diff --git a/dev/packages/alpha/aws/0.0.3/dataset/billing/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/billing/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..acc07b28262
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/billing/agent/stream/stream.yml.hbs
@@ -0,0 +1,23 @@
+metricsets: ["billing"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/billing/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/billing/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/billing/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/billing/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/billing/fields/fields.yml
new file mode 100644
index 00000000000..8c01ddb0333
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/billing/fields/fields.yml
@@ -0,0 +1,10 @@
+- name: aws.billing
+ type: group
+ release: beta
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: EstimatedCharges.max
+ type: long
+ description: Maximum estimated charges for AWS acccount.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/billing/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/billing/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/billing/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/billing/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/billing/manifest.yml
new file mode 100644
index 00000000000..b321e87217c
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/billing/manifest.yml
@@ -0,0 +1,15 @@
+title: AWS billing metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 12h
+ title: AWS Billing metrics
+ description: Collect AWS billing metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/agent/stream/s3.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/agent/stream/s3.yml.hbs
new file mode 100644
index 00000000000..4d5a0acaa88
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/agent/stream/s3.yml.hbs
@@ -0,0 +1,34 @@
+queue_url: {{queue_url}}
+expand_event_list_from_field: Records
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if visibility_timeout}}
+visibility_timeout: {{visibility_timeout}}
+{{/if}}
+{{#if api_timeout}}
+api_timeout: {{api_timeout}}
+{{/if}}
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if access_key_id}}
+access_key_id: {{access_key_id}}
+{{/if}}
+{{#if secret_access_key}}
+secret_access_key: {{secret_access_key}}
+{{/if}}
+{{#if session_token}}
+session_token: {{session_token}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+processors:
+ - add_fields:
+ target: ''
+ fields:
+ ecs.version: 1.5.0
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..eef0c339b99
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,273 @@
+---
+description: Pipeline for AWS CloudTrail Logs
+processors:
+ - rename:
+ field: "message"
+ target_field: "event.original"
+ - json:
+ field: "event.original"
+ target_field: "json"
+ - date:
+ field: "json.eventTime"
+ target_field: "@timestamp"
+ ignore_failure: true
+ formats:
+ - ISO8601
+ - rename:
+ field: "json.eventVersion"
+ target_field: "aws.cloudtrail.event_version"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.type"
+ target_field: "aws.cloudtrail.user_identity.type"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.userName"
+ target_field: "user.name"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.principalId"
+ target_field: "user.id"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.arn"
+ target_field: "aws.cloudtrail.user_identity.arn"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.accountId"
+ target_field: "cloud.account.id"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.accessKeyId"
+ target_field: "aws.cloudtrail.user_identity.access_key_id"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.sessionContext.attributes.mfaAuthenticated"
+ target_field: "aws.cloudtrail.user_identity.session_context.mfa_authenticated"
+ ignore_failure: true
+ - date:
+ field: "json.userIdentity.sessionContext.attributes.creationDate"
+ target_field: "aws.cloudtrail.user_identity.session_context.creation_date"
+ ignore_failure: true
+ formats:
+ - ISO8601
+ - rename:
+ field: "json.userIdentity.invokedBy"
+ target_field: "aws.cloudtrail.user_identity.invoked_by"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.sessionIssuer.type"
+ target_field: "aws.cloudtrail.user_identity.session_issuer.type"
+ ignore_failure: true
+# userIdentity.sessionIssuer.userName is only set with assumed roles.
+ - rename:
+ field: "json.userIdentity.sessionIssuer.userName"
+ target_field: "user.name"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.sessionIssuer.principalId"
+ target_field: "aws.cloudtrail.user_identity.session_issuer.principal_id"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.sessionIssuer.arn"
+ target_field: "aws.cloudtrail.user_identity.session_issuer.arn"
+ ignore_failure: true
+ - rename:
+ field: "json.userIdentity.sessionIssuer.accountId"
+ target_field: "aws.cloudtrail.user_identity.session_issuer.account_id"
+ ignore_failure: true
+ - rename:
+ field: "json.eventSource"
+ target_field: "event.provider"
+ ignore_failure: true
+ - set:
+ field: "event.action"
+ value: "{{json.eventName}}"
+ ignore_failure: true
+ - rename:
+ field: "json.awsRegion"
+ target_field: "cloud.region"
+ ignore_failure: true
+ - rename:
+ field: "json.sourceIPAddress"
+ target_field: "source.address"
+ ignore_failure: true
+ - grok:
+ field: source.address
+ ignore_failure: true
+ patterns:
+ - ^%{IP:source.ip}$
+ - geoip:
+ field: "source.ip"
+ target_field: "source.geo"
+ ignore_failure: true
+ ignore_missing: true
+ - user_agent:
+ field: "json.userAgent"
+ target_field: "user_agent"
+ on_failure:
+ - rename:
+ field: "json.userAgent"
+ target_field: "user_agent.original"
+ ignore_failure: true
+ - rename:
+ field: "json.errorCode"
+ target_field: "aws.cloudtrail.error_code"
+ ignore_failure: true
+ - rename:
+ field: "json.errorMessage"
+ target_field: "aws.cloudtrail.error_message"
+ ignore_failure: true
+ - script:
+ lang: painless
+ source: |
+ if (ctx.json.requestParameters != null) {
+ ctx.aws.cloudtrail.request_parameters = ctx.json.requestParameters.toString();
+ }
+ ignore_failure: true
+ - script:
+ lang: painless
+ source: |
+ if (ctx.json.responseElements != null) {
+ ctx.aws.cloudtrail.response_elements = ctx.json.responseElements.toString();
+ }
+ ignore_failure: true
+ - script:
+ lang: painless
+ source: |
+ if (ctx.json.additionalEventData != null) {
+ ctx.aws.cloudtrail.additional_eventdata = ctx.json.additionalEventData.toString();
+ }
+ ignore_failure: true
+ - rename:
+ field: "json.requestId"
+ target_field: "aws.cloudtrail.request_id"
+ ignore_failure: true
+ - rename:
+ field: "json.eventID"
+ target_field: event.id
+ ignore_failure: true
+ - rename:
+ field: "json.eventType"
+ target_field: "aws.cloudtrail.event_type"
+ ignore_failure: true
+ - rename:
+ field: "json.apiVersion"
+ target_field: "aws.cloudtrail.api_version"
+ ignore_failure: true
+ - rename:
+ field: "json.managementEvent"
+ target_field: "aws.cloudtrail.management_event"
+ ignore_failure: true
+ - rename:
+ field: "json.readOnly"
+ target_field: "aws.cloudtrail.read_only"
+ ignore_failure: true
+ - rename:
+ field: "json.resources.ARN"
+ target_field: "aws.cloudtrail.resources.arn"
+ ignore_failure: true
+ - rename:
+ field: "json.resources.accountId"
+ target_field: "aws.cloudtrail.resources.account_id"
+ ignore_failure: true
+ - rename:
+ field: "json.resources.type"
+ target_field: "aws.cloudtrail.resources.type"
+ ignore_failure: true
+ - rename:
+ field: "json.recipientAccountId"
+ target_field: "aws.cloudtrail.recipient_account_id"
+ ignore_failure: true
+ - script:
+ lang: painless
+ source: |
+ if (ctx.json.serviceEventDetails != null) {
+ ctx.aws.cloudtrail.service_event_details = ctx.json.serviceEventDetails.toString();
+ }
+ ignore_failure: true
+ - rename:
+ field: "json.sharedEventId"
+ target_field: "aws.cloudtrail.shared_event_id"
+ ignore_failure: true
+ - rename:
+ field: "json.vpcEndpointId"
+ target_field: "aws.cloudtrail.vpc_endpoint_id"
+ ignore_failure: true
+ - script:
+ lang: painless
+ ignore_failure: true
+ source: >-
+ void addRelatedUser(def ctx, String userName) {
+ if (ctx.related == null) {
+ Map map = new HashMap();
+ ctx.put("related", map);
+ }
+ if (ctx.related.user == null) {
+ ArrayList al = new ArrayList();
+ ctx.related.put("user", al);
+ }
+ ctx.related.user.add(userName);
+ }
+
+ ctx.event.type = 'info';
+ ctx.event.kind = 'event';
+ if (ctx.aws.cloudtrail.error_code != null || ctx.aws.cloudtrail.error_message != null) {
+ ctx.event.outcome = 'failure'
+ } else {
+ ctx.event.outcome = 'success'
+ }
+
+ if (ctx.json?.eventName == 'ConsoleLogin') {
+ ctx.event.category = 'authentication';
+ if (ctx.json?.responseElements.ConsoleLogin != null) {
+ ctx.event.outcome = Processors.lowercase(ctx.json.responseElements.ConsoleLogin);
+ }
+ }
+
+ if (ctx.json?.requestParameters.userName != null) {
+ addRelatedUser(ctx, ctx.json.requestParameters.userName);
+ }
+ if (ctx.json?.requestParameters.newUserName != null) {
+ addRelatedUser(ctx, ctx.json.requestParameters.newUserName);
+ }
+
+ - script:
+ lang: painless
+ ignore_failure: true
+ source: >-
+ if (ctx.json?.eventName != 'ConsoleLogin') {
+ return;
+ }
+ Map aed_map = new HashMap();
+ if (ctx.json?.additionalEventData?.MobileVersion != null) {
+ if (ctx.json.additionalEventData.MobileVersion == 'No') {
+ aed_map.put("mobile_version", false);
+ } else {
+ aed_map.put("mobile_version", true);
+ }
+ }
+ if (ctx.json?.additionalEventData?.LoginTo != null) {
+ aed_map.put("login_to", ctx.json.additionalEventData.LoginTo);
+ }
+ if (ctx.json?.additionalEventData?.MFAUsed != null) {
+ if (ctx.json.additionalEventData.MFAUsed == 'No') {
+ aed_map.put("mfa_used", false);
+ } else {
+ aed_map.put("mfa_used", true);
+ }
+ }
+ if (aed_map.size() > 0) {
+ Map cl_map = new HashMap();
+ cl_map.put("additional_eventdata", aed_map);
+ ctx.aws.cloudtrail.put("console_login", cl_map);
+ }
+
+ - remove:
+ field:
+ - "json"
+ ignore_missing: true
+on_failure:
+ - set:
+ field: "error.message"
+ value: "{{ _ingest.on_failure_message }}"
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/fields/fields.yml
new file mode 100644
index 00000000000..546b77f828d
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/fields/fields.yml
@@ -0,0 +1,180 @@
+- name: aws.cloudtrail
+ type: group
+ release: beta
+ fields:
+ - name: event_version
+ type: keyword
+ description: |
+ The CloudTrail version of the log event format.
+ - name: user_identity
+ type: group
+ fields:
+ - name: type
+ type: keyword
+ description: |
+ The type of the identity
+ - name: arn
+ type: keyword
+ description: The Amazon Resource Name (ARN) of the principal that made the call.
+ - name: access_key_id
+ type: keyword
+ description: The access key ID that was used to sign the request.
+ - name: session_context
+ type: group
+ fields:
+ - name: mfa_authenticated
+ type: keyword
+ description: The value is true if the root user or IAM user whose credentials
+ were used for the request also was authenticated with an MFA device; otherwise,
+ false.
+ - name: creation_date
+ type: date
+ description: The date and time when the temporary security credentials were
+ issued.
+ - name: invoked_by
+ type: keyword
+ description: The name of the AWS service that made the request, such as Amazon
+ EC2 Auto Scaling or AWS Elastic Beanstalk.
+ - name: session_issuer
+ type: group
+ fields:
+ - name: type
+ type: keyword
+ description: The source of the temporary security credentials, such as Root,
+ IAMUser, or Role.
+ - name: principal_id
+ type: keyword
+ description: The internal ID of the entity that was used to get credentials.
+ - name: arn
+ type: keyword
+ description: The ARN of the source (account, IAM user, or role) that was used
+ to get temporary security credentials.
+ - name: account_id
+ type: keyword
+ description: The account that owns the entity that was used to get credentials.
+ - name: error_code
+ type: keyword
+ description: The AWS service error if the request returns an error.
+ - name: error_message
+ type: keyword
+ description: If the request returns an error, the description of the error.
+ - name: request_parameters
+ type: keyword
+ description: The parameters, if any, that were sent with the request.
+ - name: response_elements
+ type: keyword
+ description: The response element for actions that make changes (create, update,
+ or delete actions).
+ - name: additional_eventdata
+ type: keyword
+ description: Additional data about the event that was not part of the request
+ or response.
+ - name: request_id
+ type: keyword
+ description: The value that identifies the request. The service being called generates
+ this value.
+ - name: event_type
+ type: keyword
+ description: Identifies the type of event that generated the event record.
+ - name: api_version
+ type: keyword
+ description: Identifies the API version associated with the AwsApiCall eventType
+ value.
+ - name: management_event
+ type: keyword
+ description: A Boolean value that identifies whether the event is a management
+ event.
+ - name: read_only
+ type: keyword
+ description: Identifies whether this operation is a read-only operation.
+ - name: resources
+ type: group
+ fields:
+ - name: arn
+ type: keyword
+ description: Resource ARNs
+ - name: account_id
+ type: keyword
+ description: Account ID of the resource owner
+ - name: type
+ type: keyword
+ description: 'Resource type identifier in the format: AWS::aws-service-name::data-type-name'
+ - name: recipient_account_id
+ type: keyword
+ description: Represents the account ID that received this event.
+ - name: service_event_details
+ type: keyword
+ description: Identifies the service event, including what triggered the event
+ and the result.
+ - name: shared_event_id
+ type: keyword
+ description: GUID generated by CloudTrail to uniquely identify CloudTrail events
+ from the same AWS action that is sent to different AWS accounts.
+ - name: vpc_endpoint_id
+ type: keyword
+ description: Identifies the VPC endpoint in which requests were made from a VPC
+ to another AWS service, such as Amazon S3.
+ - name: console_login
+ type: group
+ fields:
+ - name: additional_eventdata
+ type: group
+ fields:
+ - name: mobile_version
+ type: boolean
+ description: Identifies whether ConsoleLogin was from mobile version
+ - name: login_to
+ type: keyword
+ description: URL for ConsoleLogin
+ - name: mfa_used
+ type: boolean
+ description: Identifies whether multi factor authentication was used during
+ ConsoleLogin
+- name: event.action
+ type: keyword
+ description: The action captured by the event.
+- name: event.original
+ type: keyword
+ description: Raw text message of entire event. Used to demonstrate log integrity.
+- name: user.name
+ type: keyword
+ description: Short name or login of the user.
+- name: user.id
+ type: keyword
+ description: Unique identifier of the user.
+- name: cloud.account.id
+ type: keyword
+ description: The cloud account or organization id used to identify different entities
+ in a multi-tenant environment.
+- name: event.provider
+ type: keyword
+ description: Source of the event.
+- name: cloud.region
+ type: keyword
+ description: Region in which this host is running.
+- name: source.address
+ type: keyword
+ description: Some event source addresses are defined ambiguously. The event will
+ sometimes list an IP, a domain or a unix socket. You should always store the raw
+ address in the .address field.
+- name: source.ip
+ type: ip
+ description: IP address of the source (IPv4 or IPv6).
+- name: user_agent.device.name
+ type: keyword
+ description: Name of the device.
+- name: user_agent.name
+ type: keyword
+ description: Name of the user agent.
+- name: user_agent.original
+ type: keyword
+ description: Unparsed user_agent string.
+- name: related.user
+ type: keyword
+ description: All the user names seen on your event.
+- name: event.kind
+ type: keyword
+ description: Event kind (e.g. event, alert, metric, state, pipeline_error, signal)
+- name: event.type
+ type: keyword
+ description: Event severity (e.g. info, error)
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/fields/package-fields.yml
new file mode 100644
index 00000000000..7f6b7c89946
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: aws
+ type: group
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/manifest.yml
new file mode 100644
index 00000000000..c5f4f71d1d9
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudtrail/manifest.yml
@@ -0,0 +1,8 @@
+title: AWS CloudTrail logs
+release: beta
+type: logs
+streams:
+- input: logs
+ template_path: s3.yml.hbs
+ title: AWS CloudTrail logs
+ description: Collect AWS CloudTrail logs using s3 input
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/agent/stream/s3.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/agent/stream/s3.yml.hbs
new file mode 100644
index 00000000000..95caff63aeb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/agent/stream/s3.yml.hbs
@@ -0,0 +1,33 @@
+queue_url: {{queue_url}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if visibility_timeout}}
+visibility_timeout: {{visibility_timeout}}
+{{/if}}
+{{#if api_timeout}}
+api_timeout: {{api_timeout}}
+{{/if}}
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if access_key_id}}
+access_key_id: {{access_key_id}}
+{{/if}}
+{{#if secret_access_key}}
+secret_access_key: {{secret_access_key}}
+{{/if}}
+{{#if session_token}}
+session_token: {{session_token}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+processors:
+ - add_fields:
+ target: ''
+ fields:
+ ecs.version: 1.5.0
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..1f7317d6dcc
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,26 @@
+---
+description: "Pipeline for CloudWatch logs"
+
+processors:
+ - grok:
+ field: message
+ patterns:
+ - "%{TIMESTAMP_ISO8601:_tmp.timestamp} %{SYSLOGTIMESTAMP:_tmp.syslog_timestamp} %{GREEDYDATA:aws.cloudwatch.message}"
+ - "%{TIMESTAMP_ISO8601:_tmp.timestamp} %{GREEDYDATA:aws.cloudwatch.message}"
+
+ - date:
+ field: '_tmp.timestamp'
+ target_field: "@timestamp"
+ ignore_failure: true
+ formats:
+ - 'ISO8601'
+
+ - remove:
+ field:
+ - _tmp
+ ignore_missing: true
+
+on_failure:
+ - set:
+ field: "error.message"
+ value: "{{ _ingest.on_failure_message }}"
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/fields/fields.yml
new file mode 100644
index 00000000000..61e575b1281
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/fields/fields.yml
@@ -0,0 +1,8 @@
+- name: aws.cloudwatch
+ type: group
+ release: beta
+ fields:
+ - name: message
+ type: text
+ description: |
+ CloudWatch log message.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/fields/package-fields.yml
new file mode 100644
index 00000000000..7f6b7c89946
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: aws
+ type: group
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/manifest.yml
new file mode 100644
index 00000000000..e14be461456
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-logs/manifest.yml
@@ -0,0 +1,8 @@
+title: AWS CloudWatch logs
+release: beta
+type: logs
+streams:
+- input: logs
+ template_path: s3.yml.hbs
+ title: AWS CloudWatch logs
+ description: Collect AWS CloudWatch logs using s3 input
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..078d1e00069
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/agent/stream/stream.yml.hbs
@@ -0,0 +1,23 @@
+metricsets: ["cloudwatch"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if metrics}}
+metrics: {{metrics}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/fields/fields.yml
new file mode 100644
index 00000000000..c7b4bc3ae67
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/fields/fields.yml
@@ -0,0 +1,7 @@
+- name: aws.cloudwatch
+ type: group
+ release: ga
+ fields:
+ - name: namespace
+ type: keyword
+ description: The namespace specified when query cloudwatch api.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/manifest.yml
new file mode 100644
index 00000000000..57522d6f6c9
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/cloudwatch-metrics/manifest.yml
@@ -0,0 +1,44 @@
+title: AWS CloudWatch metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 300s
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ - name: metrics
+ type: yaml
+ title: Metrics
+ multi: false
+ required: true
+ show_user: true
+ default: |
+ - namespace: AWS/EC2
+ tags.resource_type_filter: "ec2"
+ name:
+ - CPUUtilization
+ - DiskWriteOps
+ statistic:
+ - Average
+ - Maximum
+ # dimensions:
+ # - name: InstanceId
+ # value: i-123456
+ # tags:
+ # - key: created-by
+ # value: foo
+ title: AWS CloudWatch metrics
+ description: Collect AWS CloudWatch metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..81cf860e19e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["dynamodb"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/fields/fields.yml
new file mode 100644
index 00000000000..d392890f45d
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/fields/fields.yml
@@ -0,0 +1,110 @@
+- name: aws.dynamodb
+ type: group
+ release: beta
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: SuccessfulRequestLatency
+ type: group
+ fields:
+ - name: avg
+ type: double
+ - name: max
+ type: double
+ - name: OnlineIndexPercentageProgress.avg
+ type: double
+ description: |
+ The percentage of completion when a new global secondary index is being added to a table.
+ - name: ProvisionedWriteCapacityUnits.avg
+ type: double
+ description: |
+ The number of provisioned write capacity units for a table or a global secondary index.
+ - name: ProvisionedReadCapacityUnits.avg
+ type: double
+ description: |
+ The number of provisioned read capacity units for a table or a global secondary index.
+ - name: ConsumedReadCapacityUnits
+ type: group
+ fields:
+ - name: avg
+ type: double
+ - name: sum
+ type: long
+ - name: ConsumedWriteCapacityUnits
+ type: group
+ fields:
+ - name: avg
+ type: double
+ - name: sum
+ type: long
+ - name: ReplicationLatency
+ type: group
+ fields:
+ - name: avg
+ type: double
+ - name: max
+ type: double
+ - name: TransactionConflict
+ type: group
+ fields:
+ - name: avg
+ type: double
+ - name: sum
+ type: long
+ - name: AccountProvisionedReadCapacityUtilization.avg
+ type: double
+ description: |
+ The average percentage of provisioned read capacity units utilized by the account.
+ - name: AccountProvisionedWriteCapacityUtilization.avg
+ type: double
+ description: |
+ The average percentage of provisioned write capacity units utilized by the account.
+ - name: SystemErrors.sum
+ type: long
+ description: |
+ The requests to DynamoDB or Amazon DynamoDB Streams that generate an HTTP 500 status code during the specified time period.
+ - name: ConditionalCheckFailedRequests.sum
+ type: long
+ description: |
+ The number of failed attempts to perform conditional writes.
+ - name: PendingReplicationCount.sum
+ type: long
+ description: |
+ The number of item updates that are written to one replica table, but that have not yet been written to another replica in the global table.
+ - name: ReadThrottleEvents.sum
+ type: long
+ description: |
+ Requests to DynamoDB that exceed the provisioned read capacity units for a table or a global secondary index.
+ - name: ThrottledRequests.sum
+ type: long
+ description: |
+ Requests to DynamoDB that exceed the provisioned throughput limits on a resource (such as a table or an index).
+ - name: WriteThrottleEvents.sum
+ type: long
+ description: |
+ Requests to DynamoDB that exceed the provisioned write capacity units for a table or a global secondary index.
+ - name: AccountMaxReads.max
+ type: long
+ description: |
+ The maximum number of read capacity units that can be used by an account. This limit does not apply to on-demand tables or global secondary indexes.
+ - name: AccountMaxTableLevelReads.max
+ type: long
+ description: |
+ The maximum number of read capacity units that can be used by a table or global secondary index of an account. For on-demand tables this limit caps the maximum read request units a table or a global secondary index can use.
+ - name: AccountMaxTableLevelWrites.max
+ type: long
+ description: |
+ The maximum number of write capacity units that can be used by a table or global secondary index of an account. For on-demand tables this limit caps the maximum write request units a table or a global secondary index can use.
+ - name: AccountMaxWrites.max
+ type: long
+ description: |
+ The maximum number of write capacity units that can be used by an account. This limit does not apply to on-demand tables or global secondary indexes.
+ - name: MaxProvisionedTableReadCapacityUtilization.max
+ type: double
+ description: |
+ The percentage of provisioned read capacity units utilized by the highest provisioned read table or global secondary index of an account.
+ - name: MaxProvisionedTableWriteCapacityUtilization.max
+ type: double
+ description: |
+ The percentage of provisioned write capacity utilized by the highest provisioned write table or global secondary index of an account.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/manifest.yml
new file mode 100644
index 00000000000..21a0cd9f1b0
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/dynamodb/manifest.yml
@@ -0,0 +1,32 @@
+title: AWS DynamoDB metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 5m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ - name: tags_filter
+ type: yaml
+ title: Tags Filter
+ multi: false
+ required: false
+ show_user: false
+ default: |
+ # - key: "created-by"
+ # value: "foo"
+ title: AWS DynamoDB metrics
+ description: Collect AWS DynamoDB metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ebs/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/ebs/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..228a296cc1b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ebs/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["ebs"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ebs/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/ebs/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ebs/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ebs/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/ebs/fields/fields.yml
new file mode 100644
index 00000000000..153cc004d16
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ebs/fields/fields.yml
@@ -0,0 +1,55 @@
+- name: aws.ebs
+ type: group
+ release: ga
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: VolumeReadBytes.avg
+ type: double
+ description: Average size of each read operation during the period, except on
+ volumes attached to a Nitro-based instance, where the average represents the
+ average over the specified period.
+ - name: VolumeWriteBytes.avg
+ type: double
+ description: Average size of each write operation during the period, except
+ on volumes attached to a Nitro-based instance, where the average represents
+ the average over the specified period.
+ - name: VolumeReadOps.avg
+ type: double
+ description: The total number of read operations in a specified period of time.
+ - name: VolumeWriteOps.avg
+ type: double
+ description: The total number of write operations in a specified period of time.
+ - name: VolumeQueueLength.avg
+ type: double
+ description: The number of read and write operation requests waiting to be completed
+ in a specified period of time.
+ - name: VolumeThroughputPercentage.avg
+ type: double
+ description: The percentage of I/O operations per second (IOPS) delivered of
+ the total IOPS provisioned for an Amazon EBS volume. Used with Provisioned
+ IOPS SSD volumes only.
+ - name: VolumeConsumedReadWriteOps.avg
+ type: double
+ description: The total amount of read and write operations (normalized to 256K
+ capacity units) consumed in a specified period of time. Used with Provisioned
+ IOPS SSD volumes only.
+ - name: BurstBalance.avg
+ type: double
+ description: Used with General Purpose SSD (gp2), Throughput Optimized HDD (st1),
+ and Cold HDD (sc1) volumes only. Provides information about the percentage
+ of I/O credits (for gp2) or throughput credits (for st1 and sc1) remaining
+ in the burst bucket.
+ - name: VolumeTotalReadTime.sum
+ type: double
+ description: The total number of seconds spent by all read operations that completed
+ in a specified period of time.
+ - name: VolumeTotalWriteTime.sum
+ type: double
+ description: The total number of seconds spent by all write operations that
+ completed in a specified period of time.
+ - name: VolumeIdleTime.sum
+ type: double
+ description: The total number of seconds in a specified period of time when
+ no read or write operations were submitted.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ebs/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/ebs/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ebs/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ebs/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/ebs/manifest.yml
new file mode 100644
index 00000000000..fe8fc75c202
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ebs/manifest.yml
@@ -0,0 +1,32 @@
+title: AWS EBS metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 5m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ - name: tags_filter
+ type: yaml
+ title: Tags Filter
+ multi: false
+ required: false
+ show_user: false
+ default: |
+ # - key: "created-by"
+ # value: "foo"
+ title: AWS EBS metrics
+ description: Collect AWS EBS metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/agent/stream/s3.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/agent/stream/s3.yml.hbs
new file mode 100644
index 00000000000..95caff63aeb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/agent/stream/s3.yml.hbs
@@ -0,0 +1,33 @@
+queue_url: {{queue_url}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if visibility_timeout}}
+visibility_timeout: {{visibility_timeout}}
+{{/if}}
+{{#if api_timeout}}
+api_timeout: {{api_timeout}}
+{{/if}}
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if access_key_id}}
+access_key_id: {{access_key_id}}
+{{/if}}
+{{#if secret_access_key}}
+secret_access_key: {{secret_access_key}}
+{{/if}}
+{{#if session_token}}
+session_token: {{session_token}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+processors:
+ - add_fields:
+ target: ''
+ fields:
+ ecs.version: 1.5.0
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..002e3d24df8
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,25 @@
+---
+description: "Pipeline for EC2 logs in CloudWatch"
+
+processors:
+ - grok:
+ field: message
+ patterns:
+ - "%{TIMESTAMP_ISO8601:_tmp.timestamp} %{SYSLOGTIMESTAMP:_tmp.syslog_timestamp} %{IPORHOST:aws.ec2.ip_address} %{DATA:process.name}(?:\\[%{POSINT:process.pid}\\])?: %{GREEDYDATA:message}"
+
+ - date:
+ field: '_tmp.timestamp'
+ target_field: "@timestamp"
+ ignore_failure: true
+ formats:
+ - 'ISO8601'
+
+ - remove:
+ field:
+ - _tmp
+ ignore_missing: true
+
+on_failure:
+ - set:
+ field: "error.message"
+ value: "{{ _ingest.on_failure_message }}"
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/fields/fields.yml
new file mode 100644
index 00000000000..2fc5ccf18fb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/fields/fields.yml
@@ -0,0 +1,11 @@
+- name: aws.ec2
+ type: group
+ release: beta
+ fields:
+ - name: ip_address
+ type: keyword
+ description: |
+ The internet address of the requester.
+- name: process.name
+ type: keyword
+ description: Process name.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/fields/package-fields.yml
new file mode 100644
index 00000000000..7f6b7c89946
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: aws
+ type: group
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/manifest.yml
new file mode 100644
index 00000000000..a1f81851313
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-logs/manifest.yml
@@ -0,0 +1,8 @@
+title: AWS EC2 logs
+release: beta
+type: logs
+streams:
+- input: logs
+ template_path: s3.yml.hbs
+ title: AWS EC2 logs
+ description: Collect AWS EC2 logs using s3 input
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..468aef3ce2e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["ec2"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/fields/fields.yml
new file mode 100644
index 00000000000..d3f84cb2b72
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/fields/fields.yml
@@ -0,0 +1,144 @@
+- name: aws.ec2
+ type: group
+ release: ga
+ fields:
+ - name: cpu.total.pct
+ type: scaled_float
+ description: |
+ The percentage of allocated EC2 compute units that are currently in use on the instance.
+ - name: cpu.credit_usage
+ type: long
+ description: |
+ The number of CPU credits spent by the instance for CPU utilization.
+ - name: cpu.credit_balance
+ type: long
+ description: |
+ The number of earned CPU credits that an instance has accrued since it was launched or started.
+ - name: cpu.surplus_credit_balance
+ type: long
+ description: |
+ The number of surplus credits that have been spent by an unlimited instance when its CPUCreditBalance value is zero.
+ - name: cpu.surplus_credits_charged
+ type: long
+ description: |
+ The number of spent surplus credits that are not paid down by earned CPU credits, and which thus incur an additional charge.
+ - name: network.in.packets
+ type: long
+ description: |
+ The number of packets received on all network interfaces by the instance.
+ - name: network.in.packets_per_sec
+ type: long
+ description: |
+ The number of packets per second sent out on all network interfaces by the instance.
+ - name: network.out.packets
+ type: long
+ description: |
+ The number of packets sent out on all network interfaces by the instance.
+ - name: network.out.packets_per_sec
+ type: long
+ description: |
+ The number of packets per second sent out on all network interfaces by the instance.
+ - name: network.in.bytes
+ type: long
+ format: bytes
+ description: |
+ The number of bytes received on all network interfaces by the instance.
+ - name: network.in.bytes_per_sec
+ type: long
+ description: |
+ The number of bytes per second received on all network interfaces by the instance.
