first commit

2021-08-29 00:02:22 +08:00 · 2021-08-29 00:02:22 +08:00 · 828bfa1adc
commit 828bfa1adc
62 changed files with 2595 additions and 0 deletions
--- a/README.en.md
+++ b/README.en.md
@ -0,0 +1,5 @@
+# myfilebeat
+
+#### Description
+filebeat common config
+
--- a/README.md
+++ b/README.md
@ -0,0 +1,5 @@
+# myfilebeat
+
+#### 介绍
+filebeat 常用配置
+
--- a/filebeat.service
+++ b/filebeat.service
@ -0,0 +1,10 @@
+[Unit]
+Description=Elastic FileBeat
+After=network.target
+
+[Service]
+ExecStart=/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml
+
+[Install]
+WantedBy=multi-user.target
+
--- a/filebeat.yml
+++ b/filebeat.yml
@ -0,0 +1,21 @@
+#================================ Processors ==================================
+processors:
+- drop_fields:
+    fields: ["beat.name", "beat.version", "offset"]
+
+#========================== Elasticsearch output ==============================
+output.elasticsearch:
+  enabled: true
+  hosts: []
+
+#============================= Filebeat config ================================
+filebeat.config:
+  prospectors:
+    enabled: true
+    path: prospectors.d/*.yml
+    reload.enabled: true
+    reload.period: 10s
+
+#============================= Xpack Monitoring ===============================
+xpack.monitoring.enabled: true
+
--- a/kibana/dashboard/abnormal.json
+++ b/kibana/dashboard/abnormal.json
@ -0,0 +1,18 @@
+[
+  {
+    "_id": "59d930f0-834c-11e9-ad88-85624cce68b5",
+    "_type": "dashboard",
+    "_source": {
+      "title": "服务器异常汇总",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":1,\"y\":0,\"w\":5,\"h\":3,\"i\":\"1\"},\"id\":\"4fb3a570-834b-11e9-ad88-85624cce68b5\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":6,\"y\":0,\"w\":6,\"h\":3,\"i\":\"2\"},\"id\":\"9f5a1e60-834b-11e9-ad88-85624cce68b5\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":3,\"w\":3,\"h\":3,\"i\":\"3\"},\"id\":\"e8e33120-834b-11e9-ad88-85624cce68b5\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":6,\"y\":3,\"w\":6,\"h\":3,\"i\":\"4\"},\"id\":\"8d21a870-8301-11e9-ad88-85624cce68b5\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":0,\"w\":1,\"h\":3,\"i\":\"5\"},\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":3,\"y\":3,\"w\":3,\"h\":3,\"i\":\"6\"},\"version\":\"6.2.4\",\"type\":\"search\",\"id\":\"d65da6a0-85b4-11e9-9656-5f1225242944\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":6,\"y\":6,\"w\":6,\"h\":3,\"i\":\"7\"},\"version\":\"6.2.4\",\"type\":\"search\",\"id\":\"a15e2260-8846-11e9-9656-5f1225242944\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":0,\"y\":6,\"w\":6,\"h\":3,\"i\":\"8\"},\"version\":\"6.2.4\",\"type\":\"search\",\"id\":\"93d4c0a0-adcf-11e9-82d1-df99ba321bd2\"}]",
+      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}",
+      "version": 1,
+      "timeRestore": false,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"search100\",\"params\":{\"query\":\"search100\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"search100\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}"
+      }
+    }
+  }
+]
--- a/kibana/dashboard/access.json
+++ b/kibana/dashboard/access.json
@ -0,0 +1,18 @@
+[
+  {
+    "_id": "9beb0d70-0ca9-11e9-98f8-c53bf18cb006",
+    "_type": "dashboard",
+    "_source": {
+      "title": "系统访问统计",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":1,\"y\":0,\"w\":11,\"h\":3,\"i\":\"1\"},\"id\":\"d1906110-0ca8-11e9-98f8-c53bf18cb006\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":3,\"w\":5,\"h\":3,\"i\":\"2\"},\"id\":\"d998eae0-0ca7-11e9-98f8-c53bf18cb006\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":5,\"y\":3,\"w\":2,\"h\":6,\"i\":\"5\"},\"id\":\"fc53d820-1106-11e9-8819-7f8b8589cf6c\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":6,\"w\":5,\"h\":3,\"i\":\"6\"},\"id\":\"62d35850-1940-11e9-85e4-c396c5d0cddf\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":0,\"y\":9,\"w\":6,\"h\":6,\"i\":\"7\"},\"id\":\"87286d00-68df-11e9-82d1-df99ba321bd2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":0,\"y\":15,\"w\":6,\"h\":6,\"i\":\"8\"},\"id\":\"b9a0ce30-68df-11e9-82d1-df99ba321bd2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":6,\"y\":9,\"w\":6,\"h\":6,\"i\":\"9\"},\"id\":\"4138be30-acfa-11e9-82d1-df99ba321bd2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":0,\"w\":1,\"h\":3,\"i\":\"10\"},\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":7,\"y\":3,\"w\":5,\"h\":3,\"i\":\"11\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"67b569c0-acf8-11e9-82d1-df99ba321bd2\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":7,\"y\":6,\"w\":5,\"h\":3,\"i\":\"12\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"bd07e970-acf8-11e9-82d1-df99ba321bd2\"}]",
+      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}",
+      "version": 1,
+      "timeRestore": false,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
+      }
+    }
+  }
+]
--- a/kibana/dashboard/kafka.json
+++ b/kibana/dashboard/kafka.json
@ -0,0 +1,18 @@
+[
+  {
+    "_id": "3a948e00-8438-11e9-9656-5f1225242944",
+    "_type": "dashboard",
+    "_source": {
+      "title": "Kafka",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":4,\"i\":\"1\",\"w\":12,\"x\":0,\"y\":3},\"id\":\"d5f67f80-8437-11e9-9656-5f1225242944\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":3,\"i\":\"2\",\"w\":11,\"x\":1,\"y\":0},\"id\":\"8a6fd9f0-8435-11e9-9656-5f1225242944\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"gridData\":{\"h\":3,\"i\":\"3\",\"w\":1,\"x\":0,\"y\":0},\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.2.4\"}]",
+      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}",
+      "version": 1,
+      "timeRestore": false,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"monitor.kafka.topic\",\"value\":\"wangmei_raw\",\"params\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"monitor.kafka.topic\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}"
+      }
+    }
+  }
+]
--- a/kibana/dashboard/port.json
+++ b/kibana/dashboard/port.json
@ -0,0 +1,18 @@
+[
+  {
+    "_id": "e9a89150-7dd7-11e9-ad88-85624cce68b5",
+    "_type": "dashboard",
+    "_source": {
+      "title": "查看指定端口的连接量",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":1,\"y\":0,\"w\":11,\"h\":9,\"i\":\"1\"},\"title\":\"端口连接分布\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"04b89ff0-7d68-11e9-ad88-85624cce68b5\",\"embeddableConfig\":{\"spy\":null}},{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":1,\"h\":3,\"i\":\"2\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\"}]",
+      "optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"hidePanelTitles\":false}",
+      "version": 1,
+      "timeRestore": false,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"monitor.conn.port\",\"value\":\"3306\",\"params\":{\"query\":\"3306\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"monitor.conn.port\":{\"query\":\"3306\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}"
+      }
+    }
+  }
+]
--- a/kibana/dashboard/server-detail.json
+++ b/kibana/dashboard/server-detail.json
@ -0,0 +1,18 @@
+[
+  {
+    "_id": "5dd7aac0-7e96-11e9-ad88-85624cce68b5",
+    "_type": "dashboard",
+    "_source": {
+      "title": "服务器详情",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":1,\"y\":0,\"w\":3,\"h\":3,\"i\":\"1\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 60\":\"rgb(165,0,38)\",\"60 - 80\":\"rgb(255,255,190)\",\"80 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false}},\"id\":\"b8fc7020-7e91-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":4,\"y\":0,\"w\":3,\"h\":3,\"i\":\"2\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 60\":\"rgb(0,104,55)\",\"60 - 80\":\"rgb(255,255,190)\",\"80 - 100\":\"rgb(165,0,38)\"},\"legendOpen\":false}},\"id\":\"ff9344f0-7e91-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":7,\"y\":0,\"w\":5,\"h\":3,\"i\":\"3\"},\"embeddableConfig\":{\"spy\":null,\"vis\":{\"legendOpen\":false}},\"id\":\"11d2fb90-7e94-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":7,\"w\":4,\"h\":3,\"i\":\"4\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"8f73d660-7e8e-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":4,\"y\":7,\"w\":4,\"h\":3,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"f84666d0-7e8e-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":8,\"y\":7,\"w\":4,\"h\":3,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"88d34100-7e8f-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":4,\"y\":16,\"w\":4,\"h\":2,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"0ed18e70-7f70-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":13,\"w\":12,\"h\":3,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"6ea347d0-7f70-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":8,\"y\":16,\"w\":4,\"h\":2,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"a76d3e90-7f70-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":16,\"w\":4,\"h\":2,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"d83e5860-7f70-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":3,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"174ad510-7f67-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":0,\"y\":3,\"w\":6,\"h\":2,\"i\":\"14\"},\"id\":\"09975710-8046-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":5,\"w\":6,\"h\":2,\"i\":\"15\"},\"id\":\"c9413d00-8047-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":6,\"y\":3,\"w\":6,\"h\":4,\"i\":\"16\"},\"version\":\"6.2.4\",\"type\":\"search\",\"id\":\"8d21a870-8301-11e9-ad88-85624cce68b5\"},{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":0,\"w\":1,\"h\":3,\"i\":\"17\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\"}]",
