event": { + "agent_id_status": "verified", + "duration": 1250000, + "ingested": "2024-02-08T10:15:32Z" + }, + "host": { + "architecture": "x86_64", + "containerized": false, + "hostname": "docker-fleet-agent", + "id": "28da52b32df94b50aff67dfb8f1be3d6", + "ip": [ + "172.24.0.7" + ], + "mac": [ + "02-42-AC-18-00-07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.15.0-89-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.6 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "interfaces", + "period": 10000 + }, + "panw": { + "interfaces": { + "physical": { + "name": "ethernet1/1", + "id": "ethernet1/1", + "type": "Ethernet interface", + "mac": "00:1B:17:00:01:01", + "speed": "1000Mbps", + "duplex": "full", + "state": "up", + "mode": "autoneg", + "full_state": "1000/full/up" + }, + "logical": { + "name": "ethernet1/1.100", + "id": "ethernet1/1.100", + "tag": 100, + "vsys": 1, + "zone": "trust", + "fwd": "yes", + "ip": "192.168.1.1/24" + }, + "ha": { + "enabled": true, + "mode": "active-passive", + "running_sync": "synchronized", + "running_sync_enabled": true, + "local_info": { + "state": "active", + "mgmt_ip": "10.0.0.1", + "platform_model": "PA-3260" + }, + "peer_info": { + "conn_status": "up", + "state": "passive", + "mgmt_ip": "10.0.0.2", + "platform_model": "PA-3260" + } + }, + "ipsec_tunnel": { + "id": "tunnel-001", + "name": "Site-A-to-Site-B", + "gw": "203.0.113.1", + "TSi_ip": "10.0.0.0", + "TSi_prefix": "24", + "TSi_proto": "any", + "TSi_port": 0, + "TSr_ip": "192.168.0.0", + "TSr_prefix": "24", + "TSr_proto": "any", + "TSr_port": 0, + "proto": "ESP", + "mode": "tunnel", + "dh": "group14", + "enc": "aes-256-cbc", + "hash": "sha256", + "life.sec": 28800, + "kb": 102400 + } + } + } +} \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/routing/agent/stream/stream.yml.hbs b/packages/panw_metrics/data_stream/routing/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..dbec1c34216 --- /dev/null +++ b/packages/panw_metrics/data_stream/routing/agent/stream/stream.yml.hbs @@ -0,0 +1,20 @@ +metricsets: ["routing"] +period: {{period}} +host_ip: {{host_ip}} +port: {{port}} +api_key: {{api_key}} +api_debug_mode: {{api_debug_mode}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/routing/fields/base-fields.yml b/packages/panw_metrics/data_stream/routing/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/panw_metrics/data_stream/routing/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/panw_metrics/data_stream/routing/fields/ecs.yml b/packages/panw_metrics/data_stream/routing/fields/ecs.yml new file mode 100644 index 00000000000..f08476cb0c7 --- /dev/null +++ b/packages/panw_metrics/data_stream/routing/fields/ecs.yml @@ -0,0 +1,12 @@ +- external: ecs + name: agent.id + dimension: true +- external: ecs + name: container.id + dimension: true +- external: ecs + name: host.name + dimension: true +- external: ecs + name: host.id + dimension: true diff --git a/packages/panw_metrics/data_stream/routing/fields/fields.yml b/packages/panw_metrics/data_stream/routing/fields/fields.yml new file mode 100644 index 00000000000..eb6e9000b0d --- /dev/null +++ b/packages/panw_metrics/data_stream/routing/fields/fields.yml @@ -0,0 +1,227 @@ +- name: panw.routing + type: group + fields: + - name: bgp + type: group + fields: + - name: peer_name + type: keyword + dimension: true + description: > + The name of the current peer in the BGP peer group + + - name: virtual_router + type: keyword + dimension: true + description: > + The virtual router with which the BGP peer is associated + + - name: peer_group + type: keyword + dimension: true + description: > + The name of the BGP peer group this peer belongs to + + - name: peer_router_id + type: ip + description: > + BGP peer router ID + + - name: remote_as_asn + type: long + description: > + The remote Autonomous System (AS) number of the peer + + - name: status + type: keyword + description: > + The BGP session status, e.g., "Established" means the session is up and running + + - name: status_duration + type: long + unit: s + metric_type: gauge + description: > + Time in seconds since the current status was set + + - name: password_set + type: boolean + description: > + Indicates whether a password is set for the BGP peer + + - name: passive + type: boolean + description: > + Indicates if the BGP peer is in passive mode: if yes then router will not initiate a connection to the peer + + - name: multi_hop_ttl + type: long + metric_type: gauge + description: > + Time to Live (TTL) value for multi-hop BGP sessions. Units are the number of hops. + + - name: peer_ip + type: ip + description: > + IP address of the peer + + - name: peer_port + type: long + description: > + Port number of the peer + + - name: local_ip + type: ip + description: > + Local ip address used for BGP connection + + - name: local_port + type: long + description: > + Local port number used for BGP connection + + - name: reflector_client + type: keyword + description: > + Specifies the BGP peer relationship to route reflectors, e.g. "client", "not-client", "meshed-client" + + - name: same_confederation + type: boolean + description: > + Peers in the same confederation exchange routes using internal BGP (iBGP) instead of external BGP (eBGP) + + - name: aggregate_confed_as + type: boolean + description: > + Indicates that Autonomous System (AS) aggregation is enabled for the confederation + + - name: peering_type + type: keyword + dimension: true + description: > + Defines the type of relationship between peers, e.g., "External BGP", "Internal BGP", or "Unspecified" + + - name: connect_retry_interval + type: long + unit: s + metric_type: gauge + description: > + The interval between connection retries + + - name: open_delay + type: long + unit: s + metric_type: gauge + description: > + Delay before sending an Open message + + - name: idle_hold + type: long + unit: s + metric_type: gauge + description: > + The idle hold time before retrying a connection after failure + + - name: prefix_limit + type: long + metric_type: gauge + description: > + The maximum number of prefixes that can be received from the peer (0 = no limit) + + - name: holdtime + type: long + unit: s + metric_type: gauge + description: > + Time in seconds that the BGP peer will wait for a keepalive message, negotiated between peers + + - name: holdtime_config + type: long + unit: s + metric_type: gauge + description: > + Represents the locally configured hold time on this peer + + - name: keepalive + type: long + unit: s + metric_type: gauge + description: > + The interval at which BGP keepalive messages are sent, negotiated between peers + + - name: keepalive_config + type: long + unit: s + metric_type: gauge + description: > + The keepalive configured on this peer + + - name: msg_update_in + type: long + metric_type: gauge + description: > + The number of BGP UPDATE messages received by the router from this peer + + - name: msg_update_out + type: long + metric_type: gauge + description: > + The number of BGP UPDATE messages sent from the local router to the peer + + - name: msg_total_in + type: long + metric_type: gauge + description: > + Total of all messages received from the peer + + - name: msg_total_out + type: long + metric_type: gauge + description: > + Total of all messages sent to the peer + + - name: last_update_age + type: long + unit: s + metric_type: gauge + description: > + Time in seconds since the last update message was received from the peer + + - name: last_error + type: keyword + description: > + The last BGP error message received from the peer + + - name: status_flap_counts + type: long + metric_type: gauge + description: > + Indicates the number of times the BGP session has "flapped" or transitioned between up and down states + + - name: established_counts + type: long + metric_type: gauge + description: > + Number of times the BGP session has successfully transitioned to the "Established" state + + - name: orf_entry_received + type: long + metric_type: gauge + description: > + Number of ORF (Outbound Route Filtering) entries received from the peer + + - name: nexthop_self + type: boolean + description: > + Whether the router is configured to use itself as the next-hop for routes sent to this peer + + - name: nexthop_thirdparty + type: boolean + description: > + Third-party next-hop feature is enabled + + - name: nexthop_peer + type: boolean + description: > + Indicates whether the peer is being used as the next-hop for the routes received from this peerfields. + diff --git a/packages/panw_metrics/data_stream/routing/manifest.yml b/packages/panw_metrics/data_stream/routing/manifest.yml new file mode 100644 index 00000000000..61fe9ee927a --- /dev/null +++ b/packages/panw_metrics/data_stream/routing/manifest.yml @@ -0,0 +1,33 @@ +title: "Palo Alto Networks Routing metrics" +type: metrics +streams: + - input: panw/metrics + title: Palo Alto Networks Routing metrics + description: Collect routing metrics from Palo Alto Networks with Elastic Agent. + vars: + - name: period + type: text + title: Period + default: 10s + multi: false + required: true + show_user: true + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - panw_metrics-routing + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/fleet/current/elastic-agent-processor-configuration.html) for details. +elasticsearch: + source_mode: synthetic + index_mode: time_series \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/routing/sample_event.json b/packages/panw_metrics/data_stream/routing/sample_event.json new file mode 100644 index 00000000000..3c22e7b3ccb --- /dev/null +++ b/packages/panw_metrics/data_stream/routing/sample_event.json @@ -0,0 +1,78 @@ +{ + "@timestamp": "2024-02-08T10:15:30.123Z", + "agent": { + "ephemeral_id": "a1b2c3d4-e5f6-4321-a987-1234567890ab", + "id": "9876543210-abcdef-0987654321", + "name": "paloalto-firewall-01", + "type": "metricbeat", + "version": "8.16.0" + }, + "data_stream": { + "namespace": "default", + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "2ea50bee-9250-43d1-8d70-949f242aa275", + "snapshot": false, + "version": "8.16.0" + }, + "event": { + "agent_id_status": "verified", + "duration": 1250000, + "ingested": "2024-02-08T10:15:32Z" + }, + "host": { + "architecture": "x86_64", + "containerized": false, + "hostname": "docker-fleet-agent", + "id": "28da52b32df94b50aff67dfb8f1be3d6", + "ip": [ + "172.24.0.7" + ], + "mac": [ + "02-42-AC-18-00-07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.15.0-89-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.6 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "routing", + "period": 10000 + }, + "panw": { + "routing": { + "bgp": { + "peer_name": "ISP-A", + "virtual_router": "default", + "peer_group": "external_peers", + "peer_router_id": "10.0.0.1", + "remote_as_asn": 65001, + "status": "Established", + "status_duration": 3600, + "password_set": true, + "passive": false, + "peering_type": "External BGP", + "holdtime": 180, + "keepalive": 60, + "msg_update_in": 1000, + "msg_update_out": 500, + "msg_total_in": 5000, + "msg_total_out": 4500, + "last_update_age": 300, + "status_flap_counts": 2, + "established_counts": 10 + } + } + } +} \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/system/_dev/test/pipeline/test-pipeline-system.json b/packages/panw_metrics/data_stream/system/_dev/test/pipeline/test-pipeline-system.json new file mode 100644 index 00000000000..9b2eec6f6fb --- /dev/null +++ b/packages/panw_metrics/data_stream/system/_dev/test/pipeline/test-pipeline-system.json @@ -0,0 +1,67 @@ +{ + "events": [ + { + "agent": { + "name": "karpov", + "id": "bcd6ecf9-8a23-4064-b710-25f908c18e95", + "type": "metricbeat", + "ephemeral_id": "bfd6d07b-d406-4e4f-a9bf-a4c541de11fd", + "version": "8.15.2" + }, + "elastic_agent": { + "id": "bcd6ecf9-8a23-4064-b710-25f908c18e95", + "version": "8.15.2", + "snapshot": true + }, + "panw": { + "system": { + "filesystem.use_percent": 93, + "filesystem.available": 109521666048, + "filesystem.name": "/dev/sda8", + "filesystem.mounted": "/opt/panlogs", + "filesystem.size": 185757335552, + "filesystem.used": 67645734912, + "cpu": { + "hi": 1, + "wait": 15, + "system": 25, + "idle": 30, + "steal": 45, + "system_int": 60, + "user": 85, + "nice": 95.62 + } + } + }, + "tags": [ + "forwarded", + "panw_metrics-system" + ], + "observer.vendor": "Palo Alto", + "@timestamp": "2024-10-03T19:37:43.626Z", + "ecs": { + "version": "8.0.0" + }, + "observer.type": "firewall", + "data_stream": { + "namespace": "default", + "type": "metrics", + "dataset": "panw_metrics.system" + }, + "service": { + "type": "panw" + }, + "metricset": { + "period": 10000, + "name": "system" + }, + "event": { + "duration": 5448934535, + "agent_id_status": "verified", + "ingested": "2024-10-03T19:37:49Z", + "module": "panw", + "dataset": "panw_metrics.system" + } + } + ] +} \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/system/_dev/test/pipeline/test-pipeline-system.json-expected.json b/packages/panw_metrics/data_stream/system/_dev/test/pipeline/test-pipeline-system.json-expected.json new file mode 100644 index 00000000000..342728b5141 --- /dev/null +++ b/packages/panw_metrics/data_stream/system/_dev/test/pipeline/test-pipeline-system.json-expected.json @@ -0,0 +1,67 @@ +{ + "expected": [ + { + "@timestamp": "2024-10-03T19:37:43.626Z", + "agent": { + "ephemeral_id": "bfd6d07b-d406-4e4f-a9bf-a4c541de11fd", + "id": "bcd6ecf9-8a23-4064-b710-25f908c18e95", + "name": "karpov", + "type": "metricbeat", + "version": "8.15.2" + }, + "data_stream": { + "dataset": "panw_metrics.system", + "namespace": "default", + "type": "metrics" + }, + "ecs": { + "version": "8.0.0" + }, + "elastic_agent": { + "id": "bcd6ecf9-8a23-4064-b710-25f908c18e95", + "snapshot": true, + "version": "8.15.2" + }, + "event": { + "agent_id_status": "verified", + "dataset": "panw_metrics.system", + "duration": 5448934535, + "ingested": "2024-10-03T19:37:49Z", + "module": "panw" + }, + "metricset": { + "name": "system", + "period": 10000 + }, + "observer.type": "firewall", + "observer.vendor": "Palo Alto", + "panw": { + "system": { + "cpu": { + "hi": 0.01, + "idle": 0.3, + "nice": 0.9562, + "steal": 0.45, + "system": 0.25, + "system_int": 0.6, + "user": 0.85, + "wait": 0.15 + }, + "filesystem.available": 109521666048, + "filesystem.mounted": "/opt/panlogs", + "filesystem.name": "/dev/sda8", + "filesystem.size": 185757335552, + "filesystem.use_percent": 0.93, + "filesystem.used": 67645734912 + } + }, + "service": { + "type": "panw" + }, + "tags": [ + "forwarded", + "panw_metrics-system" + ] + } + ] +} \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/system/agent/stream/stream.yml.hbs b/packages/panw_metrics/data_stream/system/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..77daf3a1755 --- /dev/null +++ b/packages/panw_metrics/data_stream/system/agent/stream/stream.yml.hbs @@ -0,0 +1,20 @@ +metricsets: ["system"] +period: {{period}} +host_ip: {{host_ip}} +port: {{port}} +api_key: {{api_key}} +api_debug_mode: {{api_debug_mode}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/system/elasticsearch/ingest_pipeline/default.yml b/packages/panw_metrics/data_stream/system/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..908154ab2a0 --- /dev/null +++ b/packages/panw_metrics/data_stream/system/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,28 @@ +--- +description: Pipeline for parsing Palo Alto Networks System metrics. +processors: + - script: + lang: painless + description: > + Transforms percentage fields from a 0-100 range into decimal fractions (0-1). + source: | + if (ctx.panw != null && ctx.panw.system != null) { + if (ctx.panw.system.cpu != null) { + def cpuFields = ['user', 'system', 'nice', 'idle', 'wait', 'hi', 'system_int', 'steal']; + for (def fieldName : cpuFields) { + if (ctx.panw.system.cpu[fieldName] != null) { + ctx.panw.system.cpu[fieldName] = ctx.panw.system.cpu[fieldName] / 100.0; + } + } + } + if (ctx.panw.system.containsKey('filesystem.use_percent') && ctx.panw.system['filesystem.use_percent'] != null) { + ctx.panw.system['filesystem.use_percent'] = ctx.panw.system['filesystem.use_percent'] / 100.0; + } + } +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: '{{{ _ingest.on_failure_message }}}' \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/system/fields/base-fields.yml b/packages/panw_metrics/data_stream/system/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/panw_metrics/data_stream/system/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/panw_metrics/data_stream/system/fields/ecs.yml b/packages/panw_metrics/data_stream/system/fields/ecs.yml new file mode 100644 index 00000000000..f08476cb0c7 --- /dev/null +++ b/packages/panw_metrics/data_stream/system/fields/ecs.yml @@ -0,0 +1,12 @@ +- external: ecs + name: agent.id + dimension: true +- external: ecs + name: container.id + dimension: true +- external: ecs + name: host.name + dimension: true +- external: ecs + name: host.id + dimension: true diff --git a/packages/panw_metrics/data_stream/system/fields/fields.yml b/packages/panw_metrics/data_stream/system/fields/fields.yml new file mode 100644 index 00000000000..bbbdd704fc5 --- /dev/null +++ b/packages/panw_metrics/data_stream/system/fields/fields.yml @@ -0,0 +1,461 @@ +- name: panw.system + type: group + fields: + - name: uptime + type: group + fields: + - name: days + type: integer + unit: d + metric_type: gauge + description: > + Uptime in days + + - name: hours + type: integer + unit: h + metric_type: gauge + description: > + Hours component of uptime + + - name: minutes + type: integer + unit: m + metric_type: gauge + description: > + Minutes component of uptime + + - name: user_count + type: long + metric_type: gauge + description: > + Number of users + + - name: load_average + type: group + fields: + - name: 1m + type: float + metric_type: gauge + description: > + Load average in 1 minute + + - name: 5m + type: float + metric_type: gauge + description: > + Load average in 5 minutes + + - name: 15m + type: float + metric_type: gauge + description: > + Load average in 15 minutes + + - name: tasks + type: group + fields: + - name: total + type: long + metric_type: gauge + description: > + Total number of tasks + + - name: running + type: long + metric_type: gauge + description: > + Number of running tasks + + - name: sleeping + type: long + metric_type: gauge + description: > + Number of sleeping tasks + + - name: stopped + type: long + metric_type: gauge + description: > + Number of stopped tasks + + - name: zombie + type: long + metric_type: gauge + description: > + Number of zombie tasks + + - name: cpu + type: group + fields: + - name: user + type: float + unit: percent + metric_type: gauge + description: > + CPU usage by user processes + + - name: system + type: float + unit: percent + metric_type: gauge + description: > + CPU usage by system processes + + - name: nice + type: float + unit: percent + metric_type: gauge + description: > + CPU usage by processes with a positive nice value + + - name: idle + type: float + unit: percent + metric_type: gauge + description: > + CPU idle time + + - name: wait + type: float + unit: percent + metric_type: gauge + description: > + CPU wait time + + - name: hi + type: float + unit: percent + metric_type: gauge + description: > + CPU hardware interrupts + + - name: system_int + type: float + unit: percent + metric_type: gauge + description: > + CPU software interrupts + + - name: steal + type: float + unit: percent + metric_type: gauge + description: > + CPU steal time + + - name: memory + type: group + fields: + - name: total + type: float + unit: byte + metric_type: gauge + description: > + Total memory + + - name: free + type: float + unit: byte + metric_type: gauge + description: > + Free memory + + - name: used + type: float + unit: byte + metric_type: gauge + description: > + Used memory + + - name: buffer_cache + type: float + unit: byte + metric_type: gauge + description: > + Memory used for buffers and cache + + - name: swap + type: group + fields: + - name: total + type: float + unit: byte + metric_type: gauge + description: > + Total swap space + + - name: free + type: float + unit: byte + metric_type: gauge + description: > + Free swap space + + - name: used + type: float + unit: byte + metric_type: gauge + description: > + Used swap space + + - name: available + type: float + unit: byte + metric_type: gauge + description: > + Available swap space + + - name: license + type: group + fields: + - name: feature + type: keyword + dimension: true + description: > + Feature licensed, e.g. Advanced Threat Prevention + + - name: description + type: keyword + description: > + Description of the licensed feature + + - name: serial + type: keyword + dimension: true + description: > + Serial number of license + + - name: issued + type: date + description: > + Date the license was issued + + - name: expires + type: date + description: > + Date the license expires - not set if license never expires + + - name: never_expires + type: boolean + description: > + Indicates if the license never expires + + - name: expired + type: boolean + description: > + Indicates if the license is expired + + - name: auth_code + type: keyword + description: > + Authorization code to activate or install the license + + - name: filesystem + type: group + fields: + - name: name + type: keyword + dimension: true + description: > + Filesystem name + + - name: size + type: float + format: bytes + unit: byte + metric_type: gauge + description: > + Total size of the filesystem + + - name: used + type: float + format: bytes + unit: byte + metric_type: gauge + description: > + Amount used on the filesystem + + - name: available + type: float + format: bytes + unit: byte + metric_type: gauge + description: > + Disk space available on the filesystem + + - name: use_percent + type: float + format: percent + unit: percent + metric_type: gauge + description: > + Percent of filesystem used + + - name: mounted + type: keyword + dimension: true + description: > + Filesystem mount point + + - name: fan + type: group + fields: + - name: slot_number + type: integer + description: > + The number of the hardware slot + + - name: description + type: keyword + description: > + The description of the fan + + - name: alarm + type: boolean + description: > + Is there an alarm status of the fan + + - name: rpm + type: integer + metric_type: gauge + description: > + The speed of the fan in RPM + + - name: min_rpm + type: integer + metric_type: gauge + description: > + The minimum speed of the fan in RPM + + - name: thermal + type: group + fields: + - name: slot_number + type: integer + description: > + Slot number field + + - name: description + type: text + store: true + description: > + Description field + + - name: alarm + type: boolean + description: > + Alarm field + + - name: degrees_celsius + type: float + metric_type: gauge + description: > + Degrees Celsius field + + - name: minimum_temp + type: float + metric_type: gauge + description: > + Minimum temperature field + + - name: maximum_temp + type: float + metric_type: gauge + description: > + Maximum temperature field + + - name: power + type: group + fields: + - name: slot_number + type: integer + description: > + Slot number field + + - name: description + type: text + store: true + description: > + Description field + + - name: alarm + type: boolean + description: > + Indicates if alarm is active + + - name: volts + type: float + metric_type: gauge + description: > + Current Volts + + - name: minimum_volts + type: float + metric_type: gauge + description: > + Minimum volts recorded + + - name: maximum_volts + type: float + metric_type: gauge + description: > + Maximum volts recorded + + - name: certificate + type: group + fields: + - name: issuer + type: keyword + dimension: true + description: > + Issuer of the certificate database + + - name: issuer_subject_hash + type: keyword + description: > + Subject hash of the issuer of the certificate database + + - name: issuer_key_hash + type: keyword + description: > + Key hash of the issuer of the certificate database + + - name: db_type + type: keyword + description: > + Type of the certificate database + + - name: db_exp_date + type: keyword + description: > + Expiration date, format: 310329235959Z (Mar 29 23:59:59 2031 GMT) + + - name: db_rev_date + type: keyword + description: > + Revision date of the certificate database + + - name: db_serial_no + type: keyword + description: > + Serial number of the certificate database + + - name: db_file + type: keyword + dimension: true + description: > + File name of the certificate database + + - name: db_name + type: keyword + dimension: true + description: > + Name of the certificate database + + - name: db_status + type: keyword + dimension: true + description: > + Status of the certificate database + diff --git a/packages/panw_metrics/data_stream/system/manifest.yml b/packages/panw_metrics/data_stream/system/manifest.yml new file mode 100644 index 00000000000..291332acee8 --- /dev/null +++ b/packages/panw_metrics/data_stream/system/manifest.yml @@ -0,0 +1,33 @@ +title: "Palo Alto Networks System metrics" +type: metrics +streams: + - input: panw/metrics + title: Palo Alto Networks System metrics + description: Collect system metrics from Palo Alto Networks with Elastic Agent. + vars: + - name: period + type: text + title: Period + default: 10s + multi: false + required: true + show_user: true + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - panw_metrics-system + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/fleet/current/elastic-agent-processor-configuration.html) for details. +elasticsearch: + source_mode: synthetic + index_mode: time_series \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/system/sample_event.json b/packages/panw_metrics/data_stream/system/sample_event.json new file mode 100644 index 00000000000..99b2013361f --- /dev/null +++ b/packages/panw_metrics/data_stream/system/sample_event.json @@ -0,0 +1,91 @@ +{ + "@timestamp": "2024-02-08T10:15:30.123Z", + "agent": { + "ephemeral_id": "a1b2c3d4-e5f6-4321-a987-1234567890ab", + "id": "9876543210-abcdef-0987654321", + "name": "panw-agent-01", + "type": "metricbeat", + "version": "8.16.0" + }, + "data_stream": { + "namespace": "default", + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "2ea50bee-9250-43d1-8d70-949f242aa275", + "snapshot": false, + "version": "8.16.0" + }, + "event": { + "agent_id_status": "verified", + "duration": 1250000, + "ingested": "2024-02-08T10:15:32Z" + }, + "host": { + "architecture": "x86_64", + "containerized": false, + "hostname": "docker-fleet-agent", + "id": "28da52b32df94b50aff67dfb8f1be3d6", + "ip": [ + "172.24.0.7" + ], + "mac": [ + "02-42-AC-18-00-07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.15.0-89-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.6 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "system", + "period": 10000 + }, + "panw": { + "system": { + "uptime": { + "days": 15, + "hours": 7, + "minutes": 32 + }, + "user_count": 23, + "load_average": { + "1m": 0.75, + "5m": 0.68, + "15m": 0.62 + }, + "tasks": { + "total": 245, + "running": 3, + "sleeping": 242 + }, + "cpu": { + "user": 5.2, + "system": 2.8, + "idle": 92.0 + }, + "memory": { + "total": 16106127360, + "free": 8053063680, + "used": 8053063680 + }, + "swap": { + "total": 4294967296, + "free": 4294967296, + "used": 0 + } + } + }, + "service": { + "type": "panw" + } +} \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/vpn/agent/stream/stream.yml.hbs b/packages/panw_metrics/data_stream/vpn/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..f7cb8c29599 --- /dev/null +++ b/packages/panw_metrics/data_stream/vpn/agent/stream/stream.yml.hbs @@ -0,0 +1,20 @@ +metricsets: ["vpn"] +period: {{period}} +host_ip: {{host_ip}} +port: {{port}} +api_key: {{api_key}} +api_debug_mode: {{api_debug_mode}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/vpn/fields/base-fields.yml b/packages/panw_metrics/data_stream/vpn/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/panw_metrics/data_stream/vpn/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/panw_metrics/data_stream/vpn/fields/ecs.yml b/packages/panw_metrics/data_stream/vpn/fields/ecs.yml new file mode 100644 index 00000000000..f08476cb0c7 --- /dev/null +++ b/packages/panw_metrics/data_stream/vpn/fields/ecs.yml @@ -0,0 +1,12 @@ +- external: ecs + name: agent.id + dimension: true +- external: ecs + name: container.id + dimension: true +- external: ecs + name: host.name + dimension: true +- external: ecs + name: host.id + dimension: true diff --git a/packages/panw_metrics/data_stream/vpn/fields/fields.yml b/packages/panw_metrics/data_stream/vpn/fields/fields.yml new file mode 100644 index 00000000000..5788968843e --- /dev/null +++ b/packages/panw_metrics/data_stream/vpn/fields/fields.yml @@ -0,0 +1,173 @@ +- name: panw.vpn + type: group + fields: + - name: globalprotect + type: group + fields: + - name: total_current_users + type: long + metric_type: gauge + description: > + Total current number of users connected to GlobalProtect gateway + + - name: total_previous_users + type: long + metric_type: gauge + description: > + Total previous number of users connected to GlobalProtect gateway + + - name: session + type: group + fields: + - name: domain + type: keyword + dimension: true + description: > + Domain of the GlobalProtect session + + - name: is_local + type: boolean + description: > + Indicates if the session is local + + - name: username + type: keyword + dimension: true + description: > + Username of the session + + - name: primary_username + type: keyword + dimension: true + description: > + Primary username of the session + + - name: region_for_config + type: keyword + dimension: true + description: > + Region for configuration + + - name: source_region + type: keyword + dimension: true + description: > + Source region of the session + + - name: computer + type: keyword + dimension: true + description: > + Computer name in the session + + - name: client + type: keyword + dimension: true + description: > + Client information of the session + + - name: vpn_type + type: keyword + dimension: true + description: > + Type of VPN used in the session + + - name: host_id + type: keyword + dimension: true + description: > + Host ID of the session + + - name: app_version + type: keyword + description: > + Application version used in the session + + - name: virtual_ip + type: ip + description: > + Virtual IP address of the session + + - name: virtual_ipv6 + type: keyword + description: > + Virtual IPv6 address of the session + + - name: public_ip + type: ip + description: > + Public IP address of the session + + - name: public_ipv6 + type: keyword + description: > + Public IPv6 address of the session + + - name: tunnel_type + type: keyword + description: > + Type of tunnel used in the session + + - name: public_connection_ipv6 + type: keyword + description: > + Public connection IPv6 address of the session + + - name: client_ip + type: ip + description: > + Client IP address of the session + + - name: login_time + type: keyword + description: > + Login time of the session + + - name: login_time_utc + type: date + format: epoch_millis + description: > + Login time in UTC of the session + + - name: lifetime + type: long + unit: s + description: > + Lifetime of the session + + - name: request_login + type: keyword + description: > + Request login information of the session + + - name: request_get_config + type: keyword + description: > + Request get configuration information of the session + + - name: request_sslvpn_connect + type: keyword + description: > + Request SSL VPN connect information of the session + + - name: gateway + type: group + fields: + - name: name + type: keyword + dimension: true + description: > + Name of the GlobalProtect gateway + + - name: current_users + type: long + metric_type: gauge + description: > + Current number of users connected to the GlobalProtect gateway + + - name: previous_users + type: long + metric_type: gauge + description: > + Previous number of users connected to the GlobalProtect gateway + diff --git a/packages/panw_metrics/data_stream/vpn/manifest.yml b/packages/panw_metrics/data_stream/vpn/manifest.yml new file mode 100644 index 00000000000..c942207eedb --- /dev/null +++ b/packages/panw_metrics/data_stream/vpn/manifest.yml @@ -0,0 +1,33 @@ +title: "Palo Alto Networks VPN metrics" +type: metrics +streams: + - input: panw/metrics + title: Palo Alto Networks VPN metrics + description: Collect vpn metrics from Palo Alto Networks with Elastic Agent. + vars: + - name: period + type: text + title: Period + default: 10s + multi: false + required: true + show_user: true + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - panw_metrics-vpn + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/fleet/current/elastic-agent-processor-configuration.html) for details. +elasticsearch: + source_mode: synthetic + index_mode: time_series \ No newline at end of file diff --git a/packages/panw_metrics/data_stream/vpn/sample_event.json b/packages/panw_metrics/data_stream/vpn/sample_event.json new file mode 100644 index 00000000000..bd8ebb125aa --- /dev/null +++ b/packages/panw_metrics/data_stream/vpn/sample_event.json @@ -0,0 +1,75 @@ +{ + "@timestamp": "2024-02-08T10:15:30.123Z", + "agent": { + "ephemeral_id": "a1b2c3d4-e5f6-4321-a987-1234567890ab", + "id": "9876543210-abcdef-0987654321", + "name": "panw-agent-01", + "type": "metricbeat", + "version": "8.16.0" + }, + "data_stream": { + "namespace": "default", + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "2ea50bee-9250-43d1-8d70-949f242aa275", + "snapshot": false, + "version": "8.16.0" + }, + "event": { + "agent_id_status": "verified", + "duration": 1250000, + "ingested": "2024-02-08T10:15:32Z" + }, + "host": { + "architecture": "x86_64", + "containerized": false, + "hostname": "docker-fleet-agent", + "id": "28da52b32df94b50aff67dfb8f1be3d6", + "ip": [ + "172.24.0.7" + ], + "mac": [ + "02-42-AC-18-00-07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.15.0-89-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.6 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "vpn", + "period": 10000 + }, + "panw": { + "vpn": { + "globalprotect": { + "session": { + "domain": "example.com", + "is_local": true, + "username": "john.doe", + "primary_username": "john.doe", + "computer": "LAPTOP-ABC123", + "client": "GlobalProtect", + "vpn_type": "SSL", + "app_version": "5.2.8", + "virtual_ip": "10.0.0.5", + "public_ip": "203.0.113.45", + "tunnel_type": "IPSec", + "client_ip": "192.168.1.100", + "login_time": "2024-02-08T10:15:00.000Z", + "lifetime": 3600 + } + } + } + } +} \ No newline at end of file diff --git a/packages/panw_metrics/docs/README.md b/packages/panw_metrics/docs/README.md new file mode 100644 index 00000000000..85fedafd4e7 --- /dev/null +++ b/packages/panw_metrics/docs/README.md @@ -0,0 +1,720 @@ +# Palo Alto Networks Integration + +This integration periodically fetches metrics from [Palo Alto Networks](https://www.paloaltonetworks.com/) firewalls and management systems. + +## Compatibility + +The integration uses the [Pango](https://github.com/PaloAltoNetworks/pango) library to collect metrics from Palo Alto Networks firewalls. + +## Configuration + +This integration is designed to work with a single firewall at a time. Support for multiple firewalls within one integration policy is not available and has not been tested with Panorama. To collect metrics from multiple firewalls, create a separate integration policy for each firewall, specifying the respective host IP and API key. + +## Metrics + +### interfaces + +The `interfaces` dataset collects detailed network interface statistics from Palo Alto Networks firewalls. It provides information about interface status, traffic throughput, packet counts, error rates, and configuration details, including physical, logical, and high-availability (HA) interfaces. + +An example event for `interfaces` looks as following: + +```json +{ + "@timestamp": "2024-02-08T10:15:30.123Z", + "agent": { + "ephemeral_id": "a1b2c3d4-e5f6-4321-a987-1234567890ab", + "id": "9876543210-abcdef-0987654321", + "name": "panw-agent-01", + "type": "metricbeat", + "version": "8.16.0" + }, + "data_stream": { + "namespace": "default", + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "2ea50bee-9250-43d1-8d70-949f242aa275", + "snapshot": false, + "version": "8.16.0" + }, + "event": { + "agent_id_status": "verified", + "duration": 1250000, + "ingested": "2024-02-08T10:15:32Z" + }, + "host": { + "architecture": "x86_64", + "containerized": false, + "hostname": "docker-fleet-agent", + "id": "28da52b32df94b50aff67dfb8f1be3d6", + "ip": [ + "172.24.0.7" + ], + "mac": [ + "02-42-AC-18-00-07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.15.0-89-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.6 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "interfaces", + "period": 10000 + }, + "panw": { + "interfaces": { + "physical": { + "name": "ethernet1/1", + "id": "ethernet1/1", + "type": "Ethernet interface", + "mac": "00:1B:17:00:01:01", + "speed": "1000Mbps", + "duplex": "full", + "state": "up", + "mode": "autoneg", + "full_state": "1000/full/up" + }, + "logical": { + "name": "ethernet1/1.100", + "id": "ethernet1/1.100", + "tag": 100, + "vsys": 1, + "zone": "trust", + "fwd": "yes", + "ip": "192.168.1.1/24" + }, + "ha": { + "enabled": true, + "mode": "active-passive", + "running_sync": "synchronized", + "running_sync_enabled": true, + "local_info": { + "state": "active", + "mgmt_ip": "10.0.0.1", + "platform_model": "PA-3260" + }, + "peer_info": { + "conn_status": "up", + "state": "passive", + "mgmt_ip": "10.0.0.2", + "platform_model": "PA-3260" + } + }, + "ipsec_tunnel": { + "id": "tunnel-001", + "name": "Site-A-to-Site-B", + "gw": "203.0.113.1", + "TSi_ip": "10.0.0.0", + "TSi_prefix": "24", + "TSi_proto": "any", + "TSi_port": 0, + "TSr_ip": "192.168.0.0", + "TSr_prefix": "24", + "TSr_proto": "any", + "TSr_port": 0, + "proto": "ESP", + "mode": "tunnel", + "dh": "group14", + "enc": "aes-256-cbc", + "hash": "sha256", + "life.sec": 28800, + "kb": 102400 + } + } + } +} +``` + +The fields reported are: + +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + +**Exported fields** + +| Field | Description | Type | Unit | Metric Type | +|---|---|---|---|---| +| @timestamp | Event timestamp. | date | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | +| container.id | Unique container id. | keyword | | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | | +| data_stream.type | Data stream type. | constant_keyword | | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | +| panw.interfaces.ha.enabled | HA enabled | boolean | | | +| panw.interfaces.ha.link_monitoring.enabled | Indicates if link monitoring is enabled | boolean | | | +| panw.interfaces.ha.link_monitoring.failure_condition | Condition that triggers a link monitoring failure, e.g., "any" | keyword | | | +| panw.interfaces.ha.link_monitoring.group.enabled | Indicates if the link monitoring group is enabled | boolean | | | +| panw.interfaces.ha.link_monitoring.group.failure_condition | Condition that triggers a failure in the link monitoring group | keyword | | | +| panw.interfaces.ha.link_monitoring.group.interface.name | Name of the interface in the link monitoring group | keyword | | | +| panw.interfaces.ha.link_monitoring.group.interface.status | Status of the interface in the link monitoring group | keyword | | | +| panw.interfaces.ha.link_monitoring.group.name | Name of the link monitoring group | keyword | | | +| panw.interfaces.ha.local_info.app_version | The version of the application database | keyword | | | +| panw.interfaces.ha.local_info.av_version | The version of the antivirus database | keyword | | | +| panw.interfaces.ha.local_info.build_rel | The PAN-OS software version running on the firewall | keyword | | | +| panw.interfaces.ha.local_info.gp_client_version | Version of the GlobalProtect client software | keyword | | | +| panw.interfaces.ha.local_info.ha1_backup_gateway | Default gateway for the backup HA1 interface | keyword | | | +| panw.interfaces.ha.local_info.ha1_backup_ipaddr | The backup IP address for the HA1 interface, in CIDR format. | keyword | | | +| panw.interfaces.ha.local_info.ha1_backup_macaddr | HA local info HA1 backup MAC address | keyword | | | +| panw.interfaces.ha.local_info.ha1_backup_port | HA local info HA1 backup port, e.g. "management" | keyword | | | +| panw.interfaces.ha.local_info.ha1_ipaddr | IP Address of HA1 interface, used for heartbeat and management synchronization, in CIDR format. | keyword | | | +| panw.interfaces.ha.local_info.ha1_macaddr | HA local info HA1 MAC address | keyword | | | +| panw.interfaces.ha.local_info.ha1_port | Indicates which interface is used for HA1 traffic, e.g., "dedicated-ha1" | keyword | | | +| panw.interfaces.ha.local_info.ha2_ipaddr | HA local info HA2 IP address, in CIDR format. | keyword | | | +| panw.interfaces.ha.local_info.ha2_macaddr | HA local info HA2 MAC address | keyword | | | +| panw.interfaces.ha.local_info.ha2_port | Indicates which interface is used for HA1 traffic, e.g., "dedicated-ha2" | keyword | | | +| panw.interfaces.ha.local_info.iot_version | HA local info IoT database version | keyword | | | +| panw.interfaces.ha.local_info.mgmt_ip | HA local info management IP, in CIDR format. | keyword | | | +| panw.interfaces.ha.local_info.mode | HA mode, e.g., "active-active" or "active-passive" | keyword | | | +| panw.interfaces.ha.local_info.platform_model | Platform model of the local device | keyword | | | +| panw.interfaces.ha.local_info.preemptive | Indicates whether the firewall is configured to preemptively take over as the active unit in an HA setup. This is a yes/no value which the beat is not converting to a boolean, so it will be a keyword. | keyword | | | +| panw.interfaces.ha.local_info.state | HA state of the local device, e.g., "active" or "passive" | keyword | | | +| panw.interfaces.ha.local_info.state_duration | Duration in seconds of the current state | long | s | gauge | +| panw.interfaces.ha.local_info.state_sync | Status of HA synchronization, e.g., "complete" | keyword | | | +| panw.interfaces.ha.local_info.state_sync_type | Type of interface used for HA synchronization | keyword | | | +| panw.interfaces.ha.local_info.threat_version | HA local info threat version | keyword | | | +| panw.interfaces.ha.local_info.url_version | The version of the URL filtering database | keyword | | | +| panw.interfaces.ha.local_info.version | HA configuration info version | long | | | +| panw.interfaces.ha.local_info.vpn_client_version | Version of the VPN client (if installed) | keyword | | | +| panw.interfaces.ha.mode | HA mode, e.g., "active-active" or "active-passive" | keyword | | | +| panw.interfaces.ha.peer_info.conn_ha1.description | Description of the connection type ,e.g., "heartbeat status" | keyword | | | +| panw.interfaces.ha.peer_info.conn_ha1.primary | Specifies if the HA1 connection is primary | keyword | | | +| panw.interfaces.ha.peer_info.conn_ha1.status | Peer HA1 connection status, e.g., "up" | keyword | | | +| panw.interfaces.ha.peer_info.conn_ha1_backup.description | HA peer info connection HA1 backup description | keyword | | | +| panw.interfaces.ha.peer_info.conn_ha1_backup.status | HA peer info connection HA1 backup status, e.g., "up" means it is operational | keyword | | | +| panw.interfaces.ha.peer_info.conn_ha2.description | HA peer info connection HA2 description | keyword | | | +| panw.interfaces.ha.peer_info.conn_ha2.primary | Specifies if the HA2 connection is primary | keyword | | | +| panw.interfaces.ha.peer_info.conn_ha2.status | HA peer info connection HA2 status | keyword | | | +| panw.interfaces.ha.peer_info.conn_status | Overall status of the HA connections ("up" means all connections are operational) | keyword | | | +| panw.interfaces.ha.peer_info.ha1_backup_ipaddr | HA peer info HA1 backup IP