colben/efk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
colben
2021-08-29 00:02:22 +08:00
commit 828bfa1adc
62 changed files with 2595 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
kibana/search/java.json Normal file
View File

@@ -0,0 +1,27 @@
[
{
"_id": "a15e2260-8846-11e9-9656-5f1225242944",
"_type": "search",
"_source": {
"title": "JAVA 报错",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"java.process",
"java.class",
"java.function",
"java.line_num",
"java.log.content"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"java.log.level\",\"value\":\"ERROR\",\"params\":{\"query\":\"ERROR\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"java.log.level\":{\"query\":\"ERROR\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
}
]

28
kibana/search/kafka.json Normal file
View File

@@ -0,0 +1,28 @@
[
{
"_id": "d4c0e280-8433-11e9-9656-5f1225242944",
"_type": "search",
"_source": {
"title": "Kafka Offset",
"description": "",
"hits": 0,
"columns": [
"monitor.kafka.client_host",
"monitor.kafka.consumer_group",
"monitor.kafka.topic",
"monitor.kafka.current_offset",
"monitor.kafka.end_offset",
"monitor.kafka.lag",
"monitor.kafka.partition"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"kafka106\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"kafka106\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"kafka106\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.kafka.topic\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.topic\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.consumer_group\",\"negate\":false,\"params\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"yuqing_v1.12\"},\"query\":{\"match\":{\"monitor.kafka.consumer_group\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"}}}}]}"
}
}
}
]

48
kibana/search/mysql.json Normal file
View File

@@ -0,0 +1,48 @@
[
{
"_id": "2b1b1100-09dc-11e9-b283-47528513fd78",
"_type": "search",
"_source": {
"title": "Mysql 异常",
"description": "",
"hits": 0,
"columns": [
"message"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/mysqld/error.log\",\"params\":{\"query\":\"/var/log/mysqld/error.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/mysqld/error.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "4791e6b0-09dc-11e9-b283-47528513fd78",
"_type": "search",
"_source": {
"title": "Mysql 慢查询",
"description": "",
"hits": 0,
"columns": [
"mysql.slowlog.user",
"mysql.slowlog.ip",
"mysql.slowlog.query_time.sec",
"mysql.slowlog.lock_time.sec",
"mysql.slowlog.rows_examined",
"mysql.slowlog.rows_sent",
"mysql.slowlog.query"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/mysqld/slow.log\",\"params\":{\"query\":\"/var/log/mysqld/slow.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/mysqld/slow.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
}
]

91
kibana/search/nginx.json Normal file
View File

@@ -0,0 +1,91 @@
[
{
"_id": "68594410-09d7-11e9-b283-47528513fd78",
"_type": "search",
"_source": {
"title": "Nginx 报错",
"description": "",
"hits": 0,
"columns": [
"message"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/error.log\",\"params\":{\"query\":\"/var/log/nginx/error.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/error.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "efd03910-0fec-11e9-8819-7f8b8589cf6c",
"_type": "search",
"_source": {
"title": "Nginx 非法请求",
"description": "",
"hits": 0,
"columns": [
"nginx.access.remote_ip",
"nginx.access.method",
"nginx.access.url",
"nginx.access.agent"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access-illegal.log, /var/log/nginx/www.goldeneye.cn/access-illegal.log\",\"params\":[\"/var/log/nginx/qyjs360.com/access-illegal.log\",\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"source\":\"/var/log/nginx/qyjs360.com/access-illegal.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "3e9b9ec0-acf2-11e9-82d1-df99ba321bd2",
"_type": "search",
"_source": {
"title": "與情 Nginx 正常访问",
"description": "",
"hits": 0,
"columns": [
"nginx.access.remote_ip",
"nginx.access.os",
"nginx.access.url",
"nginx.access.agent"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"params\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "476794a0-09d7-11e9-b283-47528513fd78",
"_type": "search",
"_source": {
"title": "企业军师 Nginx 正常访问",
"description": "",
"hits": 0,
"columns": [
"nginx.access.remote_ip",
"nginx.access.os",
"nginx.access.url",
"nginx.access.agent"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access.log\",\"params\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
}
]