+      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}",
+      "version": 1,
+      "timeRestore": false,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"redis103\",\"params\":{\"query\":\"redis103\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"redis103\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}"
+      }
+    }
+  }
+]
--- a/kibana/dashboard/server-general.json
+++ b/kibana/dashboard/server-general.json
@ -0,0 +1,18 @@
+[
+  {
+    "_id": "2a121b70-808b-11e9-ad88-85624cce68b5",
+    "_type": "dashboard",
+    "_source": {
+      "title": "服务器概览",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"1\",\"w\":5,\"x\":1,\"y\":0},\"id\":\"2b5e0b20-8085-11e9-ad88-85624cce68b5\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"2\",\"w\":6,\"x\":6,\"y\":0},\"id\":\"84681490-8085-11e9-ad88-85624cce68b5\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"3\",\"w\":12,\"x\":0,\"y\":3},\"id\":\"ad133180-8086-11e9-ad88-85624cce68b5\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"4\",\"w\":12,\"x\":0,\"y\":9},\"id\":\"4385b8b0-808a-11e9-ad88-85624cce68b5\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"5\",\"w\":12,\"x\":0,\"y\":6},\"id\":\"7c7f4af0-808a-11e9-ad88-85624cce68b5\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"6\",\"w\":12,\"x\":0,\"y\":15},\"id\":\"99d6f5a0-8088-11e9-ad88-85624cce68b5\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"7\",\"w\":12,\"x\":0,\"y\":12},\"id\":\"923f7d20-8089-11e9-ad88-85624cce68b5\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"gridData\":{\"h\":3,\"i\":\"8\",\"w\":1,\"x\":0,\"y\":0},\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.2.4\"}]",
+      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}",
+      "version": 1,
+      "timeRestore": false,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"beat.hostname\",\"value\":\"emotion110, region109, yq108\",\"params\":[\"emotion110\",\"region109\",\"yq108\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"beat.hostname\":\"emotion110\"}},{\"match_phrase\":{\"beat.hostname\":\"region109\"}},{\"match_phrase\":{\"beat.hostname\":\"yq108\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"beat.hostname\",\"value\":\"node105, node104, node102\",\"params\":[\"node105\",\"node104\",\"node102\"],\"negate\":false,\"disabled\":true,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"beat.hostname\":\"node105\"}},{\"match_phrase\":{\"beat.hostname\":\"node104\"}},{\"match_phrase\":{\"beat.hostname\":\"node102\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}"
+      }
+    }
+  }
+]
--- a/kibana/search/java.json
+++ b/kibana/search/java.json
@ -0,0 +1,27 @@
+[
+  {
+    "_id": "a15e2260-8846-11e9-9656-5f1225242944",
+    "_type": "search",
+    "_source": {
+      "title": "JAVA 报错",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "java.process",
+        "java.class",
+        "java.function",
+        "java.line_num",
+        "java.log.content"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"java.log.level\",\"value\":\"ERROR\",\"params\":{\"query\":\"ERROR\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"java.log.level\":{\"query\":\"ERROR\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  }
+]
--- a/kibana/search/kafka.json
+++ b/kibana/search/kafka.json
@ -0,0 +1,28 @@
+[
+  {
+    "_id": "d4c0e280-8433-11e9-9656-5f1225242944",
+    "_type": "search",
+    "_source": {
+      "title": "Kafka Offset",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "monitor.kafka.client_host",
+        "monitor.kafka.consumer_group",
+        "monitor.kafka.topic",
+        "monitor.kafka.current_offset",
+        "monitor.kafka.end_offset",
+        "monitor.kafka.lag",
+        "monitor.kafka.partition"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"kafka106\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"kafka106\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"kafka106\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.kafka.topic\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.topic\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.consumer_group\",\"negate\":false,\"params\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"yuqing_v1.12\"},\"query\":{\"match\":{\"monitor.kafka.consumer_group\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"}}}}]}"
+      }
+    }
+  }
+]
--- a/kibana/search/mysql.json
+++ b/kibana/search/mysql.json
@ -0,0 +1,48 @@
+[
+  {
+    "_id": "2b1b1100-09dc-11e9-b283-47528513fd78",
+    "_type": "search",
+    "_source": {
+      "title": "Mysql 异常",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "message"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/mysqld/error.log\",\"params\":{\"query\":\"/var/log/mysqld/error.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/mysqld/error.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  },
+  {
+    "_id": "4791e6b0-09dc-11e9-b283-47528513fd78",
+    "_type": "search",
+    "_source": {
+      "title": "Mysql 慢查询",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "mysql.slowlog.user",
+        "mysql.slowlog.ip",
+        "mysql.slowlog.query_time.sec",
+        "mysql.slowlog.lock_time.sec",
+        "mysql.slowlog.rows_examined",
+        "mysql.slowlog.rows_sent",
+        "mysql.slowlog.query"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/mysqld/slow.log\",\"params\":{\"query\":\"/var/log/mysqld/slow.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/mysqld/slow.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  }
+]
--- a/kibana/search/nginx.json
+++ b/kibana/search/nginx.json
@ -0,0 +1,91 @@
+[
+  {
+    "_id": "68594410-09d7-11e9-b283-47528513fd78",
+    "_type": "search",
+    "_source": {
+      "title": "Nginx 报错",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "message"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/error.log\",\"params\":{\"query\":\"/var/log/nginx/error.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/error.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  },
+  {
+    "_id": "efd03910-0fec-11e9-8819-7f8b8589cf6c",
+    "_type": "search",
+    "_source": {
+      "title": "Nginx 非法请求",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "nginx.access.remote_ip",
+        "nginx.access.method",
+        "nginx.access.url",
+        "nginx.access.agent"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access-illegal.log, /var/log/nginx/www.goldeneye.cn/access-illegal.log\",\"params\":[\"/var/log/nginx/qyjs360.com/access-illegal.log\",\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"source\":\"/var/log/nginx/qyjs360.com/access-illegal.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  },
+  {
+    "_id": "3e9b9ec0-acf2-11e9-82d1-df99ba321bd2",
+    "_type": "search",
+    "_source": {
+      "title": "與情 Nginx 正常访问",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "nginx.access.remote_ip",
+        "nginx.access.os",
+        "nginx.access.url",
+        "nginx.access.agent"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"params\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  },
+  {
+    "_id": "476794a0-09d7-11e9-b283-47528513fd78",
+    "_type": "search",
+    "_source": {
+      "title": "企业军师 Nginx 正常访问",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "nginx.access.remote_ip",
+        "nginx.access.os",
+        "nginx.access.url",
+        "nginx.access.agent"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access.log\",\"params\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  }
+]
--- a/kibana/search/os.json
+++ b/kibana/search/os.json
@ -0,0 +1,325 @@
+[
+  {
+    "_id": "65129a00-09d6-11e9-b283-47528513fd78",
+    "_type": "search",
+    "_source": {
+      "title": "操作系统登陆日志",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "login.rhost",
+        "login.method",
+        "login.user",
+        "login.result"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":true,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"login.rhost\",\"value\":\"172.17.251.5\",\"params\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"login.rhost\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  },
+  {
+    "_id": "4fb3a570-834b-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "CPU 使用超过 80%",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.cpu.user",
+        "monitor.cpu.system",
+        "monitor.cpu.wait",
+        "monitor.cpu.idle"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.cpu.idle\",\"value\":\"0 to 20\",\"params\":{\"gte\":0,\"lt\":20}},\"range\":{\"monitor.cpu.idle\":{\"gte\":0,\"lt\":20}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  },
+  {
+    "_id": "7ccc0500-7e11-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "CPU 查询",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.cpu.user",
+        "monitor.cpu.system",
+        "monitor.cpu.idle",
+        "monitor.cpu.wait"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/cpu-*.log\"},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "69059000-7f0f-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "IO 查询",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.io.dev",
+        "monitor.io.tps",
+        "monitor.io.rd",
+        "monitor.io.wr",
+        "monitor.io.wait",
+        "monitor.io.util"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/io-*.log\"},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "92c209e0-7e34-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "Disk 查询",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.disk.partition",