address, in CIDR format. | ip | | | +| panw.interfaces.ha.peer_info.ha1_backup_macaddr | HA peer info HA1 backup MAC address | keyword | | | +| panw.interfaces.ha.peer_info.ha1_ipaddr | IP address of the HA1 interface on the peer, in CIDR format. | ip | | | +| panw.interfaces.ha.peer_info.ha1_macaddr | HA1 MAC address of the peer | keyword | | | +| panw.interfaces.ha.peer_info.ha2_ipaddr | HA peer info HA2 IP address, in CIDR format. | keyword | | | +| panw.interfaces.ha.peer_info.ha2_macaddr | HA peer info HA2 MAC address | keyword | | | +| panw.interfaces.ha.peer_info.mgmt_ip | Management IP address of the peer firewall. This is in CIDR format. | keyword | | | +| panw.interfaces.ha.peer_info.mode | HA mode configured on the peer firewall, e.g. "Active-Passive" | keyword | | | +| panw.interfaces.ha.peer_info.platform_model | Model of the peer firewall | keyword | | | +| panw.interfaces.ha.peer_info.preemptive | Indicates if preemption is enabled on the peer firewall | keyword | | | +| panw.interfaces.ha.peer_info.priority | HA priority value of the peer firewall | long | | | +| panw.interfaces.ha.peer_info.state | Current operational state of the peer firewall (passive means it is in standby mode and not handling traffic) | keyword | | | +| panw.interfaces.ha.peer_info.state_duration | How long the peer has been in the current state in seconds | long | s | gauge | +| panw.interfaces.ha.running_sync | Indicates the sychronization status of the HA pair, e.g., "synchronized", "not-synchronized", "synchronizing" | keyword | | | +| panw.interfaces.ha.running_sync_enabled | Indicates if running configuration synchronization is enabled | boolean | | | +| panw.interfaces.ipsec_tunnel.TSi_ip | Traffic Selector Initiator IP. This is the local IP (0.0.0.0 means any IP address) | ip | | | +| panw.interfaces.ipsec_tunnel.TSi_port | Port number associated with TSi (0 means any port) | long | | | +| panw.interfaces.ipsec_tunnel.TSi_prefix | Network prefix for the TSi IP, 0 means no specific network is defined. | keyword | | | +| panw.interfaces.ipsec_tunnel.TSi_proto | Protocol associated with the TSi (0 means any protocol) | keyword | | | +| panw.interfaces.ipsec_tunnel.TSr_ip | Traffic Selector Responder IP. | ip | | | +| panw.interfaces.ipsec_tunnel.TSr_port | TSr port of the IPsec tunnel | long | | | +| panw.interfaces.ipsec_tunnel.TSr_prefix | Network prefix for the TSr IP. Similar to TSi_prefix | keyword | | | +| panw.interfaces.ipsec_tunnel.TSr_proto | TSr protocol of the IPsec tunnel | keyword | | | +| panw.interfaces.ipsec_tunnel.dh | Diffie-Hellman group of the IPsec tunnel | keyword | | | +| panw.interfaces.ipsec_tunnel.enc | Encryption algorithm of the IPsec tunnel | keyword | | | +| panw.interfaces.ipsec_tunnel.gw | Gateway of the IPsec tunnel | keyword | | | +| panw.interfaces.ipsec_tunnel.hash | Hash algorithm of the IPsec tunnel | keyword | | | +| panw.interfaces.ipsec_tunnel.id | ID of the IPsec tunnel | keyword | | | +| panw.interfaces.ipsec_tunnel.kb | Traffic volume limit for SA rekeying | long | byte | gauge | +| panw.interfaces.ipsec_tunnel.life.sec | The lifetime of the IPsec Security Association (SA) in seconds | long | s | gauge | +| panw.interfaces.ipsec_tunnel.mode | This specifies the IPsec mode. e.g., 'tunl' | keyword | | | +| panw.interfaces.ipsec_tunnel.name | Name of the IPsec tunnel | keyword | | | +| panw.interfaces.ipsec_tunnel.proto | Protocol of the IPsec tunnel | keyword | | | +| panw.interfaces.logical.addr | Used to store additional static IP addresses | keyword | | | +| panw.interfaces.logical.addr6 | Logical IPv6 address | keyword | | | +| panw.interfaces.logical.dyn_addr | Dynamic addresses, e.g., generated by DHCP | keyword | | | +| panw.interfaces.logical.fwd | Indicates if the interface is used for forwarding | keyword | | | +| panw.interfaces.logical.id | Logical interface ID | keyword | | | +| panw.interfaces.logical.ip | Logical IP Address with subnet mask, e.g., 111.222.333.10/29. Can also be "N/A" | keyword | | | +| panw.interfaces.logical.name | Logical interface name | keyword | | | +| panw.interfaces.logical.tag | VLAN tag associated with this interface | integer | | | +| panw.interfaces.logical.vsys | Virtual system to which this interface belongs | integer | | | +| panw.interfaces.logical.zone | Logical zone, e.g., "inside" or "outside" | keyword | | | +| panw.interfaces.physical.ae_member | For aggregate interfaces, the array of member interfaces | keyword | | | +| panw.interfaces.physical.duplex | Duplex configuration, e.g., "full" or "half" | keyword | | | +| panw.interfaces.physical.full_state | Physical full state, speed/duplex/state, e.g., "1000/full/up" | keyword | | | +| panw.interfaces.physical.id | Physical interface ID | keyword | | | +| panw.interfaces.physical.mac | Physical MAC address | keyword | | | +| panw.interfaces.physical.mode | Physical interface mode, e.g., autoneg | keyword | | | +| panw.interfaces.physical.name | Physical interface name | keyword | | | +| panw.interfaces.physical.speed | Physical interface speed | keyword | | | +| panw.interfaces.physical.state | Physical interface state: up/down | keyword | | | +| panw.interfaces.physical.type | Physical interface type | keyword | | | + + +### routing + +The `routing` dataset gathers comprehensive routing information from Palo Alto Networks devices. It includes details about routing protocols (with a focus on BGP), static and dynamic routes, next hops, AS numbers, and peer states. This dataset provides insights into the device's routing table and its interactions with other network devices. + +An example event for `routing` looks as following: + +```json +{ + "@timestamp": "2024-02-08T10:15:30.123Z", + "agent": { + "ephemeral_id": "a1b2c3d4-e5f6-4321-a987-1234567890ab", + "id": "9876543210-abcdef-0987654321", + "name": "paloalto-firewall-01", + "type": "metricbeat", + "version": "8.16.0" + }, + "data_stream": { + "namespace": "default", + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "2ea50bee-9250-43d1-8d70-949f242aa275", + "snapshot": false, + "version": "8.16.0" + }, + "event": { + "agent_id_status": "verified", + "duration": 1250000, + "ingested": "2024-02-08T10:15:32Z" + }, + "host": { + "architecture": "x86_64", + "containerized": false, + "hostname": "docker-fleet-agent", + "id": "28da52b32df94b50aff67dfb8f1be3d6", + "ip": [ + "172.24.0.7" + ], + "mac": [ + "02-42-AC-18-00-07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.15.0-89-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.6 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "routing", + "period": 10000 + }, + "panw": { + "routing": { + "bgp": { + "peer_name": "ISP-A", + "virtual_router": "default", + "peer_group": "external_peers", + "peer_router_id": "10.0.0.1", + "remote_as_asn": 65001, + "status": "Established", + "status_duration": 3600, + "password_set": true, + "passive": false, + "peering_type": "External BGP", + "holdtime": 180, + "keepalive": 60, + "msg_update_in": 1000, + "msg_update_out": 500, + "msg_total_in": 5000, + "msg_total_out": 4500, + "last_update_age": 300, + "status_flap_counts": 2, + "established_counts": 10 + } + } + } +} +``` + +The fields reported are: + +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + +**Exported fields** + +| Field | Description | Type | Unit | Metric Type | +|---|---|---|---|---| +| @timestamp | Event timestamp. | date | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | +| container.id | Unique container id. | keyword | | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | | +| data_stream.type | Data stream type. | constant_keyword | | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | +| panw.routing.bgp.aggregate_confed_as | Indicates that Autonomous System (AS) aggregation is enabled for the confederation | boolean | | | +| panw.routing.bgp.connect_retry_interval | The interval between connection retries | long | s | gauge | +| panw.routing.bgp.established_counts | Number of times the BGP session has successfully transitioned to the "Established" state | long | | gauge | +| panw.routing.bgp.holdtime | Time in seconds that the BGP peer will wait for a keepalive message, negotiated between peers | long | s | gauge | +| panw.routing.bgp.holdtime_config | Represents the locally configured hold time on this peer | long | s | gauge | +| panw.routing.bgp.idle_hold | The idle hold time before retrying a connection after failure | long | s | gauge | +| panw.routing.bgp.keepalive | The interval at which BGP keepalive messages are sent, negotiated between peers | long | s | gauge | +| panw.routing.bgp.keepalive_config | The keepalive configured on this peer | long | s | gauge | +| panw.routing.bgp.last_error | The last BGP error message received from the peer | keyword | | | +| panw.routing.bgp.last_update_age | Time in seconds since the last update message was received from the peer | long | s | gauge | +| panw.routing.bgp.local_ip | Local ip address used for BGP connection | ip | | | +| panw.routing.bgp.local_port | Local port number used for BGP connection | long | | | +| panw.routing.bgp.msg_total_in | Total of all messages received from the peer | long | | gauge | +| panw.routing.bgp.msg_total_out | Total of all messages sent to the peer | long | | gauge | +| panw.routing.bgp.msg_update_in | The number of BGP UPDATE messages received by the router from this peer | long | | gauge | +| panw.routing.bgp.msg_update_out | The number of BGP UPDATE messages sent from the local router to the peer | long | | gauge | +| panw.routing.bgp.multi_hop_ttl | Time to Live (TTL) value for multi-hop BGP sessions. Units are the number of hops. | long | | gauge | +| panw.routing.bgp.nexthop_peer | Indicates whether the peer is being used as the next-hop for the routes received from this peerfields. | boolean | | | +| panw.routing.bgp.nexthop_self | Whether the router is configured to use itself as the next-hop for routes sent to this peer | boolean | | | +| panw.routing.bgp.nexthop_thirdparty | Third-party next-hop feature is enabled | boolean | | | +| panw.routing.bgp.open_delay | Delay before sending an Open message | long | s | gauge | +| panw.routing.bgp.orf_entry_received | Number of ORF (Outbound Route Filtering) entries received from the peer | long | | gauge | +| panw.routing.bgp.passive | Indicates if the BGP peer is in passive mode: if yes then router will not initiate a connection to the peer | boolean | | | +| panw.routing.bgp.password_set | Indicates whether a password is set for the BGP peer | boolean | | | +| panw.routing.bgp.peer_group | The name of the BGP peer group this peer belongs to | keyword | | | +| panw.routing.bgp.peer_ip | IP address of the peer | ip | | | +| panw.routing.bgp.peer_name | The name of the current peer in the BGP peer group | keyword | | | +| panw.routing.bgp.peer_port | Port number of the peer | long | | | +| panw.routing.bgp.peer_router_id | BGP peer router ID | ip | | | +| panw.routing.bgp.peering_type | Defines the type of relationship between peers, e.g., "External BGP", "Internal BGP", or "Unspecified" | keyword | | | +| panw.routing.bgp.prefix_limit | The maximum number of prefixes that can be received from the peer (0 = no limit) | long | | gauge | +| panw.routing.bgp.reflector_client | Specifies the BGP peer relationship to route reflectors, e.g. "client", "not-client", "meshed-client" | keyword | | | +| panw.routing.bgp.remote_as_asn | The remote Autonomous System (AS) number of the peer | long | | | +| panw.routing.bgp.same_confederation | Peers in the same confederation exchange routes using internal BGP (iBGP) instead of external BGP (eBGP) | boolean | | | +| panw.routing.bgp.status | The BGP session status, e.g., "Established" means the session is up and running | keyword | | | +| panw.routing.bgp.status_duration | Time in seconds since the current status was set | long | s | gauge | +| panw.routing.bgp.status_flap_counts | Indicates the number of times the BGP session has "flapped" or transitioned between up and down states | long | | gauge | +| panw.routing.bgp.virtual_router | The virtual router with which the BGP peer is associated | keyword | | | + + +### system + +The `system` dataset collects a wide range of system-level metrics from Palo Alto Networks firewalls. This includes CPU usage, memory utilization, disk space, load averages, and process statistics. It also provides information about system uptime, licensed features, file system usage, and hardware component status (such as fans, thermal sensors, and power supplies). + +An example event for `system` looks as following: + +```json +{ + "@timestamp": "2024-02-08T10:15:30.123Z", + "agent": { + "ephemeral_id": "a1b2c3d4-e5f6-4321-a987-1234567890ab", + "id": "9876543210-abcdef-0987654321", + "name": "panw-agent-01", + "type": "metricbeat", + "version": "8.16.0" + }, + "data_stream": { + "namespace": "default", + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "2ea50bee-9250-43d1-8d70-949f242aa275", + "snapshot": false, + "version": "8.16.0" + }, + "event": { + "agent_id_status": "verified", + "duration": 1250000, + "ingested": "2024-02-08T10:15:32Z" + }, + "host": { + "architecture": "x86_64", + "containerized": false, + "hostname": "docker-fleet-agent", + "id": "28da52b32df94b50aff67dfb8f1be3d6", + "ip": [ + "172.24.0.7" + ], + "mac": [ + "02-42-AC-18-00-07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.15.0-89-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.6 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "system", + "period": 10000 + }, + "panw": { + "system": { + "uptime": { + "days": 15, + "hours": 7, + "minutes": 32 + }, + "user_count": 23, + "load_average": { + "1m": 0.75, + "5m": 0.68, + "15m": 0.62 + }, + "tasks": { + "total": 245, + "running": 3, + "sleeping": 242 + }, + "cpu": { + "user": 5.2, + "system": 2.8, + "idle": 92.0 + }, + "memory": { + "total": 16106127360, + "free": 8053063680, + "used": 8053063680 + }, + "swap": { + "total": 4294967296, + "free": 4294967296, + "used": 0 + } + } + }, + "service": { + "type": "panw" + } +} +``` + +The fields reported are: + +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + +**Exported fields** + +| Field | Description | Type | Unit | Metric Type | +|---|---|---|---|---| +| @timestamp | Event timestamp. | date | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | +| container.id | Unique container id. | keyword | | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | | +| data_stream.type | Data stream type. | constant_keyword | | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | +| panw.system.certificate.db_exp_date | Expiration date, format: 310329235959Z (Mar 29 23:59:59 2031 GMT) | keyword | | | +| panw.system.certificate.db_file | File name of the certificate database | keyword | | | +| panw.system.certificate.db_name | Name of the certificate database | keyword | | | +| panw.system.certificate.db_rev_date | Revision date of the certificate database | keyword | | | +| panw.system.certificate.db_serial_no | Serial number of the certificate database | keyword | | | +| panw.system.certificate.db_status | Status of the certificate database | keyword | | | +| panw.system.certificate.db_type | Type of the certificate database | keyword | | | +| panw.system.certificate.issuer | Issuer of the certificate database | keyword | | | +| panw.system.certificate.issuer_key_hash | Key hash of the issuer of the certificate database | keyword | | | +| panw.system.certificate.issuer_subject_hash | Subject hash of the issuer of the certificate database | keyword | | | +| panw.system.cpu.hi | CPU hardware interrupts | float | percent | gauge | +| panw.system.cpu.idle | CPU idle time | float | percent | gauge | +| panw.system.cpu.nice | CPU usage by processes with a positive nice value | float | percent | gauge | +| panw.system.cpu.steal | CPU steal time | float | percent | gauge | +| panw.system.cpu.system | CPU usage by system processes | float | percent | gauge | +| panw.system.cpu.system_int | CPU software interrupts | float | percent | gauge | +| panw.system.cpu.user | CPU usage by user processes | float | percent | gauge | +| panw.system.cpu.wait | CPU wait time | float | percent | gauge | +| panw.system.fan.alarm | Is there an alarm status of the fan | boolean | | | +| panw.system.fan.description | The description of the fan | keyword | | | +| panw.system.fan.min_rpm | The minimum speed of the fan in RPM | integer | | gauge | +| panw.system.fan.rpm | The speed of the fan in RPM | integer | | gauge | +| panw.system.fan.slot_number | The number of the hardware slot | integer | | | +| panw.system.filesystem.available | Disk space available on the filesystem | float | byte | gauge | +| panw.system.filesystem.mounted | Filesystem mount point | keyword | | | +| panw.system.filesystem.name | Filesystem name | keyword | | | +| panw.system.filesystem.size | Total size of the filesystem | float | byte | gauge | +| panw.system.filesystem.use_percent | Percent of filesystem used | float | percent | gauge | +| panw.system.filesystem.used | Amount used on the filesystem | float | byte | gauge | +| panw.system.license.auth_code | Authorization code to activate or install the license | keyword | | | +| panw.system.license.description | Description of the licensed feature | keyword | | | +| panw.system.license.expired | Indicates if the license is expired | boolean | | | +| panw.system.license.expires | Date the license expires - not set if license never expires | date | | | +| panw.system.license.feature | Feature licensed, e.g. Advanced Threat Prevention | keyword | | | +| panw.system.license.issued | Date the license was issued | date | | | +| panw.system.license.never_expires | Indicates if the license never expires | boolean | | | +| panw.system.license.serial | Serial number of license | keyword | | | +| panw.system.load_average.15m | Load average in 15 minutes | float | | gauge | +| panw.system.load_average.1m | Load average in 1 minute | float | | gauge | +| panw.system.load_average.5m | Load average in 5 minutes | float | | gauge | +| panw.system.memory.buffer_cache | Memory used for buffers and cache | float | byte | gauge | +| panw.system.memory.free | Free memory | float | byte | gauge | +| panw.system.memory.total | Total memory | float | byte | gauge | +| panw.system.memory.used | Used memory | float | byte | gauge | +| panw.system.power.alarm | Indicates if alarm is active | boolean | | | +| panw.system.power.description | Description field | text | | | +| panw.system.power.maximum_volts | Maximum volts recorded | float | | gauge | +| panw.system.power.minimum_volts | Minimum volts recorded | float | | gauge | +| panw.system.power.slot_number | Slot number field | integer | | | +| panw.system.power.volts | Current Volts | float | | gauge | +| panw.system.swap.available | Available swap space | float | byte | gauge | +| panw.system.swap.free | Free swap space | float | byte | gauge | +| panw.system.swap.total | Total swap space | float | byte | gauge | +| panw.system.swap.used | Used swap space | float | byte | gauge | +| panw.system.tasks.running | Number of running tasks | long | | gauge | +| panw.system.tasks.sleeping | Number of sleeping tasks | long | | gauge | +| panw.system.tasks.stopped | Number of stopped tasks | long | | gauge | +| panw.system.tasks.total | Total number of tasks | long | | gauge | +| panw.system.tasks.zombie | Number of zombie tasks | long | | gauge | +| panw.system.thermal.alarm | Alarm field | boolean | | | +| panw.system.thermal.degrees_celsius | Degrees Celsius field | float | | gauge | +| panw.system.thermal.description | Description field | text | | | +| panw.system.thermal.maximum_temp | Maximum temperature field | float | | gauge | +| panw.system.thermal.minimum_temp | Minimum temperature field | float | | gauge | +| panw.system.thermal.slot_number | Slot number field | integer | | | +| panw.system.uptime.days | Uptime in days | integer | d | gauge | +| panw.system.uptime.hours | Hours component of uptime | integer | h | gauge | +| panw.system.uptime.minutes | Minutes component of uptime | integer | m | gauge | +| panw.system.user_count | Number of users | long | | gauge | + + +### vpn + +The `vpn` dataset gathers detailed Virtual Private Network (VPN) statistics from Palo Alto Networks devices. It covers both GlobalProtect and IPsec VPN technologies, providing information about active VPN sessions, user connections, tunnel status, encryption details, and performance metrics. This dataset offers insights into VPN usage, security, and performance. + +An example event for `vpn` looks as following: + +```json +{ + "@timestamp": "2024-02-08T10:15:30.123Z", + "agent": { + "ephemeral_id": "a1b2c3d4-e5f6-4321-a987-1234567890ab", + "id": "9876543210-abcdef-0987654321", + "name": "panw-agent-01", + "type": "metricbeat", + "version": "8.16.0" + }, + "data_stream": { + "namespace": "default", + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" + }, + "elastic_agent": { + "id": "2ea50bee-9250-43d1-8d70-949f242aa275", + "snapshot": false, + "version": "8.16.0" + }, + "event": { + "agent_id_status": "verified", + "duration": 1250000, + "ingested": "2024-02-08T10:15:32Z" + }, + "host": { + "architecture": "x86_64", + "containerized": false, + "hostname": "docker-fleet-agent", + "id": "28da52b32df94b50aff67dfb8f1be3d6", + "ip": [ + "172.24.0.7" + ], + "mac": [ + "02-42-AC-18-00-07" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.15.0-89-generic", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.6 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "vpn", + "period": 10000 + }, + "panw": { + "vpn": { + "globalprotect": { + "session": { + "domain": "example.com", + "is_local": true, + "username": "john.doe", + "primary_username": "john.doe", + "computer": "LAPTOP-ABC123", + "client": "GlobalProtect", + "vpn_type": "SSL", + "app_version": "5.2.8", + "virtual_ip": "10.0.0.5", + "public_ip": "203.0.113.45", + "tunnel_type": "IPSec", + "client_ip": "192.168.1.100", + "login_time": "2024-02-08T10:15:00.000Z", + "lifetime": 