+ - name: network.out.bytes
+ type: long
+ format: bytes
+ description: |
+ The number of bytes sent out on all network interfaces by the instance.
+ - name: network.out.bytes_per_sec
+ type: long
+ description: |
+ The number of bytes per second sent out on all network interfaces by the instance.
+ - name: diskio.read.bytes
+ type: long
+ format: bytes
+ description: |
+ Bytes read from all instance store volumes available to the instance.
+ - name: diskio.read.bytes_per_sec
+ type: long
+ description: |
+ Bytes read per second from all instance store volumes available to the instance.
+ - name: diskio.write.bytes
+ type: long
+ format: bytes
+ description: |
+ Bytes written to all instance store volumes available to the instance.
+ - name: diskio.write.bytes_per_sec
+ type: long
+ description: |
+ Bytes written per second to all instance store volumes available to the instance.
+ - name: diskio.read.ops
+ type: long
+ description: |
+ Completed read operations from all instance store volumes available to the instance in a specified period of time.
+ - name: diskio.read.ops_per_sec
+ type: long
+ description: |
+ Completed read operations per second from all instance store volumes available to the instance in a specified period of time.
+ - name: diskio.write.ops
+ type: long
+ description: |
+ Completed write operations to all instance store volumes available to the instance in a specified period of time.
+ - name: diskio.write.ops_per_sec
+ type: long
+ description: |
+ Completed write operations per second to all instance store volumes available to the instance in a specified period of time.
+ - name: status.check_failed
+ type: long
+ description: |
+ Reports whether the instance has passed both the instance status check and the system status check in the last minute.
+ - name: status.check_failed_system
+ type: long
+ description: |
+ Reports whether the instance has passed the system status check in the last minute.
+ - name: status.check_failed_instance
+ type: long
+ description: |
+ Reports whether the instance has passed the instance status check in the last minute.
+ - name: instance.core.count
+ type: integer
+ description: |
+ The number of CPU cores for the instance.
+ - name: instance.image.id
+ type: keyword
+ description: |
+ The ID of the image used to launch the instance.
+ - name: instance.monitoring.state
+ type: keyword
+ description: |
+ Indicates whether detailed monitoring is enabled.
+ - name: instance.private.dns_name
+ type: keyword
+ description: |
+ The private DNS name of the network interface.
+ - name: instance.private.ip
+ type: ip
+ description: |
+ The private IPv4 address associated with the network interface.
+ - name: instance.public.dns_name
+ type: keyword
+ description: |
+ The public DNS name of the instance.
+ - name: instance.public.ip
+ type: ip
+ description: |
+ The address of the Elastic IP address (IPv4) bound to the network interface.
+ - name: instance.state.code
+ type: integer
+ description: |
+ The state of the instance, as a 16-bit unsigned integer.
+ - name: instance.state.name
+ type: keyword
+ description: |
+ The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).
+ - name: instance.threads_per_core
+ type: integer
+ description: |
+ The number of threads per CPU core.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/manifest.yml
new file mode 100644
index 00000000000..ad486b55b88
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/ec2-metrics/manifest.yml
@@ -0,0 +1,32 @@
+title: AWS EC2 metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 5m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ - name: tags_filter
+ type: yaml
+ title: Tags Filter
+ multi: false
+ required: false
+ show_user: false
+ default: |
+ # - key: "created-by"
+ # value: "foo"
+ title: AWS EC2 metrics
+ description: Collect AWS EC2 metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/agent/stream/s3.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/agent/stream/s3.yml.hbs
new file mode 100644
index 00000000000..95caff63aeb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/agent/stream/s3.yml.hbs
@@ -0,0 +1,33 @@
+queue_url: {{queue_url}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if visibility_timeout}}
+visibility_timeout: {{visibility_timeout}}
+{{/if}}
+{{#if api_timeout}}
+api_timeout: {{api_timeout}}
+{{/if}}
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if access_key_id}}
+access_key_id: {{access_key_id}}
+{{/if}}
+{{#if secret_access_key}}
+secret_access_key: {{secret_access_key}}
+{{/if}}
+{{#if session_token}}
+session_token: {{session_token}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+processors:
+ - add_fields:
+ target: ''
+ fields:
+ ecs.version: 1.5.0
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..0c31f7256ff
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,208 @@
+---
+description: "Pipeline for ELB logs"
+
+processors:
+ - grok:
+ field: message
+ # Classic ELB patterns documented in https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html
+ # ELB v2 Application load balancers https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
+ # ELB v2 Netwwork load balancers https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html
+ #
+ patterns:
+ # HTTP (Classic ELB)
+ - >-
+ %{ELBHTTPLOG}
+
+ # TCP (Classic ELB)
+ - >-
+ %{ELBTCPLOG}
+
+ # HTTP from Application Load Balancers (v2 Load Balancers)
+ - >-
+ %{ELBV2TYPE}
+ %{ELBHTTPLOG}
+ %{NOTSPACE:aws.elb.target_group.arn}
+ \"%{DATA:aws.elb.trace_id}\"
+ \"(?:-|%{DATA:destination.domain})\"
+ \"(?:-|%{DATA:aws.elb.chosen_cert.arn})\"
+ (?:-1|%{NUMBER:aws.elb.matched_rule_priority})
+ %{TIMESTAMP_ISO8601:event.start}
+ \"(?:-|%{DATA:_tmp.actions_executed})\"
+ \"(?:-|%{DATA:aws.elb.redirect_url})\"
+ \"(?:-|%{DATA:aws.elb.error.reason})\"
+
+ # TCP from Network Load Balancers (v2 Load Balancers)
+ - >-
+ %{ELBV2TYPE}
+ %{ELBV2LOGVERSION}
+ %{ELBTIMESTAMP}
+ %{ELBNAME}
+ %{NOTSPACE:aws.elb.listener}
+ %{ELBSOURCE}
+ %{ELBBACKEND}
+ %{NUMBER:aws.elb.connection_time.ms:float}
+ %{NUMBER:aws.elb.tls_handshake_time.ms:float}
+ %{NUMBER:source.bytes:long}
+ %{NUMBER:destination.bytes:long}
+ (?:-|%{NUMBER:aws.elb.incoming_tls_alert})
+ (?:-|%{NOTSPACE:aws.elb.chosen_cert.arn})
+ (?:-|%{NOTSPACE:aws.elb.chosen_cert.serial})
+ %{ELBSSL}
+ (?:-|%{NOTSPACE:aws.elb.ssl_named_group})
+ (?:-|%{NOTSPACE:destination.domain})
+
+ pattern_definitions:
+ ELBTIMESTAMP: '%{TIMESTAMP_ISO8601:_tmp.timestamp}'
+ ELBNAME: '%{NOTSPACE:aws.elb.name}'
+ ELBSOURCE: '%{IP:source.ip}:%{POSINT:source.port}'
+ ELBBACKEND: '(?:-|%{IP:aws.elb.backend.ip}:%{POSINT:aws.elb.backend.port})'
+ ELBPROCESSINGTIME: >-
+ (?:-1|%{NUMBER:aws.elb.request_processing_time.sec:float})
+ (?:-1|%{NUMBER:aws.elb.backend_processing_time.sec:float})
+ (?:-1|%{NUMBER:aws.elb.response_processing_time.sec:float})
+ ELBSSL: >-
+ (?:-|%{NOTSPACE:aws.elb.ssl_cipher})
+ (?:-|%{NOTSPACE:aws.elb.ssl_protocol})
+ ELBCOMMON: >-
+ %{ELBTIMESTAMP}
+ %{ELBNAME}
+ %{ELBSOURCE}
+ %{ELBBACKEND}
+ %{ELBPROCESSINGTIME}
+ ELBHTTPLOG: >-
+ %{ELBCOMMON}
+ %{NUMBER:http.response.status_code:long}
+ (?:-|%{NUMBER:aws.elb.backend.http.response.status_code:long})
+ %{NUMBER:http.request.body.bytes:long}
+ %{NUMBER:http.response.body.bytes:long}
+ \"(?:-|%{WORD:http.request.method}) (?:-|%{NOTSPACE:http.request.referrer}) (?:-|HTTP/%{NOTSPACE:http.version})\"
+ \"%{DATA:user_agent.original}\"
+ %{ELBSSL}
+ ELBTCPLOG: >-
+ %{ELBCOMMON}
+ -
+ -
+ %{NUMBER:source.bytes:long}
+ %{NUMBER:destination.bytes:long}
+ \"- - - \"
+ \"-\"
+ %{ELBSSL}
+ ELBV2TYPE: '%{WORD:aws.elb.type}'
+ ELBV2LOGVERSION: '%{NOTSPACE}' # Could be used to support different log versions, only 1.0 exists now
+
+ - set:
+ field: event.kind
+ value: event
+
+ - set:
+ field: cloud.provider
+ value: aws
+
+ - set:
+ if: 'ctx.http != null'
+ field: 'aws.elb.protocol'
+ value: 'http'
+
+ - set:
+ if: 'ctx.http != null'
+ field: event.category
+ value: web
+
+ - set:
+ if: 'ctx.http == null'
+ field: 'aws.elb.protocol'
+ value: 'tcp'
+
+ - set:
+ if: 'ctx.http == null'
+ field: event.category
+ value: network
+
+ - set:
+ if: 'ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400'
+ field: event.outcome
+ value: success
+
+ - set:
+ if: 'ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400'
+ field: event.outcome
+ value: failure
+
+ - lowercase:
+ field: http.request.method
+ ignore_missing: true
+
+ - set:
+ if: "ctx?.aws?.elb?.trace_id != null"
+ field: tracing.trace.id
+ value: "{{aws.elb.trace_id}}"
+
+ - split:
+ field: '_tmp.actions_executed'
+ target_field: 'aws.elb.action_executed'
+ separator: ','
+ ignore_missing: true
+
+ - date:
+ field: '_tmp.timestamp'
+ formats:
+ - 'ISO8601'
+
+ - set:
+ field: 'event.end'
+ value: '{{ @timestamp }}'
+
+ - geoip:
+ field: 'source.ip'
+ target_field: 'source.geo'
+ ignore_missing: true
+
+ - geoip:
+ database_file: 'GeoLite2-ASN.mmdb'
+ field: 'source.ip'
+ target_field: 'source.as'
+ properties:
+ - 'asn'
+ - 'organization_name'
+ ignore_missing: true
+
+ - rename:
+ field: source.as.asn
+ target_field: source.as.number
+ ignore_missing: true
+
+ - rename:
+ field: source.as.organization_name
+ target_field: source.as.organization.name
+ ignore_missing: true
+
+ - set:
+ field: tls.cipher
+ value: '{{aws.elb.ssl_cipher}}'
+ if: ctx.aws?.elb?.ssl_cipher != null
+
+ - script:
+ lang: painless
+ if: ctx.aws?.elb?.ssl_protocol != null
+ source: >-
+ def parts = ctx.aws.elb.ssl_protocol.splitOnToken("v");
+ if (parts.length != 2) {
+ return;
+ }
+ if (parts[1].contains(".")) {
+ ctx.tls.version = parts[1];
+ } else {
+ ctx.tls.version = parts[1].substring(0,1) + "." + parts[1].substring(1);
+ }
+ ctx.tls.version_protocol = parts[0].toLowerCase();
+
+ - remove:
+ field:
+ - message
+ - _tmp
+ ignore_missing: true
+
+on_failure:
+ - set:
+ field: "error.message"
+ value: "{{ _ingest.on_failure_message }}"
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/fields/fields.yml
new file mode 100644
index 00000000000..e8f9a79ea56
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/fields/fields.yml
@@ -0,0 +1,183 @@
+- name: aws.elb
+ type: group
+ release: ga
+ fields:
+ - name: name
+ type: keyword
+ description: |
+ The name of the load balancer.
+ - name: type
+ type: keyword
+ description: |
+ The type of the load balancer for v2 Load Balancers.
+ - name: target_group.arn
+ type: keyword
+ description: |
+ The ARN of the target group handling the request.
+ - name: listener
+ type: keyword
+ description: |
+ The ELB listener that received the connection.
+ - name: protocol
+ type: keyword
+ description: |
+ The protocol of the load balancer (http or tcp).
+ - name: request_processing_time.sec
+ type: float
+ description: |
+ The total time in seconds since the connection or request is received until it is sent to a registered backend.
+ - name: backend_processing_time.sec
+ type: float
+ description: |
+ The total time in seconds since the connection is sent to the backend till the backend starts responding.
+ - name: response_processing_time.sec
+ type: float
+ description: |
+ The total time in seconds since the response is received from the backend till it is sent to the client.
+ - name: connection_time.ms
+ type: long
+ description: |
+ The total time of the connection in milliseconds, since it is opened till it is closed.
+ - name: tls_handshake_time.ms
+ type: long
+ description: |
+ The total time for the TLS handshake to complete in milliseconds once the connection has been established.
+ - name: backend.ip
+ type: keyword
+ description: |
+ The IP address of the backend processing this connection.
+ - name: backend.port
+ type: keyword
+ description: |
+ The port in the backend processing this connection.
+ - name: backend.http.response.status_code
+ type: keyword
+ description: |
+ The status code from the backend (status code sent to the client from ELB is stored in `http.response.status_code`
+ - name: ssl_cipher
+ type: keyword
+ description: |
+ The SSL cipher used in TLS/SSL connections.
+ - name: ssl_protocol
+ type: keyword
+ description: |
+ The SSL protocol used in TLS/SSL connections.
+ - name: chosen_cert.arn
+ type: keyword
+ description: |
+ The ARN of the chosen certificate presented to the client in TLS/SSL connections.
+ - name: chosen_cert.serial
+ type: keyword
+ description: |
+ The serial number of the chosen certificate presented to the client in TLS/SSL connections.
+ - name: incoming_tls_alert
+ type: keyword
+ description: |
+ The integer value of TLS alerts received by the load balancer from the client, if present.
+ - name: tls_named_group
+ type: keyword
+ description: |
+ The TLS named group.
+ - name: trace_id
+ type: keyword
+ description: |
+ The contents of the `X-Amzn-Trace-Id` header.
+ - name: matched_rule_priority
+ type: keyword
+ description: |
+ The priority value of the rule that matched the request, if a rule matched.
+ - name: action_executed
+ type: keyword
+ description: |
+ The action executed when processing the request (forward, fixed-response, authenticate...). It can contain several values.
+ - name: redirect_url
+ type: keyword
+ description: |
+ The URL used if a redirection action was executed.
+ - name: error.reason
+ type: keyword
+ description: |
+ The error reason if the executed action failed.
+- name: destination.domain
+ type: keyword
+ description: Destination domain.
+- name: event.start
+ type: date
+ description: event.start contains the date when the event started or when the activity
+ was first observed.
+- name: destination.bytes
+ type: long
+ description: Bytes sent from the destination to the source.
+- name: http.response.status_code
+ type: long
+ description: HTTP response status code.
+- name: http.request.body.bytes
+ type: long
+ description: Size in bytes of the request body.
+- name: http.response.body.bytes
+ type: long
+ description: Size in bytes of the response body.
+- name: http.request.method
+ type: keyword
+ description: HTTP request method.
+- name: http.request.referrer
+ type: keyword
+ description: Referrer for this HTTP request.
+- name: http.version
+ type: keyword
+ description: HTTP version.
+- name: user_agent.original
+ type: keyword
+ description: Unparsed user_agent string.
+- name: cloud.provider
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+- name: event.kind
+ type: keyword
+ description: Event kind (e.g. event, alert, metric, state, pipeline_error, sig
+- name: event.category
+ type: keyword
+ description: Event category (e.g. database)
+- name: event.outcome
+ type: keyword
+ description: This is one of four ECS Categorization Fields, and indicates the lowest
+ level in the ECS category hierarchy.
+- name: tracing.trace.id
+ type: keyword
+ description: Unique identifier of the trace.
+- name: event.end
+ type: date
+ description: event.end contains the date when the event ended or when the activity
+ was last observed.
+- name: source.ip
+ type: ip
+ description: IP address of the source.
+- name: source.as.number
+ type: long
+ description: Unique number allocated to the autonomous system. The autonomous system
+ number (ASN) uniquely identifies each network on the Internet.
+- name: source.as.organization.name
+ type: keyword
+ description: Organization name.
+- name: source.geo.city_name
+ type: keyword
+ description: City name.
+- name: source.geo.continent_name
+ type: keyword
+ description: Name of the continent.
+- name: source.geo.country_iso_code
+ type: keyword
+ description: Country ISO code.
+- name: source.geo.location
+ type: geo_point
+ description: Longitude and latitude.
+- name: source.geo.region_iso_code
+ type: keyword
+ description: Region ISO code.
+- name: source.geo.region_name
+ type: keyword
+ description: Region name.
+- name: source.port
+ type: long
+ description: Port of the source.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/fields/package-fields.yml
new file mode 100644
index 00000000000..7f6b7c89946
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: aws
+ type: group
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/manifest.yml
new file mode 100644
index 00000000000..fc2d5d34e12
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-logs/manifest.yml
@@ -0,0 +1,8 @@
+title: AWS ELB logs
+release: beta
+type: logs
+streams:
+- input: logs
+ template_path: s3.yml.hbs
+ title: AWS ELB logs
+ description: Collect AWS ELB logs using s3 input
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..38f555dbc02
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["elb"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/fields/fields.yml
new file mode 100644
index 00000000000..8e36c5a691a
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/fields/fields.yml
@@ -0,0 +1,219 @@
+- name: aws.elb
+ type: group
+ release: ga
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: BackendConnectionErrors.sum
+ type: long
+ description: The number of connections that were not successfully established
+ between the load balancer and the registered instances.
+ - name: HTTPCode_Backend_2XX.sum
+ type: long
+ description: The number of HTTP 2XX response code generated by registered instances.
+ - name: HTTPCode_Backend_3XX.sum
+ type: long
+ description: The number of HTTP 3XX response code generated by registered instances.
+ - name: HTTPCode_Backend_4XX.sum
+ type: long
+ description: The number of HTTP 4XX response code generated by registered instances.
+ - name: HTTPCode_Backend_5XX.sum
+ type: long
+ description: The number of HTTP 5XX response code generated by registered instances.
+ - name: HTTPCode_ELB_4XX.sum
+ type: long
+ description: The number of HTTP 4XX client error codes generated by the load
+ balancer.
+ - name: HTTPCode_ELB_5XX.sum
+ type: long
+ description: The number of HTTP 5XX server error codes generated by the load
+ balancer.
+ - name: RequestCount.sum
+ type: long
+ description: The number of requests completed or connections made during the
+ specified interval.
+ - name: SpilloverCount.sum
+ type: long
+ description: The total number of requests that were rejected because the surge
+ queue is full.
+ - name: HealthyHostCount.max
+ type: long
+ description: The number of healthy instances registered with your load balancer.
+ - name: SurgeQueueLength.max
+ type: long
+ description: The total number of requests (HTTP listener) or connections (TCP
+ listener) that are pending routing to a healthy instance.
+ - name: UnHealthyHostCount.max
+ type: long
+ description: The number of unhealthy instances registered with your load balancer.
+ - name: Latency.avg
+ type: double
+ description: The total time elapsed, in seconds, from the time the load balancer
+ sent the request to a registered instance until the instance started to send
+ the response headers.
+ - name: EstimatedALBActiveConnectionCount.avg
+ type: double
+ description: The estimated number of concurrent TCP connections active from
+ clients to the load balancer and from the load balancer to targets.
+ - name: EstimatedALBConsumedLCUs.avg
+ type: double
+ description: The estimated number of load balancer capacity units (LCU) used
+ by an Application Load Balancer.
+ - name: EstimatedALBNewConnectionCount.avg
+ type: double
+ description: The estimated number of new TCP connections established from clients
+ to the load balancer and from the load balancer to targets.
+ - name: EstimatedProcessedBytes.avg
+ type: double
+ description: The estimated number of bytes processed by an Application Load
+ Balancer.
+- name: aws.applicationelb
+ type: group
+ release: ga
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: ActiveConnectionCount.sum
+ type: long
+ description: The total number of concurrent TCP connections active from clients
+ to the load balancer and from the load balancer to targets.
+ - name: ClientTLSNegotiationErrorCount.sum
+ type: long
+ description: The number of TLS connections initiated by the client that did
+ not establish a session with the load balancer due to a TLS error.
+ - name: HTTP_Fixed_Response_Count.sum
+ type: long
+ description: The number of fixed-response actions that were successful.
+ - name: HTTP_Redirect_Count.sum
+ type: long
+ description: The number of redirect actions that were successful.
+ - name: HTTP_Redirect_Url_Limit_Exceeded_Count.sum
+ type: long
+ description: The number of redirect actions that couldn't be completed because
+ the URL in the response location header is larger than 8K.
+ - name: HTTPCode_ELB_3XX_Count.sum
+ type: long
+ description: The number of HTTP 3XX redirection codes that originate from the
+ load balancer.
+ - name: HTTPCode_ELB_4XX_Count.sum
+ type: long
+ description: The number of HTTP 4XX client error codes that originate from the
+ load balancer.
+ - name: HTTPCode_ELB_5XX_Count.sum
+ type: long
+ description: The number of HTTP 5XX server error codes that originate from the
+ load balancer.
+ - name: HTTPCode_ELB_500_Count.sum
+ type: long
+ description: The number of HTTP 500 error codes that originate from the load
+ balancer.
+ - name: HTTPCode_ELB_502_Count.sum
+ type: long
+ description: The number of HTTP 502 error codes that originate from the load
+ balancer.
+ - name: HTTPCode_ELB_503_Count.sum
+ type: long
+ description: The number of HTTP 503 error codes that originate from the load
+ balancer.
+ - name: HTTPCode_ELB_504_Count.sum
+ type: long
+ description: The number of HTTP 504 error codes that originate from the load
+ balancer.
+ - name: IPv6ProcessedBytes.sum
+ type: long
+ description: The total number of bytes processed by the load balancer over IPv6.
+ - name: IPv6RequestCount.sum
+ type: long
+ description: The number of IPv6 requests received by the load balancer.
+ - name: NewConnectionCount.sum
+ type: long
+ description: The total number of new TCP connections established from clients
+ to the load balancer and from the load balancer to targets.
+ - name: ProcessedBytes.sum
+ type: long
+ description: The total number of bytes processed by the load balancer over IPv4
+ and IPv6.
+ - name: RejectedConnectionCount.sum
+ type: long
+ description: The number of connections that were rejected because the load balancer
+ had reached its maximum number of connections.
+ - name: RequestCount.sum
+ type: long
+ description: The number of requests processed over IPv4 and IPv6.
+ - name: RuleEvaluations.sum
+ type: long
+ description: The number of rules processed by the load balancer given a request
+ rate averaged over an hour.
+ - name: ConsumedLCUs.avg
+ type: double
+ description: The number of load balancer capacity units (LCU) used by your load
+ balancer.
+- name: aws.networkelb
+ type: group
+ release: ga
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: ActiveFlowCount.avg
+ type: double
+ description: The total number of concurrent flows (or connections) from clients
+ to targets.
+ - name: ActiveFlowCount_TCP.avg
+ type: double
+ description: The total number of concurrent TCP flows (or connections) from
+ clients to targets.
+ - name: ActiveFlowCount_TLS.avg
+ type: double
+ description: The total number of concurrent TLS flows (or connections) from
+ clients to targets.
+ - name: ActiveFlowCount_UDP.avg
+ type: double
+ description: The total number of concurrent UDP flows (or connections) from
+ clients to targets.
+ - name: ConsumedLCUs.avg
+ type: double
+ description: The number of load balancer capacity units (LCU) used by your load
+ balancer.
+ - name: ClientTLSNegotiationErrorCount.sum
+ type: long
+ description: The total number of TLS handshakes that failed during negotiation
+ between a client and a TLS listener.
+ - name: NewFlowCount.sum
+ type: long
+ description: The total number of new flows (or connections) established from
+ clients to targets in the time period.
+ - name: NewFlowCount_TLS.sum
+ type: long
+ description: The total number of new TLS flows (or connections) established
+ from clients to targets in the time period.
+ - name: ProcessedBytes.sum
+ type: long
+ description: The total number of bytes processed by the load balancer, including
+ TCP/IP headers.
+ - name: ProcessedBytes_TLS.sum
+ type: long
+ description: The total number of bytes processed by TLS listeners.
+ - name: TargetTLSNegotiationErrorCount.sum
+ type: long
+ description: The total number of TLS handshakes that failed during negotiation
+ between a TLS listener and a target.
+ - name: TCP_Client_Reset_Count.sum
+ type: long
+ description: The total number of reset (RST) packets sent from a client to a
+ target.
+ - name: TCP_ELB_Reset_Count.sum
+ type: long
+ description: The total number of reset (RST) packets generated by the load balancer.
+ - name: TCP_Target_Reset_Count.sum
+ type: long
+ description: The total number of reset (RST) packets sent from a target to a
+ client.
+ - name: HealthyHostCount.max
+ type: long
+ description: The number of targets that are considered healthy.
+ - name: UnHealthyHostCount.max
+ type: long
+ description: The number of targets that are considered unhealthy.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/manifest.yml
new file mode 100644
index 00000000000..d27814e8d49
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/elb-metrics/manifest.yml
@@ -0,0 +1,32 @@
+title: AWS ELB metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 1m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ - name: tags_filter
+ type: yaml
+ title: Tags Filter
+ multi: false
+ required: false
+ show_user: false
+ default: |
+ # - key: "created-by"
+ # value: "foo"
+ title: AWS ELB metrics
+ description: Collect AWS ELB metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/lambda/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/lambda/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..294de7a3d96
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/lambda/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["lambda"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/lambda/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/lambda/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/lambda/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/lambda/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/lambda/fields/fields.yml
new file mode 100644
index 00000000000..7f01ce3036a
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/lambda/fields/fields.yml
@@ -0,0 +1,56 @@
+- name: aws.lambda
+ type: group
+ release: beta
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: Invocations.avg
+ type: double
+ description: The number of times your function code is executed, including successful
+ executions and executions that result in a function error.
+ - name: Errors.avg
+ type: double
+ description: The number of invocations that result in a function error.
+ - name: DeadLetterErrors.avg
+ type: double
+ description: For asynchronous invocation, the number of times Lambda attempts
+ to send an event to a dead-letter queue but fails.
+ - name: DestinationDeliveryFailures.avg
+ type: double
+ description: For asynchronous invocation, the number of times Lambda attempts
+ to send an event to a destination but fails.
+ - name: Duration.avg
+ type: double
+ description: The amount of time that your function code spends processing an
+ event.
+ - name: Throttles.avg
+ type: double
+ description: The number of invocation requests that are throttled.
+ - name: IteratorAge.avg
+ type: double
+ description: For event source mappings that read from streams, the age of the
+ last record in the event.
+ - name: ConcurrentExecutions.avg
+ type: double
+ description: The number of function instances that are processing events.
+ - name: UnreservedConcurrentExecutions.avg
+ type: double
+ description: For an AWS Region, the number of events that are being processed
+ by functions that don't have reserved concurrency.
+ - name: ProvisionedConcurrentExecutions.max
+ type: long
+ description: The number of function instances that are processing events on
+ provisioned concurrency.
+ - name: ProvisionedConcurrencyUtilization.max
+ type: long
+ description: For a version or alias, the value of ProvisionedConcurrentExecutions
+ divided by the total amount of provisioned concurrency allocated.
+ - name: ProvisionedConcurrencyInvocations.sum
+ type: long
+ description: The number of times your function code is executed on provisioned
+ concurrency.
+ - name: ProvisionedConcurrencySpilloverInvocations.sum
+ type: long
+ description: The number of times your function code is executed on standard
+ concurrency when all provisioned concurrency is in use.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/lambda/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/lambda/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/lambda/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/lambda/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/lambda/manifest.yml
new file mode 100644
index 00000000000..6f8f3b43345
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/lambda/manifest.yml
@@ -0,0 +1,32 @@
+title: AWS Lambda metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 5m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ - name: tags_filter
+ type: yaml
+ title: Tags Filter
+ multi: false
+ required: false
+ show_user: false
+ default: |
+ # - key: "created-by"
+ # value: "foo"
+ title: AWS Lambda metrics
+ description: Collect AWS Lambda metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/natgateway/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..ea38ffdfcfe
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["natgateway"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/natgateway/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/natgateway/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/fields/fields.yml
new file mode 100644
index 00000000000..63a981461bf
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/fields/fields.yml
@@ -0,0 +1,56 @@
+- name: aws.natgateway
+ type: group
+ release: beta
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: BytesInFromDestination.sum
+ type: long
+ description: The number of bytes received by the NAT gateway from the destination.
+ - name: BytesInFromSource.sum
+ type: long
+ description: The number of bytes received by the NAT gateway from clients in
+ your VPC.
+ - name: BytesOutToDestination.sum
+ type: long
+ description: The number of bytes sent out through the NAT gateway to the destination.
+ - name: BytesOutToSource.sum
+ type: long
+ description: The number of bytes sent through the NAT gateway to the clients
+ in your VPC.
+ - name: ConnectionAttemptCount.sum
+ type: long
+ description: The number of connection attempts made through the NAT gateway.
+ - name: ConnectionEstablishedCount.sum
+ type: long
+ description: The number of connections established through the NAT gateway.
+ - name: ErrorPortAllocation.sum
+ type: long
+ description: The number of times the NAT gateway could not allocate a source
+ port.
+ - name: IdleTimeoutCount.sum
+ type: long
+ description: The number of connections that transitioned from the active state
+ to the idle state.
+ - name: PacketsDropCount.sum
+ type: long
+ description: The number of packets dropped by the NAT gateway.
+ - name: PacketsInFromDestination.sum
+ type: long
+ description: The number of packets received by the NAT gateway from the destination.
+ - name: PacketsInFromSource.sum
+ type: long
+ description: The number of packets received by the NAT gateway from clients
+ in your VPC.
+ - name: PacketsOutToDestination.sum
+ type: long
+ description: The number of packets sent out through the NAT gateway to the destination.
+ - name: PacketsOutToSource.sum
+ type: long
+ description: The number of packets sent through the NAT gateway to the clients
+ in your VPC.
+ - name: ActiveConnectionCount.max
+ type: long
+ description: The total number of concurrent active TCP connections through the
+ NAT gateway.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/natgateway/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/natgateway/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/manifest.yml
new file mode 100644
index 00000000000..bdc0629c137
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/natgateway/manifest.yml
@@ -0,0 +1,23 @@
+title: AWS NAT gateway metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 1m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ title: AWS NAT gateway metrics
+ description: Collect AWS NAT gateway metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/rds/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/rds/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..b4b40e7a66c
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/rds/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["rds"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/rds/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/rds/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/rds/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/rds/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/rds/fields/fields.yml
new file mode 100644
index 00000000000..af361166af6
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/rds/fields/fields.yml
@@ -0,0 +1,319 @@
+- name: aws.rds
+ type: group
+ release: ga
+ fields:
+ - name: cpu.total.pct
+ type: scaled_float
+ format: percent
+ description: |
+ The percentage of CPU utilization.
+ - name: cpu.credit_usage
+ type: long
+ description: |
+ The number of CPU credits spent by the instance for CPU utilization.
+ - name: cpu.credit_balance
+ type: long
+ description: |
+ The number of earned CPU credits that an instance has accrued since it was launched or started.