+        "monitor.disk.used"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "33688dc0-7e34-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "MEM 查询",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.mem.used"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/mem-*.log\"},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "9f5a1e60-834b-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "MEM 使用超过 80%",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.mem.used",
+        "monitor.mem.buffers",
+        "monitor.mem.cache",
+        "monitor.mem.free"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.mem.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.mem.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  },
+  {
+    "_id": "e8e33120-834b-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "分区使用超过 80%",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.disk.partition",
+        "monitor.disk.used"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.disk.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.disk.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  },
+  {
+    "_id": "2f67e7d0-7f0a-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "磁盘空间查询",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.disk.partition",
+        "monitor.disk.used"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "37644d50-7d40-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "端口连接量查询",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.conn.server",
+        "monitor.conn.port",
+        "monitor.conn.count"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/conn-*.log\"},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "94288030-7f0f-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "网卡流量查询",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.net.dev",
+        "monitor.net.rx",
+        "monitor.net.tx"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/net-*.log\"},\"filter\":[]}"
+      }
+    }
+  },
+  {
+    "_id": "d65da6a0-85b4-11e9-9656-5f1225242944",
+    "_type": "search",
+    "_source": {
+      "title": "网络不通",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "monitor.ping.server",
+        "monitor.ping.state"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.state_code\",\"negate\":true,\"params\":{\"query\":1,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":1},\"query\":{\"match\":{\"monitor.ping.state_code\":{\"query\":1,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.ping.server\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.server\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  },
+  {
+    "_id": "8d21a870-8301-11e9-ad88-85624cce68b5",
+    "_type": "search",
+    "_source": {
+      "title": "非正常的 service 和 daemon",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "monitor.proc.proc",
+        "monitor.proc.type",
+        "monitor.proc.state"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.proc.proc\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.proc\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.state_code\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\"},\"query\":{\"match\":{\"monitor.proc.state_code\":{\"query\":0,\"type\":\"phrase\"}}}}]}"
+      }
+    }
+  },
+  {
+    "_id": "93d4c0a0-adcf-11e9-82d1-df99ba321bd2",
+    "_type": "search",
+    "_source": {
+      "title": "操作系统异常登陆",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "login.rhost",
+        "login.method",
+        "login.user",
+        "login.result"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"login.rhost\",\"value\":\"172.17.102.100, 162.105.88.41\",\"params\":[\"172.17.102.100\",\"162.105.88.41\"],\"negate\":true,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"login.rhost\":\"172.17.102.100\"}},{\"match_phrase\":{\"login.rhost\":\"162.105.88.41\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  }
+]
--- a/kibana/search/shell.json
+++ b/kibana/search/shell.json
@ -0,0 +1,23 @@
+[
+  {
+    "_id": "1712ed30-14a0-11e9-85e4-c396c5d0cddf",
+    "_type": "search",
+    "_source": {
+      "title": "代理 Tunnel 日志",
+      "description": "",
+      "hits": 0,
+      "columns": [
+        "beat.hostname",
+        "shell.log.content"
+      ],
+      "sort": [
+        "@timestamp",
+        "desc"
+      ],
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"source: \\\\/qyjs\\\\/logs\\\\/tunnel\\\\/*.log\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"beat.hostname\",\"value\":\"spider101, spider107\",\"params\":[\"spider101\",\"spider107\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"beat.hostname\":\"spider101\"}},{\"match_phrase\":{\"beat.hostname\":\"spider107\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"
+      }
+    }
+  }
+]
--- a/kibana/visualization/kafka.json
+++ b/kibana/visualization/kafka.json
@ -0,0 +1,30 @@
+[
+  {
+    "_id": "d5f67f80-8437-11e9-9656-5f1225242944",
+    "_type": "visualization",
+    "_source": {
+      "title": "Kafka 概览",
+      "visState": "{\"title\":\"Kafka 概览\",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"offset\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"生产者位移\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"normal\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"data\":{\"id\":\"2\",\"label\":\"消费者位移\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.kafka.end_offset\",\"customLabel\":\"生产者位移\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.kafka.current_offset\",\"customLabel\":\"消费者位移\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.kafka.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"分区\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"monitor.kafka.consumer_group\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"消费组\",\"row\":true}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"monitor.kafka.topic\",\"value\":\"wangmei_raw\",\"params\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"monitor.kafka.topic\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "8a6fd9f0-8435-11e9-9656-5f1225242944",
+    "_type": "visualization",
+    "_source": {
+      "title": "Kafka 消费者滞后情况",
+      "visState": "{\"title\":\"Kafka 消费者滞后情况\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-2\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"offset\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"offset\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"lineWidth\":4,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.kafka.lag\",\"customLabel\":\"offset\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.kafka.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"分区\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"monitor.kafka.consumer_group\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"消费组\",\"row\":true}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.consumer_group\",\"negate\":false,\"params\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"yuqing_v1.12\"},\"query\":{\"match\":{\"monitor.kafka.consumer_group\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.topic\",\"negate\":false,\"params\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"wangmei_raw\"},\"query\":{\"match\":{\"monitor.kafka.topic\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  }
+]
--- a/kibana/visualization/menu.json
+++ b/kibana/visualization/menu.json
@ -0,0 +1,16 @@
+[
+  {
+    "_id": "17980860-8351-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "导航",
+      "visState": "{\"title\":\"导航\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"[访问统计](#/dashboard/9beb0d70-0ca9-11e9-98f8-c53bf18cb006)\\n\\n[异常汇总](#/dashboard/59d930f0-834c-11e9-ad88-85624cce68b5)\\n\\n[概览](#/dashboard/2a121b70-808b-11e9-ad88-85624cce68b5)\\n\\n[详情](#/dashboard/5dd7aac0-7e96-11e9-ad88-85624cce68b5)\\n\\n[端口连接](#/dashboard/e9a89150-7dd7-11e9-ad88-85624cce68b5)\\n\\n[Kafka](#/dashboard/3a948e00-8438-11e9-9656-5f1225242944)\"},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{}"
+      }
+    }
+  }
+]
--- a/kibana/visualization/nginx-geoip.json
+++ b/kibana/visualization/nginx-geoip.json
@ -0,0 +1,47 @@
+[
+  {
+    "_id": "87286d00-68df-11e9-82d1-df99ba321bd2",
+    "_type": "visualization",
+    "_source": {
+      "title": "企业军师访问分布",
+      "visState": "{\"title\":\"企业军师访问分布\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{\"_c\":[],\"_s\":1,\"_d\":true,\"_v\":true,\"_h\":0,\"_n\":false},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://openmaptiles.org/\\\">OpenMapTiles</a> | <a href=\\\"https://www.maptiler.com/\\\">MapTiler</a> | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://openmaptiles.org/\\\">OpenMapTiles</a> | <a href=\\\"https://www.maptiler.com/\\\">MapTiler</a> | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "savedSearchId": "476794a0-09d7-11e9-b283-47528513fd78",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "4138be30-acfa-11e9-82d1-df99ba321bd2",
+    "_type": "visualization",
+    "_source": {
+      "title": "與情访问分布",
+      "visState": "{\"title\":\"與情访问分布\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{\"_c\":[],\"_s\":1,\"_d\":true,\"_v\":true,\"_h\":0,\"_n\":false},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a>|<a href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a>|<a href=\\\"https://www.maptiler.com\\\">MapTiler</a>|<a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"https://www.openstreetmap.org/copyright\\\">OpenStreetMap contributors</a>|<a href=\\\"https://openmaptiles.org\\\">OpenMapTiles</a>|<a href=\\\"https://www.maptiler.com\\\">MapTiler</a>|<a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "savedSearchId": "3e9b9ec0-acf2-11e9-82d1-df99ba321bd2",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "b9a0ce30-68df-11e9-82d1-df99ba321bd2",