3600 + } + } + } + } +} +``` + +The fields reported are: + +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + +**Exported fields** + +| Field | Description | Type | Unit | Metric Type | +|---|---|---|---|---| +| @timestamp | Event timestamp. | date | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | +| container.id | Unique container id. | keyword | | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | | +| data_stream.type | Data stream type. | constant_keyword | | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | +| panw.vpn.globalprotect.gateway.current_users | Current number of users connected to the GlobalProtect gateway | long | | gauge | +| panw.vpn.globalprotect.gateway.name | Name of the GlobalProtect gateway | keyword | | | +| panw.vpn.globalprotect.gateway.previous_users | Previous number of users connected to the GlobalProtect gateway | long | | gauge | +| panw.vpn.globalprotect.session.app_version | Application version used in the session | keyword | | | +| panw.vpn.globalprotect.session.client | Client information of the session | keyword | | | +| panw.vpn.globalprotect.session.client_ip | Client IP address of the session | ip | | | +| panw.vpn.globalprotect.session.computer | Computer name in the session | keyword | | | +| panw.vpn.globalprotect.session.domain | Domain of the GlobalProtect session | keyword | | | +| panw.vpn.globalprotect.session.host_id | Host ID of the session | keyword | | | +| panw.vpn.globalprotect.session.is_local | Indicates if the session is local | boolean | | | +| panw.vpn.globalprotect.session.lifetime | Lifetime of the session | long | s | | +| panw.vpn.globalprotect.session.login_time | Login time of the session | keyword | | | +| panw.vpn.globalprotect.session.login_time_utc | Login time in UTC of the session | date | | | +| panw.vpn.globalprotect.session.primary_username | Primary username of the session | keyword | | | +| panw.vpn.globalprotect.session.public_connection_ipv6 | Public connection IPv6 address of the session | keyword | | | +| panw.vpn.globalprotect.session.public_ip | Public IP address of the session | ip | | | +| panw.vpn.globalprotect.session.public_ipv6 | Public IPv6 address of the session | keyword | | | +| panw.vpn.globalprotect.session.region_for_config | Region for configuration | keyword | | | +| panw.vpn.globalprotect.session.request_get_config | Request get configuration information of the session | keyword | | | +| panw.vpn.globalprotect.session.request_login | Request login information of the session | keyword | | | +| panw.vpn.globalprotect.session.request_sslvpn_connect | Request SSL VPN connect information of the session | keyword | | | +| panw.vpn.globalprotect.session.source_region | Source region of the session | keyword | | | +| panw.vpn.globalprotect.session.tunnel_type | Type of tunnel used in the session | keyword | | | +| panw.vpn.globalprotect.session.username | Username of the session | keyword | | | +| panw.vpn.globalprotect.session.virtual_ip | Virtual IP address of the session | ip | | | +| panw.vpn.globalprotect.session.virtual_ipv6 | Virtual IPv6 address of the session | keyword | | | +| panw.vpn.globalprotect.session.vpn_type | Type of VPN used in the session | keyword | | | +| panw.vpn.globalprotect.total_current_users | Total current number of users connected to GlobalProtect gateway | long | | gauge | +| panw.vpn.globalprotect.total_previous_users | Total previous number of users connected to GlobalProtect gateway | long | | gauge | diff --git a/packages/panw_metrics/img/logo.svg b/packages/panw_metrics/img/logo.svg new file mode 100644 index 00000000000..194199e03a3 --- /dev/null +++ b/packages/panw_metrics/img/logo.svg @@ -0,0 +1,11 @@ + + PaloAltoNetworks_2020_Logo-svg + + + + + + + \ No newline at end of file diff --git a/packages/panw_metrics/img/panw_interfaces_dashboard.png b/packages/panw_metrics/img/panw_interfaces_dashboard.png new file mode 100644 index 00000000000..8c1a6888787 Binary files /dev/null and b/packages/panw_metrics/img/panw_interfaces_dashboard.png differ diff --git a/packages/panw_metrics/img/panw_routing_dashboard.png b/packages/panw_metrics/img/panw_routing_dashboard.png new file mode 100644 index 00000000000..7c6f298755a Binary files /dev/null and b/packages/panw_metrics/img/panw_routing_dashboard.png differ diff --git a/packages/panw_metrics/img/panw_system_dashboard.png b/packages/panw_metrics/img/panw_system_dashboard.png new file mode 100644 index 00000000000..82cdc2136c0 Binary files /dev/null and b/packages/panw_metrics/img/panw_system_dashboard.png differ diff --git a/packages/panw_metrics/img/panw_vpn_dashboard.png b/packages/panw_metrics/img/panw_vpn_dashboard.png new file mode 100644 index 00000000000..adea158eda2 Binary files /dev/null and b/packages/panw_metrics/img/panw_vpn_dashboard.png differ diff --git a/packages/panw_metrics/kibana/dashboard/panw_metrics-27ff09cf-28a5-424d-8c3d-3b30f61d82dc.json b/packages/panw_metrics/kibana/dashboard/panw_metrics-27ff09cf-28a5-424d-8c3d-3b30f61d82dc.json new file mode 100644 index 00000000000..8d124267063 --- /dev/null +++ b/packages/panw_metrics/kibana/dashboard/panw_metrics-27ff09cf-28a5-424d-8c3d-3b30f61d82dc.json @@ -0,0 +1,2114 @@ +{ + "id": "panw_metrics-27ff09cf-28a5-424d-8c3d-3b30f61d82dc", + "type": "dashboard", + "created_at": "2024-10-04T14:17:19.690Z", + "attributes": { + "version": 2, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"data_stream.dataset\",\"field\":\"data_stream.dataset\",\"params\":{\"query\":\"panw_metrics.system\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"panw_metrics.system\"}},\"$state\":{\"store\":\"appState\"}}]}" + }, + "description": "Overview of Palo Alto Networks System metrics", + "timeRestore": false, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": [ + { + "type": "lens", + "gridData": { + "x": 0, + "y": 0, + "w": 16, + "h": 9, + "i": "767546ef-09a1-4c05-b02e-8ef2c300d41f" + }, + "panelIndex": "767546ef-09a1-4c05-b02e-8ef2c300d41f", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsMetric", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "layerType": "data", + "metricAccessor": "b578ff1c-f6db-4d39-b977-9bf9cd1ba5d2", + "palette": { + "type": "palette", + "name": "status", + "params": { + "name": "status", + "reverse": false, + "rangeType": "number", + "rangeMin": null, + "rangeMax": null, + "progression": "fixed", + "stops": [ + { + "color": "#209280", + "stop": 0.15 + }, + { + "color": "#d6bf57", + "stop": 0.3 + }, + { + "color": "#cc5642", + "stop": 0.45 + } + ], + "steps": 3, + "colorStops": [], + "continuity": "all", + "maxSteps": 5 + } + } + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "b578ff1c-f6db-4d39-b977-9bf9cd1ba5d2": { + "label": "CPU Idle Time", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.cpu.idle", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true, + "format": { + "id": "percent", + "params": { + "decimals": 2 + } + } + }, + "customLabel": true + } + }, + "columnOrder": [ + "b578ff1c-f6db-4d39-b977-9bf9cd1ba5d2" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + } + }, + { + "type": "lens", + "gridData": { + "x": 16, + "y": 0, + "w": 16, + "h": 9, + "i": "fda46c9a-7ed2-40b4-90ff-15f4cfb57569" + }, + "panelIndex": "fda46c9a-7ed2-40b4-90ff-15f4cfb57569", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsMetric", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "layerType": "data", + "metricAccessor": "b578ff1c-f6db-4d39-b977-9bf9cd1ba5d2", + "palette": { + "type": "palette", + "name": "status", + "params": { + "name": "status", + "reverse": false, + "rangeType": "number", + "rangeMin": null, + "rangeMax": null, + "progression": "fixed", + "stops": [ + { + "color": "#209280", + "stop": 0.15 + }, + { + "color": "#d6bf57", + "stop": 0.3 + }, + { + "color": "#cc5642", + "stop": 0.45 + } + ], + "steps": 3, + "colorStops": [], + "continuity": "all", + "maxSteps": 5 + } + } + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "b578ff1c-f6db-4d39-b977-9bf9cd1ba5d2": { + "label": "User Count", + "dataType": "number", + "operationType": "last_value", + "isBucketed": false, + "scale": "ratio", + "sourceField": "panw.system.user_count", + "filter": { + "query": "\"panw.system.user_count\": *", + "language": "kuery" + }, + "params": { + "sortField": "@timestamp", + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + } + }, + "columnOrder": [ + "b578ff1c-f6db-4d39-b977-9bf9cd1ba5d2" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + } + }, + { + "type": "lens", + "gridData": { + "x": 32, + "y": 0, + "w": 16, + "h": 9, + "i": "cbb5bf61-f6b2-4725-8277-e6f706908148" + }, + "panelIndex": "cbb5bf61-f6b2-4725-8277-e6f706908148", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsMetric", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "layerType": "data", + "metricAccessor": "b578ff1c-f6db-4d39-b977-9bf9cd1ba5d2", + "palette": { + "type": "palette", + "name": "status", + "params": { + "name": "status", + "reverse": false, + "rangeType": "number", + "rangeMin": null, + "rangeMax": null, + "progression": "fixed", + "stops": [ + { + "color": "#209280", + "stop": 0 + }, + { + "color": "#d6bf57", + "stop": 0 + }, + { + "color": "#cc5642", + "stop": 0 + } + ], + "steps": 3, + "colorStops": [], + "continuity": "all", + "maxSteps": 5 + } + } + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "b578ff1c-f6db-4d39-b977-9bf9cd1ba5d2": { + "label": "System Uptime", + "dataType": "number", + "operationType": "last_value", + "isBucketed": false, + "scale": "ratio", + "sourceField": "panw.system.uptime.days", + "filter": { + "query": "\"panw.system.uptime.days\": *", + "language": "kuery" + }, + "params": { + "sortField": "@timestamp", + "format": { + "id": "duration", + "params": { + "decimals": 0, + "fromUnit": "days", + "toUnit": "humanizePrecise" + } + } + }, + "customLabel": true + } + }, + "columnOrder": [ + "b578ff1c-f6db-4d39-b977-9bf9cd1ba5d2" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + } + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 39, + "w": 24, + "h": 15, + "i": "d283871e-a074-435b-83fc-98d7362bfbcb" + }, + "panelIndex": "d283871e-a074-435b-83fc-98d7362bfbcb", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "area_stacked", + "layers": [ + { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "seriesType": "area_stacked", + "xAccessor": "03463cad-b635-4834-a3da-813ba7bab827", + "accessors": [ + "a9845c37-d0a0-4de0-b1cd-0ea77248cc9b", + "83200008-3168-4899-ae9d-928e22c99368", + "d4da2481-486c-4eb4-9df3-af459ea14e47" + ], + "layerType": "data", + "colorMapping": { + "assignments": [], + "specialAssignments": [ + { + "rule": { + "type": "other" + }, + "color": { + "type": "loop" + }, + "touched": false + } + ], + "paletteId": "eui_amsterdam_color_blind", + "colorMode": { + "type": "categorical" + } + } + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "03463cad-b635-4834-a3da-813ba7bab827": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "a9845c37-d0a0-4de0-b1cd-0ea77248cc9b": { + "label": "Used", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.memory.used", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "83200008-3168-4899-ae9d-928e22c99368": { + "label": "Free", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.memory.free", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "d4da2481-486c-4eb4-9df3-af459ea14e47": { + "label": "Buffer Cache", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.memory.buffer_cache", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + } + }, + "columnOrder": [ + "03463cad-b635-4834-a3da-813ba7bab827", + "a9845c37-d0a0-4de0-b1cd-0ea77248cc9b", + "83200008-3168-4899-ae9d-928e22c99368", + "d4da2481-486c-4eb4-9df3-af459ea14e47" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Memory Usage" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 39, + "w": 24, + "h": 15, + "i": "47ea82ea-d8d0-430a-b0ac-ac0a7bb5d2e6" + }, + "panelIndex": "47ea82ea-d8d0-430a-b0ac-ac0a7bb5d2e6", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "area_stacked", + "layers": [ + { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "seriesType": "area_stacked", + "xAccessor": "03463cad-b635-4834-a3da-813ba7bab827", + "accessors": [ + "a9845c37-d0a0-4de0-b1cd-0ea77248cc9b", + "83200008-3168-4899-ae9d-928e22c99368", + "d4da2481-486c-4eb4-9df3-af459ea14e47", + "6d0475bc-a25e-4e33-9e0d-b8a02dc39eb9", + "b1e5dac9-6635-462b-9275-27be4eaffe2c", + "4cea3071-74f2-4b7b-a4c3-e110a45e9da3", + "562773db-e297-4152-9d25-5083aa4b1daf" + ], + "layerType": "data", + "colorMapping": { + "assignments": [], + "specialAssignments": [ + { + "rule": { + "type": "other" + }, + "color": { + "type": "loop" + }, + "touched": false + } + ], + "paletteId": "eui_amsterdam_color_blind", + "colorMode": { + "type": "categorical" + } + } + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "03463cad-b635-4834-a3da-813ba7bab827": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "a9845c37-d0a0-4de0-b1cd-0ea77248cc9b": { + "label": "User", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.cpu.user", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "83200008-3168-4899-ae9d-928e22c99368": { + "label": "System", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.cpu.system", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "d4da2481-486c-4eb4-9df3-af459ea14e47": { + "label": "Nice", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.cpu.nice", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "6d0475bc-a25e-4e33-9e0d-b8a02dc39eb9": { + "label": "Wait", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.cpu.wait", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "b1e5dac9-6635-462b-9275-27be4eaffe2c": { + "label": "Hi", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.cpu.hi", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "4cea3071-74f2-4b7b-a4c3-e110a45e9da3": { + "label": "System Int", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.cpu.system_int", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "562773db-e297-4152-9d25-5083aa4b1daf": { + "label": "Steal", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.cpu.steal", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + } + }, + "columnOrder": [ + "03463cad-b635-4834-a3da-813ba7bab827", + "a9845c37-d0a0-4de0-b1cd-0ea77248cc9b", + "83200008-3168-4899-ae9d-928e22c99368", + "d4da2481-486c-4eb4-9df3-af459ea14e47", + "6d0475bc-a25e-4e33-9e0d-b8a02dc39eb9", + "b1e5dac9-6635-462b-9275-27be4eaffe2c", + "4cea3071-74f2-4b7b-a4c3-e110a45e9da3", + "562773db-e297-4152-9d25-5083aa4b1daf" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "CPU Usage" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 54, + "w": 24, + "h": 15, + "i": "adcfdaf9-4ae3-4a6b-b23d-8c6eb2bccb36" + }, + "panelIndex": "adcfdaf9-4ae3-4a6b-b23d-8c6eb2bccb36", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "bar_horizontal_stacked", + "layers": [ + { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "seriesType": "bar_horizontal_stacked", + "accessors": [ + "00a35618-bf71-43a8-bd30-d39540c71731", + "e93aed2c-f483-4496-b62f-5f807760c2be" + ], + "layerType": "data", + "colorMapping": { + "assignments": [], + "specialAssignments": [ + { + "rule": { + "type": "other" + }, + "color": { + "type": "loop" + }, + "touched": false + } + ], + "paletteId": "eui_amsterdam_color_blind", + "colorMode": { + "type": "categorical" + } + }, + "xAccessor": "d0ec4b40-e052-4c57-a31a-e139a6698891" + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "00a35618-bf71-43a8-bd30-d39540c71731": { + "label": "Used", + "dataType": "number", + "operationType": "last_value", + "isBucketed": false, + "scale": "ratio", + "sourceField": "panw.system.filesystem.used", + "filter": { + "query": "\"panw.system.filesystem.used\": *", + "language": "kuery" + }, + "params": { + "sortField": "@timestamp" + }, + "customLabel": true + }, + "e93aed2c-f483-4496-b62f-5f807760c2be": { + "label": "Available", + "dataType": "number", + "operationType": "last_value", + "isBucketed": false, + "scale": "ratio", + "sourceField": "panw.system.filesystem.available", + "filter": { + "query": "\"panw.system.filesystem.available\": *", + "language": "kuery" + }, + "params": { + "sortField": "@timestamp" + }, + "customLabel": true + }, + "d0ec4b40-e052-4c57-a31a-e139a6698891": { + "label": "Filesystem Name", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.system.filesystem.name", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "00a35618-bf71-43a8-bd30-d39540c71731" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false + }, + "customLabel": true + } + }, + "columnOrder": [ + "d0ec4b40-e052-4c57-a31a-e139a6698891", + "00a35618-bf71-43a8-bd30-d39540c71731", + "e93aed2c-f483-4496-b62f-5f807760c2be" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Disk Usage per Filesystem" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 54, + "w": 24, + "h": 15, + "i": "d8f9310d-7c03-42e4-8444-5d04aa453654" + }, + "panelIndex": "d8f9310d-7c03-42e4-8444-5d04aa453654", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "line", + "layers": [ + { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "seriesType": "line", + "xAccessor": "03463cad-b635-4834-a3da-813ba7bab827", + "accessors": [ + "a9845c37-d0a0-4de0-b1cd-0ea77248cc9b", + "83200008-3168-4899-ae9d-928e22c99368", + "d4da2481-486c-4eb4-9df3-af459ea14e47" + ], + "layerType": "data", + "colorMapping": { + "assignments": [], + "specialAssignments": [ + { + "rule": { + "type": "other" + }, + "color": { + "type": "loop" + }, + "touched": false + } + ], + "paletteId": "eui_amsterdam_color_blind", + "colorMode": { + "type": "categorical" + } + } + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "03463cad-b635-4834-a3da-813ba7bab827": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "a9845c37-d0a0-4de0-b1cd-0ea77248cc9b": { + "label": "1m", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.load_average.1m", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "83200008-3168-4899-ae9d-928e22c99368": { + "label": "5m", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.load_average.5m", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "d4da2481-486c-4eb4-9df3-af459ea14e47": { + "label": "15m", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.load_average.15m", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + } + }, + "columnOrder": [ + "03463cad-b635-4834-a3da-813ba7bab827", + "a9845c37-d0a0-4de0-b1cd-0ea77248cc9b", + "83200008-3168-4899-ae9d-928e22c99368", + "d4da2481-486c-4eb4-9df3-af459ea14e47" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Load Average" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 69, + "w": 24, + "h": 15, + "i": "9b80b46f-f557-4bbb-986d-55cbbeba6f41" + }, + "panelIndex": "9b80b46f-f557-4bbb-986d-55cbbeba6f41", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "line", + "layers": [ + { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "seriesType": "line", + "accessors": [ + "6829f673-d42a-4d92-b409-67c280f91e2a" + ], + "layerType": "data", + "xAccessor": "2e445a4b-fb9b-4803-ad5d-361c09414bc1", + "splitAccessor": "392269cb-4dce-4bce-b055-6dd743408d82" + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "2e445a4b-fb9b-4803-ad5d-361c09414bc1": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "6829f673-d42a-4d92-b409-67c280f91e2a": { + "label": "RPM", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.fan.rpm", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "392269cb-4dce-4bce-b055-6dd743408d82": { + "label": "Top 20 values of panw.system.fan.description", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.system.fan.description", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "6829f673-d42a-4d92-b409-67c280f91e2a" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false, + "secondaryFields": [] + } + } + }, + "columnOrder": [ + "2e445a4b-fb9b-4803-ad5d-361c09414bc1", + "392269cb-4dce-4bce-b055-6dd743408d82", + "6829f673-d42a-4d92-b409-67c280f91e2a" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Fan Speeds" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 69, + "w": 24, + "h": 15, + "i": "fc04865c-a3f1-4437-84be-c86d2b7fedb1" + }, + "panelIndex": "fc04865c-a3f1-4437-84be-c86d2b7fedb1", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "area_stacked", + "layers": [ + { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "seriesType": "area_stacked", + "accessors": [ + "6f2837bf-be5e-439e-b73d-a696a2a74c35", + "98438559-e755-4550-8d4b-6769a98060ec", + "4551f32c-2fe3-48af-8dd7-9ac8d5d3372a", + "37b17e66-86d4-4ecb-8cc1-9df1318b2220" + ], + "layerType": "data", + "colorMapping": { + "assignments": [], + "specialAssignments": [ + { + "rule": { + "type": "other" + }, + "color": { + "type": "loop" + }, + "touched": false + } + ], + "paletteId": "eui_amsterdam_color_blind", + "colorMode": { + "type": "categorical" + } + }, + "xAccessor": "2e445a4b-fb9b-4803-ad5d-361c09414bc1" + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "2e445a4b-fb9b-4803-ad5d-361c09414bc1": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "6f2837bf-be5e-439e-b73d-a696a2a74c35": { + "label": "Running", + "dataType": "number", + "operationType": "sum", + "sourceField": "panw.system.tasks.running", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "98438559-e755-4550-8d4b-6769a98060ec": { + "label": "Sleeping", + "dataType": "number", + "operationType": "sum", + "sourceField": "panw.system.tasks.sleeping", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "4551f32c-2fe3-48af-8dd7-9ac8d5d3372a": { + "label": "Stopped", + "dataType": "number", + "operationType": "sum", + "sourceField": "panw.system.tasks.stopped", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "37b17e66-86d4-4ecb-8cc1-9df1318b2220": { + "label": "Zombie", + "dataType": "number", + "operationType": "sum", + "sourceField": "panw.system.tasks.zombie", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + } + }, + "columnOrder": [ + "2e445a4b-fb9b-4803-ad5d-361c09414bc1", + "6f2837bf-be5e-439e-b73d-a696a2a74c35", + "98438559-e755-4550-8d4b-6769a98060ec", + "4551f32c-2fe3-48af-8dd7-9ac8d5d3372a", + "37b17e66-86d4-4ecb-8cc1-9df1318b2220" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Task Counts" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 84, + "w": 24, + "h": 15, + "i": "4934c17f-9ea9-4b39-8c62-75649c86a3de" + }, + "panelIndex": "4934c17f-9ea9-4b39-8c62-75649c86a3de", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "area_stacked", + "layers": [ + { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "seriesType": "area_stacked", + "accessors": [ + "20319fba-4cb0-4c15-a17d-da63bf9163f6", + "78d9f810-ef47-40c1-804e-211d34417a6b", + "2879540e-0c18-4074-8bbe-67a24ff8aa0e" + ], + "layerType": "data", + "xAccessor": "2e445a4b-fb9b-4803-ad5d-361c09414bc1" + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "2e445a4b-fb9b-4803-ad5d-361c09414bc1": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "20319fba-4cb0-4c15-a17d-da63bf9163f6": { + "label": "Used", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.swap.used", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "78d9f810-ef47-40c1-804e-211d34417a6b": { + "label": "Free", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.swap.free", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "2879540e-0c18-4074-8bbe-67a24ff8aa0e": { + "label": "Available", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.swap.available", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + } + }, + "columnOrder": [ + "2e445a4b-fb9b-4803-ad5d-361c09414bc1", + "20319fba-4cb0-4c15-a17d-da63bf9163f6", + "78d9f810-ef47-40c1-804e-211d34417a6b", + "2879540e-0c18-4074-8bbe-67a24ff8aa0e" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Swap Usage" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 84, + "w": 24, + "h": 15, + "i": "ec50141f-3b75-4100-ae1d-e54056bcdaf8" + }, + "panelIndex": "ec50141f-3b75-4100-ae1d-e54056bcdaf8", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "line", + "layers": [ + { + "layerId": "00a8848b-210f-4c86-a1ad-95137349b3f3", + "seriesType": "line", + "accessors": [ + "6829f673-d42a-4d92-b409-67c280f91e2a" + ], + "layerType": "data", + "xAccessor": "2e445a4b-fb9b-4803-ad5d-361c09414bc1", + "splitAccessor": "ed00b728-f836-450c-b3ee-8afa6df20764" + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "00a8848b-210f-4c86-a1ad-95137349b3f3": { + "columns": { + "2e445a4b-fb9b-4803-ad5d-361c09414bc1": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "6829f673-d42a-4d92-b409-67c280f91e2a": { + "label": "Degrees Celsius", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.system.thermal.degress_celsius", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + }, + "ed00b728-f836-450c-b3ee-8afa6df20764": { + "label": "Top 20 values of panw.system.thermal.slot_number", + "dataType": "number", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.system.thermal.slot_number", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "6829f673-d42a-4d92-b409-67c280f91e2a" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false + } + } + }, + "columnOrder": [ + "2e445a4b-fb9b-4803-ad5d-361c09414bc1", + "ed00b728-f836-450c-b3ee-8afa6df20764", + "6829f673-d42a-4d92-b409-67c280f91e2a" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Temperatures" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 9, + "w": 48, + "h": 15, + "i": "574ba0fd-968a-4120-870c-fe6c09d43954" + }, + "panelIndex": "574ba0fd-968a-4120-870c-fe6c09d43954", + "embeddableConfig": { + "attributes": { + "title": "Table Expiration Date & License Serial & Issued Date & Feature & Description", + "references": [ + { + "type": "index-pattern", + "id": "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9", + "name": "textBasedLanguages-datasource-layer-5b24cb65-ee0d-4ee6-a730-71a9ed80cd01" + } + ], + "state": { + "datasourceStates": { + "textBased": { + "layers": { + "5b24cb65-ee0d-4ee6-a730-71a9ed80cd01": { + "index": "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9", + "query": { + "esql": "FROM metrics-panw_metrics.system-* \n| keep panw.system.license.serial, panw.system.license.expires, panw.system.license.feature, panw.system.license.issued, panw.system.license.description, panw.system.license.expired \n| where panw.system.license.expires is not null \n| stats expiration_date=max(panw.system.license.expires) by panw.system.license.serial, panw.system.license.issued, panw.system.license.feature, panw.system.license.description, panw.system.license.expired \n| sort expiration_date, panw.system.license.expired desc | rename expiration_date as `Expiration Date`, panw.system.license.feature as Feature, panw.system.license.issued as `Issued Date`, panw.system.license.description as Description, panw.system.license.serial as `License Serial`, panw.system.license.expired as Expired" + }, + "columns": [ + { + "columnId": "Expiration Date", + "fieldName": "Expiration Date", + "meta": { + "type": "date", + "esType": "date" + }, + "inMetricDimension": true + }, + { + "columnId": "License Serial", + "fieldName": "License Serial", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Issued Date", + "fieldName": "Issued Date", + "meta": { + "type": "date", + "esType": "date" + }, + "inMetricDimension": true + }, + { + "columnId": "Feature", + "fieldName": "Feature", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Description", + "fieldName": "Description", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "f1fc73e6-7f8f-4768-980f-4aa68e580b23", + "fieldName": "Expired", + "meta": { + "type": "boolean", + "esType": "boolean" + } + } + ], + "timeField": "@timestamp" + } + }, + "indexPatternRefs": [ + { + "id": "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9", + "title": "metrics-panw_metrics.system-*", + "timeField": "@timestamp" + } + ] + } + }, + "filters": [], + "query": { + "esql": "FROM metrics-panw_metrics.system-* \n| keep panw.system.license.serial, panw.system.license.expires, panw.system.license.feature, panw.system.license.issued, panw.system.license.description, panw.system.license.expired \n| where panw.system.license.expires is not null \n| stats expiration_date=max(panw.system.license.expires) by panw.system.license.serial, panw.system.license.issued, panw.system.license.feature, panw.system.license.description, panw.system.license.expired \n| sort expiration_date, panw.system.license.expired desc | rename expiration_date as `Expiration Date`, panw.system.license.feature as Feature, panw.system.license.issued as `Issued Date`, panw.system.license.description as Description, panw.system.license.serial as `License Serial`, panw.system.license.expired as Expired" + }, + "visualization": { + "layerId": "5b24cb65-ee0d-4ee6-a730-71a9ed80cd01", + "layerType": "data", + "columns": [ + { + "columnId": "Expiration Date" + }, + { + "columnId": "License Serial" + }, + { + "columnId": "Issued Date" + }, + { + "columnId": "Feature" + }, + { + "columnId": "Description" + }, + { + "columnId": "f1fc73e6-7f8f-4768-980f-4aa68e580b23", + "isTransposed": false, + "isMetric": true + } + ] + }, + "adHocDataViews": { + "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9": { + "id": "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9", + "title": "metrics-panw_metrics.system-*", + "timeFieldName": "@timestamp", + "sourceFilters": [], + "type": "esql", + "fieldFormats": {}, + "runtimeFieldMap": {}, + "allowNoIndex": false, + "name": "metrics-panw_metrics.system-*", + "allowHidden": false + } + } + }, + "visualizationType": "lnsDatatable", + "type": "lens" + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} + }, + "title": "License Expiration Overview" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 24, + "w": 48, + "h": 15, + "i": "b4944bcf-e6d0-4be4-832e-8d80d711dd1b" + }, + "panelIndex": "b4944bcf-e6d0-4be4-832e-8d80d711dd1b", + "embeddableConfig": { + "attributes": { + "title": "Table Expiration Date & Certificate Serial No & Issuer & Name & Status", + "references": [], + "state": { + "datasourceStates": { + "textBased": { + "layers": { + "167827f3-403e-4ae5-8f6e-d84a16d83474": { + "index": "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9", + "query": { + "esql": "FROM metrics-panw_metrics.system-* \n| keep panw.system.certificate.db_serial_no, panw.system.certificate.db_exp_date, panw.system.certificate.name, panw.system.certificate.issuer, panw.system.certificate.db_status \n| where panw.system.certificate.db_exp_date is not null \n| eval extracted_date = substring(panw.system.certificate.db_exp_date, 1, 13)\n| eval expiration_date = date_parse( \"yyMMddHHmmssz\", extracted_date)\n| stats expiration_date=max(expiration_date) by panw.system.certificate.db_serial_no, panw.system.certificate.issuer, panw.system.certificate.name, panw.system.certificate.db_status \n| sort expiration_date desc \n| rename expiration_date as `Expiration Date`, panw.system.certificate.name as Name, panw.system.certificate.issuer as Issuer, panw.system.certificate.db_status as Status, panw.system.certificate.db_serial_no as `Certificate Serial No`" + }, + "columns": [ + { + "columnId": "Expiration Date", + "fieldName": "Expiration Date", + "meta": { + "type": "date", + "esType": "date" + }, + "inMetricDimension": true + }, + { + "columnId": "Certificate Serial No", + "fieldName": "Certificate Serial No", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Issuer", + "fieldName": "Issuer", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Name", + "fieldName": "Name", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Status", + "fieldName": "Status", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + } + ], + "timeField": "@timestamp" + } + }, + "indexPatternRefs": [ + { + "id": "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9", + "title": "metrics-panw_metrics.system-*", + "timeField": "@timestamp" + } + ] + } + }, + "filters": [], + "query": { + "esql": "FROM metrics-panw_metrics.system-* \n| keep panw.system.certificate.db_serial_no, panw.system.certificate.db_exp_date, panw.system.certificate.name, panw.system.certificate.issuer, panw.system.certificate.db_status \n| where panw.system.certificate.db_exp_date is not null \n| eval extracted_date = substring(panw.system.certificate.db_exp_date, 1, 13)\n| eval expiration_date = date_parse( \"yyMMddHHmmssz\", extracted_date)\n| stats expiration_date=max(expiration_date) by panw.system.certificate.db_serial_no, panw.system.certificate.issuer, panw.system.certificate.name, panw.system.certificate.db_status \n| sort expiration_date desc \n| rename expiration_date as `Expiration Date`, panw.system.certificate.name as Name, panw.system.certificate.issuer as Issuer, panw.system.certificate.db_status as Status, panw.system.certificate.db_serial_no as `Certificate Serial No`" + }, + "visualization": { + "layerId": "167827f3-403e-4ae5-8f6e-d84a16d83474", + "layerType": "data", + "columns": [ + { + "columnId": "Expiration Date" + }, + { + "columnId": "Certificate Serial No" + }, + { + "columnId": "Issuer" + }, + { + "columnId": "Name" + }, + { + "columnId": "Status" + } + ] + }, + "adHocDataViews": { + "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9": { + "id": "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9", + "title": "metrics-panw_metrics.system-*", + "timeFieldName": "@timestamp", + "sourceFilters": [], + "type": "esql", + "fieldFormats": {}, + "runtimeFieldMap": {}, + "allowNoIndex": false, + "name": "metrics-panw_metrics.system-*", + "allowHidden": false + } + } + }, + "visualizationType": "lnsDatatable", + "type": "lens" + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} + }, + "title": "Certificate Expiration Overview" + } + ], + "title": "[Metrics Palo Alto Networks] System Overview" + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "767546ef-09a1-4c05-b02e-8ef2c300d41f:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "fda46c9a-7ed2-40b4-90ff-15f4cfb57569:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "cbb5bf61-f6b2-4725-8277-e6f706908148:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "d283871e-a074-435b-83fc-98d7362bfbcb:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "47ea82ea-d8d0-430a-b0ac-ac0a7bb5d2e6:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "adcfdaf9-4ae3-4a6b-b23d-8c6eb2bccb36:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "d8f9310d-7c03-42e4-8444-5d04aa453654:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "9b80b46f-f557-4bbb-986d-55cbbeba6f41:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "fc04865c-a3f1-4437-84be-c86d2b7fedb1:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "4934c17f-9ea9-4b39-8c62-75649c86a3de:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "ec50141f-3b75-4100-ae1d-e54056bcdaf8:indexpattern-datasource-layer-00a8848b-210f-4c86-a1ad-95137349b3f3" + }, + { + "type": "index-pattern", + "id": "be9eae22dcd9e1e3fb08784154a7180ce151ffd32e741f34fc9c6cc7d93b45a9", + "name": "574ba0fd-968a-4120-870c-fe6c09d43954:textBasedLanguages-datasource-layer-5b24cb65-ee0d-4ee6-a730-71a9ed80cd01" + } + ], + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.2.0" +} \ No newline at end of file diff --git a/packages/panw_metrics/kibana/dashboard/panw_metrics-5621b556-9010-4883-a339-4aa6a0b4bd74.json b/packages/panw_metrics/kibana/dashboard/panw_metrics-5621b556-9010-4883-a339-4aa6a0b4bd74.json new file mode 100644 index 00000000000..f132934f554 --- /dev/null +++ b/packages/panw_metrics/kibana/dashboard/panw_metrics-5621b556-9010-4883-a339-4aa6a0b4bd74.json @@ -0,0 +1,1655 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": { + "029b6c39-8488-45f1-958a-6b976dc740da": { + "explicitInput": { + "enhancements": {}, + "fieldName": "panw.vpn.globalprotect.session.username", + "grow": false, + "id": "029b6c39-8488-45f1-958a-6b976dc740da", + "searchTechnique": "prefix", + "title": "Session Username", + "width": "medium" + }, + "grow": false, + "order": 2, + "type": "optionsListControl", + "width": "medium" + }, + "47d14afc-2c72-41fa-bbb0-fd50a0e01302": { + "explicitInput": { + "enhancements": {}, + "fieldName": "panw.vpn.globalprotect.gateway.name", + "grow": false, + "id": "47d14afc-2c72-41fa-bbb0-fd50a0e01302", + "searchTechnique": "prefix", + "title": "Gateway Name", + "width": "medium" + }, + "grow": false, + "order": 0, + "type": "optionsListControl", + "width": "medium" + }, + "fcea636d-4696-4efa-95c7-29381e7a62a6": { + "explicitInput": { + "enhancements": {}, + "fieldName": "panw.vpn.globalprotect.session.computer", + "grow": false, + "id": "fcea636d-4696-4efa-95c7-29381e7a62a6", + "searchTechnique": "prefix", + "title": "Session Computer", + "width": "medium" + }, + "grow": false, + "order": 1, + "type": "optionsListControl", + "width": "medium" + } + }, + "showApplySelections": false + }, + "description": "Overview of Palo Alto Networks VPN metrics", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "panw_metrics.vpn" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "panw_metrics.vpn" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "207ac45a-7b42-4974-a24f-516a776fc403" + ], + "columns": { + "207ac45a-7b42-4974-a24f-516a776fc403": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"panw.vpn.globalprotect.total_previous_users\": *" + }, + "isBucketed": false, + "label": "Total Previous Users", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.total_previous_users" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data", + "metricAccessor": "207ac45a-7b42-4974-a24f-516a776fc403", + "palette": { + "name": "status", + "params": { + "colorStops": [], + "continuity": "all", + "maxSteps": 5, + "name": "status", + "progression": "fixed", + "rangeMax": null, + "rangeMin": null, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1728000 + }, + { + "color": "#d6bf57", + "stop": 3456000 + }, + { + "color": "#cc5642", + "stop": 5184000 + } + ] + }, + "type": "palette" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "06adc250-b2eb-4118-8efe-6d63ff1fafea", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "06adc250-b2eb-4118-8efe-6d63ff1fafea", + "title": "", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "207ac45a-7b42-4974-a24f-516a776fc403" + ], + "columns": { + "207ac45a-7b42-4974-a24f-516a776fc403": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"panw.vpn.globalprotect.total_current_users\": *" + }, + "isBucketed": false, + "label": "Total Current Users", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.total_current_users" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data", + "metricAccessor": "207ac45a-7b42-4974-a24f-516a776fc403", + "palette": { + "name": "status", + "params": { + "colorStops": [], + "continuity": "all", + "maxSteps": 5, + "name": "status", + "progression": "fixed", + "rangeMax": null, + "rangeMin": null, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 0.66 + }, + { + "color": "#d6bf57", + "stop": 1.33 + }, + { + "color": "#cc5642", + "stop": 2 + } + ] + }, + "type": "palette" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "523562a5-66d0-4a95-b069-52ea8417d298", + "w": 16, + "x": 16, + "y": 0 + }, + "panelIndex": "523562a5-66d0-4a95-b069-52ea8417d298", + "title": "", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "207ac45a-7b42-4974-a24f-516a776fc403" + ], + "columns": { + "207ac45a-7b42-4974-a24f-516a776fc403": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Average Session Lifetime", + "operationType": "average", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.session.lifetime" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data", + "metricAccessor": "207ac45a-7b42-4974-a24f-516a776fc403", + "palette": { + "name": "status", + "params": { + "colorStops": [], + "continuity": "all", + "maxSteps": 5, + "name": "status", + "progression": "fixed", + "rangeMax": null, + "rangeMin": null, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": [ + { + "color": "#209280", + "stop": 1728000 + }, + { + "color": "#d6bf57", + "stop": 3456000 + }, + { + "color": "#cc5642", + "stop": 5184000 + } + ] + }, + "type": "palette" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "7108ed3a-faa0-4332-bb69-216d346ae231", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "7108ed3a-faa0-4332-bb69-216d346ae231", + "title": "", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "54bf754e-6b46-4e61-9fce-8f43e828179d", + "37ad867b-3486-44f0-9105-e6d6bf2bb78d" + ], + "columns": { + "37ad867b-3486-44f0-9105-e6d6bf2bb78d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Current Users", + "operationType": "max", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.total_current_users" + }, + "54bf754e-6b46-4e61-9fce-8f43e828179d": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "37ad867b-3486-44f0-9105-e6d6bf2bb78d" + ], + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "54bf754e-6b46-4e61-9fce-8f43e828179d" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "title": "Empty XY chart", + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "430ff68c-0867-4d4d-be7f-403bf6e70600", + "w": 24, + "x": 0, + "y": 23 + }, + "panelIndex": "430ff68c-0867-4d4d-be7f-403bf6e70600", + "title": "Total Current Users", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "7bcfd0ea-2bd1-4fcb-b460-ad68aaa74e3a", + "207ac45a-7b42-4974-a24f-516a776fc403" + ], + "columns": { + "207ac45a-7b42-4974-a24f-516a776fc403": { + "dataType": "number", + "isBucketed": false, + "label": "Average of panw.vpn.globalprotect.session.lifetime", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "duration", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.session.lifetime" + }, + "7bcfd0ea-2bd1-4fcb-b460-ad68aaa74e3a": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "207ac45a-7b42-4974-a24f-516a776fc403" + ], + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "7bcfd0ea-2bd1-4fcb-b460-ad68aaa74e3a" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "d447283f-18c1-414e-9fd8-35bd28959317", + "w": 24, + "x": 24, + "y": 23 + }, + "panelIndex": "d447283f-18c1-414e-9fd8-35bd28959317", + "title": "Average Session Lifetime", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "8b48330c-647b-4e3d-9b90-b5034ce6cabc", + "a59ccbf8-4594-485d-bd11-29b3c5d57cb1", + "01c9e5dd-345d-4755-a45a-163c921e1312" + ], + "columns": { + "01c9e5dd-345d-4755-a45a-163c921e1312": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Session", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.session.host_id" + }, + "8b48330c-647b-4e3d-9b90-b5034ce6cabc": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "a59ccbf8-4594-485d-bd11-29b3c5d57cb1": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of panw.vpn.globalprotect.session.vpn_type", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "01c9e5dd-345d-4755-a45a-163c921e1312", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.session.vpn_type" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "01c9e5dd-345d-4755-a45a-163c921e1312" + ], + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "a59ccbf8-4594-485d-bd11-29b3c5d57cb1", + "xAccessor": "8b48330c-647b-4e3d-9b90-b5034ce6cabc" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f037e251-ac98-4f5d-8c9a-081454904801", + "w": 24, + "x": 0, + "y": 38 + }, + "panelIndex": "f037e251-ac98-4f5d-8c9a-081454904801", + "title": "Sessions by VPN Type", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "8b48330c-647b-4e3d-9b90-b5034ce6cabc", + "a59ccbf8-4594-485d-bd11-29b3c5d57cb1", + "01c9e5dd-345d-4755-a45a-163c921e1312" + ], + "columns": { + "01c9e5dd-345d-4755-a45a-163c921e1312": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Session", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.session.host_id" + }, + "8b48330c-647b-4e3d-9b90-b5034ce6cabc": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "a59ccbf8-4594-485d-bd11-29b3c5d57cb1": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of panw.vpn.globalprotect.session.source_region", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "01c9e5dd-345d-4755-a45a-163c921e1312", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.session.source_region" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "01c9e5dd-345d-4755-a45a-163c921e1312" + ], + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "a59ccbf8-4594-485d-bd11-29b3c5d57cb1", + "xAccessor": "8b48330c-647b-4e3d-9b90-b5034ce6cabc" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "08826163-7851-47c2-8cc7-5850b90284d1", + "w": 24, + "x": 24, + "y": 38 + }, + "panelIndex": "08826163-7851-47c2-8cc7-5850b90284d1", + "title": "Sessions by Region", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "5f2f5087-bb01-472b-a804-24e47bd1218c", + "343c690a-fc92-4048-865d-cb2f82f86738" + ], + "columns": { + "343c690a-fc92-4048-865d-cb2f82f86738": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.session.username" + }, + "5f2f5087-bb01-472b-a804-24e47bd1218c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Username", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "343c690a-fc92-4048-865d-cb2f82f86738", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.session.username" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "343c690a-fc92-4048-865d-cb2f82f86738" + ], + "colorMapping": { + "assignments": [], + "colorMode": { + "type": "categorical" + }, + "paletteId": "eui_amsterdam_color_blind", + "specialAssignments": [ + { + "color": { + "type": "loop" + }, + "rule": { + "type": "other" + }, + "touched": false + } + ] + }, + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "xAccessor": "5f2f5087-bb01-472b-a804-24e47bd1218c" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "719549c8-0cec-43fe-a66c-ab013f9f89a4", + "w": 24, + "x": 0, + "y": 53 + }, + "panelIndex": "719549c8-0cec-43fe-a66c-ab013f9f89a4", + "title": "Active Sessions by Username", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "240a37e5-fc16-4273-8d23-364c72d02eca", + "3f65df4a-9c15-4583-a6be-275fe06bff21", + "01c9e5dd-345d-4755-a45a-163c921e1312" + ], + "columns": { + "01c9e5dd-345d-4755-a45a-163c921e1312": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Current Users", + "operationType": "max", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.gateway.current_users" + }, + "240a37e5-fc16-4273-8d23-364c72d02eca": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of panw.vpn.globalprotect.gateway.