+ - name: database_connections
+ type: long
+ description: |
+ The number of database connections in use.
+ - name: db_instance.arn
+ type: keyword
+ description: |
+ Amazon Resource Name(ARN) for each rds.
+ - name: db_instance.class
+ type: keyword
+ description: |
+ Contains the name of the compute and memory capacity class of the DB instance.
+ - name: db_instance.identifier
+ type: keyword
+ description: |
+ Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance.
+ - name: db_instance.status
+ type: keyword
+ description: |
+ Specifies the current state of this database.
+ - name: disk_queue_depth
+ type: float
+ description: |
+ The number of outstanding IOs (read/write requests) waiting to access the disk.
+ - name: failed_sql_server_agent_jobs
+ type: long
+ description: |
+ The number of failed SQL Server Agent jobs during the last minute.
+ - name: freeable_memory.bytes
+ type: long
+ format: bytes
+ description: |
+ The amount of available random access memory.
+ - name: free_storage.bytes
+ type: long
+ format: bytes
+ description: |
+ The amount of available storage space.
+ - name: maximum_used_transaction_ids
+ type: long
+ description: |
+ The maximum transaction ID that has been used. Applies to PostgreSQL.
+ - name: oldest_replication_slot_lag.mb
+ type: long
+ description: |
+ The lagging size of the replica lagging the most in terms of WAL data received. Applies to PostgreSQL.
+ - name: read_io.ops_per_sec
+ type: float
+ description: |
+ The average number of disk read I/O operations per second.
+ - name: replica_lag.sec
+ type: long
+ format: duration
+ description: |
+ The amount of time a Read Replica DB instance lags behind the source DB instance. Applies to MySQL, MariaDB, and PostgreSQL Read Replicas.
+ - name: swap_usage.bytes
+ type: long
+ format: bytes
+ description: |
+ The amount of swap space used on the DB instance. This metric is not available for SQL Server.
+ - name: transaction_logs_generation
+ type: long
+ description: |
+ The disk space used by transaction logs. Applies to PostgreSQL.
+ - name: write_io.ops_per_sec
+ type: float
+ description: |
+ The average number of disk write I/O operations per second.
+ - name: queries
+ type: long
+ description: |
+ The average number of queries executed per second.
+ - name: deadlocks
+ type: long
+ description: |
+ The average number of deadlocks in the database per second.
+ - name: volume_used.bytes
+ type: long
+ format: bytes
+ description: |
+ The amount of storage used by your Aurora DB instance, in bytes.
+ - name: volume.read.iops
+ type: long
+ format: bytes
+ description: |
+ The number of billed read I/O operations from a cluster volume, reported at 5-minute intervals.
+ - name: volume.write.iops
+ type: long
+ format: bytes
+ description: |
+ The number of write disk I/O operations to the cluster volume, reported at 5-minute intervals.
+ - name: free_local_storage.bytes
+ type: long
+ format: bytes
+ description: |
+ The amount of storage available for temporary tables and logs, in bytes.
+ - name: login_failures
+ type: long
+ description: |
+ The average number of failed login attempts per second.
+ - name: throughput.commit
+ type: float
+ description: |
+ The average number of commit operations per second.
+ - name: throughput.delete
+ type: float
+ description: |
+ The average number of delete queries per second.
+ - name: throughput.ddl
+ type: float
+ description: |
+ The average number of DDL requests per second.
+ - name: throughput.dml
+ type: float
+ description: |
+ The average number of inserts, updates, and deletes per second.
+ - name: throughput.insert
+ type: float
+ description: |
+ The average number of insert queries per second.
+ - name: throughput.network
+ type: float
+ description: |
+ The amount of network throughput both received from and transmitted to clients by each instance in the Aurora MySQL DB cluster, in bytes per second.
+ - name: throughput.network_receive
+ type: float
+ description: |
+ The incoming (Receive) network traffic on the DB instance, including both customer database traffic and Amazon RDS traffic used for monitoring and replication.
+ - name: throughput.network_transmit
+ type: float
+ description: |
+ The outgoing (Transmit) network traffic on the DB instance, including both customer database traffic and Amazon RDS traffic used for monitoring and replication.
+ - name: throughput.read
+ type: float
+ description: |
+ The average amount of time taken per disk I/O operation.
+ - name: throughput.select
+ type: float
+ description: |
+ The average number of select queries per second.
+ - name: throughput.update
+ type: float
+ description: |
+ The average number of update queries per second.
+ - name: throughput.write
+ type: float
+ description: |
+ The average number of bytes written to disk per second.
+ - name: latency.commit
+ type: float
+ format: duration
+ description: |
+ The amount of latency for commit operations, in milliseconds.
+ - name: latency.ddl
+ type: float
+ format: duration
+ description: |
+ The amount of latency for data definition language (DDL) requests, in milliseconds.
+ - name: latency.dml
+ type: float
+ format: duration
+ description: |
+ The amount of latency for inserts, updates, and deletes, in milliseconds.
+ - name: latency.insert
+ type: float
+ format: duration
+ description: |
+ The amount of latency for insert queries, in milliseconds.
+ - name: latency.read
+ type: float
+ format: duration
+ description: |
+ The average amount of time taken per disk I/O operation.
+ - name: latency.select
+ type: float
+ format: duration
+ description: |
+ The amount of latency for select queries, in milliseconds.
+ - name: latency.update
+ type: float
+ format: duration
+ description: |
+ The amount of latency for update queries, in milliseconds.
+ - name: latency.write
+ type: float
+ format: duration
+ description: |
+ The average amount of time taken per disk I/O operation.
+ - name: latency.delete
+ type: float
+ format: duration
+ description: |
+ The amount of latency for delete queries, in milliseconds.
+ - name: disk_usage.bin_log.bytes
+ type: long
+ format: bytes
+ description: |
+ The amount of disk space occupied by binary logs on the master. Applies to MySQL read replicas.
+ - name: disk_usage.replication_slot.mb
+ type: long
+ description: |
+ The disk space used by replication slot files. Applies to PostgreSQL.
+ - name: disk_usage.transaction_logs.mb
+ type: long
+ description: |
+ The disk space used by transaction logs. Applies to PostgreSQL.
+ - name: transactions.active
+ type: long
+ description: |
+ The average number of current transactions executing on an Aurora database instance per second.
+ - name: transactions.blocked
+ type: long
+ description: |
+ The average number of transactions in the database that are blocked per second.
+ - name: db_instance.db_cluster_identifier
+ type: keyword
+ description: |
+ This identifier is the unique key that identifies a DB cluster specifically for Amazon Aurora DB cluster.
+ - name: db_instance.role
+ type: keyword
+ description: |
+ DB roles like WRITER or READER, specifically for Amazon Aurora DB cluster.
+ - name: db_instance.engine_name
+ type: keyword
+ description: |
+ Each DB instance runs a DB engine, like MySQL, MariaDB, PostgreSQL and etc.
+ - name: aurora_bin_log_replica_lag
+ type: long
+ description: |
+ The amount of time a replica DB cluster running on Aurora with MySQL compatibility lags behind the source DB cluster.
+ - name: aurora_global_db.replicated_write_io.bytes
+ type: long
+ description: |
+ In an Aurora Global Database, the number of write I/O operations replicated from the primary AWS Region to the cluster volume in a secondary AWS Region.
+ - name: aurora_global_db.data_transfer.bytes
+ type: long
+ description: |
+ In an Aurora Global Database, the amount of redo log data transferred from the master AWS Region to a secondary AWS Region.
+ - name: aurora_global_db.replication_lag.ms
+ type: long
+ description: |
+ For an Aurora Global Database, the amount of lag when replicating updates from the primary AWS Region, in milliseconds.
+ - name: aurora_replica.lag.ms
+ type: long
+ description: |
+ For an Aurora Replica, the amount of lag when replicating updates from the primary instance, in milliseconds.
+ - name: aurora_replica.lag_max.ms
+ type: long
+ description: |
+ The maximum amount of lag between the primary instance and each Aurora DB instance in the DB cluster, in milliseconds.
+ - name: aurora_replica.lag_min.ms
+ type: long
+ description: |
+ The minimum amount of lag between the primary instance and each Aurora DB instance in the DB cluster, in milliseconds.
+ - name: backtrack_change_records.creation_rate
+ type: long
+ description: |
+ The number of backtrack change records created over five minutes for your DB cluster.
+ - name: backtrack_change_records.stored
+ type: long
+ description: |
+ The actual number of backtrack change records used by your DB cluster.
+ - name: backtrack_window.actual
+ type: long
+ description: |
+ The difference between the target backtrack window and the actual backtrack window.
+ - name: backtrack_window.alert
+ type: long
+ description: |
+ The number of times that the actual backtrack window is smaller than the target backtrack window for a given period of time.
+ - name: storage_used.backup_retention_period.bytes
+ type: long
+ description: |
+ The total amount of backup storage in bytes used to support the point-in-time restore feature within the Aurora DB cluster's backup retention window.
+ - name: storage_used.snapshot.bytes
+ type: long
+ description: |
+ The total amount of backup storage in bytes consumed by all Aurora snapshots for an Aurora DB cluster outside its backup retention window.
+ - name: cache_hit_ratio.buffer
+ type: long
+ description: |
+ The percentage of requests that are served by the buffer cache.
+ - name: cache_hit_ratio.result_set
+ type: long
+ description: |
+ The percentage of requests that are served by the Resultset cache.
+ - name: engine_uptime.sec
+ type: long
+ description: |
+ The amount of time that the instance has been running, in seconds.
+ - name: rds_to_aurora_postgresql_replica_lag.sec
+ type: long
+ description: |
+ The amount of lag in seconds when replicating updates from the primary RDS PostgreSQL instance to other nodes in the cluster.
+ - name: backup_storage_billed_total.bytes
+ type: long
+ description: |
+ The total amount of backup storage in bytes for which you are billed for a given Aurora DB cluster.
+ - name: aurora_volume_left_total.bytes
+ type: long
+ description: |
+ The remaining available space for the cluster volume, measured in bytes.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/rds/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/rds/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/rds/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/rds/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/rds/manifest.yml
new file mode 100644
index 00000000000..d27f1e8ebe5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/rds/manifest.yml
@@ -0,0 +1,32 @@
+title: AWS RDS metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 1m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ - name: tags_filter
+ type: yaml
+ title: Tags Filter
+ multi: false
+ required: false
+ show_user: false
+ default: |
+ # - key: "created-by"
+ # value: "foo"
+ title: AWS RDS metrics
+ description: Collect AWS RDS metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..d9615771138
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/agent/stream/stream.yml.hbs
@@ -0,0 +1,23 @@
+metricsets: ["s3_daily_storage"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/fields/fields.yml
new file mode 100644
index 00000000000..cfeac286146
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/fields/fields.yml
@@ -0,0 +1,13 @@
+- name: aws.s3_daily_storage
+ type: group
+ release: ga
+ fields:
+ - name: bucket.size.bytes
+ type: long
+ format: bytes
+ description: |
+ The amount of data in bytes stored in a bucket.
+ - name: number_of_objects
+ type: long
+ description: |
+ The total number of objects stored in a bucket for all storage classes.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/manifest.yml
new file mode 100644
index 00000000000..f4cb6bdffe1
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_daily_storage/manifest.yml
@@ -0,0 +1,23 @@
+title: AWS S3 daily storage metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 24h
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ title: AWS S3 daily storage metrics
+ description: Collect AWS S3 daily storage metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_request/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..93b75023d20
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/agent/stream/stream.yml.hbs
@@ -0,0 +1,23 @@
+metricsets: ["s3_request"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_request/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_request/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/fields/fields.yml
new file mode 100644
index 00000000000..bd936ff67e2
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/fields/fields.yml
@@ -0,0 +1,74 @@
+- name: aws.s3_request
+ type: group
+ release: ga
+ fields:
+ - name: requests.total
+ type: long
+ description: |
+ The total number of HTTP requests made to an Amazon S3 bucket, regardless of type.
+ - name: requests.get
+ type: long
+ description: |
+ The number of HTTP GET requests made for objects in an Amazon S3 bucket.
+ - name: requests.put
+ type: long
+ description: |
+ The number of HTTP PUT requests made for objects in an Amazon S3 bucket.
+ - name: requests.delete
+ type: long
+ description: |
+ The number of HTTP DELETE requests made for objects in an Amazon S3 bucket.
+ - name: requests.head
+ type: long
+ description: |
+ The number of HTTP HEAD requests made to an Amazon S3 bucket.
+ - name: requests.post
+ type: long
+ description: |
+ The number of HTTP POST requests made to an Amazon S3 bucket.
+ - name: requests.select
+ type: long
+ description: |
+ The number of Amazon S3 SELECT Object Content requests made for objects in an Amazon S3 bucket.
+ - name: requests.select_scanned.bytes
+ type: long
+ format: bytes
+ description: |
+ The number of bytes of data scanned with Amazon S3 SELECT Object Content requests in an Amazon S3 bucket.
+ - name: requests.select_returned.bytes
+ type: long
+ format: bytes
+ description: |
+ The number of bytes of data returned with Amazon S3 SELECT Object Content requests in an Amazon S3 bucket.
+ - name: requests.list
+ type: long
+ description: |
+ The number of HTTP requests that list the contents of a bucket.
+ - name: downloaded.bytes
+ type: long
+ format: bytes
+ description: |
+ The number bytes downloaded for requests made to an Amazon S3 bucket, where the response includes a body.
+ - name: uploaded.bytes
+ type: long
+ format: bytes
+ description: |
+ The number bytes uploaded that contain a request body, made to an Amazon S3 bucket.
+ - name: errors.4xx
+ type: long
+ description: |
+ The number of HTTP 4xx client error status code requests made to an Amazon S3 bucket with a value of either 0 or 1.
+ - name: errors.5xx
+ type: long
+ description: |
+ The number of HTTP 5xx server error status code requests made to an Amazon S3 bucket with a value of either 0 or 1.
+ - name: latency.first_byte.ms
+ type: long
+ format: duration
+ description: |
+ The per-request time from the complete request being received by an Amazon S3 bucket to when the response starts to be returned.
+ - name: latency.total_request.ms
+ type: long
+ format: duration
+ description: |
+ The elapsed per-request time from the first byte received to the last byte sent to an Amazon S3 bucket.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_request/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3_request/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/manifest.yml
new file mode 100644
index 00000000000..d361779e783
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3_request/manifest.yml
@@ -0,0 +1,23 @@
+title: AWS S3 request metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 24h
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ title: AWS S3 request metrics
+ description: Collect AWS S3 request metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3access/agent/stream/log.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/s3access/agent/stream/log.yml.hbs
new file mode 100644
index 00000000000..1a5e67ea6a2
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3access/agent/stream/log.yml.hbs
@@ -0,0 +1,10 @@
+paths:
+ {{#each paths as |path i|}}
+- {{path}}
+ {{/each}}
+exclude_files: [".gz$"]
+processors:
+ - add_fields:
+ target: ''
+ fields:
+ ecs.version: 1.5.0
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3access/agent/stream/s3.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/s3access/agent/stream/s3.yml.hbs
new file mode 100644
index 00000000000..95caff63aeb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3access/agent/stream/s3.yml.hbs
@@ -0,0 +1,33 @@
+queue_url: {{queue_url}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if visibility_timeout}}
+visibility_timeout: {{visibility_timeout}}
+{{/if}}
+{{#if api_timeout}}
+api_timeout: {{api_timeout}}
+{{/if}}
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if access_key_id}}
+access_key_id: {{access_key_id}}
+{{/if}}
+{{#if secret_access_key}}
+secret_access_key: {{secret_access_key}}
+{{/if}}
+{{#if session_token}}
+session_token: {{session_token}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+processors:
+ - add_fields:
+ target: ''
+ fields:
+ ecs.version: 1.5.0
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3access/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3access/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..f346b427c0b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3access/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,150 @@
+---
+description: "Pipeline for s3 server access logs"
+
+processors:
+ - grok:
+ field: message
+ patterns:
+ - >-
+ %{BASE16NUM:aws.s3access.bucket_owner} %{HOSTNAME:aws.s3access.bucket} \[%{HTTPDATE:_temp_.s3access_time}\]
+ %{IP:aws.s3access.remote_ip} (?:-|%{S3REQUESTER:aws.s3access.requester}) %{S3REQUESTID:aws.s3access.request_id}
+ %{S3OPERATION:aws.s3access.operation} (?:-|%{S3KEY:aws.s3access.key}) (?:-|\"%{DATA:aws.s3access.request_uri}\")
+ %{NUMBER:aws.s3access.http_status:long} (?:-|%{WORD:aws.s3access.error_code}) (?:-|%{NUMBER:aws.s3access.bytes_sent:long})
+ (?:-|%{NUMBER:aws.s3access.object_size:long}) (?:-|%{NUMBER:aws.s3access.total_time:long}) (?:-|%{NUMBER:aws.s3access.turn_around_time:long})
+ (?:-|\"-\"|\"%{DATA:aws.s3access.referrer}\") (?:-|\"(-|%{DATA:aws.s3access.user_agent})\") (?:-|%{S3KEY:aws.s3access.version_id})
+ (?:-|%{S3ID:aws.s3access.host_id}) (?:-|%{S3VERSION:aws.s3access.signature_version}) (?:-|%{S3KEY:aws.s3access.cipher_suite})
+ (?:-|%{WORD:aws.s3access.authentication_type}) (?:-|%{S3ID:aws.s3access.host_header}) (?:-|%{S3VERSION:aws.s3access.tls_version})
+ pattern_definitions:
+ S3REQUESTER: "[a-zA-Z0-9\\/_\\.\\-%:@]+"
+ S3REQUESTID: "[a-zA-Z0-9]+"
+ S3OPERATION: "%{WORD}.%{WORD}.%{WORD}"
+ S3KEY: "[a-zA-Z0-9\\/_\\.\\-%+]+"
+ S3ID: "[a-zA-Z0-9\\/_\\.\\-%+=]+"
+ S3VERSION: "[a-zA-Z0-9.]+"
+
+ - append:
+ if: "ctx?.aws?.s3access?.bucket_owner != null"
+ field: related.user
+ value: "{{aws.s3access.bucket_owner}}"
+
+ #
+ # Parse the date included in s3 access logs
+ #
+ - date:
+ field: "_temp_.s3access_time"
+ target_field: "@timestamp"
+ ignore_failure: true
+ formats:
+ - "dd/MMM/yyyy:H:m:s Z"
+
+ - set:
+ if: "ctx?.aws?.s3access?.remote_ip != null"
+ field: client.ip
+ value: "{{aws.s3access.remote_ip}}"
+
+ - append:
+ if: "ctx?.aws?.s3access?.remote_ip != null"
+ field: related.ip
+ value: "{{aws.s3access.remote_ip}}"
+
+ - set:
+ if: "ctx?.aws?.s3access?.remote_ip != null"
+ field: client.address
+ value: "{{aws.s3access.remote_ip}}"
+
+ - geoip:
+ if: "ctx?.aws?.s3access?.remote_ip != null"
+ field: aws.s3access.remote_ip
+ target_field: geo
+
+ - set:
+ if: "ctx?.aws?.s3access?.requester != null"
+ field: client.user.id
+ value: "{{aws.s3access.requester}}"
+
+ - set:
+ if: "ctx?.aws?.s3access?.request_id != null"
+ field: event.id
+ value: "{{aws.s3access.request_id}}"
+
+ - set:
+ if: "ctx?.aws?.s3access?.operation != null"
+ field: event.action
+ value: "{{aws.s3access.operation}}"
+
+ - set:
+ if: "ctx?.aws?.s3access?.http_status != null"
+ field: http.response.status_code
+ value: "{{aws.s3access.http_status}}"
+
+ - convert:
+ if: "ctx?.http?.response?.status_code != null"
+ field: http.response.status_code
+ type: long
+
+ - set:
+ if: "ctx?.aws?.s3access?.error_code != null"
+ field: event.outcome
+ value: failure
+
+ - set:
+ if: "ctx?.aws?.s3access?.error_code != null"
+ field: event.code
+ value: "{{aws.s3access.error_code}}"
+
+ - set:
+ if: "ctx?.aws?.s3access?.error_code == null"
+ field: event.outcome
+ value: success
+
+ - set:
+ if: "ctx?.aws?.s3access?.total_time != null"
+ field: event.duration
+ value: "{{aws.s3access.total_time}}"
+
+ - set:
+ if: "ctx?.aws?.s3access?.referrer != null"
+ field: http.request.referrer
+ value: "{{aws.s3access.referrer}}"
+
+ - user_agent:
+ if: "ctx?.aws?.s3access?.user_agent != null"
+ field: aws.s3access.user_agent
+
+ - set:
+ field: tls.cipher
+ value: '{{aws.s3access.cipher_suite}}'
+ if: ctx.aws?.s3access?.cipher_suite != null
+
+ - script:
+ lang: painless
+ if: ctx.aws?.s3access?.tls_version != null
+ source: >-
+ def parts = ctx.aws.s3access.tls_version.toLowerCase().splitOnToken("v");
+ if (parts.length != 2) {
+ return;
+ }
+ ctx.tls.version = parts[1];
+ ctx.tls.version_protocol = parts[0]
+
+ - set:
+ field: cloud.provider
+ value: aws
+
+ - set:
+ field: event.kind
+ value: event
+
+ #
+ # Remove temporary fields
+ #
+ - remove:
+ field:
+ - message
+ - _temp_
+ ignore_missing: true
+
+on_failure:
+ - set:
+ field: "error.message"
+ value: "{{ _ingest.on_failure_message }}"
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3access/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3access/fields/fields.yml
new file mode 100644
index 00000000000..24baa97fe8f
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3access/fields/fields.yml
@@ -0,0 +1,190 @@
+- name: aws.s3access
+ type: group
+ release: ga
+ fields:
+ - name: bucket_owner
+ type: keyword
+ description: |
+ The canonical user ID of the owner of the source bucket.
+ - name: bucket
+ type: keyword
+ description: |
+ The name of the bucket that the request was processed against.
+ - name: remote_ip
+ type: ip
+ description: |
+ The apparent internet address of the requester.
+ - name: requester
+ type: keyword
+ description: |
+ The canonical user ID of the requester, or a - for unauthenticated requests.
+ - name: request_id
+ type: keyword
+ description: |
+ A string generated by Amazon S3 to uniquely identify each request.
+ - name: operation
+ type: keyword
+ description: |
+ The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT.
+ - name: key
+ type: keyword
+ description: |
+ The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter.
+ - name: request_uri
+ type: keyword
+ description: |
+ The Request-URI part of the HTTP request message.
+ - name: http_status
+ type: long
+ description: |
+ The numeric HTTP status code of the response.
+ - name: error_code
+ type: keyword
+ description: |
+ The Amazon S3 Error Code, or "-" if no error occurred.
+ - name: bytes_sent
+ type: long
+ description: |
+ The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero.
+ - name: object_size
+ type: long
+ description: |
+ The total size of the object in question.
+ - name: total_time
+ type: long
+ description: |
+ The number of milliseconds the request was in flight from the server's perspective.
+ - name: turn_around_time
+ type: long
+ description: |
+ The number of milliseconds that Amazon S3 spent processing your request.
+ - name: referrer
+ type: keyword
+ description: |
+ The value of the HTTP Referrer header, if present.
+ - name: user_agent
+ type: keyword
+ description: |
+ The value of the HTTP User-Agent header.
+ - name: version_id
+ type: keyword
+ description: |
+ The version ID in the request, or "-" if the operation does not take a versionId parameter.
+ - name: host_id
+ type: keyword
+ description: |
+ The x-amz-id-2 or Amazon S3 extended request ID.
+ - name: signature_version
+ type: keyword
+ description: |
+ The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests.
+ - name: cipher_suite
+ type: keyword
+ description: |
+ The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP.
+ - name: authentication_type
+ type: keyword
+ description: |
+ The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests.
+ - name: host_header
+ type: keyword
+ description: |
+ The endpoint used to connect to Amazon S3.
+ - name: tls_version
+ type: keyword
+ description: |
+ The Transport Layer Security (TLS) version negotiated by the client.
+- name: related.user
+ type: keyword
+ description: All the user names seen on your event.
+- name: related.ip
+ type: ip
+ description: All of the IPs seen on your event.
+- name: client.ip
+ type: ip
+ description: IP address of the client.
+- name: client.address
+ type: keyword
+ description: Some event client addresses are defined ambiguously. The event will
+ sometimes list an IP, a domain or a unix socket. You should always store the raw
+ address in the .address field.
+- name: client.user.id
+ type: keyword
+ description: Unique identifiers of the user.
+- name: event.id
+ type: keyword
+ description: Unique ID to describe the event.
+- name: event.action
+ type: keyword
+ description: The action captured by the event.
+- name: http.response.status_code
+ type: long
+ description: HTTP response status code.
+- name: event.outcome
+ type: keyword
+ description: This is one of four ECS Categorization Fields, and indicates the lowest
+ level in the ECS category hierarchy.
+- name: event.code
+ type: keyword
+ description: Identification code for this event, if one exists.
+- name: event.duration
+ type: long
+ description: Duration of the event in nanoseconds.
+- name: http.request.referrer
+ type: keyword
+ description: Referrer for this HTTP request.
+- name: tls.cipher
+ type: keyword
+ description: String indicating the cipher used during the current connection.
+- name: tls.version
+ type: keyword
+ description: Numeric part of the version parsed from the original string.
+- name: tls.version_protocol
+ type: keyword
+ description: Normalized lowercase protocol name parsed from original string.
+- name: cloud.provider
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+- name: event.kind
+ type: keyword
+ description: Event kind (e.g. event, alert, metric, state, pipeline_error, signal)
+- name: geo.city_name
+ type: keyword
+ description: City name.
+- name: geo.continent_name
+ type: keyword
+ description: Name of the continent.
+- name: geo.country_iso_code
+ type: keyword
+ description: Country ISO code.
+- name: geo.location
+ type: geo_point
+ description: Longitude and latitude.
+- name: geo.region_iso_code
+ type: keyword
+ description: Region ISO code.
+- name: geo.region_name
+ type: keyword
+ description: Region name.
+- name: user_agent.device.name
+ type: keyword
+ description: Name of the device.
+- name: user_agent.name
+ type: keyword
+ description: Name of the user agent.
+- name: user_agent.original
+ type: keyword
+ description: Unparsed user_agent string.
+- name: user_agent.os.full
+ type: keyword
+ description: Operating system name, including the version or code name.
+- name: user_agent.os.name
+ type: keyword
+ description: Operating system name, without the version.
+- name: user_agent.os.version
+ type: keyword
+ description: Operating system version as a raw string.
+- name: user_agent.version
+ type: keyword
+ description: Version of the user agent.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3access/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3access/fields/package-fields.yml
new file mode 100644
index 00000000000..7f6b7c89946
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3access/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: aws
+ type: group
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/s3access/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/s3access/manifest.yml
new file mode 100644
index 00000000000..892054be423
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/s3access/manifest.yml
@@ -0,0 +1,8 @@
+title: AWS s3access logs
+release: beta
+type: logs
+streams:
+- input: logs
+ template_path: s3.yml.hbs
+ title: AWS s3access logs
+ description: Collect AWS s3access logs using s3 input
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sns/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/sns/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..4fe17398679
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sns/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["sns"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sns/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/sns/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sns/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sns/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/sns/fields/fields.yml
new file mode 100644
index 00000000000..62e5405ac94
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sns/fields/fields.yml
@@ -0,0 +1,47 @@
+- name: aws.sns
+ type: group
+ release: beta
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: PublishSize.avg
+ type: double
+ description: The size of messages published.
+ - name: SMSSuccessRate.avg
+ type: double
+ description: The rate of successful SMS message deliveries.
+ - name: NumberOfMessagesPublished.sum
+ type: long
+ description: The number of messages published to your Amazon SNS topics.
+ - name: NumberOfNotificationsDelivered.sum
+ type: long
+ description: The number of messages successfully delivered from your Amazon
+ SNS topics to subscribing endpoints.
+ - name: NumberOfNotificationsFailed.sum
+ type: long
+ description: The number of messages that Amazon SNS failed to deliver.
+ - name: NumberOfNotificationsFilteredOut.sum
+ type: long
+ description: The number of messages that were rejected by subscription filter
+ policies.
+ - name: NumberOfNotificationsFilteredOut-InvalidAttributes.sum
+ type: long
+ description: The number of messages that were rejected by subscription filter
+ policies because the messages' attributes are invalid - for example, because
+ the attribute JSON is incorrectly formatted.
+ - name: NumberOfNotificationsFilteredOut-NoMessageAttributes.sum
+ type: long
+ description: The number of messages that were rejected by subscription filter
+ policies because the messages have no attributes.
+ - name: NumberOfNotificationsRedrivenToDlq.sum
+ type: long
+ description: The number of messages that have been moved to a dead-letter queue.
+ - name: NumberOfNotificationsFailedToRedriveToDlq.sum
+ type: long
+ description: The number of messages that couldn't be moved to a dead-letter
+ queue.
+ - name: SMSMonthToDateSpentUSD.sum
+ type: long
+ description: The charges you have accrued since the start of the current calendar
+ month for sending SMS messages.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sns/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/sns/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sns/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sns/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/sns/manifest.yml
new file mode 100644
index 00000000000..646f4a564b0
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sns/manifest.yml
@@ -0,0 +1,32 @@
+title: AWS SNS metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 5m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ - name: tags_filter
+ type: yaml
+ title: Tags Filter
+ multi: false
+ required: false
+ show_user: false
+ default: |
+ # - key: "created-by"
+ # value: "foo"
+ title: AWS SNS metrics
+ description: Collect AWS SNS metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sqs/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/sqs/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..7280d0f8817
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sqs/agent/stream/stream.yml.hbs
@@ -0,0 +1,23 @@
+metricsets: ["sqs"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sqs/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/sqs/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sqs/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sqs/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/sqs/fields/fields.yml
new file mode 100644
index 00000000000..13aa0cec9cc
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sqs/fields/fields.yml
@@ -0,0 +1,46 @@
+- name: aws.sqs
+ type: group
+ release: ga
+ fields:
+ - name: oldest_message_age.sec
+ type: long
+ format: duration
+ description: |
+ The approximate age of the oldest non-deleted message in the queue.
+ - name: messages.delayed
+ type: long
+ description: |
+ TThe number of messages in the queue that are delayed and not available for reading immediately.
+ - name: messages.not_visible
+ type: long
+ description: |
+ The number of messages that are in flight.
+ - name: messages.visible
+ type: long
+ description: |
+ The number of messages available for retrieval from the queue.
+ - name: messages.deleted
+ type: long
+ description: |
+ The number of messages deleted from the queue.
+ - name: messages.received
+ type: long
+ description: |
+ The number of messages returned by calls to the ReceiveMessage action.
+ - name: messages.sent
+ type: long
+ description: |
+ The number of messages added to a queue.
+ - name: empty_receives
+ type: long
+ description: |
+ The number of ReceiveMessage API calls that did not return a message.
+ - name: sent_message_size.bytes
+ type: long
+ format: bytes
+ description: |
+ The size of messages added to a queue.