+    "_type": "visualization",
+    "_source": {
+      "title": "非法访问",
+      "visState": "{\"title\":\"非法访问\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{\"_c\":[],\"_s\":1,\"_d\":true,\"_v\":true,\"_h\":0,\"_n\":false},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://openmaptiles.org/\\\">OpenMapTiles</a> | <a href=\\\"https://www.maptiler.com/\\\">MapTiler</a> | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://openmaptiles.org/\\\">OpenMapTiles</a> | <a href=\\\"https://www.maptiler.com/\\\">MapTiler</a> | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "savedSearchId": "efd03910-0fec-11e9-8819-7f8b8589cf6c",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  }
+]
--- a/kibana/visualization/nginx.json
+++ b/kibana/visualization/nginx.json
@ -0,0 +1,86 @@
+[
+  {
+    "_id": "d1906110-0ca8-11e9-98f8-c53bf18cb006",
+    "_type": "visualization",
+    "_source": {
+      "title": "nginx 访问量",
+      "visState": "{\"title\":\"nginx 访问量\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":true,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"访问量\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"访问量\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"访问量\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"nginx\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"source\",\"value\":\"/var/log/nginx/www.goldeneye.cn/access.log, /var/log/nginx/qyjs360.com/access.log, /var/log/nginx/access-kibana.log, /var/log/nginx/access-schedule.log\",\"params\":[\"/var/log/nginx/www.goldeneye.cn/access.log\",\"/var/log/nginx/qyjs360.com/access.log\",\"/var/log/nginx/access-kibana.log\",\"/var/log/nginx/access-schedule.log\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"source\":\"/var/log/nginx/www.goldeneye.cn/access.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/qyjs360.com/access.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/access-kibana.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/access-schedule.log\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "d998eae0-0ca7-11e9-98f8-c53bf18cb006",
+    "_type": "visualization",
+    "_source": {
+      "title": "企业军师客户端 IP",
+      "visState": "{\"title\":\"企业军师客户端 IP\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":false,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access.log\",\"params\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "62d35850-1940-11e9-85e4-c396c5d0cddf",
+    "_type": "visualization",
+    "_source": {
+      "title": "企业军师客户端 OS",
+      "visState": "{\"title\":\"企业军师客户端 OS\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.os\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"nginx\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access.log\",\"params\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "67b569c0-acf8-11e9-82d1-df99ba321bd2",
+    "_type": "visualization",
+    "_source": {
+      "title": "與情客户端 IP",
+      "visState": "{\"title\":\"與情客户端 IP\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":false,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"params\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "bd07e970-acf8-11e9-82d1-df99ba321bd2",
+    "_type": "visualization",
+    "_source": {
+      "title": "與情客户端 OS",
+      "visState": "{\"title\":\"與情客户端 OS\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.os\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"nginx\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"params\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "fc53d820-1106-11e9-8819-7f8b8589cf6c",
+    "_type": "visualization",
+    "_source": {
+      "title": "非法访问排名",
+      "visState": "{\"title\":\"非法访问排名\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":true,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"源地址\"}}]}",
+      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"nginx\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access-illegal.log, /var/log/nginx/www.goldeneye.cn/access-illegal.log\",\"params\":[\"/var/log/nginx/qyjs360.com/access-illegal.log\",\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"source\":\"/var/log/nginx/qyjs360.com/access-illegal.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  }
+]
--- a/kibana/visualization/os.json
+++ b/kibana/visualization/os.json
@ -0,0 +1,310 @@
+[
+  {
+    "_id": "04b89ff0-7d68-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "端口连接量",
+      "visState": "{\"title\":\"端口连接量\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"top\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"连接数量\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"连接数量\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.conn.count\",\"customLabel\":\"连接数量\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"时间\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"服务器\",\"row\":true}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.conn.port\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"monitor.conn.port\",\"value\":\"8084\",\"params\":{\"query\":\"8084\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"monitor.conn.port\":{\"query\":\"8084\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "b8fc7020-7e91-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "CPU 空闲%",
+      "visState": "{\"title\":\"CPU 空闲%\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"verticalSplit\":false,\"extendRange\":true,\"percentageMode\":true,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":20},{\"from\":20,\"to\":40},{\"from\":40,\"to\":100}],\"invertColors\":true,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"\",\"fontSize\":60,\"labelColor\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.idle\",\"customLabel\":\"最小空闲\"}}]}",
+      "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 20\":\"rgb(165,0,38)\",\"20 - 40\":\"rgb(255,255,190)\",\"40 - 100\":\"rgb(0,104,55)\"}}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "ff9344f0-7e91-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "MEM 已用%",
+      "visState": "{\"title\":\"MEM 已用%\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"verticalSplit\":false,\"extendRange\":true,\"percentageMode\":true,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":60},{\"from\":60,\"to\":80},{\"from\":80,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"\",\"fontSize\":60,\"labelColor\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.used\",\"customLabel\":\"最大已用\"}}]}",
+      "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 60\":\"rgb(0,104,55)\",\"60 - 80\":\"rgb(255,255,190)\",\"80 - 100\":\"rgb(165,0,38)\"}}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "71ae7a10-7f72-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘读写",
+      "visState": "{\"title\":\"磁盘读写\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":null},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"sec/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"最大读\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"data\":{\"id\":\"3\",\"label\":\"最大写\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"orderBucketsBySum\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.rd\",\"customLabel\":\"最大读\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wr\",\"customLabel\":\"最大写\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"redis110\",\"params\":{\"query\":\"redis110\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"redis110\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "174ad510-7f67-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "网卡流量趋势",
+      "visState": "{\"title\":\"网卡流量趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"入口平均流量\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"出口平均流量\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":90,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"KB/s\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.rx\",\"customLabel\":\"入口平均流量\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.tx\",\"customLabel\":\"出口平均流量\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"monitor.net.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"网卡\",\"row\":false}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "88d34100-7e8f-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘使用趋势",
+      "visState": "{\"title\":\"磁盘使用趋势\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"%\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"radiusRatio\":77},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.disk.used\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.disk.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"分区\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "c9413d00-8047-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "网卡流量",
+      "visState": "{\"title\":\"网卡流量\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.rx\",\"customLabel\":\"入口最大流量 KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.tx\",\"customLabel\":\"出口最大流量KB/s\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.net.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":9,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"网卡\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "09975710-8046-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘 IO 流量",
+      "visState": "{\"title\":\"磁盘 IO 流量\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":30}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wr\",\"customLabel\":\"写入最大流量 KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.rd\",\"customLabel\":\"读出最大流量 KB/s\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":9,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "6ea347d0-7f70-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘读写趋势",