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "01c9e5dd-345d-4755-a45a-163c921e1312", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.gateway.name" + }, + "3f65df4a-9c15-4583-a6be-275fe06bff21": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "01c9e5dd-345d-4755-a45a-163c921e1312" + ], + "colorMapping": { + "assignments": [], + "colorMode": { + "type": "categorical" + }, + "paletteId": "eui_amsterdam_color_blind", + "specialAssignments": [ + { + "color": { + "type": "loop" + }, + "rule": { + "type": "other" + }, + "touched": false + } + ] + }, + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal_stacked", + "showGridlines": false, + "splitAccessor": "240a37e5-fc16-4273-8d23-364c72d02eca", + "xAccessor": "3f65df4a-9c15-4583-a6be-275fe06bff21" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_horizontal_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f74ecef4-1b91-4ae9-9787-fa0798ef8faa", + "w": 24, + "x": 24, + "y": 53 + }, + "panelIndex": "f74ecef4-1b91-4ae9-9787-fa0798ef8faa", + "title": "Current Users by Gateway", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "currentIndexPatternId": "metrics-*", + "layers": { + "8ef36681-8e92-48de-80a5-c05bb48886b9": { + "columnOrder": [ + "010718e4-7a7f-452e-b3e4-190b95743503", + "0f4c5864-de4f-4259-84b0-d9d30d760d02", + "96bae642-aa30-4908-b4e7-b3320b0d087d", + "9a516321-ab7b-4264-96ad-d3ee0caffbd6", + "efea3e95-7c96-4667-b1e5-f5ef63d3ae56", + "9e2b8ca6-331d-4bd7-a0b9-6cf1f3765595", + "52ebfc77-1044-4bad-886e-c0c26af01c6b" + ], + "columns": { + "010718e4-7a7f-452e-b3e4-190b95743503": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Computer", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "52ebfc77-1044-4bad-886e-c0c26af01c6b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.session.computer" + }, + "0f4c5864-de4f-4259-84b0-d9d30d760d02": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Client IP", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "52ebfc77-1044-4bad-886e-c0c26af01c6b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.session.client_ip" + }, + "52ebfc77-1044-4bad-886e-c0c26af01c6b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Session Lifetime", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "duration", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "panw.vpn.globalprotect.session.lifetime" + }, + "96bae642-aa30-4908-b4e7-b3320b0d087d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Username", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "52ebfc77-1044-4bad-886e-c0c26af01c6b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.session.username" + }, + "9a516321-ab7b-4264-96ad-d3ee0caffbd6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Domain", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "52ebfc77-1044-4bad-886e-c0c26af01c6b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.session.domain" + }, + "9e2b8ca6-331d-4bd7-a0b9-6cf1f3765595": { + "customLabel": true, + "dataType": "boolean", + "isBucketed": true, + "label": "Local", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "52ebfc77-1044-4bad-886e-c0c26af01c6b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.session.is_local" + }, + "efea3e95-7c96-4667-b1e5-f5ef63d3ae56": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Tunnel Type", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "52ebfc77-1044-4bad-886e-c0c26af01c6b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "panw.vpn.globalprotect.session.tunnel_type" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*", + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "010718e4-7a7f-452e-b3e4-190b95743503", + "isMetric": false, + "isTransposed": false + }, + { + "columnId": "0f4c5864-de4f-4259-84b0-d9d30d760d02", + "isMetric": false, + "isTransposed": false + }, + { + "columnId": "96bae642-aa30-4908-b4e7-b3320b0d087d", + "isMetric": false, + "isTransposed": false + }, + { + "columnId": "9a516321-ab7b-4264-96ad-d3ee0caffbd6", + "isMetric": false, + "isTransposed": false + }, + { + "columnId": "efea3e95-7c96-4667-b1e5-f5ef63d3ae56", + "isMetric": false, + "isTransposed": false + }, + { + "columnId": "9e2b8ca6-331d-4bd7-a0b9-6cf1f3765595", + "isMetric": false, + "isTransposed": false + }, + { + "columnId": "52ebfc77-1044-4bad-886e-c0c26af01c6b", + "isMetric": true, + "isTransposed": false + } + ], + "layerId": "8ef36681-8e92-48de-80a5-c05bb48886b9", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "e99d4dcf-f559-4e2a-8ed0-f0bdfbb793e8", + "w": 48, + "x": 0, + "y": 8 + }, + "panelIndex": "e99d4dcf-f559-4e2a-8ed0-f0bdfbb793e8", + "title": "Sessions Overview", + "type": "lens" + } + ], + "timeRestore": false, + "title": "[Metrics Palo Alto Networks] VPN Overview", + "version": 2 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2024-10-04T13:52:08.764Z", + "id": "panw_metrics-5621b556-9010-4883-a339-4aa6a0b4bd74", + "managed": true, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "06adc250-b2eb-4118-8efe-6d63ff1fafea:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "523562a5-66d0-4a95-b069-52ea8417d298:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "7108ed3a-faa0-4332-bb69-216d346ae231:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "430ff68c-0867-4d4d-be7f-403bf6e70600:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "d447283f-18c1-414e-9fd8-35bd28959317:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f037e251-ac98-4f5d-8c9a-081454904801:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "08826163-7851-47c2-8cc7-5850b90284d1:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "719549c8-0cec-43fe-a66c-ab013f9f89a4:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f74ecef4-1b91-4ae9-9787-fa0798ef8faa:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e99d4dcf-f559-4e2a-8ed0-f0bdfbb793e8:indexpattern-datasource-layer-8ef36681-8e92-48de-80a5-c05bb48886b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_47d14afc-2c72-41fa-bbb0-fd50a0e01302:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_029b6c39-8488-45f1-958a-6b976dc740da:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_fcea636d-4696-4efa-95c7-29381e7a62a6:optionsListDataView", + "type": "index-pattern" + } + ], + "type": "dashboard", + "typeMigrationVersion": "10.2.0" +} \ No newline at end of file diff --git a/packages/panw_metrics/kibana/dashboard/panw_metrics-c100764a-f935-4c7b-a0d0-7622c4e19f6f.json b/packages/panw_metrics/kibana/dashboard/panw_metrics-c100764a-f935-4c7b-a0d0-7622c4e19f6f.json new file mode 100644 index 00000000000..ce8669651ae --- /dev/null +++ b/packages/panw_metrics/kibana/dashboard/panw_metrics-c100764a-f935-4c7b-a0d0-7622c4e19f6f.json @@ -0,0 +1,1500 @@ +{ + "id": "panw_metrics-c100764a-f935-4c7b-a0d0-7622c4e19f6f", + "type": "dashboard", + "updated_at": "2024-10-04T18:46:59.570Z", + "created_at": "2024-10-04T18:46:59.570Z", + "attributes": { + "version": 2, + "controlGroupInput": { + "controlStyle": "oneLine", + "chainingSystem": "HIERARCHICAL", + "showApplySelections": false, + "panelsJSON": "{\"94796cc2-2ba7-4857-a7d6-47bcd462d3db\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":false,\"width\":\"medium\",\"explicitInput\":{\"id\":\"94796cc2-2ba7-4857-a7d6-47bcd462d3db\",\"fieldName\":\"panw.routing.bgp.peer_group\",\"title\":\"Peer Group\",\"grow\":false,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}},\"8a13fbfd-4f4e-4e62-80fe-99f145e61e56\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":false,\"width\":\"medium\",\"explicitInput\":{\"id\":\"8a13fbfd-4f4e-4e62-80fe-99f145e61e56\",\"fieldName\":\"panw.routing.bgp.peer_name\",\"title\":\"Peer Name\",\"grow\":false,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}},\"0f213807-0f19-4bdd-be6f-310cfbfda9c6\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":false,\"width\":\"medium\",\"explicitInput\":{\"id\":\"0f213807-0f19-4bdd-be6f-310cfbfda9c6\",\"fieldName\":\"panw.routing.bgp.status\",\"title\":\"Status\",\"grow\":false,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}}}", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}" + }, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "panw_metrics.routing" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "panw_metrics.routing" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "Overview of Palo Alto Networks Routing metrics", + "timeRestore": false, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": [ + { + "type": "lens", + "gridData": { + "x": 0, + "y": 0, + "w": 16, + "h": 8, + "i": "aaac6462-5125-4f53-8d88-bb1ca281cc74" + }, + "panelIndex": "aaac6462-5125-4f53-8d88-bb1ca281cc74", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsMetric", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-232db9b9-a0ff-45c5-aa87-3f2348d6bf94" + } + ], + "state": { + "visualization": { + "layerId": "232db9b9-a0ff-45c5-aa87-3f2348d6bf94", + "layerType": "data", + "palette": { + "type": "palette", + "name": "status", + "params": { + "name": "status", + "reverse": false, + "rangeType": "number", + "rangeMin": null, + "rangeMax": null, + "progression": "fixed", + "stops": [ + { + "color": "#209280", + "stop": 435.33 + }, + { + "color": "#d6bf57", + "stop": 870.66 + }, + { + "color": "#cc5642", + "stop": 1306 + } + ], + "steps": 3, + "colorStops": [], + "continuity": "all", + "maxSteps": 5 + } + }, + "metricAccessor": "11cdd9c6-17f6-4417-9cb8-3907b82e3359" + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "232db9b9-a0ff-45c5-aa87-3f2348d6bf94": { + "columns": { + "11cdd9c6-17f6-4417-9cb8-3907b82e3359": { + "label": "Established BGP Sessions", + "dataType": "number", + "operationType": "max", + "sourceField": "panw.routing.bgp.established_counts", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true + }, + "customLabel": true + } + }, + "columnOrder": [ + "11cdd9c6-17f6-4417-9cb8-3907b82e3359" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + } + }, + { + "type": "lens", + "gridData": { + "x": 16, + "y": 0, + "w": 16, + "h": 8, + "i": "e3cb2011-212a-404a-8b7b-10321daa0e24" + }, + "panelIndex": "e3cb2011-212a-404a-8b7b-10321daa0e24", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsMetric", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-232db9b9-a0ff-45c5-aa87-3f2348d6bf94" + } + ], + "state": { + "visualization": { + "layerId": "232db9b9-a0ff-45c5-aa87-3f2348d6bf94", + "layerType": "data", + "palette": { + "type": "palette", + "name": "status", + "params": { + "name": "status", + "reverse": false, + "rangeType": "number", + "rangeMin": null, + "rangeMax": null, + "progression": "fixed", + "stops": [ + { + "color": "#209280", + "stop": 435.33 + }, + { + "color": "#d6bf57", + "stop": 870.66 + }, + { + "color": "#cc5642", + "stop": 1306 + } + ], + "steps": 3, + "colorStops": [], + "continuity": "all", + "maxSteps": 5 + } + }, + "metricAccessor": "11cdd9c6-17f6-4417-9cb8-3907b82e3359" + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "232db9b9-a0ff-45c5-aa87-3f2348d6bf94": { + "columns": { + "11cdd9c6-17f6-4417-9cb8-3907b82e3359": { + "label": "Average BGP Hold Time", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.routing.bgp.holdtime", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true, + "format": { + "id": "duration", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + } + }, + "columnOrder": [ + "11cdd9c6-17f6-4417-9cb8-3907b82e3359" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + } + }, + { + "type": "lens", + "gridData": { + "x": 32, + "y": 0, + "w": 16, + "h": 8, + "i": "d0f1a21f-e0a6-4b0e-945d-ab33b84d92ad" + }, + "panelIndex": "d0f1a21f-e0a6-4b0e-945d-ab33b84d92ad", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsMetric", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-232db9b9-a0ff-45c5-aa87-3f2348d6bf94" + } + ], + "state": { + "visualization": { + "layerId": "232db9b9-a0ff-45c5-aa87-3f2348d6bf94", + "layerType": "data", + "palette": { + "type": "palette", + "name": "status", + "params": { + "name": "status", + "reverse": false, + "rangeType": "number", + "rangeMin": null, + "rangeMax": null, + "progression": "fixed", + "stops": [ + { + "color": "#209280", + "stop": 435.33 + }, + { + "color": "#d6bf57", + "stop": 870.66 + }, + { + "color": "#cc5642", + "stop": 1306 + } + ], + "steps": 3, + "colorStops": [], + "continuity": "all", + "maxSteps": 5 + } + }, + "metricAccessor": "11cdd9c6-17f6-4417-9cb8-3907b82e3359" + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "232db9b9-a0ff-45c5-aa87-3f2348d6bf94": { + "columns": { + "11cdd9c6-17f6-4417-9cb8-3907b82e3359": { + "label": "Average Messages Received", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.routing.bgp.msg_total_in", + "isBucketed": false, + "scale": "ratio", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "emptyAsNull": true + }, + "customLabel": true + } + }, + "columnOrder": [ + "11cdd9c6-17f6-4417-9cb8-3907b82e3359" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + } + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 8, + "w": 24, + "h": 15, + "i": "7dc1d83f-4d3e-4a5c-956e-58e4df62ad57" + }, + "panelIndex": "7dc1d83f-4d3e-4a5c-956e-58e4df62ad57", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "bar_stacked", + "layers": [ + { + "layerId": "3fe86907-93ba-4f73-a2cc-f000ac328163", + "accessors": [ + "187673ed-2a64-4d53-9446-5a625628ef91" + ], + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "layerType": "data", + "splitAccessor": "149799bc-4c66-405e-8f6c-13ca2aca3ee4", + "xAccessor": "daa28320-181a-4268-bc89-db978a6aa612" + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "3fe86907-93ba-4f73-a2cc-f000ac328163": { + "columns": { + "149799bc-4c66-405e-8f6c-13ca2aca3ee4": { + "label": "BGP Peer Name and Status", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.routing.bgp.peer_name", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "187673ed-2a64-4d53-9446-5a625628ef91" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false, + "secondaryFields": [ + "panw.routing.bgp.status" + ] + }, + "customLabel": true + }, + "187673ed-2a64-4d53-9446-5a625628ef91": { + "label": "BGP Status Duration", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.routing.bgp.status_duration", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true, + "format": { + "id": "duration", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + }, + "daa28320-181a-4268-bc89-db978a6aa612": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + } + }, + "columnOrder": [ + "149799bc-4c66-405e-8f6c-13ca2aca3ee4", + "daa28320-181a-4268-bc89-db978a6aa612", + "187673ed-2a64-4d53-9446-5a625628ef91" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Status Duration" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 8, + "w": 24, + "h": 15, + "i": "8d88dd0c-d83d-4950-b2ab-567857f3cb6a" + }, + "panelIndex": "8d88dd0c-d83d-4950-b2ab-567857f3cb6a", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "bar_stacked", + "layers": [ + { + "layerId": "3fe86907-93ba-4f73-a2cc-f000ac328163", + "accessors": [ + "187673ed-2a64-4d53-9446-5a625628ef91", + "865c8285-5d82-4b27-be07-a01d588e5cc3" + ], + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "layerType": "data", + "xAccessor": "6416047a-4602-4317-a00b-f9d00abfce87", + "splitAccessor": "ec4f25f2-84e3-4a18-8cd8-6e0e071e01e3" + } + ], + "yTitle": "Duration" + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "3fe86907-93ba-4f73-a2cc-f000ac328163": { + "columns": { + "187673ed-2a64-4d53-9446-5a625628ef91": { + "label": "Keepalive", + "dataType": "number", + "operationType": "last_value", + "isBucketed": false, + "scale": "ratio", + "sourceField": "panw.routing.bgp.keepalive_config", + "filter": { + "query": "\"panw.routing.bgp.keepalive_config\": *", + "language": "kuery" + }, + "params": { + "sortField": "@timestamp", + "format": { + "id": "duration", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + }, + "865c8285-5d82-4b27-be07-a01d588e5cc3": { + "label": "Holdtime", + "dataType": "number", + "operationType": "last_value", + "isBucketed": false, + "scale": "ratio", + "sourceField": "panw.routing.bgp.holdtime_config", + "filter": { + "query": "\"panw.routing.bgp.holdtime_config\": *", + "language": "kuery" + }, + "params": { + "sortField": "@timestamp", + "format": { + "id": "duration", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + }, + "6416047a-4602-4317-a00b-f9d00abfce87": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "ec4f25f2-84e3-4a18-8cd8-6e0e071e01e3": { + "label": "Top 20 values of panw.routing.bgp.peer_name", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.routing.bgp.peer_name", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "187673ed-2a64-4d53-9446-5a625628ef91" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false + } + } + }, + "columnOrder": [ + "6416047a-4602-4317-a00b-f9d00abfce87", + "ec4f25f2-84e3-4a18-8cd8-6e0e071e01e3", + "187673ed-2a64-4d53-9446-5a625628ef91", + "865c8285-5d82-4b27-be07-a01d588e5cc3" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Keepalive and Hold Time Configurations" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 23, + "w": 24, + "h": 15, + "i": "a1114b83-c5cb-4e2b-b8aa-17ff7f927cd1" + }, + "panelIndex": "a1114b83-c5cb-4e2b-b8aa-17ff7f927cd1", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "bar_stacked", + "layers": [ + { + "layerId": "3fe86907-93ba-4f73-a2cc-f000ac328163", + "accessors": [ + "a35c74f7-bd68-4122-842a-191677b6b16a" + ], + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "layerType": "data", + "splitAccessor": "be7762fc-424b-469e-867c-a3cc18a09c83", + "xAccessor": "8ca47fa6-7884-4738-8a0a-be262e18d9f8" + } + ], + "yTitle": "Duration" + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "3fe86907-93ba-4f73-a2cc-f000ac328163": { + "columns": { + "a35c74f7-bd68-4122-842a-191677b6b16a": { + "label": "Last Update Age", + "dataType": "number", + "operationType": "last_value", + "isBucketed": false, + "scale": "ratio", + "sourceField": "panw.routing.bgp.last_update_age", + "filter": { + "query": "\"panw.routing.bgp.last_update_age\": *", + "language": "kuery" + }, + "params": { + "sortField": "@timestamp", + "format": { + "id": "duration", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + }, + "be7762fc-424b-469e-867c-a3cc18a09c83": { + "label": "Top 20 values of panw.routing.bgp.peer_name", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.routing.bgp.peer_name", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "a35c74f7-bd68-4122-842a-191677b6b16a" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false + } + }, + "8ca47fa6-7884-4738-8a0a-be262e18d9f8": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + } + }, + "columnOrder": [ + "8ca47fa6-7884-4738-8a0a-be262e18d9f8", + "be7762fc-424b-469e-867c-a3cc18a09c83", + "a35c74f7-bd68-4122-842a-191677b6b16a" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Peers Last Update Age" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 38, + "w": 24, + "h": 15, + "i": "309894cc-b827-42aa-bdfd-5edeff5249fc" + }, + "panelIndex": "309894cc-b827-42aa-bdfd-5edeff5249fc", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "area_stacked", + "layers": [ + { + "layerId": "3fe86907-93ba-4f73-a2cc-f000ac328163", + "accessors": [ + "2cc9282a-a87a-4995-9c1b-d6027e1c022d", + "f653e5d5-14db-41b8-8ffd-549fda525671", + "82831619-84f7-40b4-a47d-f0560aa28a0b", + "aedd81d8-fc3b-4843-9c7f-e3c40d774105" + ], + "position": "top", + "seriesType": "area_stacked", + "showGridlines": false, + "layerType": "data", + "splitAccessor": "be7762fc-424b-469e-867c-a3cc18a09c83", + "xAccessor": "8ca47fa6-7884-4738-8a0a-be262e18d9f8" + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "3fe86907-93ba-4f73-a2cc-f000ac328163": { + "columns": { + "be7762fc-424b-469e-867c-a3cc18a09c83": { + "label": "Top 20 values of panw.routing.bgp.peer_name", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.routing.bgp.peer_name", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "2cc9282a-a87a-4995-9c1b-d6027e1c022d" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false + } + }, + "8ca47fa6-7884-4738-8a0a-be262e18d9f8": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "2cc9282a-a87a-4995-9c1b-d6027e1c022d": { + "label": "Total In", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.routing.bgp.msg_total_in", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + }, + "f653e5d5-14db-41b8-8ffd-549fda525671": { + "label": "Total Out", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.routing.bgp.msg_total_out", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + }, + "82831619-84f7-40b4-a47d-f0560aa28a0b": { + "label": "Update In", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.routing.bgp.msg_update_in", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + }, + "aedd81d8-fc3b-4843-9c7f-e3c40d774105": { + "label": "Update Out", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.routing.bgp.msg_update_out", + "isBucketed": false, + "scale": "ratio", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + } + }, + "columnOrder": [ + "8ca47fa6-7884-4738-8a0a-be262e18d9f8", + "be7762fc-424b-469e-867c-a3cc18a09c83", + "2cc9282a-a87a-4995-9c1b-d6027e1c022d", + "f653e5d5-14db-41b8-8ffd-549fda525671", + "82831619-84f7-40b4-a47d-f0560aa28a0b", + "aedd81d8-fc3b-4843-9c7f-e3c40d774105" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Peers Messages Overview" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 23, + "w": 24, + "h": 15, + "i": "58304277-8267-4d96-b7ef-3c0f1ed42ddb" + }, + "panelIndex": "58304277-8267-4d96-b7ef-3c0f1ed42ddb", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + } + ], + "state": { + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "bar_stacked", + "layers": [ + { + "layerId": "3fe86907-93ba-4f73-a2cc-f000ac328163", + "accessors": [ + "a35c74f7-bd68-4122-842a-191677b6b16a" + ], + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "layerType": "data", + "splitAccessor": "a3e90551-8867-404f-8fbd-1b424a590300", + "xAccessor": "2bb91f6a-4769-4bb9-a05d-3902e1f222cd" + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "3fe86907-93ba-4f73-a2cc-f000ac328163": { + "columns": { + "a35c74f7-bd68-4122-842a-191677b6b16a": { + "label": "Established Counts", + "dataType": "number", + "operationType": "last_value", + "isBucketed": false, + "scale": "ratio", + "sourceField": "panw.routing.bgp.established_counts", + "filter": { + "query": "\"panw.routing.bgp.established_counts\": *", + "language": "kuery" + }, + "params": { + "sortField": "@timestamp", + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "customLabel": true + }, + "a3e90551-8867-404f-8fbd-1b424a590300": { + "label": "Top 20 values of panw.routing.bgp.peer_name", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.routing.bgp.peer_name", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "a35c74f7-bd68-4122-842a-191677b6b16a" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false + } + }, + "2bb91f6a-4769-4bb9-a05d-3902e1f222cd": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + } + }, + "columnOrder": [ + "2bb91f6a-4769-4bb9-a05d-3902e1f222cd", + "a3e90551-8867-404f-8fbd-1b424a590300", + "a35c74f7-bd68-4122-842a-191677b6b16a" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Peers Established Counts" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 38, + "w": 24, + "h": 15, + "i": "c94069a5-4000-460c-a57a-f0c5e321d084" + }, + "panelIndex": "c94069a5-4000-460c-a57a-f0c5e321d084", + "embeddableConfig": { + "attributes": { + "title": "Table count() & Peer Name & Peer IP & Remote AS & BGP Status", + "references": [ + { + "type": "index-pattern", + "id": "225f1238245c340e555b38014f4ca10f1b4280d8fc34ef5da914e88acdfbadb6", + "name": "textBasedLanguages-datasource-layer-7434ee6e-829b-4f81-8fe3-4d4745e13bf4" + } + ], + "state": { + "datasourceStates": { + "textBased": { + "layers": { + "7434ee6e-829b-4f81-8fe3-4d4745e13bf4": { + "index": "225f1238245c340e555b38014f4ca10f1b4280d8fc34ef5da914e88acdfbadb6", + "query": { + "esql": "FROM metrics-panw_metrics.routing-* \n| keep panw.routing.bgp.peer_name, panw.routing.bgp.peer_ip, panw.routing.bgp.remote_as_asn, panw.routing.bgp.status, panw.routing.bgp.last_error\n| where panw.routing.bgp.last_error is not null and length(panw.routing.bgp.last_error)>0\n| rename panw.routing.bgp.last_error as `Last Error`, panw.routing.bgp.peer_name as `Peer Name`, panw.routing.bgp.peer_ip as `Peer IP`, panw.routing.bgp.remote_as_asn as `Remote AS`, panw.routing.bgp.status as `BGP Status`\n| stats count() by `Peer Name`, `Peer IP`, `Remote AS`, `BGP Status`, `Last Error`" + }, + "columns": [ + { + "columnId": "Peer Name", + "fieldName": "Peer Name", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Peer IP", + "fieldName": "Peer IP", + "meta": { + "type": "ip", + "esType": "ip" + }, + "inMetricDimension": true + }, + { + "columnId": "Remote AS", + "fieldName": "Remote AS", + "meta": { + "type": "number", + "esType": "long" + }, + "inMetricDimension": true + }, + { + "columnId": "BGP Status", + "fieldName": "BGP Status", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "5fd953f0-e3f2-41da-8a04-3978ae87d1d2", + "fieldName": "Last Error", + "meta": { + "type": "string", + "esType": "keyword" + } + } + ], + "timeField": "@timestamp" + } + }, + "indexPatternRefs": [ + { + "id": "225f1238245c340e555b38014f4ca10f1b4280d8fc34ef5da914e88acdfbadb6", + "title": "metrics-panw_metrics.routing-*", + "timeField": "@timestamp" + } + ] + } + }, + "filters": [], + "query": { + "esql": "FROM metrics-panw_metrics.routing-* \n| keep panw.routing.bgp.peer_name, panw.routing.bgp.peer_ip, panw.routing.bgp.remote_as_asn, panw.routing.bgp.status, panw.routing.bgp.last_error\n| where panw.routing.bgp.last_error is not null and length(panw.routing.bgp.last_error)>0\n| rename panw.routing.bgp.last_error as `Last Error`, panw.routing.bgp.peer_name as `Peer Name`, panw.routing.bgp.peer_ip as `Peer IP`, panw.routing.bgp.remote_as_asn as `Remote AS`, panw.routing.bgp.status as `BGP Status`\n| stats count() by `Peer Name`, `Peer IP`, `Remote AS`, `BGP Status`, `Last Error`" + }, + "visualization": { + "layerId": "7434ee6e-829b-4f81-8fe3-4d4745e13bf4", + "layerType": "data", + "columns": [ + { + "columnId": "Peer Name" + }, + { + "columnId": "Peer IP" + }, + { + "columnId": "Remote AS" + }, + { + "columnId": "BGP Status" + }, + { + "columnId": "5fd953f0-e3f2-41da-8a04-3978ae87d1d2", + "isTransposed": false, + "isMetric": true + } + ] + }, + "adHocDataViews": { + "225f1238245c340e555b38014f4ca10f1b4280d8fc34ef5da914e88acdfbadb6": { + "id": "225f1238245c340e555b38014f4ca10f1b4280d8fc34ef5da914e88acdfbadb6", + "title": "metrics-panw_metrics.routing-*", + "timeFieldName": "@timestamp", + "sourceFilters": [], + "type": "esql", + "fieldFormats": {}, + "runtimeFieldMap": {}, + "allowNoIndex": false, + "name": "metrics-panw_metrics.routing-*", + "allowHidden": false + } + } + }, + "visualizationType": "lnsDatatable", + "type": "lens" + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} + }, + "title": "Peers Last Errors" + } + ], + "title": "[Metrics Palo Alto Networks] Routing Overview" + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "aaac6462-5125-4f53-8d88-bb1ca281cc74:indexpattern-datasource-layer-232db9b9-a0ff-45c5-aa87-3f2348d6bf94" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "e3cb2011-212a-404a-8b7b-10321daa0e24:indexpattern-datasource-layer-232db9b9-a0ff-45c5-aa87-3f2348d6bf94" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "d0f1a21f-e0a6-4b0e-945d-ab33b84d92ad:indexpattern-datasource-layer-232db9b9-a0ff-45c5-aa87-3f2348d6bf94" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "7dc1d83f-4d3e-4a5c-956e-58e4df62ad57:indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "8d88dd0c-d83d-4950-b2ab-567857f3cb6a:indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "a1114b83-c5cb-4e2b-b8aa-17ff7f927cd1:indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "309894cc-b827-42aa-bdfd-5edeff5249fc:indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "58304277-8267-4d96-b7ef-3c0f1ed42ddb:indexpattern-datasource-layer-3fe86907-93ba-4f73-a2cc-f000ac328163" + }, + { + "type": "index-pattern", + "id": "225f1238245c340e555b38014f4ca10f1b4280d8fc34ef5da914e88acdfbadb6", + "name": "c94069a5-4000-460c-a57a-f0c5e321d084:textBasedLanguages-datasource-layer-7434ee6e-829b-4f81-8fe3-4d4745e13bf4" + }, + { + "name": "controlGroup_94796cc2-2ba7-4857-a7d6-47bcd462d3db:optionsListDataView", + "type": "index-pattern", + "id": "metrics-*" + }, + { + "name": "controlGroup_8a13fbfd-4f4e-4e62-80fe-99f145e61e56:optionsListDataView", + "type": "index-pattern", + "id": "metrics-*" + }, + { + "name": "controlGroup_0f213807-0f19-4bdd-be6f-310cfbfda9c6:optionsListDataView", + "type": "index-pattern", + "id": "metrics-*" + } + ], + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.2.0" +} \ No newline at end of file diff --git a/packages/panw_metrics/kibana/dashboard/panw_metrics-fa29a215-7679-4867-a1e7-f3f8dc0bbbef.json b/packages/panw_metrics/kibana/dashboard/panw_metrics-fa29a215-7679-4867-a1e7-f3f8dc0bbbef.json new file mode 100644 index 00000000000..bc22cea986f --- /dev/null +++ b/packages/panw_metrics/kibana/dashboard/panw_metrics-fa29a215-7679-4867-a1e7-f3f8dc0bbbef.json @@ -0,0 +1,1478 @@ +{ + "id": "panw_metrics-fa29a215-7679-4867-a1e7-f3f8dc0bbbef", + "type": "dashboard", + "updated_at": "2024-10-04T21:52:54.984Z", + "created_at": "2024-10-04T21:52:54.984Z", + "attributes": { + "version": 2, + "controlGroupInput": { + "controlStyle": "oneLine", + "chainingSystem": "HIERARCHICAL", + "showApplySelections": false, + "panelsJSON": "{\"08e03c57-408c-4833-9d90-3a51c55ff8aa\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":false,\"width\":\"medium\",\"explicitInput\":{\"id\":\"08e03c57-408c-4833-9d90-3a51c55ff8aa\",\"fieldName\":\"panw.interfaces.physical.name\",\"title\":\"Physical Name\",\"grow\":false,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}},\"c5bcd707-b6f2-41c8-b959-a3775b1cf701\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":false,\"width\":\"medium\",\"explicitInput\":{\"id\":\"c5bcd707-b6f2-41c8-b959-a3775b1cf701\",\"fieldName\":\"panw.interfaces.logical.name\",\"title\":\"Logical Name\",\"grow\":false,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}}}", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}" + }, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "panw_metrics.interfaces" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "panw_metrics.interfaces" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "Overview of Palo Alto Networks Interfaces metrics", + "timeRestore": false, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": [ + { + "type": "lens", + "gridData": { + "x": 0, + "y": 0, + "w": 24, + "h": 8, + "i": "ca86528d-ee01-4a61-ba2d-50a1155d1273" + }, + "panelIndex": "ca86528d-ee01-4a61-ba2d-50a1155d1273", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsMetric", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-cb36a339-a5da-41cb-b64a-ed1a5ac7149d" + } + ], + "state": { + "visualization": { + "layerId": "cb36a339-a5da-41cb-b64a-ed1a5ac7149d", + "layerType": "data", + "metricAccessor": "206f54f6-c59f-45c8-a7f8-682fc336d6dd" + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "cb36a339-a5da-41cb-b64a-ed1a5ac7149d": { + "columns": { + "206f54f6-c59f-45c8-a7f8-682fc336d6dd": { + "label": "HA Synchronization Status", + "dataType": "string", + "operationType": "last_value", + "isBucketed": false, + "scale": "ordinal", + "sourceField": "panw.interfaces.ha.running_sync", + "filter": { + "query": "\"panw.interfaces.ha.running_sync\": *", + "language": "kuery" + }, + "params": { + "sortField": "@timestamp" + }, + "customLabel": true + } + }, + "columnOrder": [ + "206f54f6-c59f-45c8-a7f8-682fc336d6dd" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + } + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 0, + "w": 24, + "h": 8, + "i": "9c5ede59-41a3-40d6-814e-5ac97c5a96ad" + }, + "panelIndex": "9c5ede59-41a3-40d6-814e-5ac97c5a96ad", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsMetric", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-cb36a339-a5da-41cb-b64a-ed1a5ac7149d" + } + ], + "state": { + "visualization": { + "layerId": "cb36a339-a5da-41cb-b64a-ed1a5ac7149d", + "layerType": "data", + "metricAccessor": "206f54f6-c59f-45c8-a7f8-682fc336d6dd", + "palette": { + "type": "palette", + "name": "status", + "params": { + "name": "status", + "reverse": false, + "rangeType": "number", + "rangeMin": null, + "rangeMax": null, + "progression": "fixed", + "stops": [ + { + "color": "#209280", + "stop": 8160 + }, + { + "color": "#d6bf57", + "stop": 16320 + }, + { + "color": "#cc5642", + "stop": 24480 + } + ], + "steps": 3, + "colorStops": [], + "continuity": "all", + "maxSteps": 5 + } + } + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "cb36a339-a5da-41cb-b64a-ed1a5ac7149d": { + "columns": { + "206f54f6-c59f-45c8-a7f8-682fc336d6dd": { + "label": "Average IPsec Tunnel Lifetime", + "dataType": "number", + "operationType": "average", + "sourceField": "panw.interfaces.ipsec_tunnel.life.sec", + "isBucketed": false, + "scale": "ratio", + "params": { + "format": { + "id": "duration", + "params": { + "decimals": 0 + } + }, + "emptyAsNull": true + }, + "customLabel": true + } + }, + "columnOrder": [ + "206f54f6-c59f-45c8-a7f8-682fc336d6dd" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + } + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 8, + "w": 24, + "h": 15, + "i": "8731075c-5e94-4fa6-8395-2ed0e53d5dfe" + }, + "panelIndex": "8731075c-5e94-4fa6-8395-2ed0e53d5dfe", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsPie", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-2657c5de-9757-4e3f-ac8c-72255c18230a" + } + ], + "state": { + "visualization": { + "shape": "pie", + "layers": [ + { + "layerId": "2657c5de-9757-4e3f-ac8c-72255c18230a", + "primaryGroups": [ + "020dd020-2293-41ab-9765-c0dbab28ff16" + ], + "metrics": [ + "29f7c8b0-d842-47a5-8c2e-800aec891f23" + ], + "numberDisplay": "percent", + "categoryDisplay": "default", + "legendDisplay": "default", + "nestedLegend": false, + "layerType": "data", + "colorMapping": { + "assignments": [], + "specialAssignments": [ + { + "rule": { + "type": "other" + }, + "color": { + "type": "loop" + }, + "touched": false + } + ], + "paletteId": "eui_amsterdam_color_blind", + "colorMode": { + "type": "categorical" + } + } + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "2657c5de-9757-4e3f-ac8c-72255c18230a": { + "columns": { + "29f7c8b0-d842-47a5-8c2e-800aec891f23": { + "label": "Count of records", + "dataType": "number", + "operationType": "count", + "isBucketed": false, + "scale": "ratio", + "sourceField": "___records___", + "params": { + "emptyAsNull": true + } + }, + "020dd020-2293-41ab-9765-c0dbab28ff16": { + "label": "Top 20 values of panw.interfaces.logical.zone", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.interfaces.logical.zone", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "29f7c8b0-d842-47a5-8c2e-800aec891f23" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false + } + } + }, + "columnOrder": [ + "020dd020-2293-41ab-9765-c0dbab28ff16", + "29f7c8b0-d842-47a5-8c2e-800aec891f23" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Logical Interfaces Zones" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 8, + "w": 24, + "h": 15, + "i": "f5091176-14d3-4b13-b506-bf87ac0111ae" + }, + "panelIndex": "f5091176-14d3-4b13-b506-bf87ac0111ae", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsPie", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-2657c5de-9757-4e3f-ac8c-72255c18230a" + } + ], + "state": { + "visualization": { + "shape": "pie", + "layers": [ + { + "layerId": "2657c5de-9757-4e3f-ac8c-72255c18230a", + "primaryGroups": [ + "020dd020-2293-41ab-9765-c0dbab28ff16" + ], + "metrics": [ + "29f7c8b0-d842-47a5-8c2e-800aec891f23" + ], + "numberDisplay": "percent", + "categoryDisplay": "default", + "legendDisplay": "default", + "nestedLegend": false, + "layerType": "data", + "colorMapping": { + "assignments": [], + "specialAssignments": [ + { + "rule": { + "type": "other" + }, + "color": { + "type": "loop" + }, + "touched": false + } + ], + "paletteId": "eui_amsterdam_color_blind", + "colorMode": { + "type": "categorical" + } + } + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "2657c5de-9757-4e3f-ac8c-72255c18230a": { + "columns": { + "29f7c8b0-d842-47a5-8c2e-800aec891f23": { + "label": "Count of records", + "dataType": "number", + "operationType": "count", + "isBucketed": false, + "scale": "ratio", + "sourceField": "___records___", + "params": { + "emptyAsNull": true + } + }, + "020dd020-2293-41ab-9765-c0dbab28ff16": { + "label": "Top 20 values of panw.interfaces.physical.state", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.interfaces.physical.state", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "29f7c8b0-d842-47a5-8c2e-800aec891f23" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false, + "secondaryFields": [] + } + } + }, + "columnOrder": [ + "020dd020-2293-41ab-9765-c0dbab28ff16", + "29f7c8b0-d842-47a5-8c2e-800aec891f23" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {}, + "indexPatternId": "metrics-*" + } + }, + "currentIndexPatternId": "metrics-*" + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "Physical Interfaces States" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 23, + "w": 24, + "h": 15, + "i": "a47c890c-25ba-474e-bd81-f0769d49bc53" + }, + "panelIndex": "a47c890c-25ba-474e-bd81-f0769d49bc53", + "embeddableConfig": { + "attributes": { + "title": "Table COUNT() & PAN-OS Version & Application Database Version & Antivirus Version & Threat Version", + "references": [ + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "textBasedLanguages-datasource-layer-b15af2e7-d211-4978-9fe9-ba67d556692e" + } + ], + "state": { + "datasourceStates": { + "textBased": { + "layers": { + "b15af2e7-d211-4978-9fe9-ba67d556692e": { + "index": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* \n| KEEP panw.interfaces.ha.local_info.build_rel, panw.interfaces.ha.local_info.app_version, panw.interfaces.ha.local_info.av_version, panw.interfaces.ha.local_info.threat_version, panw.interfaces.ha.local_info.url_version, panw.interfaces.ha.local_info.gp_client_version \n| WHERE panw.interfaces.ha.local_info.build_rel IS NOT NULL \n| RENAME panw.interfaces.ha.local_info.build_rel AS `PAN-OS Version`, panw.interfaces.ha.local_info.app_version AS `Application Database Version`, panw.interfaces.ha.local_info.av_version AS `Antivirus Version`, panw.interfaces.ha.local_info.threat_version AS `Threat Version`, panw.interfaces.ha.local_info.url_version AS `URL Filtering Database Version`, panw.interfaces.ha.local_info.gp_client_version AS `GlobalProtect Client Version` \n| STATS COUNT() BY `PAN-OS Version`, `Application Database Version`, `Antivirus Version`, `Threat Version`, `URL Filtering Database Version`, `GlobalProtect Client Version`" + }, + "columns": [ + { + "columnId": "PAN-OS Version", + "fieldName": "PAN-OS Version", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Application Database Version", + "fieldName": "Application Database Version", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Antivirus Version", + "fieldName": "Antivirus Version", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Threat Version", + "fieldName": "Threat Version", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "740014b9-79fb-45ad-b42a-fca8ff2b6897", + "fieldName": "URL Filtering Database Version", + "meta": { + "type": "string", + "esType": "keyword" + } + }, + { + "columnId": "3435d2f5-abfc-407f-a975-24ac7877a27a", + "fieldName": "GlobalProtect Client Version", + "meta": { + "type": "string", + "esType": "keyword" + } + } + ], + "timeField": "@timestamp" + } + }, + "indexPatternRefs": [ + { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeField": "@timestamp" + } + ] + } + }, + "filters": [], + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* \n| KEEP panw.interfaces.ha.local_info.build_rel, panw.interfaces.ha.local_info.app_version, panw.interfaces.ha.local_info.av_version, panw.interfaces.ha.local_info.threat_version, panw.interfaces.ha.local_info.url_version, panw.interfaces.ha.local_info.gp_client_version \n| WHERE panw.interfaces.ha.local_info.build_rel IS NOT NULL \n| RENAME panw.interfaces.ha.local_info.build_rel AS `PAN-OS Version`, panw.interfaces.ha.local_info.app_version AS `Application Database Version`, panw.interfaces.ha.local_info.av_version AS `Antivirus Version`, panw.interfaces.ha.local_info.threat_version AS `Threat Version`, panw.interfaces.ha.local_info.url_version AS `URL Filtering Database Version`, panw.interfaces.ha.local_info.gp_client_version AS `GlobalProtect Client Version` \n| STATS COUNT() BY `PAN-OS Version`, `Application Database Version`, `Antivirus Version`, `Threat Version`, `URL Filtering Database Version`, `GlobalProtect Client Version`" + }, + "visualization": { + "layerId": "b15af2e7-d211-4978-9fe9-ba67d556692e", + "layerType": "data", + "columns": [ + { + "columnId": "PAN-OS Version" + }, + { + "columnId": "Application Database Version" + }, + { + "columnId": "Antivirus Version" + }, + { + "columnId": "Threat Version" + }, + { + "columnId": "740014b9-79fb-45ad-b42a-fca8ff2b6897", + "isTransposed": false, + "isMetric": true + }, + { + "columnId": "3435d2f5-abfc-407f-a975-24ac7877a27a", + "isTransposed": false, + "isMetric": true + } + ] + }, + "adHocDataViews": { + "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c": { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeFieldName": "@timestamp", + "sourceFilters": [], + "type": "esql", + "fieldFormats": {}, + "runtimeFieldMap": {}, + "allowNoIndex": false, + "name": "metrics-panw_metrics.interfaces-*", + "allowHidden": false + } + } + }, + "visualizationType": "lnsDatatable", + "type": "lens" + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} + }, + "title": "PAN-OS and Security Database Versions" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 