colben/efk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
efk/kibana/search/os.json
colben 828bfa1adc first commit
2021-08-29 00:02:22 +08:00

326 lines
13 KiB
JSON
Raw Blame History

[
{
"_id": "65129a00-09d6-11e9-b283-47528513fd78",
"_type": "search",
"_source": {
"title": "操作系统登陆日志",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"login.rhost",
"login.method",
"login.user",
"login.result"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":true,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"login.rhost\",\"value\":\"172.17.251.5\",\"params\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"login.rhost\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "4fb3a570-834b-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "CPU 使用超过 80%",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.cpu.user",
"monitor.cpu.system",
"monitor.cpu.wait",
"monitor.cpu.idle"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.cpu.idle\",\"value\":\"0 to 20\",\"params\":{\"gte\":0,\"lt\":20}},\"range\":{\"monitor.cpu.idle\":{\"gte\":0,\"lt\":20}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "7ccc0500-7e11-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "CPU 查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.cpu.user",
"monitor.cpu.system",
"monitor.cpu.idle",
"monitor.cpu.wait"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/cpu-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "69059000-7f0f-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "IO 查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.io.dev",
"monitor.io.tps",
"monitor.io.rd",
"monitor.io.wr",
"monitor.io.wait",
"monitor.io.util"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/io-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "92c209e0-7e34-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "Disk 查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.disk.partition",
"monitor.disk.used"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "33688dc0-7e34-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "MEM 查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.mem.used"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/mem-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "9f5a1e60-834b-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "MEM 使用超过 80%",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.mem.used",
"monitor.mem.buffers",
"monitor.mem.cache",
"monitor.mem.free"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.mem.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.mem.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "e8e33120-834b-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "分区使用超过 80%",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.disk.partition",
"monitor.disk.used"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.disk.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.disk.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "2f67e7d0-7f0a-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "磁盘空间查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.disk.partition",
"monitor.disk.used"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "37644d50-7d40-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "端口连接量查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.conn.server",
"monitor.conn.port",
"monitor.conn.count"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/conn-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "94288030-7f0f-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "网卡流量查询",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.net.dev",
"monitor.net.rx",
"monitor.net.tx"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/net-*.log\"},\"filter\":[]}"
}
}
},
{
"_id": "d65da6a0-85b4-11e9-9656-5f1225242944",
"_type": "search",
"_source": {
"title": "网络不通",
"description": "",
"hits": 0,
"columns": [
"monitor.ping.server",
"monitor.ping.state"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.state_code\",\"negate\":true,\"params\":{\"query\":1,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":1},\"query\":{\"match\":{\"monitor.ping.state_code\":{\"query\":1,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.ping.server\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.server\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
},
{
"_id": "8d21a870-8301-11e9-ad88-85624cce68b5",
"_type": "search",
"_source": {
"title": "非正常的 service 和 daemon",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"monitor.proc.proc",
"monitor.proc.type",
"monitor.proc.state"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.proc.proc\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.proc\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.state_code\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\"},\"query\":{\"match\":{\"monitor.proc.state_code\":{\"query\":0,\"type\":\"phrase\"}}}}]}"
}
}
},
{
"_id": "93d4c0a0-adcf-11e9-82d1-df99ba321bd2",
"_type": "search",
"_source": {
"title": "操作系统异常登陆",
"description": "",
"hits": 0,
"columns": [
"beat.hostname",
"login.rhost",
"login.method",
"login.user",
"login.result"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"login.rhost\",\"value\":\"172.17.102.100, 162.105.88.41\",\"params\":[\"172.17.102.100\",\"162.105.88.41\"],\"negate\":true,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"login.rhost\":\"172.17.102.100\"}},{\"match_phrase\":{\"login.rhost\":\"162.105.88.41\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"
}
}
}
]
Reference in New Issue View Git Blame Copy Permalink