+ - name: queue.name
+ type: keyword
+ description: |
+ SQS queue name
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sqs/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/sqs/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sqs/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/sqs/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/sqs/manifest.yml
new file mode 100644
index 00000000000..ddd8b85584b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/sqs/manifest.yml
@@ -0,0 +1,23 @@
+title: AWS SQS metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 5m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-west-1
+ title: AWS SQS metrics
+ description: Collect AWS SQS metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..a3cd95255db
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["transitgateway"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/fields/fields.yml
new file mode 100644
index 00000000000..6f7a095284e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/fields/fields.yml
@@ -0,0 +1,26 @@
+- name: aws.transitgateway
+ type: group
+ release: beta
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: BytesIn.sum
+ type: long
+ description: The number of bytes received by the transit gateway.
+ - name: BytesOut.sum
+ type: long
+ description: The number of bytes sent from the transit gateway.
+ - name: PacketsIn.sum
+ type: long
+ description: The number of packets received by the transit gateway.
+ - name: PacketsOut.sum
+ type: long
+ description: The number of packets sent by the transit gateway.
+ - name: PacketDropCountBlackhole.sum
+ type: long
+ description: The number of packets dropped because they matched a blackhole
+ route.
+ - name: PacketDropCountNoRoute.sum
+ type: long
+ description: The number of packets dropped because they did not match a route.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/manifest.yml
new file mode 100644
index 00000000000..da218637efc
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/transitgateway/manifest.yml
@@ -0,0 +1,23 @@
+title: AWS Transit Gateway metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 1m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ title: AWS Transit Gateway metrics
+ description: Collect AWS Transit Gateway metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/usage/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/usage/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..ca43d44f971
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/usage/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["usage"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/usage/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/usage/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/usage/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/usage/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/usage/fields/fields.yml
new file mode 100644
index 00000000000..77072692dec
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/usage/fields/fields.yml
@@ -0,0 +1,14 @@
+- name: aws.usage
+ type: group
+ release: beta
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: CallCount.sum
+ type: long
+ description: The number of specified API operations performed in your account.
+ - name: ResourceCount.sum
+ type: long
+ description: The number of the specified resources running in your account.
+ The resources are defined by the dimensions associated with the metric.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/usage/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/usage/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/usage/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/usage/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/usage/manifest.yml
new file mode 100644
index 00000000000..3242b9da4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/usage/manifest.yml
@@ -0,0 +1,23 @@
+title: AWS usage metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 1m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ title: AWS usage metrics
+ description: Collect AWS usage metrics
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/agent/stream/log.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/agent/stream/log.yml.hbs
new file mode 100644
index 00000000000..de98b5c1ed7
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/agent/stream/log.yml.hbs
@@ -0,0 +1,113 @@
+paths:
+ {{#each paths as |path i|}}
+ - {{path}}
+ {{/each}}
+exclude_files: [".gz$"]
+processors:
+ - drop_event:
+ when.regexp.message: "^version"
+ - drop_event:
+ when.regexp.message: "^instance-id"
+ - script:
+ lang: javascript
+ source: >
+ function process(event) {
+ var message = event.Get("message");
+ var tokens = message.split(" ").length;
+ event.Put("@metadata.message_token_count", tokens);
+ }
+ # Default vpc flow log format
+ - dissect:
+ when:
+ equals:
+ '@metadata.message_token_count': 14
+ field: message
+ target_prefix: aws.vpcflow
+ tokenizer: '%{version} %{account_id} %{interface_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{packets} %{bytes} %{start} %{end} %{action} %{log_status}'
+ # Custom flow log for traffic through a NAT gateway
+ - dissect:
+ when:
+ equals:
+ '@metadata.message_token_count': 6
+ field: message
+ target_prefix: aws.vpcflow
+ tokenizer: '%{instance_id} %{interface_id} %{srcaddr} %{dstaddr} %{pkt_srcaddr} %{pkt_dstaddr}'
+ # Custom flow log for traffic through a transit gateway
+ - dissect:
+ when:
+ equals:
+ '@metadata.message_token_count': 17
+ field: message
+ target_prefix: aws.vpcflow
+ tokenizer: '%{version} %{interface_id} %{account_id} %{vpc_id} %{subnet_id} %{instance_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{tcp_flags} %{type} %{pkt_srcaddr} %{pkt_dstaddr} %{action} %{log_status}'
+ # TCP Flag Sequence
+ - dissect:
+ when:
+ equals:
+ '@metadata.message_token_count': 21
+ field: message
+ target_prefix: aws.vpcflow
+ tokenizer: '%{version} %{vpc_id} %{subnet_id} %{instance_id} %{interface_id} %{account_id} %{type} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{pkt_srcaddr} %{pkt_dstaddr} %{protocol} %{bytes} %{packets} %{start} %{end} %{action} %{tcp_flags} %{log_status}'
+ - convert:
+ ignore_missing: true
+ fields:
+ - {from: aws.vpcflow.srcaddr, to: source.address}
+ - {from: aws.vpcflow.srcaddr, to: source.ip, type: ip}
+ - {from: aws.vpcflow.srcport, to: source.port, type: long}
+ - {from: aws.vpcflow.dstaddr, to: destination.address}
+ - {from: aws.vpcflow.dstaddr, to: destination.ip, type: ip}
+ - {from: aws.vpcflow.dstport, to: destination.port, type: long}
+ - {from: aws.vpcflow.protocol, to: network.iana_number, type: string}
+ - {from: aws.vpcflow.packets, to: source.packets, type: long}
+ - {from: aws.vpcflow.bytes, to: source.bytes, type: long}
+ - {from: aws.vpcflow.packets, to: network.packets, type: long}
+ - {from: aws.vpcflow.bytes, to: network.bytes, type: long}
+ - drop_fields:
+ fields: ["aws.vpcflow.srcaddr", "aws.vpcflow.srcport", "aws.vpcflow.dstaddr", "aws.vpcflow.dstport", "aws.vpcflow.bytes", "aws.vpcflow.packets", "aws.vpcflow.protocol"]
+ - community_id: ~
+ # Use the aws.vpcflow.action value to set the event.outcome value to either "allow" or "deny".
+ - add_fields:
+ when.equals.aws.vpcflow.action: ACCEPT
+ target: event
+ fields: {outcome: allow}
+ - add_fields:
+ when.equals.aws.vpcflow.action: REJECT
+ target: event
+ fields: {outcome: deny}
+ - add_fields:
+ target: event
+ fields: {type: flow}
+ - add_fields:
+ target: event
+ fields: {category: network_traffic}
+ # Add network.type: ipv4 or ipv6
+ - if:
+ contains.source.ip: "."
+ then:
+ - add_fields:
+ target: network
+ fields: {type: ipv4}
+ - if:
+ contains.source.ip: ":"
+ then:
+ - add_fields:
+ target: network
+ fields: {type: ipv6}
+ # Add network.transport: based on IANA protocol number of the traffic
+ # http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+ - if:
+ equals.network.iana_number: "6"
+ then:
+ - add_fields:
+ target: network
+ fields: {transport: tcp}
+ - if:
+ equals.network.iana_number: "17"
+ then:
+ - add_fields:
+ target: network
+ fields: {transport: udp}
+ - add_fields:
+ target: ''
+ fields:
+ ecs.version: 1.5.0
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/agent/stream/s3.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/agent/stream/s3.yml.hbs
new file mode 100644
index 00000000000..3b12be597f3
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/agent/stream/s3.yml.hbs
@@ -0,0 +1,136 @@
+queue_url: {{queue_url}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if visibility_timeout}}
+visibility_timeout: {{visibility_timeout}}
+{{/if}}
+{{#if api_timeout}}
+api_timeout: {{api_timeout}}
+{{/if}}
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if access_key_id}}
+access_key_id: {{access_key_id}}
+{{/if}}
+{{#if secret_access_key}}
+secret_access_key: {{secret_access_key}}
+{{/if}}
+{{#if session_token}}
+session_token: {{session_token}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+processors:
+ - drop_event:
+ when.regexp.message: "^version"
+ - drop_event:
+ when.regexp.message: "^instance-id"
+ - script:
+ lang: javascript
+ source: >
+ function process(event) {
+ var message = event.Get("message");
+ var tokens = message.split(" ").length;
+ event.Put("@metadata.message_token_count", tokens);
+ }
+ # Default vpc flow log format
+ - dissect:
+ when:
+ equals:
+ '@metadata.message_token_count': 14
+ field: message
+ target_prefix: aws.vpcflow
+ tokenizer: '%{version} %{account_id} %{interface_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{packets} %{bytes} %{start} %{end} %{action} %{log_status}'
+ # Custom flow log for traffic through a NAT gateway
+ - dissect:
+ when:
+ equals:
+ '@metadata.message_token_count': 6
+ field: message
+ target_prefix: aws.vpcflow
+ tokenizer: '%{instance_id} %{interface_id} %{srcaddr} %{dstaddr} %{pkt_srcaddr} %{pkt_dstaddr}'
+ # Custom flow log for traffic through a transit gateway
+ - dissect:
+ when:
+ equals:
+ '@metadata.message_token_count': 17
+ field: message
+ target_prefix: aws.vpcflow
+ tokenizer: '%{version} %{interface_id} %{account_id} %{vpc_id} %{subnet_id} %{instance_id} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{protocol} %{tcp_flags} %{type} %{pkt_srcaddr} %{pkt_dstaddr} %{action} %{log_status}'
+ # TCP Flag Sequence
+ - dissect:
+ when:
+ equals:
+ '@metadata.message_token_count': 21
+ field: message
+ target_prefix: aws.vpcflow
+ tokenizer: '%{version} %{vpc_id} %{subnet_id} %{instance_id} %{interface_id} %{account_id} %{type} %{srcaddr} %{dstaddr} %{srcport} %{dstport} %{pkt_srcaddr} %{pkt_dstaddr} %{protocol} %{bytes} %{packets} %{start} %{end} %{action} %{tcp_flags} %{log_status}'
+ - convert:
+ ignore_missing: true
+ fields:
+ - {from: aws.vpcflow.srcaddr, to: source.address}
+ - {from: aws.vpcflow.srcaddr, to: source.ip, type: ip}
+ - {from: aws.vpcflow.srcport, to: source.port, type: long}
+ - {from: aws.vpcflow.dstaddr, to: destination.address}
+ - {from: aws.vpcflow.dstaddr, to: destination.ip, type: ip}
+ - {from: aws.vpcflow.dstport, to: destination.port, type: long}
+ - {from: aws.vpcflow.protocol, to: network.iana_number, type: string}
+ - {from: aws.vpcflow.packets, to: source.packets, type: long}
+ - {from: aws.vpcflow.bytes, to: source.bytes, type: long}
+ - {from: aws.vpcflow.packets, to: network.packets, type: long}
+ - {from: aws.vpcflow.bytes, to: network.bytes, type: long}
+ - drop_fields:
+ fields: ["aws.vpcflow.srcaddr", "aws.vpcflow.srcport", "aws.vpcflow.dstaddr", "aws.vpcflow.dstport", "aws.vpcflow.bytes", "aws.vpcflow.packets", "aws.vpcflow.protocol"]
+ - community_id: ~
+ # Use the aws.vpcflow.action value to set the event.outcome value to either "allow" or "deny".
+ - add_fields:
+ when.equals.aws.vpcflow.action: ACCEPT
+ target: event
+ fields: {outcome: allow}
+ - add_fields:
+ when.equals.aws.vpcflow.action: REJECT
+ target: event
+ fields: {outcome: deny}
+ - add_fields:
+ target: event
+ fields: {type: flow}
+ - add_fields:
+ target: event
+ fields: {category: network_traffic}
+ # Add network.type: ipv4 or ipv6
+ - if:
+ contains.source.ip: "."
+ then:
+ - add_fields:
+ target: network
+ fields: {type: ipv4}
+ - if:
+ contains.source.ip: ":"
+ then:
+ - add_fields:
+ target: network
+ fields: {type: ipv6}
+ # Add network.transport: based on IANA protocol number of the traffic
+ # http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+ - if:
+ equals.network.iana_number: "6"
+ then:
+ - add_fields:
+ target: network
+ fields: {transport: tcp}
+ - if:
+ equals.network.iana_number: "17"
+ then:
+ - add_fields:
+ target: network
+ fields: {transport: udp}
+ - add_fields:
+ target: ''
+ fields:
+ ecs.version: 1.5.0
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..1ea0a4484e3
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,104 @@
+---
+description: Pipeline for AWS VPC Flow Logs
+
+processors:
+ # Convert Unix epoch to timestamp
+ - date:
+ field: "aws.vpcflow.end"
+ target_field: "@timestamp"
+ ignore_failure: true
+ formats:
+ - UNIX
+ - date:
+ field: "aws.vpcflow.start"
+ target_field: "event.start"
+ ignore_failure: true
+ formats:
+ - UNIX
+ - date:
+ field: "aws.vpcflow.end"
+ target_field: "event.end"
+ ignore_failure: true
+ formats:
+ - UNIX
+ - remove:
+ field: ["aws.vpcflow.start", "aws.vpcflow.end"]
+ ignore_missing: true
+
+ # IP Geolocation Lookup
+ - geoip:
+ field: source.ip
+ target_field: source.geo
+ ignore_missing: true
+ - geoip:
+ field: destination.ip
+ target_field: destination.geo
+ ignore_missing: true
+
+ # IP Autonomous System (AS) Lookup
+ - geoip:
+ database_file: GeoLite2-ASN.mmdb
+ field: source.ip
+ target_field: source.as
+ properties:
+ - asn
+ - organization_name
+ ignore_missing: true
+ - geoip:
+ database_file: GeoLite2-ASN.mmdb
+ field: destination.ip
+ target_field: destination.as
+ properties:
+ - asn
+ - organization_name
+ ignore_missing: true
+
+ - rename:
+ field: source.as.asn
+ target_field: source.as.number
+ ignore_missing: true
+ - rename:
+ field: source.as.organization_name
+ target_field: source.as.organization.name
+ ignore_missing: true
+ - rename:
+ field: destination.as.asn
+ target_field: destination.as.number
+ ignore_missing: true
+ - rename:
+ field: destination.as.organization_name
+ target_field: destination.as.organization.name
+ ignore_missing: true
+ - rename:
+ field: message
+ target_field: event.original
+ ignore_missing: true
+
+ # Generate related.ip field
+ - append:
+ if: ctx.source?.ip != null && ctx.destination?.ip != null
+ field: related.ip
+ value: ["{{source.ip}}", "{{destination.ip}}"]
+
+ - set:
+ field: cloud.provider
+ value: aws
+
+ - set:
+ if: "ctx?.aws?.vpcflow?.account_id != null"
+ field: cloud.account.id
+ value: "{{aws.vpcflow.account_id}}"
+
+ - set:
+ if: "ctx?.aws?.vpcflow?.instance_id != null && ctx.aws.vpcflow.instance_id != '-'"
+ field: cloud.instance.id
+ value: "{{aws.vpcflow.instance_id}}"
+
+ - set:
+ field: event.kind
+ value: event
+
+on_failure:
+ - set:
+ field: "error.message"
+ value: "{{ _ingest.on_failure_message }}"
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/fields/fields.yml
new file mode 100644
index 00000000000..d293c1610f2
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/fields/fields.yml
@@ -0,0 +1,192 @@
+- name: aws.vpcflow
+ type: group
+ release: beta
+ fields:
+ - name: version
+ type: keyword
+ description: |
+ The VPC Flow Logs version. If you use the default format, the version is 2. If you specify a custom format, the version is 3.
+ - name: account_id
+ type: keyword
+ description: |
+ The AWS account ID for the flow log.
+ - name: interface_id
+ type: keyword
+ description: |
+ The ID of the network interface for which the traffic is recorded.
+ - name: action
+ type: keyword
+ description: |
+ The action that is associated with the traffic, ACCEPT or REJECT.
+ - name: log_status
+ type: keyword
+ description: |
+ The logging status of the flow log, OK, NODATA or SKIPDATA.
+ - name: instance_id
+ type: keyword
+ description: |
+ The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you.
+ - name: pkt_srcaddr
+ type: ip
+ description: |
+ The packet-level (original) source IP address of the traffic.
+ - name: pkt_dstaddr
+ type: ip
+ description: |
+ The packet-level (original) destination IP address for the traffic.
+ - name: vpc_id
+ type: keyword
+ description: |
+ The ID of the VPC that contains the network interface for which the traffic is recorded.
+ - name: subnet_id
+ type: keyword
+ description: |
+ The ID of the subnet that contains the network interface for which the traffic is recorded.
+ - name: tcp_flags
+ type: keyword
+ description: |
+ The bitmask value for the following TCP flags: 2=SYN,18=SYN-ACK,1=FIN,4=RST
+ - name: type
+ type: keyword
+ description: |
+ The type of traffic: IPv4, IPv6, or EFA.
+- name: event.start
+ type: date
+ description: event.start contains the date when the event started or when the activity
+ was first observed.
+- name: event.end
+ type: date
+ description: event.end contains the date when the event ended or when the activity
+ was last observed.
+- name: destination.geo.continent_name
+ type: keyword
+ description: Name of the continent.
+- name: destination.geo.country_iso_code
+ type: keyword
+ description: Country ISO code.
+- name: destination.geo.location
+ type: geo_point
+ description: Longitude and latitude.
+- name: destination.ip
+ type: ip
+ description: IP address of the destination.
+- name: destination.address
+ type: keyword
+ description: Some event destination addresses are defined ambiguously. The event
+ will sometimes list an IP, a domain or a unix socket. You should always store
+ the raw address in the .address field.
+- name: destination.port
+ type: long
+ description: Port of the destination.
+- name: event.category
+ type: keyword
+ description: Event category (e.g. database)
+- name: event.outcome
+ type: keyword
+ description: This is one of four ECS Categorization Fields, and indicates the lowest
+ level in the ECS category hierarchy.
+- name: event.type
+ type: keyword
+ description: Event severity (e.g. info, error)
+- name: source.as.number
+ type: long
+ description: Unique number allocated to the autonomous system. The autonomous system
+ number (ASN) uniquely identifies each network on the Internet.
+- name: source.as.organization.name
+ type: keyword
+ description: Organization name.
+- name: destination.as.number
+ type: long
+ description: Unique number allocated to the autonomous system. The autonomous system
+ number (ASN) uniquely identifies each network on the Internet.
+- name: destination.as.organization.name
+ type: keyword
+ description: Organization name.
+- name: event.original
+ type: keyword
+ description: Raw text message of entire event. Used to demonstrate log integrity.
+- name: cloud.account.id
+ type: keyword
+ description: The cloud account or organization id used to identify different entities
+ in a multi-tenant environment.
+- name: cloud.instance.id
+ type: keyword
+ description: Instance ID of the host machine.
+- name: cloud.provider
+ type: keyword
+ description: Name of the cloud provider.
+- name: related.ip
+ type: ip
+ description: All of the IPs seen on your event.
+- name: event.kind
+ type: keyword
+ description: Event kind (e.g. event, alert, metric, state, pipeline_error, signal)
+- name: cloud.account.id
+ type: keyword
+ description: The cloud account or organization id used to identify different entities
+ in a multi-tenant environment.
+- name: network.bytes
+ type: long
+ description: Total bytes transferred in both directions.
+- name: network.community_id
+ type: keyword
+ description: A hash of source and destination IPs and ports, as well as the protocol
+ used in a communication. This is a tool-agnostic standard to identify flows.
+- name: network.iana_number
+ type: keyword
+ description: IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).
+ Standardized list of protocols. This aligns well with NetFlow and sFlow related
+ logs which use the IANA Protocol Number.
+- name: network.packets
+ type: long
+ description: Total packets transferred in both directions.
+- name: network.transport
+ type: keyword
+ description: Same as network.iana_number, but instead using the Keyword name of
+ the transport layer (udp, tcp, ipv6-icmp, etc.)
+- name: network.type
+ type: keyword
+ description: In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec,
+ pim, etc
+- name: source.address
+ type: keyword
+ description: Some event source addresses are defined ambiguously. The event will
+ sometimes list an IP, a domain or a unix socket. You should always store the raw
+ address in the .address field.
+- name: source.as.number
+ type: long
+ description: Unique number allocated to the autonomous system. The autonomous system
+ number (ASN) uniquely identifies each network on the Internet.
+- name: source.as.organization.name
+ type: keyword
+ description: Organization name.
+- name: source.bytes
+ type: long
+ description: Bytes sent from the source to the destination.
+- name: source.geo.city_name
+ type: keyword
+ description: City name.
+- name: source.geo.continent_name
+ type: keyword
+ description: Name of the continent.
+- name: source.geo.country_iso_code
+ type: keyword
+ description: Country ISO code.
+- name: source.geo.location
+ type: geo_point
+ description: Longitude and latitude.
+- name: source.geo.region_iso_code
+ type: keyword
+ description: Region ISO code.
+- name: source.geo.region_name
+ type: keyword
+ description: Region name.
+- name: source.ip
+ type: ip
+ description: IP address of the source (IPv4 or IPv6).
+- name: source.packets
+ type: long
+ description: Packets sent from the source to the destination.
+- name: source.port
+ type: long
+ description: Port of the source.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/fields/package-fields.yml
new file mode 100644
index 00000000000..7f6b7c89946
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: aws
+ type: group
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/manifest.yml
new file mode 100644
index 00000000000..1fa9dfebf79
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpcflow/manifest.yml
@@ -0,0 +1,8 @@
+title: AWS vpcflow logs
+release: beta
+type: logs
+streams:
+- input: logs
+ template_path: s3.yml.hbs
+ title: AWS vpcflow logs
+ description: Collect AWS vpcflow logs using s3 input
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpn/agent/stream/stream.yml.hbs b/dev/packages/alpha/aws/0.0.3/dataset/vpn/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..64a138d7839
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpn/agent/stream/stream.yml.hbs
@@ -0,0 +1,26 @@
+metricsets: ["vpn"]
+period: {{period}}
+{{#if aws_access_key_id}}
+aws_access_key_id: {{aws_access_key_id}}
+{{/if}}
+{{#if aws_secret_access_key}}
+aws_secret_access_key: {{aws_secret_access_key}}
+{{/if}}
+{{#if aws_session_token}}
+aws_session_token: {{aws_session_token}}
+{{/if}}
+{{#if credential_profile_name}}
+credential_profile_name: {{credential_profile_name}}
+{{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
+{{#if role_arn}}
+role_arn: {{role_arn}}
+{{/if}}
+{{#if regions}}
+regions: {{regions}}
+{{/if}}
+{{#if tags_filter}}
+tags_filter: {{tags_filter}}
+{{/if}}
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpn/fields/ecs.yml b/dev/packages/alpha/aws/0.0.3/dataset/vpn/fields/ecs.yml
new file mode 100644
index 00000000000..ff4988438f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpn/fields/ecs.yml
@@ -0,0 +1,50 @@
+- name: cloud
+ title: Cloud
+ group: 2
+ type: group
+ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from
+ its host, the cloud info contains the data about this machine. If Metricbeat runs
+ on a remote machine outside the cloud and fetches data from a service running
+ in the cloud, the field contains cloud data from the machine the service is running
+ on.'
+ fields:
+ - name: account.id
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account or organization id used to identify different entities in a multi-tenant environment.
+ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
+ ignore_above: 1024
+ - name: account.name
+ level: extended
+ type: keyword
+ description: |-
+ The cloud account name or alias used to identify different entities in a multi-tenant environment.
+ Examples: AWS account name, Google Cloud ORG display name.
+ ignore_above: 1024
+ - name: availability_zone
+ level: extended
+ type: keyword
+ description: Availability zone in which this host is running.
+ ignore_above: 1024
+ - name: instance.id
+ level: extended
+ type: keyword
+ description: Instance ID of the host machine.
+ ignore_above: 1024
+ - name: machine.type
+ level: extended
+ type: keyword
+ description: Machine type of the host machine.
+ ignore_above: 1024
+ - name: provider
+ level: extended
+ type: keyword
+ description: Name of the cloud provider. Example values are aws, azure, gcp, or
+ digitalocean.
+ ignore_above: 1024
+ - name: region
+ level: extended
+ type: keyword
+ description: Region in which this host is running.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpn/fields/fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/vpn/fields/fields.yml
new file mode 100644
index 00000000000..b1fab592b27
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpn/fields/fields.yml
@@ -0,0 +1,18 @@
+- name: aws.vpn
+ type: group
+ release: beta
+ fields:
+ - name: metrics
+ type: group
+ fields:
+ - name: TunnelState.avg
+ type: double
+ description: The state of the tunnel. For static VPNs, 0 indicates DOWN and
+ 1 indicates UP. For BGP VPNs, 1 indicates ESTABLISHED and 0 is used for all
+ other states.
+ - name: TunnelDataIn.sum
+ type: double
+ description: The bytes received through the VPN tunnel.
+ - name: TunnelDataOut.sum
+ type: double
+ description: The bytes sent through the VPN tunnel.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpn/fields/package-fields.yml b/dev/packages/alpha/aws/0.0.3/dataset/vpn/fields/package-fields.yml
new file mode 100644
index 00000000000..1394927c4bb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpn/fields/package-fields.yml
@@ -0,0 +1,19 @@
+- name: aws
+ type: group
+ fields:
+ - name: tags.*
+ type: object
+ description: |
+ Tag key value pairs from aws resources.
+ - name: s3.bucket.name
+ type: keyword
+ description: |
+ Name of a S3 bucket.
+ - name: dimensions.*
+ type: object
+ description: |
+ Metric dimensions.
+ - name: '*.metrics.*.*'
+ type: object
+ description: |
+ Metrics that returned from Cloudwatch API query.
diff --git a/dev/packages/alpha/aws/0.0.3/dataset/vpn/manifest.yml b/dev/packages/alpha/aws/0.0.3/dataset/vpn/manifest.yml
new file mode 100644
index 00000000000..f908ee1cfff
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/dataset/vpn/manifest.yml
@@ -0,0 +1,32 @@
+title: AWS VPN metrics
+release: beta
+type: metrics
+streams:
+- input: aws/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 1m
+ - name: regions
+ type: text
+ title: Regions
+ multi: true
+ required: false
+ show_user: true
+ default:
+ - us-east-1
+ - name: tags_filter
+ type: yaml
+ title: Tags Filter
+ multi: false
+ required: false
+ show_user: false
+ default: |
+ # - key: "created-by"
+ # value: "foo"
+ title: AWS VPN metrics
+ description: Collect AWS VPN metrics
diff --git a/dev/packages/alpha/aws/0.0.3/docs/README.md b/dev/packages/alpha/aws/0.0.3/docs/README.md
new file mode 100644
index 00000000000..ac8c056b60b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/docs/README.md
@@ -0,0 +1,990 @@
+# AWS Integration
+
+This integration is used to fetches logs and metrics from
+[Amazon Web Services](https://aws.amazon.com/).
+
+## Logs
+
+### cloudtrail
+
+The `cloudtrail` dataset collects the AWS CloudTrail logs. CloudTrail monitors
+events for the account. If user creates a trail, it delivers those events as log
+ files to a specific Amazon S3 bucket. The `cloudtrail` dataset does not read
+ the CloudTrail Digest files that are delivered to the S3 bucket when Log File
+ Integrity is turned on, it only reads the CloudTrail logs.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.cloudtrail.additional_eventdata | Additional data about the event that was not part of the request or response. | keyword |
+| aws.cloudtrail.api_version | Identifies the API version associated with the AwsApiCall eventType value. | keyword |
+| aws.cloudtrail.console_login.additional_eventdata.login_to | URL for ConsoleLogin | keyword |
+| aws.cloudtrail.console_login.additional_eventdata.mfa_used | Identifies whether multi factor authentication was used during ConsoleLogin | boolean |
+| aws.cloudtrail.console_login.additional_eventdata.mobile_version | Identifies whether ConsoleLogin was from mobile version | boolean |
+| aws.cloudtrail.error_code | The AWS service error if the request returns an error. | keyword |
+| aws.cloudtrail.error_message | If the request returns an error, the description of the error. | keyword |
+| aws.cloudtrail.event_type | Identifies the type of event that generated the event record. | keyword |
+| aws.cloudtrail.event_version | The CloudTrail version of the log event format. | keyword |
+| aws.cloudtrail.management_event | A Boolean value that identifies whether the event is a management event. | keyword |
+| aws.cloudtrail.read_only | Identifies whether this operation is a read-only operation. | keyword |
+| aws.cloudtrail.recipient_account_id | Represents the account ID that received this event. | keyword |
+| aws.cloudtrail.request_id | The value that identifies the request. The service being called generates this value. | keyword |
+| aws.cloudtrail.request_parameters | The parameters, if any, that were sent with the request. | keyword |
+| aws.cloudtrail.resources.account_id | Account ID of the resource owner | keyword |
+| aws.cloudtrail.resources.arn | Resource ARNs | keyword |
+| aws.cloudtrail.resources.type | Resource type identifier in the format: AWS::aws-service-name::data-type-name | keyword |
+| aws.cloudtrail.response_elements | The response element for actions that make changes (create, update, or delete actions). | keyword |
+| aws.cloudtrail.service_event_details | Identifies the service event, including what triggered the event and the result. | keyword |
+| aws.cloudtrail.shared_event_id | GUID generated by CloudTrail to uniquely identify CloudTrail events from the same AWS action that is sent to different AWS accounts. | keyword |
+| aws.cloudtrail.user_identity.access_key_id | The access key ID that was used to sign the request. | keyword |
+| aws.cloudtrail.user_identity.arn | The Amazon Resource Name (ARN) of the principal that made the call. | keyword |
+| aws.cloudtrail.user_identity.invoked_by | The name of the AWS service that made the request, such as Amazon EC2 Auto Scaling or AWS Elastic Beanstalk. | keyword |
+| aws.cloudtrail.user_identity.session_context.creation_date | The date and time when the temporary security credentials were issued. | date |
+| aws.cloudtrail.user_identity.session_context.mfa_authenticated | The value is true if the root user or IAM user whose credentials were used for the request also was authenticated with an MFA device; otherwise, false. | keyword |
+| aws.cloudtrail.user_identity.session_issuer.account_id | The account that owns the entity that was used to get credentials. | keyword |
+| aws.cloudtrail.user_identity.session_issuer.arn | The ARN of the source (account, IAM user, or role) that was used to get temporary security credentials. | keyword |
+| aws.cloudtrail.user_identity.session_issuer.principal_id | The internal ID of the entity that was used to get credentials. | keyword |
+| aws.cloudtrail.user_identity.session_issuer.type | The source of the temporary security credentials, such as Root, IAMUser, or Role. | keyword |
+| aws.cloudtrail.user_identity.type | The type of the identity | keyword |
+| aws.cloudtrail.vpc_endpoint_id | Identifies the VPC endpoint in which requests were made from a VPC to another AWS service, such as Amazon S3. | keyword |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. | keyword |
+| cloud.region | Region in which this host is running. | keyword |
+| event.action | The action captured by the event. | keyword |
+| event.kind | Event kind (e.g. event, alert, metric, state, pipeline_error, signal) | keyword |
+| event.original | Raw text message of entire event. Used to demonstrate log integrity. | keyword |
+| event.provider | Source of the event. | keyword |
+| event.type | Event severity (e.g. info, error) | keyword |
+| related.user | All the user names seen on your event. | keyword |
+| source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. | keyword |
+| source.ip | IP address of the source (IPv4 or IPv6). | ip |
+| user.id | Unique identifier of the user. | keyword |
+| user.name | Short name or login of the user. | keyword |
+| user_agent.device.name | Name of the device. | keyword |
+| user_agent.name | Name of the user agent. | keyword |
+| user_agent.original | Unparsed user_agent string. | keyword |
+
+
+### cloudwatch
+
+The `cloudwatch` dataset collects CloudWatch logs. Users can use Amazon
+CloudWatch logs to monitor, store, and access log files from different sources.