23, + "w": 24, + "h": 15, + "i": "e95b9995-7630-496a-bd64-a165e255e8ce" + }, + "panelIndex": "e95b9995-7630-496a-bd64-a165e255e8ce", + "embeddableConfig": { + "attributes": { + "title": "", + "visualizationType": "lnsXY", + "type": "lens", + "references": [ + { + "type": "index-pattern", + "id": "metrics-*", + "name": "indexpattern-datasource-layer-12e3f316-a404-48d7-99fe-e42e40a21172" + } + ], + "state": { + "visualization": { + "title": "Empty XY chart", + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "preferredSeriesType": "bar_stacked", + "layers": [ + { + "layerId": "12e3f316-a404-48d7-99fe-e42e40a21172", + "accessors": [ + "fa787535-2d8c-4545-a6b3-7cb67eb20dc7" + ], + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "layerType": "data", + "xAccessor": "24a0a6ec-4de6-4f49-a3b2-72eb0385bdb4", + "splitAccessor": "0d49b482-91ab-414d-926c-deaa2cec8e03" + } + ] + }, + "query": { + "query": "", + "language": "kuery" + }, + "filters": [], + "datasourceStates": { + "formBased": { + "layers": { + "12e3f316-a404-48d7-99fe-e42e40a21172": { + "columns": { + "24a0a6ec-4de6-4f49-a3b2-72eb0385bdb4": { + "label": "@timestamp", + "dataType": "date", + "operationType": "date_histogram", + "sourceField": "@timestamp", + "isBucketed": true, + "scale": "interval", + "params": { + "interval": "auto", + "includeEmptyRows": true, + "dropPartials": false + } + }, + "0d49b482-91ab-414d-926c-deaa2cec8e03": { + "label": "Top 20 values of panw.interfaces.ipsec_tunnel.name", + "dataType": "string", + "operationType": "terms", + "scale": "ordinal", + "sourceField": "panw.interfaces.ipsec_tunnel.name", + "isBucketed": true, + "params": { + "size": 20, + "orderBy": { + "type": "column", + "columnId": "fa787535-2d8c-4545-a6b3-7cb67eb20dc7" + }, + "orderDirection": "desc", + "otherBucket": true, + "missingBucket": false, + "parentFormat": { + "id": "terms" + }, + "include": [], + "exclude": [], + "includeIsRegex": false, + "excludeIsRegex": false + } + }, + "fa787535-2d8c-4545-a6b3-7cb67eb20dc7": { + "label": "Duration", + "dataType": "number", + "operationType": "max", + "sourceField": "panw.interfaces.ipsec_tunnel.life.sec", + "isBucketed": false, + "scale": "ratio", + "params": { + "format": { + "id": "duration", + "params": { + "decimals": 0 + } + }, + "emptyAsNull": true + }, + "customLabel": true + } + }, + "columnOrder": [ + "24a0a6ec-4de6-4f49-a3b2-72eb0385bdb4", + "0d49b482-91ab-414d-926c-deaa2cec8e03", + "fa787535-2d8c-4545-a6b3-7cb67eb20dc7" + ], + "sampling": 1, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "internalReferences": [], + "adHocDataViews": {} + } + }, + "enhancements": {} + }, + "title": "IPsec Tunnel Lifetimes" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 38, + "w": 24, + "h": 15, + "i": "f9234ebe-3ad7-4bc2-8fea-48a5f22e7f28" + }, + "panelIndex": "f9234ebe-3ad7-4bc2-8fea-48a5f22e7f28", + "embeddableConfig": { + "attributes": { + "title": "Table COUNT() & Interface Name & State & Speed & Duplex", + "references": [ + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "textBasedLanguages-datasource-layer-8191f79a-63ea-4f65-9760-0d718ba8c9c0" + } + ], + "state": { + "datasourceStates": { + "textBased": { + "layers": { + "8191f79a-63ea-4f65-9760-0d718ba8c9c0": { + "index": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* \n| KEEP panw.interfaces.physical.name, panw.interfaces.physical.state, panw.interfaces.physical.speed, panw.interfaces.physical.duplex, panw.interfaces.physical.type, panw.interfaces.physical.full_state \n| WHERE panw.interfaces.physical.name IS NOT NULL \n| RENAME panw.interfaces.physical.name AS `Interface Name`, panw.interfaces.physical.state AS `State`, panw.interfaces.physical.speed AS `Speed`, panw.interfaces.physical.duplex AS `Duplex`, panw.interfaces.physical.type AS `Type`, panw.interfaces.physical.full_state AS `Full State` \n| STATS COUNT() BY `Interface Name`, `State`, `Speed`, `Duplex`, `Type`, `Full State`" + }, + "columns": [ + { + "columnId": "Interface Name", + "fieldName": "Interface Name", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "State", + "fieldName": "State", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Speed", + "fieldName": "Speed", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Duplex", + "fieldName": "Duplex", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "1b70bb70-9dff-42a0-8dcd-a4fa6f6e3b2b", + "fieldName": "Type", + "meta": { + "type": "string", + "esType": "keyword" + } + }, + { + "columnId": "228c4220-b007-4f98-9137-dce82c49d868", + "fieldName": "Full State", + "meta": { + "type": "string", + "esType": "keyword" + } + } + ], + "timeField": "@timestamp" + } + }, + "indexPatternRefs": [ + { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeField": "@timestamp" + } + ] + } + }, + "filters": [], + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* \n| KEEP panw.interfaces.physical.name, panw.interfaces.physical.state, panw.interfaces.physical.speed, panw.interfaces.physical.duplex, panw.interfaces.physical.type, panw.interfaces.physical.full_state \n| WHERE panw.interfaces.physical.name IS NOT NULL \n| RENAME panw.interfaces.physical.name AS `Interface Name`, panw.interfaces.physical.state AS `State`, panw.interfaces.physical.speed AS `Speed`, panw.interfaces.physical.duplex AS `Duplex`, panw.interfaces.physical.type AS `Type`, panw.interfaces.physical.full_state AS `Full State` \n| STATS COUNT() BY `Interface Name`, `State`, `Speed`, `Duplex`, `Type`, `Full State`" + }, + "visualization": { + "layerId": "8191f79a-63ea-4f65-9760-0d718ba8c9c0", + "layerType": "data", + "columns": [ + { + "columnId": "Interface Name" + }, + { + "columnId": "State" + }, + { + "columnId": "Speed" + }, + { + "columnId": "Duplex" + }, + { + "columnId": "1b70bb70-9dff-42a0-8dcd-a4fa6f6e3b2b", + "isTransposed": false, + "isMetric": true + }, + { + "columnId": "228c4220-b007-4f98-9137-dce82c49d868", + "isTransposed": false, + "isMetric": true + } + ] + }, + "adHocDataViews": { + "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c": { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeFieldName": "@timestamp", + "sourceFilters": [], + "type": "esql", + "fieldFormats": {}, + "runtimeFieldMap": {}, + "allowNoIndex": false, + "name": "metrics-panw_metrics.interfaces-*", + "allowHidden": false + } + } + }, + "visualizationType": "lnsDatatable", + "type": "lens" + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} + }, + "title": "Physical Interfaces Overview" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 38, + "w": 24, + "h": 15, + "i": "116e3b34-3a6c-40b9-9a60-0469f1fd4fec" + }, + "panelIndex": "116e3b34-3a6c-40b9-9a60-0469f1fd4fec", + "embeddableConfig": { + "attributes": { + "title": "COUNT() & Local Device State Duration & Peer Device State Duration of Peer Device State", + "references": [ + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "textBasedLanguages-datasource-layer-1de8dfa2-bb41-4294-b9e5-8e26887994d6" + } + ], + "state": { + "datasourceStates": { + "textBased": { + "layers": { + "1de8dfa2-bb41-4294-b9e5-8e26887994d6": { + "index": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* \n| KEEP panw.interfaces.ha.local_info.state, panw.interfaces.ha.peer_info.state, panw.interfaces.ha.local_info.state_duration, panw.interfaces.ha.peer_info.state_duration \n| WHERE panw.interfaces.ha.local_info.state IS NOT NULL \n| RENAME panw.interfaces.ha.local_info.state AS `Local Device State`, panw.interfaces.ha.peer_info.state AS `Peer Device State`, panw.interfaces.ha.local_info.state_duration AS `Local Device State Duration`, panw.interfaces.ha.peer_info.state_duration AS `Peer Device State Duration` \n| STATS COUNT() BY `Local Device State`, `Peer Device State`, `Local Device State Duration`, `Peer Device State Duration`" + }, + "columns": [ + { + "columnId": "Local Device State", + "fieldName": "Local Device State", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Peer Device State", + "fieldName": "Peer Device State", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Local Device State Duration", + "fieldName": "Local Device State Duration", + "meta": { + "type": "number", + "esType": "long" + }, + "inMetricDimension": true + }, + { + "columnId": "Peer Device State Duration", + "fieldName": "Peer Device State Duration", + "meta": { + "type": "number", + "esType": "long" + }, + "inMetricDimension": true + } + ], + "timeField": "@timestamp" + } + }, + "indexPatternRefs": [ + { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeField": "@timestamp" + } + ] + } + }, + "filters": [], + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* \n| KEEP panw.interfaces.ha.local_info.state, panw.interfaces.ha.peer_info.state, panw.interfaces.ha.local_info.state_duration, panw.interfaces.ha.peer_info.state_duration \n| WHERE panw.interfaces.ha.local_info.state IS NOT NULL \n| RENAME panw.interfaces.ha.local_info.state AS `Local Device State`, panw.interfaces.ha.peer_info.state AS `Peer Device State`, panw.interfaces.ha.local_info.state_duration AS `Local Device State Duration`, panw.interfaces.ha.peer_info.state_duration AS `Peer Device State Duration` \n| STATS COUNT() BY `Local Device State`, `Peer Device State`, `Local Device State Duration`, `Peer Device State Duration`" + }, + "visualization": { + "legend": { + "isVisible": true, + "position": "right" + }, + "valueLabels": "hide", + "fittingFunction": "None", + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "preferredSeriesType": "bar_stacked", + "layers": [ + { + "layerId": "1de8dfa2-bb41-4294-b9e5-8e26887994d6", + "seriesType": "bar_stacked", + "xAccessor": "Peer Device State", + "splitAccessor": "Local Device State", + "accessors": [ + "Local Device State Duration", + "Peer Device State Duration" + ], + "layerType": "data", + "colorMapping": { + "assignments": [], + "specialAssignments": [ + { + "rule": { + "type": "other" + }, + "color": { + "type": "loop" + }, + "touched": false + } + ], + "paletteId": "eui_amsterdam_color_blind", + "colorMode": { + "type": "categorical" + } + } + } + ] + }, + "adHocDataViews": { + "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c": { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeFieldName": "@timestamp", + "sourceFilters": [], + "type": "esql", + "fieldFormats": {}, + "runtimeFieldMap": {}, + "allowNoIndex": false, + "name": "metrics-panw_metrics.interfaces-*", + "allowHidden": false + } + } + }, + "visualizationType": "lnsXY", + "type": "lens" + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} + }, + "title": "HA Local and Peer State" + }, + { + "type": "lens", + "gridData": { + "x": 24, + "y": 53, + "w": 24, + "h": 15, + "i": "7bff3a19-00f9-423a-855e-6c526ded376b" + }, + "panelIndex": "7bff3a19-00f9-423a-855e-6c526ded376b", + "embeddableConfig": { + "attributes": { + "title": "Pie", + "references": [ + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "textBasedLanguages-datasource-layer-776e5efb-f6c8-4d95-8726-746fbbf5c09e" + } + ], + "state": { + "datasourceStates": { + "textBased": { + "layers": { + "776e5efb-f6c8-4d95-8726-746fbbf5c09e": { + "index": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* \n| KEEP panw.interfaces.ha.link_monitoring.group.name, panw.interfaces.ha.link_monitoring.group.interface.name, panw.interfaces.ha.link_monitoring.group.interface.status \n| WHERE panw.interfaces.ha.link_monitoring.group.name IS NOT NULL \n| RENAME panw.interfaces.ha.link_monitoring.group.name AS `Group Name`, panw.interfaces.ha.link_monitoring.group.interface.name AS `Interface Name`, panw.interfaces.ha.link_monitoring.group.interface.status AS `Interface Status` \n| STATS COUNT() BY `Group Name`, `Interface Name`, `Interface Status`" + }, + "columns": [ + { + "columnId": "eab4c450-558a-4aab-9f25-6334a50164f3", + "fieldName": "Group Name", + "meta": { + "type": "string", + "esType": "keyword" + } + }, + { + "columnId": "20854f8b-671f-418b-9a68-66ed1f7d269e", + "fieldName": "Interface Name", + "meta": { + "type": "string", + "esType": "keyword" + } + }, + { + "columnId": "dc7a8789-da5c-4cfe-af81-6d4c5fee0774", + "fieldName": "Interface Status", + "meta": { + "type": "string", + "esType": "keyword" + } + } + ], + "timeField": "@timestamp" + } + }, + "indexPatternRefs": [ + { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeField": "@timestamp" + } + ] + } + }, + "filters": [], + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* \n| KEEP panw.interfaces.ha.link_monitoring.group.name, panw.interfaces.ha.link_monitoring.group.interface.name, panw.interfaces.ha.link_monitoring.group.interface.status \n| WHERE panw.interfaces.ha.link_monitoring.group.name IS NOT NULL \n| RENAME panw.interfaces.ha.link_monitoring.group.name AS `Group Name`, panw.interfaces.ha.link_monitoring.group.interface.name AS `Interface Name`, panw.interfaces.ha.link_monitoring.group.interface.status AS `Interface Status` \n| STATS COUNT() BY `Group Name`, `Interface Name`, `Interface Status`" + }, + "visualization": { + "layerId": "776e5efb-f6c8-4d95-8726-746fbbf5c09e", + "layerType": "data", + "columns": [ + { + "columnId": "eab4c450-558a-4aab-9f25-6334a50164f3", + "isTransposed": false, + "isMetric": true + }, + { + "columnId": "20854f8b-671f-418b-9a68-66ed1f7d269e", + "isTransposed": false, + "isMetric": true + }, + { + "columnId": "dc7a8789-da5c-4cfe-af81-6d4c5fee0774", + "isTransposed": false, + "isMetric": true + } + ] + }, + "adHocDataViews": { + "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c": { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeFieldName": "@timestamp", + "sourceFilters": [], + "type": "esql", + "fieldFormats": {}, + "runtimeFieldMap": {}, + "allowNoIndex": false, + "name": "metrics-panw_metrics.interfaces-*", + "allowHidden": false + } + } + }, + "visualizationType": "lnsDatatable", + "type": "lens" + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} + }, + "title": "Link Monitoring Interface Status" + }, + { + "type": "lens", + "gridData": { + "x": 0, + "y": 53, + "w": 24, + "h": 15, + "i": "23122ef5-651c-4028-aa6c-2fccdfdbd42b" + }, + "panelIndex": "23122ef5-651c-4028-aa6c-2fccdfdbd42b", + "embeddableConfig": { + "attributes": { + "title": "Table count() & Tunnel Name & Gateway & Protocol & Mode", + "references": [ + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "textBasedLanguages-datasource-layer-3d6280f8-ad2f-4749-a7e7-615cd44ede8a" + } + ], + "state": { + "datasourceStates": { + "textBased": { + "layers": { + "3d6280f8-ad2f-4749-a7e7-615cd44ede8a": { + "index": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* | keep panw.interfaces.ipsec_tunnel.name, panw.interfaces.ipsec_tunnel.gw, panw.interfaces.ipsec_tunnel.proto, panw.interfaces.ipsec_tunnel.mode, panw.interfaces.ipsec_tunnel.life.sec | where panw.interfaces.ipsec_tunnel.name is not null and length(panw.interfaces.ipsec_tunnel.name) > 0 | rename panw.interfaces.ipsec_tunnel.name as `Tunnel Name`, panw.interfaces.ipsec_tunnel.gw as `Gateway`, panw.interfaces.ipsec_tunnel.proto as `Protocol`, panw.interfaces.ipsec_tunnel.mode as `Mode`, panw.interfaces.ipsec_tunnel.life.sec as `Lifetime (sec)` | stats count() by `Tunnel Name`, `Gateway`, `Protocol`, `Mode`, `Lifetime (sec)`" + }, + "columns": [ + { + "columnId": "Tunnel Name", + "fieldName": "Tunnel Name", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Gateway", + "fieldName": "Gateway", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Protocol", + "fieldName": "Protocol", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "Mode", + "fieldName": "Mode", + "meta": { + "type": "string", + "esType": "keyword" + }, + "inMetricDimension": true + }, + { + "columnId": "23272146-c800-4cd7-9a75-626d78549368", + "fieldName": "Lifetime (sec)", + "meta": { + "type": "number", + "esType": "long" + } + } + ], + "timeField": "@timestamp" + } + }, + "indexPatternRefs": [ + { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeField": "@timestamp" + } + ] + } + }, + "filters": [], + "query": { + "esql": "FROM metrics-panw_metrics.interfaces-* | keep panw.interfaces.ipsec_tunnel.name, panw.interfaces.ipsec_tunnel.gw, panw.interfaces.ipsec_tunnel.proto, panw.interfaces.ipsec_tunnel.mode, panw.interfaces.ipsec_tunnel.life.sec | where panw.interfaces.ipsec_tunnel.name is not null and length(panw.interfaces.ipsec_tunnel.name) > 0 | rename panw.interfaces.ipsec_tunnel.name as `Tunnel Name`, panw.interfaces.ipsec_tunnel.gw as `Gateway`, panw.interfaces.ipsec_tunnel.proto as `Protocol`, panw.interfaces.ipsec_tunnel.mode as `Mode`, panw.interfaces.ipsec_tunnel.life.sec as `Lifetime (sec)` | stats count() by `Tunnel Name`, `Gateway`, `Protocol`, `Mode`, `Lifetime (sec)`" + }, + "visualization": { + "layerId": "3d6280f8-ad2f-4749-a7e7-615cd44ede8a", + "layerType": "data", + "columns": [ + { + "columnId": "Tunnel Name" + }, + { + "columnId": "Gateway" + }, + { + "columnId": "Protocol" + }, + { + "columnId": "Mode" + }, + { + "columnId": "23272146-c800-4cd7-9a75-626d78549368", + "isTransposed": false, + "isMetric": true, + "alignment": "left", + "colorMode": "cell", + "palette": { + "type": "palette", + "name": "positive", + "params": { + "stops": [ + { + "color": "#d6e9e4", + "stop": 20 + }, + { + "color": "#aed3ca", + "stop": 40 + }, + { + "color": "#85bdb1", + "stop": 60 + }, + { + "color": "#5aa898", + "stop": 80 + }, + { + "color": "#209280", + "stop": 100 + } + ] + } + } + } + ] + }, + "adHocDataViews": { + "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c": { + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "title": "metrics-panw_metrics.interfaces-*", + "timeFieldName": "@timestamp", + "sourceFilters": [], + "type": "esql", + "fieldFormats": {}, + "runtimeFieldMap": {}, + "allowNoIndex": false, + "name": "metrics-panw_metrics.interfaces-*", + "allowHidden": false + } + } + }, + "visualizationType": "lnsDatatable", + "type": "lens" + }, + "disabledActions": [ + "OPEN_FLYOUT_ADD_DRILLDOWN" + ], + "enhancements": {} + }, + "title": "IPsec Tunnel Configurations" + } + ], + "title": "[Metrics Palo Alto Networks] Interfaces Overview" + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "ca86528d-ee01-4a61-ba2d-50a1155d1273:indexpattern-datasource-layer-cb36a339-a5da-41cb-b64a-ed1a5ac7149d" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "9c5ede59-41a3-40d6-814e-5ac97c5a96ad:indexpattern-datasource-layer-cb36a339-a5da-41cb-b64a-ed1a5ac7149d" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "8731075c-5e94-4fa6-8395-2ed0e53d5dfe:indexpattern-datasource-layer-2657c5de-9757-4e3f-ac8c-72255c18230a" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "f5091176-14d3-4b13-b506-bf87ac0111ae:indexpattern-datasource-layer-2657c5de-9757-4e3f-ac8c-72255c18230a" + }, + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "a47c890c-25ba-474e-bd81-f0769d49bc53:textBasedLanguages-datasource-layer-b15af2e7-d211-4978-9fe9-ba67d556692e" + }, + { + "type": "index-pattern", + "id": "metrics-*", + "name": "e95b9995-7630-496a-bd64-a165e255e8ce:indexpattern-datasource-layer-12e3f316-a404-48d7-99fe-e42e40a21172" + }, + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "f9234ebe-3ad7-4bc2-8fea-48a5f22e7f28:textBasedLanguages-datasource-layer-8191f79a-63ea-4f65-9760-0d718ba8c9c0" + }, + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "116e3b34-3a6c-40b9-9a60-0469f1fd4fec:textBasedLanguages-datasource-layer-1de8dfa2-bb41-4294-b9e5-8e26887994d6" + }, + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "7bff3a19-00f9-423a-855e-6c526ded376b:textBasedLanguages-datasource-layer-776e5efb-f6c8-4d95-8726-746fbbf5c09e" + }, + { + "type": "index-pattern", + "id": "a393e2233dbee924d20fe92704376310e9ea039054a4868af91f952c5bd1df1c", + "name": "23122ef5-651c-4028-aa6c-2fccdfdbd42b:textBasedLanguages-datasource-layer-3d6280f8-ad2f-4749-a7e7-615cd44ede8a" + }, + { + "name": "controlGroup_08e03c57-408c-4833-9d90-3a51c55ff8aa:optionsListDataView", + "type": "index-pattern", + "id": "metrics-*" + }, + { + "name": "controlGroup_c5bcd707-b6f2-41c8-b959-a3775b1cf701:optionsListDataView", + "type": "index-pattern", + "id": "metrics-*" + } + ], + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.2.0" +} \ No newline at end of file diff --git a/packages/panw_metrics/manifest.yml b/packages/panw_metrics/manifest.yml new file mode 100644 index 00000000000..50da5edc494 --- /dev/null +++ b/packages/panw_metrics/manifest.yml @@ -0,0 +1,76 @@ +format_version: 3.2.0 +name: panw_metrics +title: "Palo Alto Networks Metrics" +version: "0.1.0" +description: Collect metrics from Palo Alto Networks with Elastic Agent. +type: integration +categories: + - network + - security +conditions: + kibana: + version: "^8.15.2" + elastic: + subscription: "basic" +icons: + - src: /img/logo.svg + title: PANW logo + size: 32x32 + type: image/svg+xml +screenshots: + - src: /img/panw_interfaces_dashboard.png + title: Palo Alto Networks Interfaces dashboard + size: 1678x2181 + type: image/png + - src: /img/panw_routing_dashboard.png + title: Palo Alto Networks Routing dashboard + size: 1717x1721 + type: image/png + - src: /img/panw_system_dashboard.png + title: Palo Alto Networks System dashboard + size: 1678x2973 + type: image/png + - src: /img/panw_vpn_dashboard.png + title: Palo Alto Networks VPN dashboard + size: 1678x2181 + type: image/png +vars: + - name: host_ip + type: text + title: Host IP + default: 127.0.0.1 + multi: false + required: true + show_user: true + - name: port + type: text + title: Port + default: 443 + multi: false + required: false + show_user: true + - name: api_key + type: text + title: API Key + secret: true + multi: false + required: true + show_user: true + - name: api_debug_mode + type: bool + title: Debug Mode + default: false + multi: false + required: false + show_user: true +policy_templates: + - name: panw_metrics + title: Palo Alto Networks metrics + description: Collects metrics from Palo Alto Networks with Elastic Agent + inputs: + - type: panw/metrics + title: Palo Alto Networks metrics + description: Collects metrics from Palo Alto Networks +owner: + github: elastic/obs-infraobs-integrations + type: elastic