+      "visState": "{\"title\":\"磁盘读写趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"平均读\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"normal\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"4\",\"label\":\"平均写\"},\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"KB/s\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.rd\",\"customLabel\":\"平均读\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wr\",\"customLabel\":\"平均写\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\",\"row\":false}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "923f7d20-8089-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "网卡入口最大流量统计",
+      "visState": "{\"title\":\"网卡入口最大流量统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"KB/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"KB/s\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.rx\",\"customLabel\":\"KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.net.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"网卡\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}",
+      "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "99d6f5a0-8088-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "网卡出口最大流量统计",
+      "visState": "{\"title\":\"网卡出口最大流量统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"top\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"KB/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"KB/s\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.tx\",\"customLabel\":\"KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.net.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"网卡\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "7c7f4af0-808a-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘最大写 IO 统计",
+      "visState": "{\"title\":\"磁盘最大写 IO 统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"KB/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"KB/s\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wr\",\"customLabel\":\"KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "4385b8b0-808a-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘最大读 IO 统计",
+      "visState": "{\"title\":\"磁盘最大读 IO 统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"top\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"KB/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"KB/s\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.rd\",\"customLabel\":\"KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "f84666d0-7e8e-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "MEM 趋势",
+      "visState": "{\"title\":\"MEM 趋势\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"已用\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"3\",\"label\":\"缓冲\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"4\",\"label\":\"缓存\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"5\",\"label\":\"空闲\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"radiusRatio\":77},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.used\",\"customLabel\":\"已用\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.buffers\",\"customLabel\":\"缓冲\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.cache\",\"customLabel\":\"缓存\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.free\",\"customLabel\":\"空闲\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"spider-master\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "8f73d660-7e8e-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "CPU 趋势",
+      "visState": "{\"title\":\"CPU 趋势\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"用户态\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"3\",\"label\":\"内核态\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"4\",\"label\":\"空闲\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"5\",\"label\":\"等待\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"radiusRatio\":77},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.user\",\"customLabel\":\"用户态\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.system\",\"customLabel\":\"内核态\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.idle\",\"customLabel\":\"空闲\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.wait\",\"customLabel\":\"等待\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "d83e5860-7f70-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘消耗 CPU 趋势",
+      "visState": "{\"title\":\"磁盘消耗 CPU 趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"%\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":90,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"%\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.util\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"磁盘\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "a76d3e90-7f70-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘阻塞趋势",
+      "visState": "{\"title\":\"磁盘阻塞趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"us\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":90,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"us\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wait\",\"customLabel\":\"us\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"磁盘\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "11d2fb90-7e94-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘空间%",
+      "visState": "{\"title\":\"磁盘空间%\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"最大已用\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"最大已用\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"orderBucketsBySum\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.disk.used\",\"customLabel\":\"最大已用\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"monitor.disk.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"分区\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "84681490-8085-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "MEM 最大使用统计",
+      "visState": "{\"title\":\"MEM 最大使用统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true,\"setYExtents\":true,\"max\":100,\"min\":0},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"%\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.used\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"服务器\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  },
+  {
+    "_id": "ad133180-8086-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "硬盘最大使用统计",
+      "visState": "{\"title\":\"硬盘最大使用统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-2\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true,\"setYExtents\":true,\"max\":100,\"min\":0},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"%\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.disk.used\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.disk.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"分区\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "0ed18e70-7f70-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "磁盘 TPS 趋势",
+      "visState": "{\"title\":\"磁盘 TPS 趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"次数\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":90,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"次数\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.tps\",\"customLabel\":\"次数\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"磁盘\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
+      }
+    }
+  },
+  {
+    "_id": "2b5e0b20-8085-11e9-ad88-85624cce68b5",
+    "_type": "visualization",
+    "_source": {
+      "title": "CPU 最小空闲统计",
+      "visState": "{\"title\":\"CPU 最小空闲统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true,\"setYExtents\":true,\"max\":100,\"min\":0},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"%\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.idle\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"服务器\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+      }
+    }
+  }
+]
--- a/pipelines/java.json
+++ b/pipelines/java.json
@ -0,0 +1,48 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/java -d '
+{
+    "description" : "java",
+    "processors" : [
+      {
+        "grok" : {
+          "field" : "message",
+          "patterns" : [
+            "^%{JAVA_TIME:java.log.time}-\\[%{DATA:java.process}\\]-%{WORD:java.log.level}\\[%{DATA:java.thead}\\]%{WORD:java.class}\\.%{WORD:java.function}\\((?:%{NUMBER:java.line_num}|\\?)\\) \\| %{CONTENT:java.log.content}"
+          ],
+          "pattern_definitions" : {
+            "JAVA_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]",
+            "CONTENT" : "(.*\n?)*"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "java.log.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "remove" : {
+          "field" : "java.log.time",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "remove" : {
+          "field" : "message"
+        }
+      }
+    ]
+}'
--- a/pipelines/monitor-conn.json
+++ b/pipelines/monitor-conn.json
@ -0,0 +1,52 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-conn -d '
+{
+    "description": "monitor-conn",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": [
+            "^%{MONITOR_TIME:monitor.time} %{HOSTNAME:monitor.conn.server} %{NUMBER:monitor.conn.port} %{NUMBER:monitor.conn.count}"
+          ],
+          "pattern_definitions" : {
+            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "monitor.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.conn.count",
+          "type": "integer"
+        }
+      },
+      {
+        "remove": {
+          "field": "monitor.time"
+        }
+      },
+      {
+        "remove": {