+Export logs from log groups to an Amazon S3 bucket which has SQS notification
+setup already.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.cloudwatch.message | CloudWatch log message. | text |
+
+
+### ec2
+
+The `ec2` dataset is specifically for EC2 logs stored in AWS CloudWatch. Export logs
+from log groups to Amazon S3 bucket which has SQS notification setup already.
+With this dataset, EC2 logs will be parsed into fields like `ip_address`
+and `process.name`. For logs from other services, please use `cloudwatch` dataset.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.ec2.ip_address | The internet address of the requester. | keyword |
+| process.name | Process name. | keyword |
+
+
+### elb
+
+The `elb` dataset collects logs from AWS ELBs. Elastic Load Balancing provides
+access logs that capture detailed information about requests sent to the load
+balancer. Each log contains information such as the time the request was
+received, the client's IP address, latencies, request paths, and server
+responses. Users can use these access logs to analyze traffic patterns and to
+troubleshoot issues.
+
+Please follow [enable access logs for classic load balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html)
+for sending Classic ELB access logs to S3 bucket.
+For application load balancer, please follow [enable access log for application load balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#enable-access-logging).
+For network load balancer, please follow [enable access log for network load balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest//network/load-balancer-access-logs.html).
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.elb.action_executed | The action executed when processing the request (forward, fixed-response, authenticate...). It can contain several values. | keyword |
+| aws.elb.backend.http.response.status_code | The status code from the backend (status code sent to the client from ELB is stored in `http.response.status_code` | keyword |
+| aws.elb.backend.ip | The IP address of the backend processing this connection. | keyword |
+| aws.elb.backend.port | The port in the backend processing this connection. | keyword |
+| aws.elb.backend_processing_time.sec | The total time in seconds since the connection is sent to the backend till the backend starts responding. | float |
+| aws.elb.chosen_cert.arn | The ARN of the chosen certificate presented to the client in TLS/SSL connections. | keyword |
+| aws.elb.chosen_cert.serial | The serial number of the chosen certificate presented to the client in TLS/SSL connections. | keyword |
+| aws.elb.connection_time.ms | The total time of the connection in milliseconds, since it is opened till it is closed. | long |
+| aws.elb.error.reason | The error reason if the executed action failed. | keyword |
+| aws.elb.incoming_tls_alert | The integer value of TLS alerts received by the load balancer from the client, if present. | keyword |
+| aws.elb.listener | The ELB listener that received the connection. | keyword |
+| aws.elb.matched_rule_priority | The priority value of the rule that matched the request, if a rule matched. | keyword |
+| aws.elb.name | The name of the load balancer. | keyword |
+| aws.elb.protocol | The protocol of the load balancer (http or tcp). | keyword |
+| aws.elb.redirect_url | The URL used if a redirection action was executed. | keyword |
+| aws.elb.request_processing_time.sec | The total time in seconds since the connection or request is received until it is sent to a registered backend. | float |
+| aws.elb.response_processing_time.sec | The total time in seconds since the response is received from the backend till it is sent to the client. | float |
+| aws.elb.ssl_cipher | The SSL cipher used in TLS/SSL connections. | keyword |
+| aws.elb.ssl_protocol | The SSL protocol used in TLS/SSL connections. | keyword |
+| aws.elb.target_group.arn | The ARN of the target group handling the request. | keyword |
+| aws.elb.tls_handshake_time.ms | The total time for the TLS handshake to complete in milliseconds once the connection has been established. | long |
+| aws.elb.tls_named_group | The TLS named group. | keyword |
+| aws.elb.trace_id | The contents of the `X-Amzn-Trace-Id` header. | keyword |
+| aws.elb.type | The type of the load balancer for v2 Load Balancers. | keyword |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| destination.bytes | Bytes sent from the destination to the source. | long |
+| destination.domain | Destination domain. | keyword |
+| event.category | Event category (e.g. database) | keyword |
+| event.end | event.end contains the date when the event ended or when the activity was last observed. | date |
+| event.kind | Event kind (e.g. event, alert, metric, state, pipeline_error, sig | keyword |
+| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. | keyword |
+| event.start | event.start contains the date when the event started or when the activity was first observed. | date |
+| http.request.body.bytes | Size in bytes of the request body. | long |
+| http.request.method | HTTP request method. | keyword |
+| http.request.referrer | Referrer for this HTTP request. | keyword |
+| http.response.body.bytes | Size in bytes of the response body. | long |
+| http.response.status_code | HTTP response status code. | long |
+| http.version | HTTP version. | keyword |
+| source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long |
+| source.as.organization.name | Organization name. | keyword |
+| source.geo.city_name | City name. | keyword |
+| source.geo.continent_name | Name of the continent. | keyword |
+| source.geo.country_iso_code | Country ISO code. | keyword |
+| source.geo.location | Longitude and latitude. | geo_point |
+| source.geo.region_iso_code | Region ISO code. | keyword |
+| source.geo.region_name | Region name. | keyword |
+| source.ip | IP address of the source. | ip |
+| source.port | Port of the source. | long |
+| tracing.trace.id | Unique identifier of the trace. | keyword |
+| user_agent.original | Unparsed user_agent string. | keyword |
+
+
+### s3access
+
+The `s3access` dataset collects server access logs from AWS S3. Server access
+logging provides detailed records for the requests that are made to a bucket.
+Server access logs are useful for many applications. For example, access log
+information can be useful in security and access audits. It can also help users
+to learn about customer base and understand Amazon S3 bill.
+
+Please follow [how to enable server access logging](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html#server-access-logging-overview)
+for sending server access logs to S3 bucket.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.s3access.authentication_type | The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests. | keyword |
+| aws.s3access.bucket | The name of the bucket that the request was processed against. | keyword |
+| aws.s3access.bucket_owner | The canonical user ID of the owner of the source bucket. | keyword |
+| aws.s3access.bytes_sent | The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero. | long |
+| aws.s3access.cipher_suite | The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP. | keyword |
+| aws.s3access.error_code | The Amazon S3 Error Code, or "-" if no error occurred. | keyword |
+| aws.s3access.host_header | The endpoint used to connect to Amazon S3. | keyword |
+| aws.s3access.host_id | The x-amz-id-2 or Amazon S3 extended request ID. | keyword |
+| aws.s3access.http_status | The numeric HTTP status code of the response. | long |
+| aws.s3access.key | The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter. | keyword |
+| aws.s3access.object_size | The total size of the object in question. | long |
+| aws.s3access.operation | The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT. | keyword |
+| aws.s3access.referrer | The value of the HTTP Referrer header, if present. | keyword |
+| aws.s3access.remote_ip | The apparent internet address of the requester. | ip |
+| aws.s3access.request_id | A string generated by Amazon S3 to uniquely identify each request. | keyword |
+| aws.s3access.request_uri | The Request-URI part of the HTTP request message. | keyword |
+| aws.s3access.requester | The canonical user ID of the requester, or a - for unauthenticated requests. | keyword |
+| aws.s3access.signature_version | The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests. | keyword |
+| aws.s3access.tls_version | The Transport Layer Security (TLS) version negotiated by the client. | keyword |
+| aws.s3access.total_time | The number of milliseconds the request was in flight from the server's perspective. | long |
+| aws.s3access.turn_around_time | The number of milliseconds that Amazon S3 spent processing your request. | long |
+| aws.s3access.user_agent | The value of the HTTP User-Agent header. | keyword |
+| aws.s3access.version_id | The version ID in the request, or "-" if the operation does not take a versionId parameter. | keyword |
+| client.address | Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. | keyword |
+| client.ip | IP address of the client. | ip |
+| client.user.id | Unique identifiers of the user. | keyword |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| event.action | The action captured by the event. | keyword |
+| event.code | Identification code for this event, if one exists. | keyword |
+| event.duration | Duration of the event in nanoseconds. | long |
+| event.id | Unique ID to describe the event. | keyword |
+| event.kind | Event kind (e.g. event, alert, metric, state, pipeline_error, signal) | keyword |
+| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. | keyword |
+| geo.city_name | City name. | keyword |
+| geo.continent_name | Name of the continent. | keyword |
+| geo.country_iso_code | Country ISO code. | keyword |
+| geo.location | Longitude and latitude. | geo_point |
+| geo.region_iso_code | Region ISO code. | keyword |
+| geo.region_name | Region name. | keyword |
+| http.request.referrer | Referrer for this HTTP request. | keyword |
+| http.response.status_code | HTTP response status code. | long |
+| related.ip | All of the IPs seen on your event. | ip |
+| related.user | All the user names seen on your event. | keyword |
+| tls.cipher | String indicating the cipher used during the current connection. | keyword |
+| tls.version | Numeric part of the version parsed from the original string. | keyword |
+| tls.version_protocol | Normalized lowercase protocol name parsed from original string. | keyword |
+| user_agent.device.name | Name of the device. | keyword |
+| user_agent.name | Name of the user agent. | keyword |
+| user_agent.original | Unparsed user_agent string. | keyword |
+| user_agent.os.full | Operating system name, including the version or code name. | keyword |
+| user_agent.os.name | Operating system name, without the version. | keyword |
+| user_agent.os.version | Operating system version as a raw string. | keyword |
+| user_agent.version | Version of the user agent. | keyword |
+
+
+### vpcflow
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.vpcflow.account_id | The AWS account ID for the flow log. | keyword |
+| aws.vpcflow.action | The action that is associated with the traffic, ACCEPT or REJECT. | keyword |
+| aws.vpcflow.instance_id | The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you. | keyword |
+| aws.vpcflow.interface_id | The ID of the network interface for which the traffic is recorded. | keyword |
+| aws.vpcflow.log_status | The logging status of the flow log, OK, NODATA or SKIPDATA. | keyword |
+| aws.vpcflow.pkt_dstaddr | The packet-level (original) destination IP address for the traffic. | ip |
+| aws.vpcflow.pkt_srcaddr | The packet-level (original) source IP address of the traffic. | ip |
+| aws.vpcflow.subnet_id | The ID of the subnet that contains the network interface for which the traffic is recorded. | keyword |
+| aws.vpcflow.tcp_flags | The bitmask value for the following TCP flags: 2=SYN,18=SYN-ACK,1=FIN,4=RST | keyword |
+| aws.vpcflow.type | The type of traffic: IPv4, IPv6, or EFA. | keyword |
+| aws.vpcflow.version | The VPC Flow Logs version. If you use the default format, the version is 2. If you specify a custom format, the version is 3. | keyword |
+| aws.vpcflow.vpc_id | The ID of the VPC that contains the network interface for which the traffic is recorded. | keyword |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. | keyword |
+| cloud.instance.id | Instance ID of the host machine. | keyword |
+| cloud.provider | Name of the cloud provider. | keyword |
+| destination.address | Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. | keyword |
+| destination.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long |
+| destination.as.organization.name | Organization name. | keyword |
+| destination.geo.continent_name | Name of the continent. | keyword |
+| destination.geo.country_iso_code | Country ISO code. | keyword |
+| destination.geo.location | Longitude and latitude. | geo_point |
+| destination.ip | IP address of the destination. | ip |
+| destination.port | Port of the destination. | long |
+| event.category | Event category (e.g. database) | keyword |
+| event.end | event.end contains the date when the event ended or when the activity was last observed. | date |
+| event.kind | Event kind (e.g. event, alert, metric, state, pipeline_error, signal) | keyword |
+| event.original | Raw text message of entire event. Used to demonstrate log integrity. | keyword |
+| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. | keyword |
+| event.start | event.start contains the date when the event started or when the activity was first observed. | date |
+| event.type | Event severity (e.g. info, error) | keyword |
+| network.bytes | Total bytes transferred in both directions. | long |
+| network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. | keyword |
+| network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword |
+| network.packets | Total packets transferred in both directions. | long |
+| network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) | keyword |
+| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc | keyword |
+| related.ip | All of the IPs seen on your event. | ip |
+| source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. | keyword |
+| source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long |
+| source.as.organization.name | Organization name. | keyword |
+| source.bytes | Bytes sent from the source to the destination. | long |
+| source.geo.city_name | City name. | keyword |
+| source.geo.continent_name | Name of the continent. | keyword |
+| source.geo.country_iso_code | Country ISO code. | keyword |
+| source.geo.location | Longitude and latitude. | geo_point |
+| source.geo.region_iso_code | Region ISO code. | keyword |
+| source.geo.region_name | Region name. | keyword |
+| source.ip | IP address of the source (IPv4 or IPv6). | ip |
+| source.packets | Packets sent from the source to the destination. | long |
+| source.port | Port of the source. | long |
+
+
+
+## Metrics
+
+### billing
+
+An example event for `billing` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.billing.metrics.EstimatedCharges.max | Maximum estimated charges for AWS acccount. | long |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | | alias |
+| cloud.machine.type | Machine type of the host machine. | keyword |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | Region in which this host is running. | keyword |
+
+
+### cloudwatch
+
+An example event for `cloudwatch` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | | alias |
+| cloud.machine.type | Machine type of the host machine. | keyword |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | Region in which this host is running. | keyword |
+
+
+### dynamodb
+
+An example event for `dynamodb` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.dynamodb.metrics.AccountMaxReads.max | The maximum number of read capacity units that can be used by an account. This limit does not apply to on-demand tables or global secondary indexes. | long |
+| aws.dynamodb.metrics.AccountMaxTableLevelReads.max | The maximum number of read capacity units that can be used by a table or global secondary index of an account. For on-demand tables this limit caps the maximum read request units a table or a global secondary index can use. | long |
+| aws.dynamodb.metrics.AccountMaxTableLevelWrites.max | The maximum number of write capacity units that can be used by a table or global secondary index of an account. For on-demand tables this limit caps the maximum write request units a table or a global secondary index can use. | long |
+| aws.dynamodb.metrics.AccountMaxWrites.max | The maximum number of write capacity units that can be used by an account. This limit does not apply to on-demand tables or global secondary indexes. | long |
+| aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg | The average percentage of provisioned read capacity units utilized by the account. | double |
+| aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg | The average percentage of provisioned write capacity units utilized by the account. | double |
+| aws.dynamodb.metrics.ConditionalCheckFailedRequests.sum | The number of failed attempts to perform conditional writes. | long |
+| aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg | | double |
+| aws.dynamodb.metrics.ConsumedReadCapacityUnits.sum | | long |
+| aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg | | double |
+| aws.dynamodb.metrics.ConsumedWriteCapacityUnits.sum | | long |
+| aws.dynamodb.metrics.MaxProvisionedTableReadCapacityUtilization.max | The percentage of provisioned read capacity units utilized by the highest provisioned read table or global secondary index of an account. | double |
+| aws.dynamodb.metrics.MaxProvisionedTableWriteCapacityUtilization.max | The percentage of provisioned write capacity utilized by the highest provisioned write table or global secondary index of an account. | double |
+| aws.dynamodb.metrics.OnlineIndexPercentageProgress.avg | The percentage of completion when a new global secondary index is being added to a table. | double |
+| aws.dynamodb.metrics.PendingReplicationCount.sum | The number of item updates that are written to one replica table, but that have not yet been written to another replica in the global table. | long |
+| aws.dynamodb.metrics.ProvisionedReadCapacityUnits.avg | The number of provisioned read capacity units for a table or a global secondary index. | double |
+| aws.dynamodb.metrics.ProvisionedWriteCapacityUnits.avg | The number of provisioned write capacity units for a table or a global secondary index. | double |
+| aws.dynamodb.metrics.ReadThrottleEvents.sum | Requests to DynamoDB that exceed the provisioned read capacity units for a table or a global secondary index. | long |
+| aws.dynamodb.metrics.ReplicationLatency.avg | | double |
+| aws.dynamodb.metrics.ReplicationLatency.max | | double |
+| aws.dynamodb.metrics.SuccessfulRequestLatency.avg | | double |
+| aws.dynamodb.metrics.SuccessfulRequestLatency.max | | double |
+| aws.dynamodb.metrics.SystemErrors.sum | The requests to DynamoDB or Amazon DynamoDB Streams that generate an HTTP 500 status code during the specified time period. | long |
+| aws.dynamodb.metrics.ThrottledRequests.sum | Requests to DynamoDB that exceed the provisioned throughput limits on a resource (such as a table or an index). | long |
+| aws.dynamodb.metrics.TransactionConflict.avg | | double |
+| aws.dynamodb.metrics.TransactionConflict.sum | | long |
+| aws.dynamodb.metrics.WriteThrottleEvents.sum | Requests to DynamoDB that exceed the provisioned write capacity units for a table or a global secondary index. | long |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | Instance ID of the host machine. | keyword |
+| cloud.machine.type | | alias |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | | alias |
+
+
+### ebs
+
+An example event for `ebs` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.ebs.metrics.BurstBalance.avg | Used with General Purpose SSD (gp2), Throughput Optimized HDD (st1), and Cold HDD (sc1) volumes only. Provides information about the percentage of I/O credits (for gp2) or throughput credits (for st1 and sc1) remaining in the burst bucket. | double |
+| aws.ebs.metrics.VolumeConsumedReadWriteOps.avg | The total amount of read and write operations (normalized to 256K capacity units) consumed in a specified period of time. Used with Provisioned IOPS SSD volumes only. | double |
+| aws.ebs.metrics.VolumeIdleTime.sum | The total number of seconds in a specified period of time when no read or write operations were submitted. | double |
+| aws.ebs.metrics.VolumeQueueLength.avg | The number of read and write operation requests waiting to be completed in a specified period of time. | double |
+| aws.ebs.metrics.VolumeReadBytes.avg | Average size of each read operation during the period, except on volumes attached to a Nitro-based instance, where the average represents the average over the specified period. | double |
+| aws.ebs.metrics.VolumeReadOps.avg | The total number of read operations in a specified period of time. | double |
+| aws.ebs.metrics.VolumeThroughputPercentage.avg | The percentage of I/O operations per second (IOPS) delivered of the total IOPS provisioned for an Amazon EBS volume. Used with Provisioned IOPS SSD volumes only. | double |
+| aws.ebs.metrics.VolumeTotalReadTime.sum | The total number of seconds spent by all read operations that completed in a specified period of time. | double |
+| aws.ebs.metrics.VolumeTotalWriteTime.sum | The total number of seconds spent by all write operations that completed in a specified period of time. | double |
+| aws.ebs.metrics.VolumeWriteBytes.avg | Average size of each write operation during the period, except on volumes attached to a Nitro-based instance, where the average represents the average over the specified period. | double |
+| aws.ebs.metrics.VolumeWriteOps.avg | The total number of write operations in a specified period of time. | double |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | | alias |
+| cloud.machine.type | Machine type of the host machine. | keyword |
+| cloud.provider | | alias |
+| cloud.region | | alias |
+
+
+### ec2
+
+An example event for `ec2` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.ec2.cpu.credit_balance | The number of earned CPU credits that an instance has accrued since it was launched or started. | long |
+| aws.ec2.cpu.credit_usage | The number of CPU credits spent by the instance for CPU utilization. | long |
+| aws.ec2.cpu.surplus_credit_balance | The number of surplus credits that have been spent by an unlimited instance when its CPUCreditBalance value is zero. | long |
+| aws.ec2.cpu.surplus_credits_charged | The number of spent surplus credits that are not paid down by earned CPU credits, and which thus incur an additional charge. | long |
+| aws.ec2.cpu.total.pct | The percentage of allocated EC2 compute units that are currently in use on the instance. | scaled_float |
+| aws.ec2.diskio.read.bytes | Bytes read from all instance store volumes available to the instance. | long |
+| aws.ec2.diskio.read.bytes_per_sec | Bytes read per second from all instance store volumes available to the instance. | long |
+| aws.ec2.diskio.read.ops | Completed read operations from all instance store volumes available to the instance in a specified period of time. | long |
+| aws.ec2.diskio.read.ops_per_sec | Completed read operations per second from all instance store volumes available to the instance in a specified period of time. | long |
+| aws.ec2.diskio.write.bytes | Bytes written to all instance store volumes available to the instance. | long |
+| aws.ec2.diskio.write.bytes_per_sec | Bytes written per second to all instance store volumes available to the instance. | long |
+| aws.ec2.diskio.write.ops | Completed write operations to all instance store volumes available to the instance in a specified period of time. | long |
+| aws.ec2.diskio.write.ops_per_sec | Completed write operations per second to all instance store volumes available to the instance in a specified period of time. | long |
+| aws.ec2.instance.core.count | The number of CPU cores for the instance. | integer |
+| aws.ec2.instance.image.id | The ID of the image used to launch the instance. | keyword |
+| aws.ec2.instance.monitoring.state | Indicates whether detailed monitoring is enabled. | keyword |
+| aws.ec2.instance.private.dns_name | The private DNS name of the network interface. | keyword |
+| aws.ec2.instance.private.ip | The private IPv4 address associated with the network interface. | ip |
+| aws.ec2.instance.public.dns_name | The public DNS name of the instance. | keyword |
+| aws.ec2.instance.public.ip | The address of the Elastic IP address (IPv4) bound to the network interface. | ip |
+| aws.ec2.instance.state.code | The state of the instance, as a 16-bit unsigned integer. | integer |
+| aws.ec2.instance.state.name | The state of the instance (pending | running | shutting-down | terminated | stopping | stopped). | keyword |
+| aws.ec2.instance.threads_per_core | The number of threads per CPU core. | integer |
+| aws.ec2.network.in.bytes | The number of bytes received on all network interfaces by the instance. | long |
+| aws.ec2.network.in.bytes_per_sec | The number of bytes per second received on all network interfaces by the instance. | long |
+| aws.ec2.network.in.packets | The number of packets received on all network interfaces by the instance. | long |
+| aws.ec2.network.in.packets_per_sec | The number of packets per second sent out on all network interfaces by the instance. | long |
+| aws.ec2.network.out.bytes | The number of bytes sent out on all network interfaces by the instance. | long |
+| aws.ec2.network.out.bytes_per_sec | The number of bytes per second sent out on all network interfaces by the instance. | long |
+| aws.ec2.network.out.packets | The number of packets sent out on all network interfaces by the instance. | long |
+| aws.ec2.network.out.packets_per_sec | The number of packets per second sent out on all network interfaces by the instance. | long |
+| aws.ec2.status.check_failed | Reports whether the instance has passed both the instance status check and the system status check in the last minute. | long |
+| aws.ec2.status.check_failed_instance | Reports whether the instance has passed the instance status check in the last minute. | long |
+| aws.ec2.status.check_failed_system | Reports whether the instance has passed the system status check in the last minute. | long |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | Instance ID of the host machine. | keyword |
+| cloud.machine.type | Machine type of the host machine. | keyword |
+| cloud.provider | | alias |
+| cloud.region | Region in which this host is running. | keyword |
+
+
+### elb
+
+An example event for `elb` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.applicationelb.metrics.ActiveConnectionCount.sum | The total number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets. | long |
+| aws.applicationelb.metrics.ClientTLSNegotiationErrorCount.sum | The number of TLS connections initiated by the client that did not establish a session with the load balancer due to a TLS error. | long |
+| aws.applicationelb.metrics.ConsumedLCUs.avg | The number of load balancer capacity units (LCU) used by your load balancer. | double |
+| aws.applicationelb.metrics.HTTPCode_ELB_3XX_Count.sum | The number of HTTP 3XX redirection codes that originate from the load balancer. | long |
+| aws.applicationelb.metrics.HTTPCode_ELB_4XX_Count.sum | The number of HTTP 4XX client error codes that originate from the load balancer. | long |
+| aws.applicationelb.metrics.HTTPCode_ELB_500_Count.sum | The number of HTTP 500 error codes that originate from the load balancer. | long |
+| aws.applicationelb.metrics.HTTPCode_ELB_502_Count.sum | The number of HTTP 502 error codes that originate from the load balancer. | long |
+| aws.applicationelb.metrics.HTTPCode_ELB_503_Count.sum | The number of HTTP 503 error codes that originate from the load balancer. | long |
+| aws.applicationelb.metrics.HTTPCode_ELB_504_Count.sum | The number of HTTP 504 error codes that originate from the load balancer. | long |
+| aws.applicationelb.metrics.HTTPCode_ELB_5XX_Count.sum | The number of HTTP 5XX server error codes that originate from the load balancer. | long |
+| aws.applicationelb.metrics.HTTP_Fixed_Response_Count.sum | The number of fixed-response actions that were successful. | long |
+| aws.applicationelb.metrics.HTTP_Redirect_Count.sum | The number of redirect actions that were successful. | long |
+| aws.applicationelb.metrics.HTTP_Redirect_Url_Limit_Exceeded_Count.sum | The number of redirect actions that couldn't be completed because the URL in the response location header is larger than 8K. | long |
+| aws.applicationelb.metrics.IPv6ProcessedBytes.sum | The total number of bytes processed by the load balancer over IPv6. | long |
+| aws.applicationelb.metrics.IPv6RequestCount.sum | The number of IPv6 requests received by the load balancer. | long |
+| aws.applicationelb.metrics.NewConnectionCount.sum | The total number of new TCP connections established from clients to the load balancer and from the load balancer to targets. | long |
+| aws.applicationelb.metrics.ProcessedBytes.sum | The total number of bytes processed by the load balancer over IPv4 and IPv6. | long |
+| aws.applicationelb.metrics.RejectedConnectionCount.sum | The number of connections that were rejected because the load balancer had reached its maximum number of connections. | long |
+| aws.applicationelb.metrics.RequestCount.sum | The number of requests processed over IPv4 and IPv6. | long |
+| aws.applicationelb.metrics.RuleEvaluations.sum | The number of rules processed by the load balancer given a request rate averaged over an hour. | long |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.elb.metrics.BackendConnectionErrors.sum | The number of connections that were not successfully established between the load balancer and the registered instances. | long |
+| aws.elb.metrics.EstimatedALBActiveConnectionCount.avg | The estimated number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets. | double |
+| aws.elb.metrics.EstimatedALBConsumedLCUs.avg | The estimated number of load balancer capacity units (LCU) used by an Application Load Balancer. | double |
+| aws.elb.metrics.EstimatedALBNewConnectionCount.avg | The estimated number of new TCP connections established from clients to the load balancer and from the load balancer to targets. | double |
+| aws.elb.metrics.EstimatedProcessedBytes.avg | The estimated number of bytes processed by an Application Load Balancer. | double |
+| aws.elb.metrics.HTTPCode_Backend_2XX.sum | The number of HTTP 2XX response code generated by registered instances. | long |
+| aws.elb.metrics.HTTPCode_Backend_3XX.sum | The number of HTTP 3XX response code generated by registered instances. | long |
+| aws.elb.metrics.HTTPCode_Backend_4XX.sum | The number of HTTP 4XX response code generated by registered instances. | long |
+| aws.elb.metrics.HTTPCode_Backend_5XX.sum | The number of HTTP 5XX response code generated by registered instances. | long |
+| aws.elb.metrics.HTTPCode_ELB_4XX.sum | The number of HTTP 4XX client error codes generated by the load balancer. | long |
+| aws.elb.metrics.HTTPCode_ELB_5XX.sum | The number of HTTP 5XX server error codes generated by the load balancer. | long |
+| aws.elb.metrics.HealthyHostCount.max | The number of healthy instances registered with your load balancer. | long |
+| aws.elb.metrics.Latency.avg | The total time elapsed, in seconds, from the time the load balancer sent the request to a registered instance until the instance started to send the response headers. | double |
+| aws.elb.metrics.RequestCount.sum | The number of requests completed or connections made during the specified interval. | long |
+| aws.elb.metrics.SpilloverCount.sum | The total number of requests that were rejected because the surge queue is full. | long |
+| aws.elb.metrics.SurgeQueueLength.max | The total number of requests (HTTP listener) or connections (TCP listener) that are pending routing to a healthy instance. | long |
+| aws.elb.metrics.UnHealthyHostCount.max | The number of unhealthy instances registered with your load balancer. | long |
+| aws.networkelb.metrics.ActiveFlowCount.avg | The total number of concurrent flows (or connections) from clients to targets. | double |
+| aws.networkelb.metrics.ActiveFlowCount_TCP.avg | The total number of concurrent TCP flows (or connections) from clients to targets. | double |
+| aws.networkelb.metrics.ActiveFlowCount_TLS.avg | The total number of concurrent TLS flows (or connections) from clients to targets. | double |
