[ { "_id": "65129a00-09d6-11e9-b283-47528513fd78", "_type": "search", "_source": { "title": "操作系统登陆日志", "description": "", "hits": 0, "columns": [ "beat.hostname", "login.rhost", "login.method", "login.user", "login.result" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":true,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"login.rhost\",\"value\":\"172.17.251.5\",\"params\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"login.rhost\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" } } }, { "_id": "4fb3a570-834b-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "CPU 使用超过 80%", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.cpu.user", "monitor.cpu.system", "monitor.cpu.wait", "monitor.cpu.idle" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.cpu.idle\",\"value\":\"0 to 20\",\"params\":{\"gte\":0,\"lt\":20}},\"range\":{\"monitor.cpu.idle\":{\"gte\":0,\"lt\":20}},\"$state\":{\"store\":\"appState\"}}]}" } } }, { "_id": "7ccc0500-7e11-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "CPU 查询", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.cpu.user", "monitor.cpu.system", "monitor.cpu.idle", "monitor.cpu.wait" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/cpu-*.log\"},\"filter\":[]}" } } }, { "_id": "69059000-7f0f-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "IO 查询", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.io.dev", "monitor.io.tps", "monitor.io.rd", "monitor.io.wr", "monitor.io.wait", "monitor.io.util" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/io-*.log\"},\"filter\":[]}" } } }, { "_id": "92c209e0-7e34-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "Disk 查询", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.disk.partition", "monitor.disk.used" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}" } } }, { "_id": "33688dc0-7e34-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "MEM 查询", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.mem.used" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/mem-*.log\"},\"filter\":[]}" } } }, { "_id": "9f5a1e60-834b-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "MEM 使用超过 80%", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.mem.used", "monitor.mem.buffers", "monitor.mem.cache", "monitor.mem.free" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.mem.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.mem.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}" } } }, { "_id": "e8e33120-834b-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "分区使用超过 80%", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.disk.partition", "monitor.disk.used" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.disk.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.disk.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}" } } }, { "_id": "2f67e7d0-7f0a-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "磁盘空间查询", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.disk.partition", "monitor.disk.used" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}" } } }, { "_id": "37644d50-7d40-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "端口连接量查询", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.conn.server", "monitor.conn.port", "monitor.conn.count" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/conn-*.log\"},\"filter\":[]}" } } }, { "_id": "94288030-7f0f-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "网卡流量查询", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.net.dev", "monitor.net.rx", "monitor.net.tx" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/net-*.log\"},\"filter\":[]}" } } }, { "_id": "d65da6a0-85b4-11e9-9656-5f1225242944", "_type": "search", "_source": { "title": "网络不通", "description": "", "hits": 0, "columns": [ "monitor.ping.server", "monitor.ping.state" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.state_code\",\"negate\":true,\"params\":{\"query\":1,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":1},\"query\":{\"match\":{\"monitor.ping.state_code\":{\"query\":1,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.ping.server\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.server\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" } } }, { "_id": "8d21a870-8301-11e9-ad88-85624cce68b5", "_type": "search", "_source": { "title": "非正常的 service 和 daemon", "description": "", "hits": 0, "columns": [ "beat.hostname", "monitor.proc.proc", "monitor.proc.type", "monitor.proc.state" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.proc.proc\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.proc\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.state_code\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\"},\"query\":{\"match\":{\"monitor.proc.state_code\":{\"query\":0,\"type\":\"phrase\"}}}}]}" } } }, { "_id": "93d4c0a0-adcf-11e9-82d1-df99ba321bd2", "_type": "search", "_source": { "title": "操作系统异常登陆", "description": "", "hits": 0, "columns": [ "beat.hostname", "login.rhost", "login.method", "login.user", "login.result" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"login.rhost\",\"value\":\"172.17.102.100, 162.105.88.41\",\"params\":[\"172.17.102.100\",\"162.105.88.41\"],\"negate\":true,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"login.rhost\":\"172.17.102.100\"}},{\"match_phrase\":{\"login.rhost\":\"162.105.88.41\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}" } } } ]