325
kibana/search/os.json Normal file
View File

@@ -0,0 +1,325 @@
[
{
"_id": "65129a00-09d6-11e9-b283-47528513fd78",
"_type": "search",
"_source": {
"title": "操作系统登陆日志",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"login.rhost",
"login.method",
"login.user",
"login.result"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":true,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"login.rhost\",\"value\":\"172.17.251.5\",\"params\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"login.rhost\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "4fb3a570-834b-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "CPU 使用超过 80%",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.cpu.user",
"monitor.cpu.system",
"monitor.cpu.wait",
"monitor.cpu.idle"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.cpu.idle\",\"value\":\"0 to 20\",\"params\":{\"gte\":0,\"lt\":20}},\"range\":{\"monitor.cpu.idle\":{\"gte\":0,\"lt\":20}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "7ccc0500-7e11-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "CPU 查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.cpu.user",
"monitor.cpu.system",
"monitor.cpu.idle",
"monitor.cpu.wait"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/cpu-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "69059000-7f0f-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "IO 查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.io.dev",
"monitor.io.tps",
"monitor.io.rd",
"monitor.io.wr",
"monitor.io.wait",
"monitor.io.util"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/io-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "92c209e0-7e34-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "Disk 查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.disk.partition",
"monitor.disk.used"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "33688dc0-7e34-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "MEM 查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.mem.used"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/mem-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "9f5a1e60-834b-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "MEM 使用超过 80%",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.mem.used",
"monitor.mem.buffers",
"monitor.mem.cache",
"monitor.mem.free"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.mem.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.mem.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "e8e33120-834b-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "分区使用超过 80%",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.disk.partition",
"monitor.disk.used"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.disk.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.disk.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "2f67e7d0-7f0a-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "磁盘空间查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.disk.partition",
"monitor.disk.used"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "37644d50-7d40-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "端口连接量查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.conn.server",
"monitor.conn.port",
"monitor.conn.count"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/conn-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "94288030-7f0f-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "网卡流量查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.net.dev",
"monitor.net.rx",
"monitor.net.tx"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/net-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "d65da6a0-85b4-11e9-9656-5f1225242944",
"_type": "search",
"_source": {
"title": "网络不通",
"description": "",
"hits": 0,
"columns": [
"monitor.ping.server",
"monitor.ping.state"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.state_code\",\"negate\":true,\"params\":{\"query\":1,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":1},\"query\":{\"match\":{\"monitor.ping.state_code\":{\"query\":1,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.ping.server\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.server\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "8d21a870-8301-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "非正常的 service 和 daemon",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.proc.proc",
"monitor.proc.type",
"monitor.proc.state"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.proc.proc\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.proc\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.state_code\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\"},\"query\":{\"match\":{\"monitor.proc.state_code\":{\"query\":0,\"type\":\"phrase\"}}}}]}"
}
}
},
{
"_id": "93d4c0a0-adcf-11e9-82d1-df99ba321bd2",
"_type": "search",
"_source": {
"title": "操作系统异常登陆",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"login.rhost",
"login.method",
"login.user",
"login.result"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"login.rhost\",\"value\":\"172.17.102.100, 162.105.88.41\",\"params\":[\"172.17.102.100\",\"162.105.88.41\"],\"negate\":true,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"login.rhost\":\"172.17.102.100\"}},{\"match_phrase\":{\"login.rhost\":\"162.105.88.41\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
}
]

23
kibana/search/shell.json Normal file
View File

@@ -0,0 +1,23 @@
[
{
"_id": "1712ed30-14a0-11e9-85e4-c396c5d0cddf",
"_type": "search",
"_source": {
"title": "代理 Tunnel 日志",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"shell.log.content"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"source: \\\\/qyjs\\\\/logs\\\\/tunnel\\\\/*.log\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"beat.hostname\",\"value\":\"spider101, spider107\",\"params\":[\"spider101\",\"spider107\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"beat.hostname\":\"spider101\"}},{\"match_phrase\":{\"beat.hostname\":\"spider107\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
}
]