+| aws.networkelb.metrics.ActiveFlowCount_UDP.avg | The total number of concurrent UDP flows (or connections) from clients to targets. | double |
+| aws.networkelb.metrics.ClientTLSNegotiationErrorCount.sum | The total number of TLS handshakes that failed during negotiation between a client and a TLS listener. | long |
+| aws.networkelb.metrics.ConsumedLCUs.avg | The number of load balancer capacity units (LCU) used by your load balancer. | double |
+| aws.networkelb.metrics.HealthyHostCount.max | The number of targets that are considered healthy. | long |
+| aws.networkelb.metrics.NewFlowCount.sum | The total number of new flows (or connections) established from clients to targets in the time period. | long |
+| aws.networkelb.metrics.NewFlowCount_TLS.sum | The total number of new TLS flows (or connections) established from clients to targets in the time period. | long |
+| aws.networkelb.metrics.ProcessedBytes.sum | The total number of bytes processed by the load balancer, including TCP/IP headers. | long |
+| aws.networkelb.metrics.ProcessedBytes_TLS.sum | The total number of bytes processed by TLS listeners. | long |
+| aws.networkelb.metrics.TCP_Client_Reset_Count.sum | The total number of reset (RST) packets sent from a client to a target. | long |
+| aws.networkelb.metrics.TCP_ELB_Reset_Count.sum | The total number of reset (RST) packets generated by the load balancer. | long |
+| aws.networkelb.metrics.TCP_Target_Reset_Count.sum | The total number of reset (RST) packets sent from a target to a client. | long |
+| aws.networkelb.metrics.TargetTLSNegotiationErrorCount.sum | The total number of TLS handshakes that failed during negotiation between a TLS listener and a target. | long |
+| aws.networkelb.metrics.UnHealthyHostCount.max | The number of targets that are considered unhealthy. | long |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | | alias |
+| cloud.machine.type | | alias |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | | alias |
+
+
+### lambda
+
+An example event for `lambda` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.lambda.metrics.ConcurrentExecutions.avg | The number of function instances that are processing events. | double |
+| aws.lambda.metrics.DeadLetterErrors.avg | For asynchronous invocation, the number of times Lambda attempts to send an event to a dead-letter queue but fails. | double |
+| aws.lambda.metrics.DestinationDeliveryFailures.avg | For asynchronous invocation, the number of times Lambda attempts to send an event to a destination but fails. | double |
+| aws.lambda.metrics.Duration.avg | The amount of time that your function code spends processing an event. | double |
+| aws.lambda.metrics.Errors.avg | The number of invocations that result in a function error. | double |
+| aws.lambda.metrics.Invocations.avg | The number of times your function code is executed, including successful executions and executions that result in a function error. | double |
+| aws.lambda.metrics.IteratorAge.avg | For event source mappings that read from streams, the age of the last record in the event. | double |
+| aws.lambda.metrics.ProvisionedConcurrencyInvocations.sum | The number of times your function code is executed on provisioned concurrency. | long |
+| aws.lambda.metrics.ProvisionedConcurrencySpilloverInvocations.sum | The number of times your function code is executed on standard concurrency when all provisioned concurrency is in use. | long |
+| aws.lambda.metrics.ProvisionedConcurrencyUtilization.max | For a version or alias, the value of ProvisionedConcurrentExecutions divided by the total amount of provisioned concurrency allocated. | long |
+| aws.lambda.metrics.ProvisionedConcurrentExecutions.max | The number of function instances that are processing events on provisioned concurrency. | long |
+| aws.lambda.metrics.Throttles.avg | The number of invocation requests that are throttled. | double |
+| aws.lambda.metrics.UnreservedConcurrentExecutions.avg | For an AWS Region, the number of events that are being processed by functions that don't have reserved concurrency. | double |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | | alias |
+| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | | alias |
+| cloud.machine.type | | alias |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | Region in which this host is running. | keyword |
+
+
+### natgateway
+
+An example event for `natgateway` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.natgateway.metrics.ActiveConnectionCount.max | The total number of concurrent active TCP connections through the NAT gateway. | long |
+| aws.natgateway.metrics.BytesInFromDestination.sum | The number of bytes received by the NAT gateway from the destination. | long |
+| aws.natgateway.metrics.BytesInFromSource.sum | The number of bytes received by the NAT gateway from clients in your VPC. | long |
+| aws.natgateway.metrics.BytesOutToDestination.sum | The number of bytes sent out through the NAT gateway to the destination. | long |
+| aws.natgateway.metrics.BytesOutToSource.sum | The number of bytes sent through the NAT gateway to the clients in your VPC. | long |
+| aws.natgateway.metrics.ConnectionAttemptCount.sum | The number of connection attempts made through the NAT gateway. | long |
+| aws.natgateway.metrics.ConnectionEstablishedCount.sum | The number of connections established through the NAT gateway. | long |
+| aws.natgateway.metrics.ErrorPortAllocation.sum | The number of times the NAT gateway could not allocate a source port. | long |
+| aws.natgateway.metrics.IdleTimeoutCount.sum | The number of connections that transitioned from the active state to the idle state. | long |
+| aws.natgateway.metrics.PacketsDropCount.sum | The number of packets dropped by the NAT gateway. | long |
+| aws.natgateway.metrics.PacketsInFromDestination.sum | The number of packets received by the NAT gateway from the destination. | long |
+| aws.natgateway.metrics.PacketsInFromSource.sum | The number of packets received by the NAT gateway from clients in your VPC. | long |
+| aws.natgateway.metrics.PacketsOutToDestination.sum | The number of packets sent out through the NAT gateway to the destination. | long |
+| aws.natgateway.metrics.PacketsOutToSource.sum | The number of packets sent through the NAT gateway to the clients in your VPC. | long |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | Instance ID of the host machine. | keyword |
+| cloud.machine.type | | alias |
+| cloud.provider | | alias |
+| cloud.region | Region in which this host is running. | keyword |
+
+
+### rds
+
+An example event for `rds` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.rds.aurora_bin_log_replica_lag | The amount of time a replica DB cluster running on Aurora with MySQL compatibility lags behind the source DB cluster. | long |
+| aws.rds.aurora_global_db.data_transfer.bytes | In an Aurora Global Database, the amount of redo log data transferred from the master AWS Region to a secondary AWS Region. | long |
+| aws.rds.aurora_global_db.replicated_write_io.bytes | In an Aurora Global Database, the number of write I/O operations replicated from the primary AWS Region to the cluster volume in a secondary AWS Region. | long |
+| aws.rds.aurora_global_db.replication_lag.ms | For an Aurora Global Database, the amount of lag when replicating updates from the primary AWS Region, in milliseconds. | long |
+| aws.rds.aurora_replica.lag.ms | For an Aurora Replica, the amount of lag when replicating updates from the primary instance, in milliseconds. | long |
+| aws.rds.aurora_replica.lag_max.ms | The maximum amount of lag between the primary instance and each Aurora DB instance in the DB cluster, in milliseconds. | long |
+| aws.rds.aurora_replica.lag_min.ms | The minimum amount of lag between the primary instance and each Aurora DB instance in the DB cluster, in milliseconds. | long |
+| aws.rds.aurora_volume_left_total.bytes | The remaining available space for the cluster volume, measured in bytes. | long |
+| aws.rds.backtrack_change_records.creation_rate | The number of backtrack change records created over five minutes for your DB cluster. | long |
+| aws.rds.backtrack_change_records.stored | The actual number of backtrack change records used by your DB cluster. | long |
+| aws.rds.backtrack_window.actual | The difference between the target backtrack window and the actual backtrack window. | long |
+| aws.rds.backtrack_window.alert | The number of times that the actual backtrack window is smaller than the target backtrack window for a given period of time. | long |
+| aws.rds.backup_storage_billed_total.bytes | The total amount of backup storage in bytes for which you are billed for a given Aurora DB cluster. | long |
+| aws.rds.cache_hit_ratio.buffer | The percentage of requests that are served by the buffer cache. | long |
+| aws.rds.cache_hit_ratio.result_set | The percentage of requests that are served by the Resultset cache. | long |
+| aws.rds.cpu.credit_balance | The number of earned CPU credits that an instance has accrued since it was launched or started. | long |
+| aws.rds.cpu.credit_usage | The number of CPU credits spent by the instance for CPU utilization. | long |
+| aws.rds.cpu.total.pct | The percentage of CPU utilization. | scaled_float |
+| aws.rds.database_connections | The number of database connections in use. | long |
+| aws.rds.db_instance.arn | Amazon Resource Name(ARN) for each rds. | keyword |
+| aws.rds.db_instance.class | Contains the name of the compute and memory capacity class of the DB instance. | keyword |
+| aws.rds.db_instance.db_cluster_identifier | This identifier is the unique key that identifies a DB cluster specifically for Amazon Aurora DB cluster. | keyword |
+| aws.rds.db_instance.engine_name | Each DB instance runs a DB engine, like MySQL, MariaDB, PostgreSQL and etc. | keyword |
+| aws.rds.db_instance.identifier | Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance. | keyword |
+| aws.rds.db_instance.role | DB roles like WRITER or READER, specifically for Amazon Aurora DB cluster. | keyword |
+| aws.rds.db_instance.status | Specifies the current state of this database. | keyword |
+| aws.rds.deadlocks | The average number of deadlocks in the database per second. | long |
+| aws.rds.disk_queue_depth | The number of outstanding IOs (read/write requests) waiting to access the disk. | float |
+| aws.rds.disk_usage.bin_log.bytes | The amount of disk space occupied by binary logs on the master. Applies to MySQL read replicas. | long |
+| aws.rds.disk_usage.replication_slot.mb | The disk space used by replication slot files. Applies to PostgreSQL. | long |
+| aws.rds.disk_usage.transaction_logs.mb | The disk space used by transaction logs. Applies to PostgreSQL. | long |
+| aws.rds.engine_uptime.sec | The amount of time that the instance has been running, in seconds. | long |
+| aws.rds.failed_sql_server_agent_jobs | The number of failed SQL Server Agent jobs during the last minute. | long |
+| aws.rds.free_local_storage.bytes | The amount of storage available for temporary tables and logs, in bytes. | long |
+| aws.rds.free_storage.bytes | The amount of available storage space. | long |
+| aws.rds.freeable_memory.bytes | The amount of available random access memory. | long |
+| aws.rds.latency.commit | The amount of latency for commit operations, in milliseconds. | float |
+| aws.rds.latency.ddl | The amount of latency for data definition language (DDL) requests, in milliseconds. | float |
+| aws.rds.latency.delete | The amount of latency for delete queries, in milliseconds. | float |
+| aws.rds.latency.dml | The amount of latency for inserts, updates, and deletes, in milliseconds. | float |
+| aws.rds.latency.insert | The amount of latency for insert queries, in milliseconds. | float |
+| aws.rds.latency.read | The average amount of time taken per disk I/O operation. | float |
+| aws.rds.latency.select | The amount of latency for select queries, in milliseconds. | float |
+| aws.rds.latency.update | The amount of latency for update queries, in milliseconds. | float |
+| aws.rds.latency.write | The average amount of time taken per disk I/O operation. | float |
+| aws.rds.login_failures | The average number of failed login attempts per second. | long |
+| aws.rds.maximum_used_transaction_ids | The maximum transaction ID that has been used. Applies to PostgreSQL. | long |
+| aws.rds.oldest_replication_slot_lag.mb | The lagging size of the replica lagging the most in terms of WAL data received. Applies to PostgreSQL. | long |
+| aws.rds.queries | The average number of queries executed per second. | long |
+| aws.rds.rds_to_aurora_postgresql_replica_lag.sec | The amount of lag in seconds when replicating updates from the primary RDS PostgreSQL instance to other nodes in the cluster. | long |
+| aws.rds.read_io.ops_per_sec | The average number of disk read I/O operations per second. | float |
+| aws.rds.replica_lag.sec | The amount of time a Read Replica DB instance lags behind the source DB instance. Applies to MySQL, MariaDB, and PostgreSQL Read Replicas. | long |
+| aws.rds.storage_used.backup_retention_period.bytes | The total amount of backup storage in bytes used to support the point-in-time restore feature within the Aurora DB cluster's backup retention window. | long |
+| aws.rds.storage_used.snapshot.bytes | The total amount of backup storage in bytes consumed by all Aurora snapshots for an Aurora DB cluster outside its backup retention window. | long |
+| aws.rds.swap_usage.bytes | The amount of swap space used on the DB instance. This metric is not available for SQL Server. | long |
+| aws.rds.throughput.commit | The average number of commit operations per second. | float |
+| aws.rds.throughput.ddl | The average number of DDL requests per second. | float |
+| aws.rds.throughput.delete | The average number of delete queries per second. | float |
+| aws.rds.throughput.dml | The average number of inserts, updates, and deletes per second. | float |
+| aws.rds.throughput.insert | The average number of insert queries per second. | float |
+| aws.rds.throughput.network | The amount of network throughput both received from and transmitted to clients by each instance in the Aurora MySQL DB cluster, in bytes per second. | float |
+| aws.rds.throughput.network_receive | The incoming (Receive) network traffic on the DB instance, including both customer database traffic and Amazon RDS traffic used for monitoring and replication. | float |
+| aws.rds.throughput.network_transmit | The outgoing (Transmit) network traffic on the DB instance, including both customer database traffic and Amazon RDS traffic used for monitoring and replication. | float |
+| aws.rds.throughput.read | The average amount of time taken per disk I/O operation. | float |
+| aws.rds.throughput.select | The average number of select queries per second. | float |
+| aws.rds.throughput.update | The average number of update queries per second. | float |
+| aws.rds.throughput.write | The average number of bytes written to disk per second. | float |
+| aws.rds.transaction_logs_generation | The disk space used by transaction logs. Applies to PostgreSQL. | long |
+| aws.rds.transactions.active | The average number of current transactions executing on an Aurora database instance per second. | long |
+| aws.rds.transactions.blocked | The average number of transactions in the database that are blocked per second. | long |
+| aws.rds.volume.read.iops | The number of billed read I/O operations from a cluster volume, reported at 5-minute intervals. | long |
+| aws.rds.volume.write.iops | The number of write disk I/O operations to the cluster volume, reported at 5-minute intervals. | long |
+| aws.rds.volume_used.bytes | The amount of storage used by your Aurora DB instance, in bytes. | long |
+| aws.rds.write_io.ops_per_sec | The average number of disk write I/O operations per second. | float |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | | alias |
+| cloud.instance.id | | alias |
+| cloud.machine.type | Machine type of the host machine. | keyword |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | Region in which this host is running. | keyword |
+
+
+### s3_daily_storage
+
+An example event for `s3_daily_storage` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.s3_daily_storage.bucket.size.bytes | The amount of data in bytes stored in a bucket. | long |
+| aws.s3_daily_storage.number_of_objects | The total number of objects stored in a bucket for all storage classes. | long |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | | alias |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | | alias |
+| cloud.machine.type | Machine type of the host machine. | keyword |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | Region in which this host is running. | keyword |
+
+
+### s3_request
+
+An example event for `s3_request` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.s3_request.downloaded.bytes | The number bytes downloaded for requests made to an Amazon S3 bucket, where the response includes a body. | long |
+| aws.s3_request.errors.4xx | The number of HTTP 4xx client error status code requests made to an Amazon S3 bucket with a value of either 0 or 1. | long |
+| aws.s3_request.errors.5xx | The number of HTTP 5xx server error status code requests made to an Amazon S3 bucket with a value of either 0 or 1. | long |
+| aws.s3_request.latency.first_byte.ms | The per-request time from the complete request being received by an Amazon S3 bucket to when the response starts to be returned. | long |
+| aws.s3_request.latency.total_request.ms | The elapsed per-request time from the first byte received to the last byte sent to an Amazon S3 bucket. | long |
+| aws.s3_request.requests.delete | The number of HTTP DELETE requests made for objects in an Amazon S3 bucket. | long |
+| aws.s3_request.requests.get | The number of HTTP GET requests made for objects in an Amazon S3 bucket. | long |
+| aws.s3_request.requests.head | The number of HTTP HEAD requests made to an Amazon S3 bucket. | long |
+| aws.s3_request.requests.list | The number of HTTP requests that list the contents of a bucket. | long |
+| aws.s3_request.requests.post | The number of HTTP POST requests made to an Amazon S3 bucket. | long |
+| aws.s3_request.requests.put | The number of HTTP PUT requests made for objects in an Amazon S3 bucket. | long |
+| aws.s3_request.requests.select | The number of Amazon S3 SELECT Object Content requests made for objects in an Amazon S3 bucket. | long |
+| aws.s3_request.requests.select_returned.bytes | The number of bytes of data returned with Amazon S3 SELECT Object Content requests in an Amazon S3 bucket. | long |
+| aws.s3_request.requests.select_scanned.bytes | The number of bytes of data scanned with Amazon S3 SELECT Object Content requests in an Amazon S3 bucket. | long |
+| aws.s3_request.requests.total | The total number of HTTP requests made to an Amazon S3 bucket, regardless of type. | long |
+| aws.s3_request.uploaded.bytes | The number bytes uploaded that contain a request body, made to an Amazon S3 bucket. | long |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | Instance ID of the host machine. | keyword |
+| cloud.machine.type | | alias |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | | alias |
+
+
+### sns
+
+An example event for `sns` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.sns.metrics.NumberOfMessagesPublished.sum | The number of messages published to your Amazon SNS topics. | long |
+| aws.sns.metrics.NumberOfNotificationsDelivered.sum | The number of messages successfully delivered from your Amazon SNS topics to subscribing endpoints. | long |
+| aws.sns.metrics.NumberOfNotificationsFailed.sum | The number of messages that Amazon SNS failed to deliver. | long |
+| aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum | The number of messages that couldn't be moved to a dead-letter queue. | long |
+| aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum | The number of messages that were rejected by subscription filter policies because the messages' attributes are invalid - for example, because the attribute JSON is incorrectly formatted. | long |
+| aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum | The number of messages that were rejected by subscription filter policies because the messages have no attributes. | long |
+| aws.sns.metrics.NumberOfNotificationsFilteredOut.sum | The number of messages that were rejected by subscription filter policies. | long |
+| aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum | The number of messages that have been moved to a dead-letter queue. | long |
+| aws.sns.metrics.PublishSize.avg | The size of messages published. | double |
+| aws.sns.metrics.SMSMonthToDateSpentUSD.sum | The charges you have accrued since the start of the current calendar month for sending SMS messages. | long |
+| aws.sns.metrics.SMSSuccessRate.avg | The rate of successful SMS message deliveries. | double |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | | alias |
+| cloud.machine.type | Machine type of the host machine. | keyword |
+| cloud.provider | | alias |
+| cloud.region | | alias |
+
+
+### sqs
+
+An example event for `sqs` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.sqs.empty_receives | The number of ReceiveMessage API calls that did not return a message. | long |
+| aws.sqs.messages.delayed | TThe number of messages in the queue that are delayed and not available for reading immediately. | long |
+| aws.sqs.messages.deleted | The number of messages deleted from the queue. | long |
+| aws.sqs.messages.not_visible | The number of messages that are in flight. | long |
+| aws.sqs.messages.received | The number of messages returned by calls to the ReceiveMessage action. | long |
+| aws.sqs.messages.sent | The number of messages added to a queue. | long |
+| aws.sqs.messages.visible | The number of messages available for retrieval from the queue. | long |
+| aws.sqs.oldest_message_age.sec | The approximate age of the oldest non-deleted message in the queue. | long |
+| aws.sqs.queue.name | SQS queue name | keyword |
+| aws.sqs.sent_message_size.bytes | The size of messages added to a queue. | long |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | Instance ID of the host machine. | keyword |
+| cloud.machine.type | | alias |
+| cloud.provider | | alias |
+| cloud.region | | alias |
+
+
+### transitgateway
+
+An example event for `transitgateway` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| aws.transitgateway.metrics.BytesIn.sum | The number of bytes received by the transit gateway. | long |
+| aws.transitgateway.metrics.BytesOut.sum | The number of bytes sent from the transit gateway. | long |
+| aws.transitgateway.metrics.PacketDropCountBlackhole.sum | The number of packets dropped because they matched a blackhole route. | long |
+| aws.transitgateway.metrics.PacketDropCountNoRoute.sum | The number of packets dropped because they did not match a route. | long |
+| aws.transitgateway.metrics.PacketsIn.sum | The number of packets received by the transit gateway. | long |
+| aws.transitgateway.metrics.PacketsOut.sum | The number of packets sent by the transit gateway. | long |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | | alias |
+| cloud.instance.id | | alias |
+| cloud.machine.type | | alias |
+| cloud.provider | | alias |
+| cloud.region | Region in which this host is running. | keyword |
+
+
+### usage
+
+An example event for `usage` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| aws.usage.metrics.CallCount.sum | The number of specified API operations performed in your account. | long |
+| aws.usage.metrics.ResourceCount.sum | The number of the specified resources running in your account. The resources are defined by the dimensions associated with the metric. | long |
+| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | | alias |
+| cloud.machine.type | Machine type of the host machine. | keyword |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | Region in which this host is running. | keyword |
+
+
+### vpn
+
+An example event for `vpn` looks as following:
+
+```$json
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| aws.*.metrics.*.* | Metrics that returned from Cloudwatch API query. | object |
+| aws.dimensions.* | Metric dimensions. | object |
+| aws.s3.bucket.name | Name of a S3 bucket. | keyword |
+| aws.tags.* | Tag key value pairs from aws resources. | object |
+| aws.vpn.metrics.TunnelDataIn.sum | The bytes received through the VPN tunnel. | double |
+| aws.vpn.metrics.TunnelDataOut.sum | The bytes sent through the VPN tunnel. | double |
+| aws.vpn.metrics.TunnelState.avg | The state of the tunnel. For static VPNs, 0 indicates DOWN and 1 indicates UP. For BGP VPNs, 1 indicates ESTABLISHED and 0 is used for all other states. | double |
+| cloud.account.id | | alias |
+| cloud.account.name | | alias |
+| cloud.availability_zone | Availability zone in which this host is running. | keyword |
+| cloud.instance.id | | alias |
+| cloud.machine.type | | alias |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
+| cloud.region | Region in which this host is running. | keyword |
+
diff --git a/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-cloudtrail.png b/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-cloudtrail.png
new file mode 100644
index 00000000000..5ec69e272be
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-cloudtrail.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-elb-overview.png b/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-elb-overview.png
new file mode 100644
index 00000000000..6b0cc1b74bc
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-elb-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-s3access-overview.png b/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-s3access-overview.png
new file mode 100644
index 00000000000..a6b762aacaf
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-s3access-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-vpcflow-overview.png b/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-vpcflow-overview.png
new file mode 100644
index 00000000000..d0524b898ac
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/filebeat-aws-vpcflow-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/logo_aws.svg b/dev/packages/alpha/aws/0.0.3/img/logo_aws.svg
new file mode 100644
index 00000000000..f6ac6f71962
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/img/logo_aws.svg
@@ -0,0 +1,9 @@
+
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-billing-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-billing-overview.png
new file mode 100644
index 00000000000..9544b1fa8a8
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-billing-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-dynamodb-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-dynamodb-overview.png
new file mode 100644
index 00000000000..386c960f22b
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-dynamodb-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-ebs-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-ebs-overview.png
new file mode 100644
index 00000000000..48d09ae90d1
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-ebs-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-ec2-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-ec2-overview.png
new file mode 100644
index 00000000000..f9b2d621f4f
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-ec2-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-elb-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-elb-overview.png
new file mode 100644
index 00000000000..37eecc1bd09
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-elb-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-lambda-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-lambda-overview.png
new file mode 100644
index 00000000000..84a228b51e3
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-lambda-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-overview.png
new file mode 100644
index 00000000000..7f93b5d99db
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-rds-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-rds-overview.png
new file mode 100644
index 00000000000..d44b0215884
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-rds-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-s3-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-s3-overview.png
new file mode 100644
index 00000000000..f64b8606e32
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-s3-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-sns-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-sns-overview.png
new file mode 100644
index 00000000000..29df3a010d9
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-sns-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-sqs-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-sqs-overview.png
new file mode 100644
index 00000000000..c45a261f782
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-sqs-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-usage-overview.png b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-usage-overview.png
new file mode 100644
index 00000000000..3c4e67f4930
Binary files /dev/null and b/dev/packages/alpha/aws/0.0.3/img/metricbeat-aws-usage-overview.png differ
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..dede7e5ea32
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,217 @@
+{
+ "attributes": {
+ "description": "Overview of AWS Transit Gateway Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "filters"
+ },
+ "gridData": {
+ "h": 5,
+ "i": "af1453d8-04d3-4b44-a3b0-138111255a23",
+ "w": 48,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "af1453d8-04d3-4b44-a3b0-138111255a23",
+ "panelRefName": "panel_0",
+ "title": "filters",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Bytes In"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "14555108-559d-4c07-b240-6e6b14254f16",
+ "w": 24,
+ "x": 0,
+ "y": 5
+ },
+ "panelIndex": "14555108-559d-4c07-b240-6e6b14254f16",
+ "panelRefName": "panel_1",
+ "title": "Bytes In",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Packets In"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "9c605367-60e3-4e9c-8036-a6191dbafe4a",
+ "w": 24,
+ "x": 24,
+ "y": 5
+ },
+ "panelIndex": "9c605367-60e3-4e9c-8036-a6191dbafe4a",
+ "panelRefName": "panel_2",
+ "title": "Packets In",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Bytes Out"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "271558e6-b208-4e2c-abfb-0a6b2dbb0c66",
+ "w": 24,
+ "x": 0,
+ "y": 17
+ },
+ "panelIndex": "271558e6-b208-4e2c-abfb-0a6b2dbb0c66",
+ "panelRefName": "panel_3",
+ "title": "Bytes Out",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Packets Out"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "41002ab1-845b-469e-9283-8a46a90e4662",
+ "w": 24,
+ "x": 24,
+ "y": 17
+ },
+ "panelIndex": "41002ab1-845b-469e-9283-8a46a90e4662",
+ "panelRefName": "panel_4",
+ "title": "Packets Out",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Bytes Dropped - no route"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "b141f90b-739e-46f3-83c9-9c4661183837",
+ "w": 24,
+ "x": 0,
+ "y": 29
+ },
+ "panelIndex": "b141f90b-739e-46f3-83c9-9c4661183837",
+ "panelRefName": "panel_5",
+ "title": "Bytes Dropped - no route",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Packets Dropped - no route"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "c6a76f92-248b-4cae-a03f-7d34d58098ae",
+ "w": 24,
+ "x": 24,
+ "y": 29
+ },
+ "panelIndex": "c6a76f92-248b-4cae-a03f-7d34d58098ae",
+ "panelRefName": "panel_6",
+ "title": "Packets Dropped - no route",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Bytes Dropped - black hole"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "1d08d3b8-3bd7-4f90-854d-be08cb119273",
+ "w": 24,
+ "x": 0,
+ "y": 41
+ },
+ "panelIndex": "1d08d3b8-3bd7-4f90-854d-be08cb119273",
+ "panelRefName": "panel_7",
+ "title": "Bytes Dropped - black hole",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Packets Dropped - black hole"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "40e82e50-b30c-40eb-bbee-9bbfc3d3311f",
+ "w": 24,
+ "x": 24,
+ "y": 41
+ },
+ "panelIndex": "40e82e50-b30c-40eb-bbee-9bbfc3d3311f",
+ "panelRefName": "panel_8",
+ "title": "Packets Dropped - black hole",
+ "version": "7.6.1"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] TransitGateway Overview",
+ "version": 1
+ },
+ "id": "0eb5a6a0-694f-11ea-b0ac-95d4ecb1fecd",
+ "references": [
+ {
+ "id": "415fed40-694f-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "cd6419c0-6949-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "0a36b590-694c-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "10e0f270-694c-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "01ed5990-694a-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "007ceec0-694c-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "f7c17000-6949-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_7",