+          "field": "message"
+        }
+      }
+    ]
+  }'
--- a/pipelines/monitor-cpu.json
+++ b/pipelines/monitor-cpu.json
@ -0,0 +1,70 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-cpu -d '
+{
+    "description": "monitor-cpu",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": [
+            "^%{MONITOR_TIME:monitor.time} %{NUMBER:monitor.cpu.user} %{NUMBER:monitor.cpu.system} %{NUMBER:monitor.cpu.wait} %{NUMBER:monitor.cpu.idle}"
+          ],
+          "pattern_definitions" : {
+            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "monitor.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.cpu.user",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.cpu.system",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.cpu.wait",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.cpu.idle",
+          "type": "float"
+        }
+      },
+      {
+        "remove": {
+          "field": "monitor.time"
+        }
+      },
+      {
+        "remove": {
+          "field": "message"
+        }
+      }
+    ]
+  }'
--- a/pipelines/monitor-disk.json
+++ b/pipelines/monitor-disk.json
@ -0,0 +1,52 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-disk -d '
+{
+    "description": "monitor-disk",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": [
+            "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.disk.partition} %{NUMBER:monitor.disk.used}"
+          ],
+          "pattern_definitions" : {
+            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "monitor.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.disk.used",
+          "type": "float"
+        }
+      },
+      {
+        "remove": {
+          "field": "monitor.time"
+        }
+      },
+      {
+        "remove": {
+          "field": "message"
+        }
+      }
+    ]
+  }'
--- a/pipelines/monitor-io.json
+++ b/pipelines/monitor-io.json
@ -0,0 +1,76 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-io -d '
+{
+    "description": "monitor-io",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": [
+            "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.io.dev} %{NUMBER:monitor.io.tps} %{NUMBER:monitor.io.rd} %{NUMBER:monitor.io.wr} %{NUMBER:monitor.io.wait} %{NUMBER:monitor.io.util}"
+          ],
+          "pattern_definitions" : {
+            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "monitor.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.io.tps",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.io.rd",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.io.wr",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.io.wait",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.io.util",
+          "type": "float"
+        }
+      },
+      {
+        "remove": {
+          "field": "monitor.time"
+        }
+      },
+      {
+        "remove": {
+          "field": "message"
+        }
+      }
+    ]
+  }'
--- a/pipelines/monitor-kafka.json
+++ b/pipelines/monitor-kafka.json
@ -0,0 +1,70 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-kafka?pretty -d '
+{
+    "description": "monitor-kafka",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": [
+            "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.kafka.topic} %{NUMBER:monitor.kafka.partition} %{NUMBER:monitor.kafka.current_offset} %{NUMBER:monitor.kafka.end_offset} %{NUMBER:monitor.kafka.lag} %{HOSTNAME:monitor.kafka.client_host} %{DATA:monitor.kafka.consumer_group}$"
+          ],
+          "pattern_definitions" : {
+            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "monitor.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.kafka.partition",
+          "type": "integer"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.kafka.current_offset",
+          "type": "integer"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.kafka.end_offset",
+          "type": "integer"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.kafka.lag",
+          "type": "integer"
+        }
+      },
+      {
+        "remove": {
+          "field": "monitor.time"
+        }
+      },
+      {
+        "remove": {
+          "field": "message"
+        }
+      }
+    ]
+  }'
--- a/pipelines/monitor-mem.json
+++ b/pipelines/monitor-mem.json
@ -0,0 +1,70 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-mem -d '
+{
+    "description": "monitor-mem",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": [
+            "^%{MONITOR_TIME:monitor.time} %{NUMBER:monitor.mem.used} %{NUMBER:monitor.mem.free} %{NUMBER:monitor.mem.buffers} %{NUMBER:monitor.mem.cache}"
+          ],
+          "pattern_definitions" : {
+            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "monitor.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.mem.used",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.mem.free",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.mem.buffers",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.mem.cache",
+          "type": "float"
+        }
+      },
+      {
+        "remove": {
+          "field": "monitor.time"
+        }
+      },
+      {
+        "remove": {
+          "field": "message"
+        }
+      }
+    ]
+  }'
--- a/pipelines/monitor-net.json
+++ b/pipelines/monitor-net.json
@ -0,0 +1,58 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-net -d '
+{
+    "description": "monitor-net",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": [
+            "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.net.dev} %{NUMBER:monitor.net.rx} %{NUMBER:monitor.net.tx}"
+          ],
+          "pattern_definitions" : {
+            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "monitor.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.net.rx",
+          "type": "float"
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.net.tx",
+          "type": "float"
+        }
+      },
+      {
+        "remove": {
+          "field": "monitor.time"
+        }
+      },
+      {
+        "remove": {
+          "field": "message"
+        }
+      }
+    ]
+  }'
--- a/pipelines/monitor-ping.json
+++ b/pipelines/monitor-ping.json
@ -0,0 +1,52 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-ping -d '
+{
+    "description": "monitor-ping",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": [
+            "^%{MONITOR_TIME:monitor.time} %{HOSTNAME:monitor.ping.server} %{DATA:monitor.ping.state} %{NUMBER:monitor.ping.state_code}"
+          ],
+          "pattern_definitions" : {
+            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "monitor.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.ping.state_code",
+          "type": "integer"
+        }
+      },
+      {
+        "remove": {
+          "field": "monitor.time"
+        }
+      },
+      {
+        "remove": {
+          "field": "message"
+        }
+      }
+    ]
+  }'
--- a/pipelines/monitor-proc.json
+++ b/pipelines/monitor-proc.json
@ -0,0 +1,52 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-proc -d '
+{
+    "description": "monitor-proc",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": [
+            "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.proc.type}#%{DATA:monitor.proc.proc}#%{DATA:monitor.proc.state}#%{NUMBER:monitor.proc.state_code}"
+          ],
+          "pattern_definitions" : {
+            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "YYYY-MM-dd H:m:s"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "monitor.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "convert": {
+          "field": "monitor.proc.state_code",
+          "type": "integer"
+        }
+      },
+      {
+        "remove": {
+          "field": "monitor.time"
+        }
+      },
+      {
+        "remove": {
+          "field": "message"
+        }
+      }
+    ]
+  }'
--- a/pipelines/mysql-slow.json
+++ b/pipelines/mysql-slow.json
@ -0,0 +1,38 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/mysql-slow -d '
+{
+    "description" : "mysql-slow",
+    "processors" : [
+      {
+        "grok" : {
+          "field" : "message",
+          "patterns" : [
+            "^# Time: %{DATA:mysql.slowlog.exec_time}\n# User@Host: (?:%{USER:mysql.slowlog.user}|)\\[(?:%{USER:mysql.slowlog.user}|)\\] @ (?:%{HOSTNAME:mysql.slowlog.ip}|) \\[(?:%{HOSTNAME:mysql.slowlog.ip}|)\\][^#]*# Query_time: %{NUMBER:mysql.slowlog.query_time.sec}  Lock_time: %{NUMBER:mysql.slowlog.lock_time.sec} Rows_sent: %{NUMBER:mysql.slowlog.rows_sent}  Rows_examined: %{NUMBER:mysql.slowlog.rows_examined}\n%{SQLS:mysql.slowlog.query}"
+          ],
+          "pattern_definitions" : {
+            "SQLS" : "(.*\n?)*"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "rename" : {
+          "field" : "mysql.slowlog.exec_time",
+          "target_field" : "@timestamp",
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "remove" : {
+          "field" : "message"
+        }
+      }
+    ]
+}'
--- a/pipelines/nginx-access-with-geoip.json
+++ b/pipelines/nginx-access-with-geoip.json
@ -0,0 +1,81 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/nginx-access -d '
+{
+    "description" : "nginx-access",
+    "processors" : [
+      {
+        "grok" : {
+          "field" : "message",
+          "patterns" : [
+            "^%{DATA:nginx.access.remote_ip} - \\[%{HTTPDATE:nginx.access.time}\\] \"%{WORD:nginx.access.method} %{DATA:nginx.access.url}\" \"%{DATA:nginx.access.args}\" \"%{DATA:nginx.access.request_body}\" %{NUMBER:nginx.access.response_code} %{NUMBER:nginx.access.body_sent.bytes} \"%{DATA:nginx.access.referrer}\" \"%{DATA:nginx.access.agent}\" \"%{DATA:nginx.access.x_forward_for}\""