+ "type": "visualization"
+ },
+ {
+ "id": "c1db9b80-694b-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_8",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/15503340-4488-11ea-ad63-791a5dc86f10.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/15503340-4488-11ea-ad63-791a5dc86f10.json
new file mode 100644
index 00000000000..1ec48b982ab
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/15503340-4488-11ea-ad63-791a5dc86f10.json
@@ -0,0 +1,140 @@
+{
+ "attributes": {
+ "description": "Logs AWS VPC Flow Log Overview Dashboard",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "S3 Bucket Filter"
+ },
+ "gridData": {
+ "h": 5,
+ "i": "c802177f-038c-4a35-a82d-0fa42c857d02",
+ "w": 18,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "c802177f-038c-4a35-a82d-0fa42c857d02",
+ "panelRefName": "panel_0",
+ "title": "S3 Bucket Filter",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "isLayerTOCOpen": true,
+ "mapCenter": {
+ "lat": 12.09237,
+ "lon": 60.11722,
+ "zoom": 0.47
+ },
+ "openTOCDetails": [],
+ "title": "VPC Flow Action Geo Location"
+ },
+ "gridData": {
+ "h": 17,
+ "i": "380eed85-225b-4d5d-88bc-1c70a3643ddb",
+ "w": 30,
+ "x": 18,
+ "y": 0
+ },
+ "panelIndex": "380eed85-225b-4d5d-88bc-1c70a3643ddb",
+ "panelRefName": "panel_1",
+ "title": "VPC Flow Action Geo Location",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "VPC Flow Top IP Addresses"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "3dde08df-2d7e-464e-825d-03179e43e175",
+ "w": 18,
+ "x": 0,
+ "y": 5
+ },
+ "panelIndex": "3dde08df-2d7e-464e-825d-03179e43e175",
+ "panelRefName": "panel_2",
+ "title": "VPC Flow Top IP Addresses",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "VPC Flow Total Requests"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "f7c6de04-c771-47ff-a32d-00a7940e414a",
+ "w": 48,
+ "x": 0,
+ "y": 17
+ },
+ "panelIndex": "f7c6de04-c771-47ff-a32d-00a7940e414a",
+ "panelRefName": "panel_3",
+ "title": "VPC Flow Total Requests",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "VPC Flow Reject Logs"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "b4dbbe72-0dc0-428b-b21e-91c6cc82745c",
+ "w": 48,
+ "x": 0,
+ "y": 29
+ },
+ "panelIndex": "b4dbbe72-0dc0-428b-b21e-91c6cc82745c",
+ "panelRefName": "panel_4",
+ "title": "VPC Flow Reject Logs",
+ "version": "7.4.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Logs AWS] VPC Flow Log Overview",
+ "version": 1
+ },
+ "id": "15503340-4488-11ea-ad63-791a5dc86f10",
+ "references": [
+ {
+ "id": "247e2990-4699-11ea-ad63-791a5dc86f10",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "513a3d70-4482-11ea-ad63-791a5dc86f10",
+ "name": "panel_1",
+ "type": "map"
+ },
+ {
+ "id": "75853f20-4484-11ea-ad63-791a5dc86f10",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "bad8c910-4485-11ea-ad63-791a5dc86f10",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "c1aee600-4487-11ea-ad63-791a5dc86f10",
+ "name": "panel_4",
+ "type": "search"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/234aeda0-43b7-11e9-8697-530f39afc6eb.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/234aeda0-43b7-11e9-8697-530f39afc6eb.json
new file mode 100644
index 00000000000..d0e4b10491a
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/234aeda0-43b7-11e9-8697-530f39afc6eb.json
@@ -0,0 +1,196 @@
+{
+ "attributes": {
+ "description": "Overview of AWS SQS Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "SQS Messages Visible"
+ },
+ "gridData": {
+ "h": 8,
+ "i": "1",
+ "w": 12,
+ "x": 12,
+ "y": 0
+ },
+ "panelIndex": "1",
+ "panelRefName": "panel_0",
+ "title": "SQS Messages Visible",
+ "version": "7.6.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SQS Oldest Message Age in Seconds"
+ },
+ "gridData": {
+ "h": 8,
+ "i": "2",
+ "w": 12,
+ "x": 36,
+ "y": 0
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_1",
+ "title": "SQS Oldest Message Age in Seconds",
+ "version": "7.6.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SQS Messages Received"
+ },
+ "gridData": {
+ "h": 8,
+ "i": "3",
+ "w": 24,
+ "x": 0,
+ "y": 8
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_2",
+ "title": "SQS Messages Received",
+ "version": "7.6.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SQS Messages Deleted"
+ },
+ "gridData": {
+ "h": 8,
+ "i": "4",
+ "w": 24,
+ "x": 24,
+ "y": 8
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_3",
+ "title": "SQS Messages Deleted",
+ "version": "7.6.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SQS Messages Delayed"
+ },
+ "gridData": {
+ "h": 8,
+ "i": "7",
+ "w": 24,
+ "x": 0,
+ "y": 16
+ },
+ "panelIndex": "7",
+ "panelRefName": "panel_4",
+ "title": "SQS Messages Delayed",
+ "version": "7.6.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SQS Messages Sent"
+ },
+ "gridData": {
+ "h": 8,
+ "i": "8",
+ "w": 24,
+ "x": 24,
+ "y": 16
+ },
+ "panelIndex": "8",
+ "panelRefName": "panel_5",
+ "title": "SQS Messages Sent",
+ "version": "7.6.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SQS Filters"
+ },
+ "gridData": {
+ "h": 8,
+ "i": "9",
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "9",
+ "panelRefName": "panel_6",
+ "title": "SQS Filters",
+ "version": "7.6.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SQS Empty Receives"
+ },
+ "gridData": {
+ "h": 8,
+ "i": "10",
+ "w": 12,
+ "x": 24,
+ "y": 0
+ },
+ "panelIndex": "10",
+ "panelRefName": "panel_7",
+ "title": "SQS Empty Receives",
+ "version": "7.6.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] SQS Overview",
+ "version": 1
+ },
+ "id": "234aeda0-43b7-11e9-8697-530f39afc6eb",
+ "references": [
+ {
+ "id": "f74eb760-41e8-11e9-b7a0-c99d9d127b61",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "53730d20-437e-11e9-8697-530f39afc6eb",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "1235fe50-41e7-11e9-b7a0-c99d9d127b61",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "be6c4180-41e6-11e9-b7a0-c99d9d127b61",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "dcd31cd0-41e5-11e9-b7a0-c99d9d127b61",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "dd2f2a10-41e6-11e9-b7a0-c99d9d127b61",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "b0afd3e0-43b7-11e9-8697-530f39afc6eb",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892",
+ "name": "panel_7",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/3367c170-921f-11e9-aa19-159bf182e06f.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/3367c170-921f-11e9-aa19-159bf182e06f.json
new file mode 100644
index 00000000000..740c5276dfb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/3367c170-921f-11e9-aa19-159bf182e06f.json
@@ -0,0 +1,193 @@
+{
+ "attributes": {
+ "description": "Overview of AWS RDS Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "Database Connections"
+ },
+ "gridData": {
+ "h": 6,
+ "i": "1",
+ "w": 19,
+ "x": 10,
+ "y": 0
+ },
+ "panelIndex": "1",
+ "panelRefName": "panel_0",
+ "title": "Database Connections",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Insert Latency in Milliseconds"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "3",
+ "w": 24,
+ "x": 0,
+ "y": 6
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_1",
+ "title": "Insert Latency in Milliseconds",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Select Latency in Milliseconds"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "4",
+ "w": 24,
+ "x": 24,
+ "y": 6
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_2",
+ "title": "Select Latency in Milliseconds",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Transaction Blocked"
+ },
+ "gridData": {
+ "h": 6,
+ "i": "5",
+ "w": 19,
+ "x": 29,
+ "y": 0
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_3",
+ "title": "Transaction Blocked",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 6,
+ "i": "6",
+ "w": 10,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "6",
+ "panelRefName": "panel_4",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Insert Throughput in Count/Second"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "7",
+ "w": 24,
+ "x": 0,
+ "y": 16
+ },
+ "panelIndex": "7",
+ "panelRefName": "panel_5",
+ "title": "Insert Throughput in Count/Second",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Select Throughput in Count/Second"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "8",
+ "w": 24,
+ "x": 24,
+ "y": 16
+ },
+ "panelIndex": "8",
+ "panelRefName": "panel_6",
+ "title": "Select Throughput in Count/Second",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Disk Queue Depth"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "132653bc-2669-4e8c-b536-06c680e9acf0",
+ "w": 48,
+ "x": 0,
+ "y": 27
+ },
+ "panelIndex": "132653bc-2669-4e8c-b536-06c680e9acf0",
+ "panelRefName": "panel_7",
+ "title": "Disk Queue Depth",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] RDS Overview",
+ "version": 1
+ },
+ "id": "3367c170-921f-11e9-aa19-159bf182e06f",
+ "references": [
+ {
+ "id": "17fcda50-921b-11e9-aa19-159bf182e06f",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "8b8a7f80-921c-11e9-aa19-159bf182e06f",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "cc3a1950-921c-11e9-aa19-159bf182e06f",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "00b29040-921d-11e9-aa19-159bf182e06f",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "b5308940-7347-11e9-816b-07687310a99a",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "c1afd130-921e-11e9-aa19-159bf182e06f",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "e06e4cf0-921e-11e9-aa19-159bf182e06f",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "966ae990-d979-11e9-9458-bbef63ad717b",
+ "name": "panel_7",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..271f612fe67
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/3af47420-3e7b-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,224 @@
+{
+ "attributes": {
+ "description": "Logs AWS ELB Access Log Overview Dashboard",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "isLayerTOCOpen": false,
+ "mapCenter": {
+ "lat": 51.63808,
+ "lon": 17.07232,
+ "zoom": 3.47
+ },
+ "openTOCDetails": [],
+ "title": "ELB Requests Geolocation"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "2c97b32e-5548-429d-9ce0-1bbc3d2398ac",
+ "w": 16,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "2c97b32e-5548-429d-9ce0-1bbc3d2398ac",
+ "panelRefName": "panel_0",
+ "title": "ELB Requests Geolocation",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "ELB Inbound Traffic"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9",
+ "w": 16,
+ "x": 16,
+ "y": 0
+ },
+ "panelIndex": "26ebbde3-ee0c-4b4d-8ab9-404cbe5786a9",
+ "panelRefName": "panel_1",
+ "title": "ELB Inbound Traffic",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "ELB Top User Agents"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "48ecb39f-57a5-4805-a8a9-77385a996d75",
+ "w": 16,
+ "x": 32,
+ "y": 14
+ },
+ "panelIndex": "48ecb39f-57a5-4805-a8a9-77385a996d75",
+ "panelRefName": "panel_2",
+ "title": "ELB Top User Agents",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "ELB Total Requests"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "9812996e-ba10-41bd-b134-c9705a0973b4",
+ "w": 16,
+ "x": 0,
+ "y": 14
+ },
+ "panelIndex": "9812996e-ba10-41bd-b134-c9705a0973b4",
+ "panelRefName": "panel_3",
+ "title": "ELB Total Requests",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "ELB Top IP Addresses"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "bb25b36e-0787-48fd-aa22-7ba8c08a9c36",
+ "w": 16,
+ "x": 16,
+ "y": 14
+ },
+ "panelIndex": "bb25b36e-0787-48fd-aa22-7ba8c08a9c36",
+ "panelRefName": "panel_4",
+ "title": "ELB Top IP Addresses",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "ELB Outbound Traffic"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "bf43580d-cc26-415b-ae36-d678a232b544",
+ "w": 16,
+ "x": 32,
+ "y": 0
+ },
+ "panelIndex": "bf43580d-cc26-415b-ae36-d678a232b544",
+ "panelRefName": "panel_5",
+ "title": "ELB Outbound Traffic",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "ELB HTTP 2xx"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "466e825b-6ee2-43c3-b221-21abe27612dd",
+ "w": 16,
+ "x": 0,
+ "y": 28
+ },
+ "panelIndex": "466e825b-6ee2-43c3-b221-21abe27612dd",
+ "panelRefName": "panel_6",
+ "title": "ELB HTTP 2xx",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "ELB HTTP 4xx"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "d42994a6-922c-4f86-bf99-a46f87ff106d",
+ "w": 16,
+ "x": 16,
+ "y": 28
+ },
+ "panelIndex": "d42994a6-922c-4f86-bf99-a46f87ff106d",
+ "panelRefName": "panel_7",
+ "title": "ELB HTTP 4xx",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "ELB HTTP 5xx"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "f45aaa2c-c244-4d1a-8ad4-4794130b9827",
+ "w": 16,
+ "x": 32,
+ "y": 28
+ },
+ "panelIndex": "f45aaa2c-c244-4d1a-8ad4-4794130b9827",
+ "panelRefName": "panel_8",
+ "title": "ELB HTTP 5xx",
+ "version": "7.4.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Logs AWS] ELB Access Log Overview",
+ "version": 1
+ },
+ "id": "3af47420-3e7b-11ea-bb0a-69c3ca1d410f",
+ "references": [
+ {
+ "id": "0edf0640-3e7e-11ea-bb0a-69c3ca1d410f",
+ "name": "panel_0",
+ "type": "map"
+ },
+ {
+ "id": "76af8140-3e84-11ea-bb0a-69c3ca1d410f",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "73970bc0-3e86-11ea-bb0a-69c3ca1d410f",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "ceb7c030-3e86-11ea-bb0a-69c3ca1d410f",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "bd37d720-3e84-11ea-bb0a-69c3ca1d410f",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "219c1850-3e82-11ea-bb0a-69c3ca1d410f",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "b6a308f0-3e82-11ea-bb0a-69c3ca1d410f",
+ "name": "panel_7",
+ "type": "visualization"
+ },
+ {
+ "id": "d8b1e830-3e82-11ea-bb0a-69c3ca1d410f",
+ "name": "panel_8",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/44ce4680-b7ba-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/44ce4680-b7ba-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..7a61863e8b1
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/44ce4680-b7ba-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,217 @@
+{
+ "attributes": {
+ "description": "[Metrics AWS] Overview of EBS Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 10,
+ "i": "1",
+ "w": 24,
+ "x": 24,
+ "y": 10
+ },
+ "panelIndex": "1",
+ "panelRefName": "panel_0",
+ "title": "Volume Write Ops",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 10,
+ "i": "2",
+ "w": 24,
+ "x": 0,
+ "y": 10
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_1",
+ "title": "Volume Read Ops",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 10,
+ "i": "3",
+ "w": 24,
+ "x": 24,
+ "y": 20
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_2",
+ "title": "Volume Write Bytes",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 10,
+ "i": "4",
+ "w": 24,
+ "x": 0,
+ "y": 20
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_3",
+ "title": "Volume Read Bytes",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 10,
+ "i": "5",
+ "w": 19,
+ "x": 8,
+ "y": 0
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_4",
+ "title": "Volume Queue Length",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 10,
+ "i": "6",
+ "w": 24,
+ "x": 24,
+ "y": 30
+ },
+ "panelIndex": "6",
+ "panelRefName": "panel_5",
+ "title": "Volume Total Write Time",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 10,
+ "i": "7",
+ "w": 24,
+ "x": 0,
+ "y": 30
+ },
+ "panelIndex": "7",
+ "panelRefName": "panel_6",
+ "title": "Volume Total Read Time",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 10,
+ "i": "8",
+ "w": 21,
+ "x": 27,
+ "y": 0
+ },
+ "panelIndex": "8",
+ "panelRefName": "panel_7",
+ "title": "Volume Idle Time",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 5,
+ "i": "9",
+ "w": 8,
+ "x": 0,
+ "y": 5
+ },
+ "panelIndex": "9",
+ "panelRefName": "panel_8",
+ "title": "EBS Volume ID Filter",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 5,
+ "i": "10",
+ "w": 8,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "10",
+ "panelRefName": "panel_9",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] EBS Overview",
+ "version": 1
+ },
+ "id": "44ce4680-b7ba-11e9-8349-f15f850c5cd0",
+ "references": [
+ {
+ "id": "f6831f30-b7b6-11e9-8349-f15f850c5cd0",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "c0e32d50-b7b8-11e9-8349-f15f850c5cd0",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "b00c4390-b7b8-11e9-8349-f15f850c5cd0",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "fe0581b0-b7b8-11e9-8349-f15f850c5cd0",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "25384bf0-b7b9-11e9-8349-f15f850c5cd0",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "12eff7e0-b7b9-11e9-8349-f15f850c5cd0",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "67f43080-b7b9-11e9-8349-f15f850c5cd0",
+ "name": "panel_7",
+ "type": "visualization"
+ },
+ {
+ "id": "d045d120-b7b9-11e9-8349-f15f850c5cd0",
+ "name": "panel_8",
+ "type": "visualization"
+ },
+ {
+ "id": "b5308940-7347-11e9-816b-07687310a99a",
+ "name": "panel_9",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/4746e000-bacd-11e9-9f70-1f7bda85a5eb.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/4746e000-bacd-11e9-9f70-1f7bda85a5eb.json
new file mode 100644
index 00000000000..e4cc457041b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/4746e000-bacd-11e9-9f70-1f7bda85a5eb.json
@@ -0,0 +1,91 @@
+{
+ "attributes": {
+ "description": "Logs AWS S3 Server Access Log Overview Dashboard",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "Top URLs"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "1",
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "1",
+ "panelRefName": "panel_0",
+ "title": "Top URLs",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Http Status over time"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "2",
+ "w": 24,
+ "x": 24,
+ "y": 0
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_1",
+ "title": "Http Status over time",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Error Logs"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "3",
+ "w": 48,
+ "x": 0,
+ "y": 15
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_2",
+ "title": "Error Logs",
+ "version": "7.4.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Logs AWS] S3 Server Access Log Overview",
+ "version": 1
+ },
+ "id": "4746e000-bacd-11e9-9f70-1f7bda85a5eb",
+ "references": [
+ {
+ "id": "99ffdb00-bacb-11e9-9f70-1f7bda85a5eb",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "5c93cd10-bac3-11e9-9f70-1f7bda85a5eb",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb",
+ "name": "panel_2",
+ "type": "search"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/67c9f900-693e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/67c9f900-693e-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..8c0df51ab3f
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/67c9f900-693e-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,175 @@
+{
+ "attributes": {
+ "description": "Overview of AWS VPN Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "Filters"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "8ef52400-6eac-417b-936e-dce159dd5e89",
+ "w": 8,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "8ef52400-6eac-417b-936e-dce159dd5e89",
+ "panelRefName": "panel_0",
+ "title": "Filters",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Tunnel State Per VPN ID"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "eb78041b-afc4-458e-af92-0951b1d0cadd",
+ "w": 20,
+ "x": 8,
+ "y": 0
+ },
+ "panelIndex": "eb78041b-afc4-458e-af92-0951b1d0cadd",
+ "panelRefName": "panel_1",
+ "title": "Tunnel State Per VPN ID",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Tunnel State Per Tunnel IP"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "39a9be08-98c6-470c-b76b-312a57e11e2d",
+ "w": 20,
+ "x": 28,
+ "y": 0
+ },
+ "panelIndex": "39a9be08-98c6-470c-b76b-312a57e11e2d",
+ "panelRefName": "panel_2",
+ "title": "Tunnel State Per Tunnel IP",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Tunnel Data In Per VPN ID"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "5c8122a2-fbf0-4404-918e-249bf6fd7f07",
+ "w": 24,
+ "x": 0,
+ "y": 14
+ },
+ "panelIndex": "5c8122a2-fbf0-4404-918e-249bf6fd7f07",
+ "panelRefName": "panel_3",
+ "title": "Tunnel Data In Per VPN ID",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Tunnel Data In Per Tunnel IP"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "8ecd0f73-146f-4aed-bfd1-5c236c5dfe8c",
+ "w": 24,
+ "x": 24,
+ "y": 14
+ },
+ "panelIndex": "8ecd0f73-146f-4aed-bfd1-5c236c5dfe8c",
+ "panelRefName": "panel_4",
+ "title": "Tunnel Data In Per Tunnel IP",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Tunnel Data Out Per VPN ID"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "eb10ea7d-ffc9-4c51-9386-6f63be6322aa",
+ "w": 24,
+ "x": 0,
+ "y": 29
+ },
+ "panelIndex": "eb10ea7d-ffc9-4c51-9386-6f63be6322aa",
+ "panelRefName": "panel_5",
+ "title": "Tunnel Data Out Per VPN ID",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Tunnel Data Out Per Tunnel IP"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "3b01a7e9-eb8b-43bb-977d-53d8bc9d21b7",
+ "w": 24,
+ "x": 24,
+ "y": 29
+ },
+ "panelIndex": "3b01a7e9-eb8b-43bb-977d-53d8bc9d21b7",
+ "panelRefName": "panel_6",
+ "title": "Tunnel Data Out Per Tunnel IP",
+ "version": "7.6.1"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] VPN Overview",
+ "version": 1
+ },
+ "id": "67c9f900-693e-11ea-b0ac-95d4ecb1fecd",
+ "references": [
+ {
+ "id": "fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "142ad600-693b-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "2ee7f420-6943-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "26b73e50-6943-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "f58f99b0-693a-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_6",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c.json
new file mode 100644
index 00000000000..a781ef74f7e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c.json
@@ -0,0 +1,238 @@
+{
+ "attributes": {
+ "description": "Overview of DynamoDB AWS Cloudwatch metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "Region/Account Filters"
+ },
+ "gridData": {
+ "h": 9,
+ "i": "9642fcd0-464b-46ea-815c-cd2d9efc056d",
+ "w": 10,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "9642fcd0-464b-46ea-815c-cd2d9efc056d",
+ "panelRefName": "panel_0",
+ "title": "Region/Account Filters",
+ "version": "7.6.2"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Consumed Read Capacity Units"
+ },
+ "gridData": {
+ "h": 9,
+ "i": "bb4b0cfa-7d6f-48e3-913e-2713c5aa3fe0",
+ "w": 14,
+ "x": 10,
+ "y": 0
+ },
+ "panelIndex": "bb4b0cfa-7d6f-48e3-913e-2713c5aa3fe0",
+ "panelRefName": "panel_1",
+ "title": "Consumed Read Capacity Units",
+ "version": "7.6.2"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Consumed Write Capacity Units"
+ },
+ "gridData": {
+ "h": 9,
+ "i": "09bdf20b-43b4-47a3-a113-d34ef3b2596c",
+ "w": 14,
+ "x": 24,
+ "y": 0
+ },
+ "panelIndex": "09bdf20b-43b4-47a3-a113-d34ef3b2596c",
+ "panelRefName": "panel_2",
+ "title": "Consumed Write Capacity Units",
+ "version": "7.6.2"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Max Read/Write Account Limits"
+ },
+ "gridData": {
+ "h": 9,
+ "i": "1bd7141d-b410-4ca0-8550-f8f645d97983",
+ "w": 10,
+ "x": 38,
+ "y": 0
+ },
+ "panelIndex": "1bd7141d-b410-4ca0-8550-f8f645d97983",
+ "panelRefName": "panel_3",
+ "title": "Max Read/Write Account Limits",
+ "version": "7.6.2"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Successful Request Latency"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "073302ad-0e44-4cd1-b16d-58f017a71816",
+ "w": 17,
+ "x": 0,
+ "y": 9
+ },
+ "panelIndex": "073302ad-0e44-4cd1-b16d-58f017a71816",
+ "panelRefName": "panel_4",
+ "title": "Successful Request Latency",
+ "version": "7.6.2"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Read Throttle Events"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "ddcbc858-d2a0-42c3-8074-74f7d08ecb60",
+ "w": 16,
+ "x": 17,
+ "y": 9
+ },
+ "panelIndex": "ddcbc858-d2a0-42c3-8074-74f7d08ecb60",
+ "panelRefName": "panel_5",
+ "title": "Read Throttle Events",
+ "version": "7.6.2"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Throttle Requests"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "95ffd42d-b28d-4f40-b3cb-6a6ac52943e1",
+ "w": 15,
+ "x": 33,
+ "y": 9
+ },
+ "panelIndex": "95ffd42d-b28d-4f40-b3cb-6a6ac52943e1",
+ "panelRefName": "panel_6",
+ "title": "Throttle Requests",
+ "version": "7.6.2"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Max Request Latency Per Operation"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "0a588a08-997a-422f-a5db-e56728bc6702",
+ "w": 17,
+ "x": 0,
+ "y": 19
+ },
+ "panelIndex": "0a588a08-997a-422f-a5db-e56728bc6702",
+ "panelRefName": "panel_7",
+ "title": "Max Request Latency Per Operation",
+ "version": "7.6.2"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Write Throttle Events"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "897ae224-d367-4fe0-aa23-5bb13165cc67",
+ "w": 16,
+ "x": 17,
+ "y": 19
+ },
+ "panelIndex": "897ae224-d367-4fe0-aa23-5bb13165cc67",
+ "panelRefName": "panel_8",
+ "title": "Write Throttle Events",
+ "version": "7.6.2"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Account Provisioned Write Capacity Utilization"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "e81e9817-c971-454b-881a-09cec10da0e9",
+ "w": 15,
+ "x": 33,
+ "y": 19
+ },
+ "panelIndex": "e81e9817-c971-454b-881a-09cec10da0e9",
+ "panelRefName": "panel_9",
+ "title": "Account Provisioned Write Capacity Utilization",
+ "version": "7.6.2"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] DynamoDB Overview",
+ "version": 1
+ },
+ "id": "68ba7bd0-20b6-11ea-8f72-2f8d21e50b0c",
+ "references": [
+ {
+ "id": "bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "9d284bc0-7b08-11ea-9bb4-e958b64b5685",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "49379b70-7b07-11ea-9bb4-e958b64b5685",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "7d1e0870-7a3f-11ea-bfa4-dfea8c457654",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "8cf5fbe0-7b07-11ea-9bb4-e958b64b5685",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "7b93bab0-7b0a-11ea-9bb4-e958b64b5685",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "9f0425c0-7b0a-11ea-9bb4-e958b64b5685",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "3dee68c0-7b0c-11ea-9bb4-e958b64b5685",
+ "name": "panel_7",
+ "type": "visualization"
+ },
+ {
+ "id": "b403f7b0-7b15-11ea-9bb4-e958b64b5685",
+ "name": "panel_8",
+ "type": "visualization"
+ },
+ {
+ "id": "31ad4090-2003-11ea-8f72-2f8d21e50b0c",
+ "name": "panel_9",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/7ac8e1d0-28d2-11ea-ba6c-49a884eb104f.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/7ac8e1d0-28d2-11ea-ba6c-49a884eb104f.json
new file mode 100644
index 00000000000..855a4cfbb85
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/7ac8e1d0-28d2-11ea-ba6c-49a884eb104f.json
@@ -0,0 +1,154 @@
+{
+ "attributes": {
+ "description": "Overview of AWS Lambda Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "AWS Account Filter"
+ },
+ "gridData": {
+ "h": 5,
+ "i": "8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a",
+ "w": 14,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "8f2d1b8f-fef3-4a9a-9cc8-7f0e2c65e35a",
+ "panelRefName": "panel_0",
+ "title": "AWS Account Filter",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Top Errors"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "443a9699-3451-44f7-8415-99a16c3f45b3",
+ "w": 34,
+ "x": 14,
+ "y": 0
+ },
+ "panelIndex": "443a9699-3451-44f7-8415-99a16c3f45b3",
+ "panelRefName": "panel_1",
+ "title": "Top Errors",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "AWS Region Filter"
+ },
+ "gridData": {
+ "h": 5,
+ "i": "60a16bf0-2979-467a-b30e-05ea29547b41",
+ "w": 14,
+ "x": 0,
+ "y": 5
+ },
+ "panelIndex": "60a16bf0-2979-467a-b30e-05ea29547b41",
+ "panelRefName": "panel_2",
+ "title": "AWS Region Filter",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Lambda Function Duration in Milliseconds"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "349ef0d1-fea1-4b91-b95d-7a668914e10b",
+ "w": 48,
+ "x": 0,
+ "y": 10
+ },
+ "panelIndex": "349ef0d1-fea1-4b91-b95d-7a668914e10b",
+ "panelRefName": "panel_3",
+ "title": "Lambda Function Duration in Milliseconds",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Top Invoked Lambda Functions"
+ },
+ "gridData": {
+ "h": 9,
+ "i": "048b1577-5aed-48e5-8f90-147aa3d56c1a",
+ "w": 24,
+ "x": 0,
+ "y": 24
+ },
+ "panelIndex": "048b1577-5aed-48e5-8f90-147aa3d56c1a",
+ "panelRefName": "panel_4",
+ "title": "Top Invoked Lambda Functions",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Top Throttled Lambda Functions"
+ },
+ "gridData": {
+ "h": 9,
+ "i": "4c8e471c-45da-47be-a866-c5bfc6d28a05",
+ "w": 24,
+ "x": 24,
+ "y": 24
+ },
+ "panelIndex": "4c8e471c-45da-47be-a866-c5bfc6d28a05",
+ "panelRefName": "panel_5",
+ "title": "Top Throttled Lambda Functions",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] Lambda Overview",
+ "version": 1
+ },
+ "id": "7ac8e1d0-28d2-11ea-ba6c-49a884eb104f",
+ "references": [
+ {
+ "id": "deab0260-2981-11e9-86eb-a3a07a77f530",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "4bf0a740-28d1-11ea-ba6c-49a884eb104f",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "b5308940-7347-11e9-816b-07687310a99a",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "39dfc8d0-28cf-11ea-ba6c-49a884eb104f",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "1f3f00c0-28d1-11ea-ba6c-49a884eb104f",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "915bcd50-28d1-11ea-ba6c-49a884eb104f",
+ "name": "panel_5",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/917a07b0-178e-11ea-8650-fb606deb5be4.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/917a07b0-178e-11ea-8650-fb606deb5be4.json
new file mode 100644
index 00000000000..5be9490c01e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/917a07b0-178e-11ea-8650-fb606deb5be4.json
@@ -0,0 +1,175 @@
+{
+ "attributes": {
+ "description": "Overview of AWS Usage Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "AWS Region Filter"
+ },
+ "gridData": {
+ "h": 5,
+ "i": "2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36",
+ "w": 9,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "2ea7bd59-d748-4e4a-889d-f7e2ca1cfe36",
+ "panelRefName": "panel_0",
+ "title": "Region Filter",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Usage Resource Count"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "00c2b1f6-3367-4b6f-ac01-7e48b76c262a",
+ "w": 20,
+ "x": 9,
+ "y": 0
+ },
+ "panelIndex": "00c2b1f6-3367-4b6f-ac01-7e48b76c262a",
+ "panelRefName": "panel_1",
+ "title": "Usage Resource Count",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Usage API Call Count"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "fecfe5d4-ef1c-4f38-954a-a2506d72bc5b",
+ "w": 18,
+ "x": 30,
+ "y": 0
+ },
+ "panelIndex": "fecfe5d4-ef1c-4f38-954a-a2506d72bc5b",
+ "panelRefName": "panel_2",
+ "title": "Usage API Call Count",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "AWS Account Filter"
+ },
+ "gridData": {
+ "h": 5,
+ "i": "69ce7461-36ad-4e7c-b541-c6a1601bf089",
+ "w": 9,
+ "x": 0,
+ "y": 5
+ },
+ "panelIndex": "69ce7461-36ad-4e7c-b541-c6a1601bf089",
+ "panelRefName": "panel_3",
+ "title": "AWS Account Filter",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "AWS Service Filter"
+ },
+ "gridData": {
+ "h": 5,
+ "i": "62e86407-6ae3-47d3-9136-dd61bdf3267a",
+ "w": 9,
+ "x": 0,
+ "y": 10
+ },
+ "panelIndex": "62e86407-6ae3-47d3-9136-dd61bdf3267a",
+ "panelRefName": "panel_4",
+ "title": "AWS Service Filter",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Usage Resource Count Per Service"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "196a044c-5c20-4417-8aa0-f60fc502e46c",
+ "w": 48,
+ "x": 0,
+ "y": 15
+ },
+ "panelIndex": "196a044c-5c20-4417-8aa0-f60fc502e46c",
+ "panelRefName": "panel_5",
+ "title": "Usage Resource Count Per Service",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Usage API Call Count Per Service"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "022941b7-01a1-4570-86e9-d03451d4e102",
+ "w": 48,
+ "x": 0,
+ "y": 25
+ },
+ "panelIndex": "022941b7-01a1-4570-86e9-d03451d4e102",
+ "panelRefName": "panel_6",
+ "title": "Usage API Call Count Per Service",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] Usage Overview",
+ "version": 1
+ },
+ "id": "917a07b0-178e-11ea-8650-fb606deb5be4",
+ "references": [
+ {
+ "id": "b5308940-7347-11e9-816b-07687310a99a",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "9202d1a0-178c-11ea-8650-fb606deb5be4",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "681aab60-178c-11ea-8650-fb606deb5be4",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "deab0260-2981-11e9-86eb-a3a07a77f530",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "2929edb0-178e-11ea-8650-fb606deb5be4",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "59e2e110-178d-11ea-8650-fb606deb5be4",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "75ebfda0-1789-11ea-8650-fb606deb5be4",