+          ],
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "geoip" : {
+          "field" : "nginx.access.remote_ip",
+          "target_field" : "nginx.access.geoip",
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "dd/MMM/YYYY:H:m:s Z"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "nginx.access.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "grok" : {
+          "field" : "nginx.access.agent",
+          "patterns" : [
+            "%{ANDROID:nginx.access.os}",
+            "%{LINUX:nginx.access.os}",
+            "%{IOS:nginx.access.os}",
+            "%{MACOSX:nginx.access.os}",
+            "%{WINDOWS:nginx.access.os}",
+            "%{DARWIN:nginx.access.os}",
+            "%{SOGOU:nginx.access.os}",
+            "%{BINGBOT:nginx.access.os}",
+            "%{OFFICE:nginx.access.os}"
+          ],
+          "pattern_definitions" : {
+            "ANDROID" : "Android *[0-9]*",
+            "LINUX" : "Linux (x86_64|i386|i686)",
+            "IOS" : "OS [0-9]+",
+            "MACOSX" : "Mac OS X [0-9]+",
+            "WINDOWS" : "Windows NT [0-9.]+",
+            "DARWIN" : "Darwin",
+            "SOGOU" : "Sogou web spider",
+            "BINGBOT" : "bingbot",
+            "OFFICE" : "Microsoft Office [^ ]*"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "remove" : {
+          "field" : "nginx.access.time",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "remove" : {
+          "field" : "message"
+        }
+      }
+    ]
+}'
--- a/pipelines/nginx-access.json
+++ b/pipelines/nginx-access.json
@ -0,0 +1,73 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/nginx-access -d '
+{
+    "description" : "nginx-access",
+    "processors" : [
+      {
+        "grok" : {
+          "field" : "message",
+          "patterns" : [
+            "^%{DATA:nginx.access.remote_ip} - \\[%{HTTPDATE:nginx.access.time}\\] \"%{WORD:nginx.access.method} %{DATA:nginx.access.url}\" \"%{DATA:nginx.access.args}\" \"%{DATA:nginx.access.request_body}\" %{NUMBER:nginx.access.response_code} %{NUMBER:nginx.access.body_sent.bytes} \"%{DATA:nginx.access.referrer}\" \"%{DATA:nginx.access.agent}\" \"%{DATA:nginx.access.x_forward_for}\""
+          ],
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "dd/MMM/YYYY:H:m:s Z"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "nginx.access.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "grok" : {
+          "field" : "nginx.access.agent",
+          "patterns" : [
+            "%{ANDROID:nginx.access.os}",
+            "%{LINUX:nginx.access.os}",
+            "%{IOS:nginx.access.os}",
+            "%{MACOSX:nginx.access.os}",
+            "%{WINDOWS:nginx.access.os}",
+            "%{DARWIN:nginx.access.os}",
+            "%{SOGOU:nginx.access.os}",
+            "%{BINGBOT:nginx.access.os}",
+            "%{OFFICE:nginx.access.os}"
+          ],
+          "pattern_definitions" : {
+            "ANDROID" : "Android *[0-9]*",
+            "LINUX" : "Linux (x86_64|i386|i686)",
+            "IOS" : "OS [0-9]+",
+            "MACOSX" : "Mac OS X [0-9]+",
+            "WINDOWS" : "Windows NT [0-9.]+",
+            "DARWIN" : "Darwin",
+            "SOGOU" : "Sogou web spider",
+            "BINGBOT" : "bingbot",
+            "OFFICE" : "Microsoft Office [^ ]*"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "remove" : {
+          "field" : "nginx.access.time",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "remove" : {
+          "field" : "message"
+        }
+      }
+    ]
+}'
--- a/pipelines/secure-login.json
+++ b/pipelines/secure-login.json
@ -0,0 +1,51 @@
+curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/secure-login -d '
+{
+    "description" : "secure-login",
+    "processors" : [
+      {
+        "grok" : {
+          "field" : "message",
+          "patterns" : [
+            "^%{LOGIN_TIME:login.time} [^ ]+ %{WORD:login.method}.*: %{RESULT:login.result} %{WORD:login.user} from %{HOSTNAME:login.rhost}",
+            "^%{LOGIN_TIME:login.time} [^ ]+ %{WORD:login.method}.*: %{RESULT:login.result} for %{WORD:login.user} from %{HOSTNAME:login.rhost}",
+            "^%{LOGIN_TIME:login.time} [^ ]+ %{WORD:login.method}.*: %{RESULT:login.result}; .*ruser=(?:%{WORD:login.ruser}|) rhost=(?:%{HOSTNAME:login.rhost}|)  user=%{WORD:login.user}"
+          ],
+          "pattern_definitions" : {
+            "LOGIN_TIME" : "[^ ]+  ?[^ ]+ [^ ]+",
+            "RESULT" : "Invalid user|Accepted publickey|Accepted password|authentication failure"
+          },
+          "ignore_missing" : true,
+          "ignore_failure" : true
+        }
+      },
+      {
+        "rename" : {
+          "field" : "@timestamp",
+          "target_field" : "read_timestamp"
+        }
+      },
+      {
+        "date" : {
+          "formats" : [
+            "MMM  d HH:mm:ss",
+            "MMM dd HH:mm:ss"
+          ],
+          "timezone" : "Asia/Shanghai",
+          "field" : "login.time",
+          "target_field" : "@timestamp",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "remove" : {
+          "field" : "login.time",
+          "ignore_failure" : true
+        }
+      },
+      {
+        "remove" : {
+          "field" : "message"
+        }
+      }
+    ]
+}'
--- a/prospectors.d/java.yml
+++ b/prospectors.d/java.yml
@ -0,0 +1,13 @@
+#------------------------------ Java Log -------------------------------
+- type: log
+  enabled: true
+  paths:
+  - /xxxx/logs/*/*.log
+  multiline.pattern: "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9]"
+  multiline.negate: true
+  multiline.match: after
+  multiline.max_lines: 400
+  multiline.timeout: 4s
+  tail_files: false
+  pipeline: java
+
--- a/prospectors.d/monitor-conn.yml
+++ b/prospectors.d/monitor-conn.yml
@ -0,0 +1,8 @@
+#---------------------------- Monitor Port -----------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/monitor/conn-*.log
+  tail_files: false
+  pipeline: monitor-conn
+
--- a/prospectors.d/monitor-cpu.yml
+++ b/prospectors.d/monitor-cpu.yml
@ -0,0 +1,8 @@
+#---------------------------- Monitor CPU -----------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/monitor/cpu-*.log
+  tail_files: false
+  pipeline: monitor-cpu
+
--- a/prospectors.d/monitor-disk.yml
+++ b/prospectors.d/monitor-disk.yml
@ -0,0 +1,8 @@
+#---------------------------- Monitor Disk -----------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/monitor/disk-*.log
+  tail_files: false
+  pipeline: monitor-disk
+
--- a/prospectors.d/monitor-io.yml
+++ b/prospectors.d/monitor-io.yml
@ -0,0 +1,8 @@
+#---------------------------- Monitor IO -----------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/monitor/io-*.log
+  tail_files: false
+  pipeline: monitor-io
+
--- a/prospectors.d/monitor-kafka.yml
+++ b/prospectors.d/monitor-kafka.yml
@ -0,0 +1,8 @@
+#---------------------------- Monitor Kafka -----------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/monitor/kafka-*.log
+  tail_files: false
+  pipeline: monitor-kafka
+
--- a/prospectors.d/monitor-mem.yml
+++ b/prospectors.d/monitor-mem.yml
@ -0,0 +1,8 @@
+#---------------------------- Monitor MEM -----------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/monitor/mem-*.log
+  tail_files: false
+  pipeline: monitor-mem
+
--- a/prospectors.d/monitor-net.yml
+++ b/prospectors.d/monitor-net.yml
@ -0,0 +1,8 @@
+#---------------------------- Monitor NET -----------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/monitor/net-*.log
+  tail_files: false
+  pipeline: monitor-net
+
--- a/prospectors.d/monitor-ping.yml
+++ b/prospectors.d/monitor-ping.yml
@ -0,0 +1,8 @@
+#---------------------------- Monitor Ping -----------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/monitor/ping-*.log
+  tail_files: false
+  pipeline: monitor-ping
+
--- a/prospectors.d/monitor-proc.yml
+++ b/prospectors.d/monitor-proc.yml
@ -0,0 +1,8 @@
+#---------------------------- Monitor Proc -----------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/monitor/proc-*.log
+  tail_files: false
+  pipeline: monitor-proc
+
--- a/prospectors.d/mysql.yml
+++ b/prospectors.d/mysql.yml
@ -0,0 +1,24 @@
+#------------------------------- MySQL Log -------------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/mysqld/slow.log
+  multiline.pattern: "^# Time|^/usr/sbin/mysqld"
+  multiline.negate: true
+  multiline.match: after
+  multiline.max_lines: 400
+  multiline.timeout: 4s
+  tail_files: false
+  pipeline: mysql-slow
+- type: log
+  enabled: true
+  paths:
+  - /var/log/mysqld/error.log
+  include_lines: "[[Error]]"
+  multiline.pattern: "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9]T"
+  multiline.negate: true
+  multiline.match: after
+  multiline.max_lines: 400
+  multiline.timeout: 4s
+  tail_files: false
+
--- a/prospectors.d/nginx.yml
+++ b/prospectors.d/nginx.yml
@ -0,0 +1,16 @@
+#------------------------------- Nginx Log -------------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/nginx/access.log
+  - /var/log/nginx/access-illegal.log
+  exclude_lines: ["favicon.ico"]
+  tail_files: false
+  pipeline: nginx-access
+- type: log
+  enabled: true
+  paths:
+  - /var/log/nginx/error.log
+  exclude_lines: ["favicon.ico"]
+  tail_files: false
+
--- a/prospectors.d/secure.yml
+++ b/prospectors.d/secure.yml
@ -0,0 +1,9 @@
+#------------------------------ Secure Log -------------------------------
+- type: log
+  enabled: true
+  paths:
+  - /var/log/secure
+  include_lines: [": Invalid user ", ": Accepted password ", ": Accepted publickey ", ": authentication failure;"]
+  tail_files: false
+  pipeline: secure-login
+
--- a/scripts/Monitor.service
+++ b/scripts/Monitor.service
@ -0,0 +1,11 @@
+[Unit]
+Description=Monitor
+
+[Service]
+ExecStart=/opt/scripts/Monitor.sh
+TimeoutStopSec=8
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+
--- a/scripts/Monitor.sh
+++ b/scripts/Monitor.sh
@ -0,0 +1,25 @@
+#!/bin/bash
+
+INTERVAL=2
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    type sar > /dev/null || exit 1
+}
+
+function Main {
+    cd $(dirname $0) || exit 1
+    while sleep $INTERVAL; do
+        for proc in $(find . -type f -name "mon_*" \
+            -executable); do
+            $proc &
+        done
+    done
+}
+
+# start
+Init
+Main
+
--- a/scripts/conn.list
+++ b/scripts/conn.list
@ -0,0 +1 @@
+localhost:5000
--- a/scripts/mon_conn
+++ b/scripts/mon_conn
@ -0,0 +1,51 @@
+#!/bin/bash
+
+export LANG=en_US.UTF-8
+ADDR_FILE="$(dirname $0)/conn.list"
+LOG_PATH="/var/log/monitor"
+LOG_NAME="conn"
+INTERVAL=60
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    mkdir -p $LOG_PATH || exit 1
+}
+
+function Log {
+    local msg="$1"
+    local log_time="$(date +'%F %T')"
+    local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log"
+    echo "$log_time $msg" >> $log_file
+    cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \
+        | head -n -7 | xargs rm -f
+}
+
+function CountAddrConn {
+    local addr=$1
+    local server="${addr%:*}"
+    local port="${addr#*:}"
+    local count=0
+    if [ 'localhost' = "$server" ]; then
+        count=$(ss -anpt | awk '{print $4}' \
+            | grep -c ":$port$")
+    else
+        count=$(ss -anpt | awk '{print $5}' \
+            | grep -c "$addr$")
+    fi
+    echo "$server $port $count"
+}
+
+function Main {
+    local addr=
+    sleep $INTERVAL
+    for addr in $(cat $ADDR_FILE); do
+        Log "$(CountAddrConn $addr)"
+    done
+}
+
+# start
+Init
+Main
+
--- a/scripts/mon_cpu
+++ b/scripts/mon_cpu
@ -0,0 +1,38 @@
+#!/bin/bash
+
+export LANG=en_US.UTF-8
+LOG_PATH="/var/log/monitor"
+LOG_NAME="cpu"
+INTERVAL=60
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    type sar > /dev/null || exit 1
+    mkdir -p $LOG_PATH || exit 1
+}
+
+function Log {
+    local msg="$1"
+    local log_time="$(date +'%F %T')"
+    local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log"
+    echo "$log_time $msg" >> $log_file
+    cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \
+        | head -n -7 | xargs rm -f
+}
+
+function GetCPULoad {
+    top -b -n 1 | sed -n '3p' | sed 's/^.*://' | tr , ' ' \
+        | awk '{print $1,$3,$9,$7}'
+}
+
+function Main {
+    sleep $INTERVAL
+    Log "$(GetCPULoad)"
+}
+
+# start
+Init
+Main
+
--- a/scripts/mon_disk
+++ b/scripts/mon_disk
@ -0,0 +1,39 @@
+#!/bin/bash
+
+export LANG=en_US.UTF-8
+LOG_PATH="/var/log/monitor"
+LOG_NAME="disk"
+INTERVAL=300
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    mkdir -p $LOG_PATH || exit 1
+}
+
+function Log {
+    local msg="$1"
+    local log_time="$(date +'%F %T')"
+    local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log"
+    echo "$log_time $msg" >> $log_file
+    cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \
+        | head -n -7 | xargs rm -f
+}
+
+function GetDiskInfo {
+    df | grep '^/dev/' \
+        | awk '{print $1,substr($5,0,length($5)-1)}'
+}
+
+function Main {
+    sleep $INTERVAL
+    GetDiskInfo|while read line; do
+        Log "$line"
+    done
+}
+
+# start
+Init
+Main
+
--- a/scripts/mon_io
+++ b/scripts/mon_io
@ -0,0 +1,42 @@
+#!/bin/bash
+
+export LANG=en_US.UTF-8
+LOG_PATH="/var/log/monitor"
+LOG_NAME="io"
+SAR_INTERVAL=20
+SAR_COUNT=6
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    type sar > /dev/null || exit 1
+    mkdir -p $LOG_PATH || exit 1
+}
+
+function Log {
+    local msg="$1"
+    local log_time="$(date +'%F %T')"
+    local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log"
+    echo "$log_time $msg" >> $log_file
+    cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \
+        | head -n -7 | xargs rm -f
+}
+
+function GetIOInfo {
+    sar -dp $SAR_INTERVAL $SAR_COUNT | grep '^Average' \
+        | tail -n +2 \
+        | awk '{print $2,$3,-$4/2,$5/2,$8,$10}'
+}
+
+function Main {
+    local line=
+    GetIOInfo | while read line; do
+        Log "$line"
+    done
+}
+
+# start
+Init
+Main
+
--- a/scripts/mon_kafka
+++ b/scripts/mon_kafka
@ -0,0 +1,51 @@
+#!/bin/bash
+
+export LANG=en_US.UTF-8
+export JAVA_HOME=/opt/jre
+export PATH=$JAVA_HOME/bin:$PATH
+LOG_PATH="/var/log/monitor"
+LOG_NAME="kafka"
+INTERVAL=60
+KAFKA_ROOT="/opt/kafka"
+KAFKA_SERVERS="10.0.4.104:9092,10.0.4.105:9092,10.0.4.106:9092"
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    mkdir -p $LOG_PATH || exit 1
+}
+
+function Log {
+    local msg="$1"
+    local log_time="$(date +'%F %T')"
+    local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log"
+    echo "$log_time $msg" >> $log_file
+    cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \
+        | head -n -7 | xargs rm -f
+}
+
+function GetKafkaInfo {
+    local consumer_group=
+    cd $KAFKA_ROOT/bin || return 1
+    for consumer_group in $(./kafka-consumer-groups.sh \
+        --bootstrap-server $KAFKA_SERVERS --list); do
+        ./kafka-consumer-groups.sh \
+            --bootstrap-server $KAFKA_SERVERS \
+            --group $consumer_group --describe \
+            | tail -n +3 | awk '$7 !~ /^-$/{print $1,$2,
+                $3,$4,$5,substr($7,2),"'$consumer_group'"}'
+    done
+}
+
+function Main {
+    sleep $INTERVAL
+    GetKafkaInfo|while read line; do
+        Log "$line"
+    done
+}
+
+# start
+Init
+Main
+
--- a/scripts/mon_mem
+++ b/scripts/mon_mem
@ -0,0 +1,38 @@
+#!/bin/bash
+
+export LANG=en_US.UTF-8
+LOG_PATH="/var/log/monitor"
+LOG_NAME="mem"
+INTERVAL=60
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    mkdir -p $LOG_PATH || exit 1
+}
+
+function Log {
+    local msg="$1"
+    local log_time="$(date +'%F %T')"
+    local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log"
+    echo "$log_time $msg" >> $log_file
+    cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \
+        | head -n -7 | xargs rm -f
+}
+
+function GetMEMInfo {
+    free -w | grep '^Mem' \
+        | awk '{printf "%.2f %.2f %.2f %.2f\n",$3*100/$2,
+            $4*100/$2,$6*100/$2,$7*100/$2}'
+}
+
+function Main {
+    sleep $INTERVAL
+    Log "$(GetMEMInfo)"
+}
+
+# start
+Init
+Main
+
--- a/scripts/mon_net
+++ b/scripts/mon_net
@ -0,0 +1,41 @@
+#!/bin/bash
+
+export LANG=en_US.UTF-8
+LOG_PATH="/var/log/monitor"
+LOG_NAME="net"
+SAR_INTERVAL=50
+SAR_COUNT=6
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    type sar > /dev/null || exit 1
+    mkdir -p $LOG_PATH || exit 1
+}
+
+function Log {
+    local msg="$1"
+    local log_time="$(date +'%F %T')"
+    local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log"
+    echo "$log_time $msg" >> $log_file
+    cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \
+        | head -n -7 | xargs rm -f
+}
+
+function GetNetInfo {
+    sar -n DEV $SAR_INTERVAL $SAR_COUNT | grep '^Average' \
+        | tail -n +2 | awk '{print $2,$5,-$6}'
+}
+
+function Main {
+    local line=
+    GetNetInfo | while read line; do
+        Log "$line"
+    done
+}
+
+# start
+Init
+Main
+
--- a/scripts/mon_ping
+++ b/scripts/mon_ping
@ -0,0 +1,42 @@
+#!/bin/bash
+
+export LANG=en_US.UTF-8
+PING_FILE="$(dirname $0)/ping.list"
+LOG_PATH="/var/log/monitor"
+LOG_NAME="ping"
+INTERVAL=120
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    type fping > /dev/null || exit 1
+    mkdir -p $LOG_PATH || exit 1
+}
+
+function Log {
+    local msg="$1"
+    local log_time="$(date +'%F %T')"
+    local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log"
+    echo "$log_time $msg" >> $log_file
+    cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \
+        | head -n -7 | xargs rm -f
+}
+
+function GetPingInfo {
+    fping -A -f $PING_FILE \
+        | awk '{print $1,$3,"alive"==$3?1:0}'
+}
+
+function Main {
+    local line=
+    sleep $INTERVAL
+    GetPingInfo|while read line; do
+        Log "$line"
+    done
+}
+
+# start
+Init
+Main
+
--- a/scripts/mon_proc
+++ b/scripts/mon_proc
@ -0,0 +1,55 @@
+#!/bin/bash
+
+export LANG=en_US.UTF-8
+PROC_FILE="$(dirname $0)/proc.list"
+LOG_PATH="/var/log/monitor"
+LOG_NAME="proc"
+INTERVAL=60
+
+function Init {
+    local self_count=$(pgrep -cx "$(basename $0)")
+    [ 0 -eq $? ] || exit 1
+    [ 1 -eq $self_count ] || exit 1
+    mkdir -p $LOG_PATH || exit 1
+}
+
+function Log {
+    local msg="$1"
+    local log_time="$(date +'%F %T')"
+    local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log"
+    echo "$log_time $msg" >> $log_file
+    cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \
+        | head -n -7 | xargs rm -f
+}
+
+function GetProcInfo {
+    local line="$1"
+    local class="${line%% *}"
+    local proc="${line#* }"
+    local stat_code=1
+    local stat=
+    if [ 'service' = "$class" ]; then
+        stat="$(systemctl status $proc \
+            | grep -m 1 '^   Active:' \
+            | awk '{print $2}')"
+        [ 'active' = "$stat" ] && stat_code=0
+        [ -z "$stat" ] && stat="unknown"
+    else
+        pgrep -f "$proc" &> /dev/null && stat_code=0 \
+            && stat='running' || stat='stopped'
+    fi
+    echo "$class#$proc#$stat#$stat_code"
+}
+
+function Main {
+    local line=
+    sleep $INTERVAL
+    while read line; do
+        Log "$(GetProcInfo "$line")"
+    done < $PROC_FILE
+}
+
+# start
+Init
+Main
+
--- a/scripts/ping.list
+++ b/scripts/ping.list
@ -0,0 +1,2 @@
+192.168.1.1
+192.168.1.2
--- a/scripts/proc.list
+++ b/scripts/proc.list
@ -0,0 +1,2 @@
+service EmotionJudger
+daemon java .*-jar .*\\<filename.jar