+ "name": "panel_6",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/9c09cd20-7399-11ea-a345-f985c61fe654.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/9c09cd20-7399-11ea-a345-f985c61fe654.json
new file mode 100644
index 00000000000..8327e1c36b4
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/9c09cd20-7399-11ea-a345-f985c61fe654.json
@@ -0,0 +1,191 @@
+{
+ "attributes": {
+ "description": "Summary of events from AWS CloudTrail.",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "hiddenLayers": [],
+ "isLayerTOCOpen": false,
+ "mapCenter": {
+ "lat": 17.90562,
+ "lon": -12.20429,
+ "zoom": 0.97
+ },
+ "openTOCDetails": []
+ },
+ "gridData": {
+ "h": 15,
+ "i": "85d26d9a-2a71-4b98-a026-5f513094d6e5",
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "85d26d9a-2a71-4b98-a026-5f513094d6e5",
+ "panelRefName": "panel_0",
+ "version": "8.0.0-SNAPSHOT"
+ },
+ {
+ "embeddableConfig": {
+ "colors": {
+ "failure": "#E24D42"
+ },
+ "vis": {
+ "colors": {
+ "failure": "#E24D42",
+ "success": "#629E51"
+ }
+ }
+ },
+ "gridData": {
+ "h": 15,
+ "i": "6b3eff90-3071-451e-a827-ca569e0ac10b",
+ "w": 24,
+ "x": 24,
+ "y": 0
+ },
+ "panelIndex": "6b3eff90-3071-451e-a827-ca569e0ac10b",
+ "panelRefName": "panel_1",
+ "version": "8.0.0-SNAPSHOT"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 13,
+ "i": "952e456a-e9ae-4606-b838-e16019375336",
+ "w": 12,
+ "x": 0,
+ "y": 15
+ },
+ "panelIndex": "952e456a-e9ae-4606-b838-e16019375336",
+ "panelRefName": "panel_2",
+ "version": "8.0.0-SNAPSHOT"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 13,
+ "i": "802ad09d-5883-4e41-99ac-6c356144d24d",
+ "w": 12,
+ "x": 12,
+ "y": 15
+ },
+ "panelIndex": "802ad09d-5883-4e41-99ac-6c356144d24d",
+ "panelRefName": "panel_3",
+ "version": "8.0.0-SNAPSHOT"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 13,
+ "i": "3e617d87-3acf-4203-b03b-c907c9145fce",
+ "w": 12,
+ "x": 24,
+ "y": 15
+ },
+ "panelIndex": "3e617d87-3acf-4203-b03b-c907c9145fce",
+ "panelRefName": "panel_4",
+ "version": "8.0.0-SNAPSHOT"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 13,
+ "i": "d6f03440-c717-4f5e-928c-72ae9d450318",
+ "w": 12,
+ "x": 36,
+ "y": 15
+ },
+ "panelIndex": "d6f03440-c717-4f5e-928c-72ae9d450318",
+ "panelRefName": "panel_5",
+ "version": "8.0.0-SNAPSHOT"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 13,
+ "i": "2b82a2c9-3809-447c-8e95-52125acccb42",
+ "w": 30,
+ "x": 0,
+ "y": 28
+ },
+ "panelIndex": "2b82a2c9-3809-447c-8e95-52125acccb42",
+ "panelRefName": "panel_6",
+ "version": "8.0.0-SNAPSHOT"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 13,
+ "i": "40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50",
+ "w": 18,
+ "x": 30,
+ "y": 28
+ },
+ "panelIndex": "40f0a89b-7ce5-498f-a0f0-5c7edf7f8b50",
+ "panelRefName": "panel_7",
+ "version": "8.0.0-SNAPSHOT"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Logs AWS] CloudTrail",
+ "version": 1
+ },
+ "id": "9c09cd20-7399-11ea-a345-f985c61fe654",
+ "references": [
+ {
+ "id": "dae24080-739a-11ea-a345-f985c61fe654",
+ "name": "panel_0",
+ "type": "map"
+ },
+ {
+ "id": "4c23e4c0-739a-11ea-a345-f985c61fe654",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "396089c0-7399-11ea-a345-f985c61fe654",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "0f056420-739e-11ea-a345-f985c61fe654",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "7bca4f50-739c-11ea-a345-f985c61fe654",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "f8b63860-739e-11ea-a345-f985c61fe654",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "30ccde50-7397-11ea-a345-f985c61fe654",
+ "name": "panel_6",
+ "type": "search"
+ },
+ {
+ "id": "8ec43590-739b-11ea-a345-f985c61fe654",
+ "name": "panel_7",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/a096b830-4762-11e9-8062-c98a86cb6f94.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/a096b830-4762-11e9-8062-c98a86cb6f94.json
new file mode 100644
index 00000000000..74c3f40627d
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/a096b830-4762-11e9-8062-c98a86cb6f94.json
@@ -0,0 +1,181 @@
+{
+ "attributes": {
+ "description": "Overview of AWS S3 Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "S3 Daily Storage Bucket Size in Bytes"
+ },
+ "gridData": {
+ "h": 7,
+ "i": "1",
+ "w": 24,
+ "x": 0,
+ "y": 6
+ },
+ "panelIndex": "1",
+ "panelRefName": "panel_0",
+ "title": "S3 Daily Storage Bucket Size in Bytes",
+ "version": "7.7.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "S3 Daily Storage Number of Objects"
+ },
+ "gridData": {
+ "h": 7,
+ "i": "2",
+ "w": 24,
+ "x": 24,
+ "y": 6
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_1",
+ "title": "S3 Daily Storage Number of Objects",
+ "version": "7.7.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "S3 Request Latency Total Request in ms"
+ },
+ "gridData": {
+ "h": 7,
+ "i": "3",
+ "w": 24,
+ "x": 0,
+ "y": 13
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_2",
+ "title": "S3 Request Latency Total Request in ms",
+ "version": "7.7.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "S3 Total Error 4xx"
+ },
+ "gridData": {
+ "h": 6,
+ "i": "4",
+ "w": 13,
+ "x": 24,
+ "y": 0
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_3",
+ "title": "S3 Total Error 4xx",
+ "version": "7.7.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "S3 Total Error 5xx"
+ },
+ "gridData": {
+ "h": 6,
+ "i": "5",
+ "w": 11,
+ "x": 37,
+ "y": 0
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_4",
+ "title": "S3 Total Error 5xx",
+ "version": "7.7.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "S3 Filters"
+ },
+ "gridData": {
+ "h": 6,
+ "i": "6",
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "6",
+ "panelRefName": "panel_5",
+ "title": "S3 Filters",
+ "version": "7.7.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "S3 Total Requests"
+ },
+ "gridData": {
+ "h": 7,
+ "i": "7",
+ "w": 24,
+ "x": 24,
+ "y": 13
+ },
+ "panelIndex": "7",
+ "panelRefName": "panel_6",
+ "title": "S3 Total Requests",
+ "version": "7.7.0"
+ }
+ ],
+ "refreshInterval": {
+ "pause": true,
+ "value": 0
+ },
+ "timeFrom": "now-1d",
+ "timeRestore": true,
+ "timeTo": "now",
+ "title": "[Metrics AWS] S3 Overview",
+ "version": 1
+ },
+ "id": "a096b830-4762-11e9-8062-c98a86cb6f94",
+ "references": [
+ {
+ "id": "2dbb8f90-4760-11e9-8062-c98a86cb6f94",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "3a3914d0-4761-11e9-8062-c98a86cb6f94",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "2b2d58b0-4762-11e9-8062-c98a86cb6f94",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "81d83c70-4762-11e9-8062-c98a86cb6f94",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "8b34a100-4762-11e9-8062-c98a86cb6f94",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "6e3285d0-4763-11e9-8062-c98a86cb6f94",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "d186fd50-4763-11e9-8062-c98a86cb6f94",
+ "name": "panel_6",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..ea96d228656
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,301 @@
+{
+ "attributes": {
+ "description": "Overview of AWS NAT Gateway Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "Filters"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "346ce7bf-e1af-4e0d-856b-5aa412903167",
+ "w": 7,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "346ce7bf-e1af-4e0d-856b-5aa412903167",
+ "panelRefName": "panel_0",
+ "title": "Filters",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Error Port Allocation"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "19a9f053-a548-4e9d-a257-45932c3b73a5",
+ "w": 8,
+ "x": 7,
+ "y": 0
+ },
+ "panelIndex": "19a9f053-a548-4e9d-a257-45932c3b73a5",
+ "panelRefName": "panel_1",
+ "title": "Error Port Allocation",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Packets Drop"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "a7a70775-f4ad-4323-b13c-9c9a3bf1bdf3",
+ "w": 8,
+ "x": 15,
+ "y": 0
+ },
+ "panelIndex": "a7a70775-f4ad-4323-b13c-9c9a3bf1bdf3",
+ "panelRefName": "panel_2",
+ "title": "Packets Drop",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Total Connection Established"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "b5fe853e-d5b0-4918-93ec-8be70f2881a8",
+ "w": 8,
+ "x": 23,
+ "y": 0
+ },
+ "panelIndex": "b5fe853e-d5b0-4918-93ec-8be70f2881a8",
+ "panelRefName": "panel_3",
+ "title": "Total Connection Established",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Active Connection Count"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "33663eae-1bc3-47d4-a9fc-3cd2b43c66ef",
+ "w": 17,
+ "x": 31,
+ "y": 0
+ },
+ "panelIndex": "33663eae-1bc3-47d4-a9fc-3cd2b43c66ef",
+ "panelRefName": "panel_4",
+ "title": "Active Connection Count",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Bytes In From Destination"
+ },
+ "gridData": {
+ "h": 13,
+ "i": "4e454740-281a-43b1-92f4-8dd2e37e184f",
+ "w": 24,
+ "x": 0,
+ "y": 11
+ },
+ "panelIndex": "4e454740-281a-43b1-92f4-8dd2e37e184f",
+ "panelRefName": "panel_5",
+ "title": "Bytes In From Destination",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Bytes In From Source"
+ },
+ "gridData": {
+ "h": 13,
+ "i": "f40587a4-47f1-494a-b8b9-33365ce34d2f",
+ "w": 24,
+ "x": 24,
+ "y": 11
+ },
+ "panelIndex": "f40587a4-47f1-494a-b8b9-33365ce34d2f",
+ "panelRefName": "panel_6",
+ "title": "Bytes In From Source",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Bytes Out To Destination"
+ },
+ "gridData": {
+ "h": 13,
+ "i": "00075068-bf27-49e1-8beb-d5572500205b",
+ "w": 24,
+ "x": 0,
+ "y": 24
+ },
+ "panelIndex": "00075068-bf27-49e1-8beb-d5572500205b",
+ "panelRefName": "panel_7",
+ "title": "Bytes Out To Destination",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Bytes Out To Source"
+ },
+ "gridData": {
+ "h": 13,
+ "i": "c95ab156-9118-4c3c-94ee-55b4c9f5589c",
+ "w": 24,
+ "x": 24,
+ "y": 24
+ },
+ "panelIndex": "c95ab156-9118-4c3c-94ee-55b4c9f5589c",
+ "panelRefName": "panel_8",
+ "title": "Bytes Out To Source",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Packets In From Destination"
+ },
+ "gridData": {
+ "h": 13,
+ "i": "f7c6e3f7-419d-43ff-a2bb-d5931371f347",
+ "w": 24,
+ "x": 0,
+ "y": 37
+ },
+ "panelIndex": "f7c6e3f7-419d-43ff-a2bb-d5931371f347",
+ "panelRefName": "panel_9",
+ "title": "Packets In From Destination",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Packets In From Source"
+ },
+ "gridData": {
+ "h": 13,
+ "i": "dcc56438-240a-45a4-81ec-a54be3d27c43",
+ "w": 24,
+ "x": 24,
+ "y": 37
+ },
+ "panelIndex": "dcc56438-240a-45a4-81ec-a54be3d27c43",
+ "panelRefName": "panel_10",
+ "title": "Packets In From Source",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Packets Out To Destination"
+ },
+ "gridData": {
+ "h": 13,
+ "i": "db77d690-f343-4dc2-8695-d45a03361e01",
+ "w": 24,
+ "x": 0,
+ "y": 50
+ },
+ "panelIndex": "db77d690-f343-4dc2-8695-d45a03361e01",
+ "panelRefName": "panel_11",
+ "title": "Packets Out To Destination",
+ "version": "7.6.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Packets Out To Source"
+ },
+ "gridData": {
+ "h": 13,
+ "i": "d882a862-87aa-4169-9dc3-0591252fa736",
+ "w": 24,
+ "x": 24,
+ "y": 50
+ },
+ "panelIndex": "d882a862-87aa-4169-9dc3-0591252fa736",
+ "panelRefName": "panel_12",
+ "title": "Packets Out To Source",
+ "version": "7.6.1"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] NATGateway Overview",
+ "version": 1
+ },
+ "id": "c2b1cbc0-6891-11ea-b0ac-95d4ecb1fecd",
+ "references": [
+ {
+ "id": "8345d580-6891-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "ce7445c0-688f-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "68970b10-6890-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "c186b610-688d-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "b36532e0-688e-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "e0e65e60-688e-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_7",
+ "type": "visualization"
+ },
+ {
+ "id": "c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_8",
+ "type": "visualization"
+ },
+ {
+ "id": "bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_9",
+ "type": "visualization"
+ },
+ {
+ "id": "c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_10",
+ "type": "visualization"
+ },
+ {
+ "id": "08645080-6891-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_11",
+ "type": "visualization"
+ },
+ {
+ "id": "fd915180-6890-11ea-b0ac-95d4ecb1fecd",
+ "name": "panel_12",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/c5846400-f7fb-11e8-af03-c999c9dea608-ecs.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/c5846400-f7fb-11e8-af03-c999c9dea608-ecs.json
new file mode 100644
index 00000000000..433040fd721
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/c5846400-f7fb-11e8-af03-c999c9dea608-ecs.json
@@ -0,0 +1,173 @@
+{
+ "attributes": {
+ "description": "Overview of AWS EC2 Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "darkTheme": false,
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 15,
+ "i": "3",
+ "w": 24,
+ "x": 24,
+ "y": 27
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_0",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "5",
+ "w": 12,
+ "x": 36,
+ "y": 0
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_1",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 15,
+ "i": "11",
+ "w": 24,
+ "x": 0,
+ "y": 42
+ },
+ "panelIndex": "11",
+ "panelRefName": "panel_2",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 15,
+ "i": "12",
+ "w": 24,
+ "x": 24,
+ "y": 42
+ },
+ "panelIndex": "12",
+ "panelRefName": "panel_3",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 15,
+ "i": "15",
+ "w": 24,
+ "x": 0,
+ "y": 27
+ },
+ "panelIndex": "15",
+ "panelRefName": "panel_4",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 15,
+ "i": "17",
+ "w": 48,
+ "x": 0,
+ "y": 12
+ },
+ "panelIndex": "17",
+ "panelRefName": "panel_5",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "18",
+ "w": 17,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "18",
+ "panelRefName": "panel_6",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "19",
+ "w": 19,
+ "x": 17,
+ "y": 0
+ },
+ "panelIndex": "19",
+ "panelRefName": "panel_7",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] EC2 Overview",
+ "version": 1
+ },
+ "id": "c5846400-f7fb-11e8-af03-c999c9dea608-ecs",
+ "references": [
+ {
+ "id": "fed59380-f7f8-11e8-af03-c999c9dea608-ecs",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "15818fd0-f7f9-11e8-af03-c999c9dea608-ecs",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "233b3400-f7f9-11e8-af03-c999c9dea608-ecs",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "be8828d0-f7f6-11e8-af03-c999c9dea608-ecs",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "deab0260-2981-11e9-86eb-a3a07a77f530",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "09db13f0-2bdd-11e9-9fe1-cde861544141",
+ "name": "panel_7",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..daed79a7d38
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/d17b1000-17a4-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,284 @@
+{
+ "attributes": {
+ "description": "Overview of AWS SNS Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "stream.dataset",
+ "negate": false,
+ "params": {
+ "query": "aws.sns"
+ },
+ "type": "phrase",
+ "value": "aws.sns"
+ },
+ "query": {
+ "match": {
+ "stream.dataset": {
+ "query": "aws.sns",
+ "type": "phrase"
+ }
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 5,
+ "i": "3b9b0cee-b175-4268-8c5b-4ce869a09caf",
+ "w": 9,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "3b9b0cee-b175-4268-8c5b-4ce869a09caf",
+ "panelRefName": "panel_0",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SNS Messages and Notifications"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "5f0d72c5-0f28-449f-9c93-3b4074f068f7",
+ "w": 39,
+ "x": 9,
+ "y": 0
+ },
+ "panelIndex": "5f0d72c5-0f28-449f-9c93-3b4074f068f7",
+ "panelRefName": "panel_1",
+ "title": "SNS Messages and Notifications",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 5,
+ "i": "5a9d5f2f-b075-4892-8188-c6e808a1163d",
+ "w": 9,
+ "x": 0,
+ "y": 5
+ },
+ "panelIndex": "5a9d5f2f-b075-4892-8188-c6e808a1163d",
+ "panelRefName": "panel_2",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SNS Publish Size"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "c6d5a54d-61a4-470b-8769-c5b6d6ab6c0f",
+ "w": 16,
+ "x": 0,
+ "y": 10
+ },
+ "panelIndex": "c6d5a54d-61a4-470b-8769-c5b6d6ab6c0f",
+ "panelRefName": "panel_3",
+ "title": "SNS Publish Size",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SNS Notifications Filtered Out"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "0684c25d-34e8-425e-9069-dd8364e6325b",
+ "w": 16,
+ "x": 16,
+ "y": 10
+ },
+ "panelIndex": "0684c25d-34e8-425e-9069-dd8364e6325b",
+ "panelRefName": "panel_4",
+ "title": "SNS Notifications Filtered Out",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SNS Notifications Filtered Out Invalid Attributes"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "72e987da-9a49-4dd4-99c4-4acbc49a0e0b",
+ "w": 16,
+ "x": 32,
+ "y": 10
+ },
+ "panelIndex": "72e987da-9a49-4dd4-99c4-4acbc49a0e0b",
+ "panelRefName": "panel_5",
+ "title": "SNS Notifications Filtered Out Invalid Attributes",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SNS Notifications Filtered Out No Message Attributes"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "923bd4cd-d8fe-47b5-afcf-577bf2c5987c",
+ "w": 16,
+ "x": 0,
+ "y": 20
+ },
+ "panelIndex": "923bd4cd-d8fe-47b5-afcf-577bf2c5987c",
+ "panelRefName": "panel_6",
+ "title": "SNS Notifications Filtered Out No Message Attributes",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SNS Notifications Failed to Redrive to DLQ"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "f176153f-4588-42f9-a7bb-3015909d5610",
+ "w": 16,
+ "x": 32,
+ "y": 20
+ },
+ "panelIndex": "f176153f-4588-42f9-a7bb-3015909d5610",
+ "panelRefName": "panel_7",
+ "title": "SNS Notifications Failed to Redrive to DLQ",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SNS SMS Success Rate"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "f3c5915b-6848-4950-afca-53653d13d6af",
+ "w": 16,
+ "x": 0,
+ "y": 30
+ },
+ "panelIndex": "f3c5915b-6848-4950-afca-53653d13d6af",
+ "panelRefName": "panel_8",
+ "title": "SNS SMS Success Rate",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SNS Notifications Redriven To DLQ"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "3b3cc747-b57c-44e0-a18c-77155072bee4",
+ "w": 16,
+ "x": 16,
+ "y": 20
+ },
+ "panelIndex": "3b3cc747-b57c-44e0-a18c-77155072bee4",
+ "panelRefName": "panel_9",
+ "title": "SNS Notifications Redriven To DLQ",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "SNS SMS Month To Date Spent USD"
+ },
+ "gridData": {
+ "h": 10,
+ "i": "ee130150-c1de-465b-8a8e-013f466528bf",
+ "w": 16,
+ "x": 16,
+ "y": 30
+ },
+ "panelIndex": "ee130150-c1de-465b-8a8e-013f466528bf",
+ "panelRefName": "panel_10",
+ "title": "SNS SMS Month To Date Spent USD",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] SNS Overview",
+ "version": 1
+ },
+ "id": "d17b1000-17a4-11ea-8e91-03c7047cbb9d",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "b5308940-7347-11e9-816b-07687310a99a",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "13e624c0-180e-11ea-8e91-03c7047cbb9d",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "59defc90-17a5-11ea-8e91-03c7047cbb9d",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "6f7f7680-180c-11ea-8e91-03c7047cbb9d",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "bf81e030-180e-11ea-8e91-03c7047cbb9d",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "d19a71b0-180e-11ea-8e91-03c7047cbb9d",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "dffa19e0-180e-11ea-8e91-03c7047cbb9d",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "09857a20-180f-11ea-8e91-03c7047cbb9d",
+ "name": "panel_7",
+ "type": "visualization"
+ },
+ {
+ "id": "abdc7480-180b-11ea-8e91-03c7047cbb9d",
+ "name": "panel_8",
+ "type": "visualization"
+ },
+ {
+ "id": "fc0869c0-180e-11ea-8e91-03c7047cbb9d",
+ "name": "panel_9",
+ "type": "visualization"
+ },
+ {
+ "id": "b7f8bf90-180f-11ea-8e91-03c7047cbb9d",
+ "name": "panel_10",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/e6776b10-1534-11ea-841c-01bf20a6c8ba.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/e6776b10-1534-11ea-841c-01bf20a6c8ba.json
new file mode 100644
index 00000000000..8300aa50130
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/e6776b10-1534-11ea-841c-01bf20a6c8ba.json
@@ -0,0 +1,112 @@
+{
+ "attributes": {
+ "description": "Overview of AWS Billing Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "AWS Account Filter"
+ },
+ "gridData": {
+ "h": 5,
+ "i": "89dccfe8-a25e-44ea-afdb-ff01ab1f05d6",
+ "w": 16,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "89dccfe8-a25e-44ea-afdb-ff01ab1f05d6",
+ "panelRefName": "panel_0",
+ "title": "AWS Account Filter",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Estimated Billing Chart"
+ },
+ "gridData": {
+ "h": 16,
+ "i": "26670498-b079-4447-bbc8-e4ca8215898c",
+ "w": 32,
+ "x": 16,
+ "y": 0
+ },
+ "panelIndex": "26670498-b079-4447-bbc8-e4ca8215898c",
+ "panelRefName": "panel_1",
+ "title": "Estimated Billing Chart",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Total Estimated Charges"
+ },
+ "gridData": {
+ "h": 11,
+ "i": "221aab02-2747-4d84-9dde-028ccd51bdce",
+ "w": 16,
+ "x": 0,
+ "y": 5
+ },
+ "panelIndex": "221aab02-2747-4d84-9dde-028ccd51bdce",
+ "panelRefName": "panel_2",
+ "title": "Total Estimated Charges",
+ "version": "7.4.0"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Top 10 Estimated Billing Per Service Name"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "21e91e6b-0ff0-42ba-9132-6f30c5c6bbb7",
+ "w": 48,
+ "x": 0,
+ "y": 16
+ },
+ "panelIndex": "21e91e6b-0ff0-42ba-9132-6f30c5c6bbb7",
+ "panelRefName": "panel_3",
+ "title": "Top 10 Estimated Billing Per Service Name",
+ "version": "7.4.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] Billing Overview",
+ "version": 1
+ },
+ "id": "e6776b10-1534-11ea-841c-01bf20a6c8ba",
+ "references": [
+ {
+ "id": "deab0260-2981-11e9-86eb-a3a07a77f530",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "749cd470-1530-11ea-841c-01bf20a6c8ba",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "83f08eb0-1532-11ea-841c-01bf20a6c8ba",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "31a4ea90-152b-11ea-841c-01bf20a6c8ba",
+ "name": "panel_3",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/e74bf320-b3ce-11e9-87a4-078dbbae220d.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/e74bf320-b3ce-11e9-87a4-078dbbae220d.json
new file mode 100644
index 00000000000..8b2dca12ac0
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/e74bf320-b3ce-11e9-87a4-078dbbae220d.json
@@ -0,0 +1,198 @@
+{
+ "attributes": {
+ "description": "Overview of AWS ELB Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 9,
+ "i": "2",
+ "w": 25,
+ "x": 23,
+ "y": 32
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_0",
+ "title": "HTTP 5XX Errors",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 11,
+ "i": "3",
+ "w": 37,
+ "x": 11,
+ "y": 0
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_1",
+ "title": "Request Count",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 8,
+ "i": "4",
+ "w": 11,
+ "x": 0,
+ "y": 15
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_2",
+ "title": "Unhealthy Host Count",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 8,
+ "i": "5",
+ "w": 11,
+ "x": 0,
+ "y": 7
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_3",
+ "title": "Healthy Host Count",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "6",
+ "w": 37,
+ "x": 11,
+ "y": 11
+ },
+ "panelIndex": "6",
+ "panelRefName": "panel_4",
+ "title": "Latency in Seconds",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 9,
+ "i": "7",
+ "w": 23,
+ "x": 0,
+ "y": 32
+ },
+ "panelIndex": "7",
+ "panelRefName": "panel_5",
+ "title": "HTTP Backend 4XX Errors",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 9,
+ "i": "8",
+ "w": 23,
+ "x": 0,
+ "y": 23
+ },
+ "panelIndex": "8",
+ "panelRefName": "panel_6",
+ "title": "Backend Connection Errors",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "9",
+ "w": 11,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "9",
+ "panelRefName": "panel_7",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 9,
+ "i": "10",
+ "w": 25,
+ "x": 23,
+ "y": 23
+ },
+ "panelIndex": "10",
+ "panelRefName": "panel_8",
+ "title": "HTTP Backend 2XX",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] ELB Overview",
+ "version": 1
+ },
+ "id": "e74bf320-b3ce-11e9-87a4-078dbbae220d",
+ "references": [
+ {
+ "id": "b9703dd0-b3c9-11e9-87a4-078dbbae220d",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "d560de70-b3c7-11e9-87a4-078dbbae220d",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "6fc1efd0-b3c9-11e9-87a4-078dbbae220d",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "6392bc30-b3c9-11e9-87a4-078dbbae220d",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "b2ea15a0-b3c7-11e9-87a4-078dbbae220d",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "21f30090-b3ca-11e9-87a4-078dbbae220d",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "572d40e0-b3ca-11e9-87a4-078dbbae220d",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "b5308940-7347-11e9-816b-07687310a99a",
+ "name": "panel_7",
+ "type": "visualization"
+ },
+ {
+ "id": "1f528f50-b3ce-11e9-87a4-078dbbae220d",
+ "name": "panel_8",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/dashboard/fac28650-7349-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/fac28650-7349-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..29673a6843d
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/dashboard/fac28650-7349-11e9-816b-07687310a99a.json
@@ -0,0 +1,298 @@
+{
+ "attributes": {
+ "description": "Overview of AWS Metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "2",
+ "w": 9,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_0",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "3",
+ "w": 10,
+ "x": 9,
+ "y": 0
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_1",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "4",
+ "w": 29,
+ "x": 19,
+ "y": 0
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_2",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "6",
+ "w": 9,
+ "x": 0,
+ "y": 7
+ },
+ "panelIndex": "6",
+ "panelRefName": "panel_3",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "7",
+ "w": 9,
+ "x": 9,
+ "y": 7
+ },
+ "panelIndex": "7",
+ "panelRefName": "panel_4",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "9",
+ "w": 15,
+ "x": 18,
+ "y": 7
+ },
+ "panelIndex": "9",
+ "panelRefName": "panel_5",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "10",
+ "w": 15,
+ "x": 33,
+ "y": 7
+ },
+ "panelIndex": "10",
+ "panelRefName": "panel_6",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "12",
+ "w": 13,
+ "x": 0,
+ "y": 14
+ },
+ "panelIndex": "12",
+ "panelRefName": "panel_7",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "14",
+ "w": 20,
+ "x": 13,
+ "y": 14
+ },
+ "panelIndex": "14",
+ "panelRefName": "panel_8",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "15",
+ "w": 15,
+ "x": 33,
+ "y": 14
+ },
+ "panelIndex": "15",
+ "panelRefName": "panel_9",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "17",
+ "w": 16,
+ "x": 15,
+ "y": 21
+ },
+ "panelIndex": "17",
+ "panelRefName": "panel_10",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "18",
+ "w": 15,
+ "x": 0,
+ "y": 21
+ },
+ "panelIndex": "18",
+ "panelRefName": "panel_11",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 7,
+ "i": "19",
+ "w": 17,
+ "x": 31,
+ "y": 21
+ },
+ "panelIndex": "19",
+ "panelRefName": "panel_12",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 9,
+ "i": "24",
+ "w": 24,
+ "x": 0,
+ "y": 28
+ },
+ "panelIndex": "24",
+ "panelRefName": "panel_13",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 9,
+ "i": "25",
+ "w": 24,
+ "x": 24,
+ "y": 28
+ },
+ "panelIndex": "25",
+ "panelRefName": "panel_14",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics AWS] Overview",
+ "version": 1
+ },
+ "id": "fac28650-7349-11e9-816b-07687310a99a",
+ "references": [
+ {
+ "id": "b5308940-7347-11e9-816b-07687310a99a",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "09db13f0-2bdd-11e9-9fe1-cde861544141",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "be8828d0-f7f6-11e8-af03-c999c9dea608-ecs",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "81d83c70-4762-11e9-8062-c98a86cb6f94",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "58e17c10-7349-11e9-816b-07687310a99a",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "4658f540-734a-11e9-816b-07687310a99a",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "95b322f0-734a-11e9-816b-07687310a99a",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "b2191dd0-734c-11e9-816b-07687310a99a",
+ "name": "panel_7",
+ "type": "visualization"
+ },
+ {
+ "id": "42016bf0-728f-11e9-9a7b-4d62d5bcf4fc",
+ "name": "panel_8",
+ "type": "visualization"
+ },
+ {
+ "id": "9121ac90-734d-11e9-816b-07687310a99a",
+ "name": "panel_9",
+ "type": "visualization"
+ },
+ {
+ "id": "128fd450-734e-11e9-816b-07687310a99a",
+ "name": "panel_10",
+ "type": "visualization"
+ },
+ {
+ "id": "54e88a40-734e-11e9-816b-07687310a99a",
+ "name": "panel_11",
+ "type": "visualization"
+ },
+ {
+ "id": "398d12d0-7352-11e9-816b-07687310a99a",
+ "name": "panel_12",
+ "type": "visualization"
+ },
+ {
+ "id": "4bf62a10-8310-11e9-ac83-47df3568ff90",
+ "name": "panel_13",
+ "type": "visualization"
+ },
+ {
+ "id": "d2f46190-830f-11e9-ac83-47df3568ff90",
+ "name": "panel_14",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..547c4bdc1f4
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,191 @@
+{
+ "attributes": {
+ "bounds": {
+ "coordinates": [
+ [
+ [
+ -14.38966,
+ 60.11526
+ ],
+ [
+ -14.38966,
+ 39.61205
+ ],
+ [
+ 41.72167,
+ 39.61205
+ ],
+ [
+ 41.72167,
+ 60.11526
+ ],
+ [
+ -14.38966,
+ 60.11526
+ ]
+ ]
+ ],
+ "type": "Polygon"
+ },
+ "description": "",
+ "layerListJSON": [
+ {
+ "alpha": 1,
+ "id": "19047c4c-18d7-4aec-b0ce-98de2828244d",
+ "label": "Hits",
+ "maxZoom": 24,
+ "minZoom": 0,
+ "sourceDescriptor": {
+ "isAutoSelect": true,
+ "type": "EMS_TMS"
+ },
+ "style": {},
+ "type": "VECTOR_TILE",
+ "visible": true
+ },
+ {
+ "alpha": 0.75,
+ "id": "1d457cd4-01be-4f96-95fd-af4ac535ebea",
+ "label": null,
+ "maxZoom": 24,
+ "minZoom": 0,
+ "sourceDescriptor": {
+ "applyGlobalQuery": true,
+ "geoField": "source.geo.location",
+ "id": "1e82f50f-424a-4718-905b-ad45db14db62",
+ "indexPatternRefName": "layer_1_source_index_pattern",
+ "requestType": "point",
+ "resolution": "COARSE",
+ "type": "ES_GEO_GRID"
+ },
+ "style": {
+ "properties": {
+ "fillColor": {
+ "options": {
+ "color": "Blues",
+ "field": {
+ "label": "count",
+ "name": "doc_count",
+ "origin": "source"
+ },
+ "fieldMetaOptions": {
+ "isEnabled": false,
+ "sigma": 3
+ }
+ },
+ "type": "DYNAMIC"
+ },
+ "icon": {
+ "options": {
+ "value": "airfield"
+ },
+ "type": "STATIC"
+ },
+ "iconOrientation": {
+ "options": {
+ "orientation": 0
+ },
+ "type": "STATIC"
+ },
+ "iconSize": {
+ "options": {
+ "field": {
+ "label": "count",
+ "name": "doc_count",
+ "origin": "source"
+ },
+ "fieldMetaOptions": {
+ "isEnabled": false,
+ "sigma": 3
+ },
+ "maxSize": 32,
+ "minSize": 4
+ },
+ "type": "DYNAMIC"
+ },
+ "lineColor": {
+ "options": {
+ "color": "#167a6d"
+ },
+ "type": "STATIC"
+ },
+ "lineWidth": {
+ "options": {
+ "size": 1
+ },
+ "type": "STATIC"
+ },
+ "symbolizeAs": {
+ "options": {
+ "value": "circle"
+ }
+ }
+ },
+ "type": "VECTOR"
+ },
+ "type": "VECTOR",
+ "visible": true
+ }
+ ],
+ "mapStateJSON": {
+ "center": {
+ "lat": 50.97903,
+ "lon": 13.666
+ },
+ "filters": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "index": "logs-*",
+ "key": "fileset.name",
+ "negate": false,
+ "params": {
+ "query": "elb"
+ },
+ "type": "phrase",
+ "value": "elb"
+ },
+ "query": {
+ "match": {
+ "fileset.name": {
+ "query": "elb",
+ "type": "phrase"
+ }
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "refreshConfig": {
+ "interval": 0,
+ "isPaused": false
+ },
+ "timeFilters": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "zoom": 3.9
+ },
+ "title": "ELB Requests Geolocation [Logs AWS] ECS",
+ "uiStateJSON": {
+ "isLayerTOCOpen": true,
+ "openTOCDetails": []
+ }
+ },
+ "id": "0edf0640-3e7e-11ea-bb0a-69c3ca1d410f",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "layer_1_source_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "map"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json b/dev/packages/alpha/aws/0.0.3/kibana/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json
new file mode 100644
index 00000000000..c8aee07faa0
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json
@@ -0,0 +1,231 @@
+{
+ "attributes": {
+ "bounds": {
+ "coordinates": [
+ [
+ [
+ -180,
+ 85.05113
+ ],
+ [
+ -180,
+ -85.05113
+ ],
+ [
+ 180,
+ -85.05113
+ ],
+ [
+ 180,
+ 85.05113
+ ],
+ [
+ -180,
+ 85.05113
+ ]
+ ]
+ ],
+ "type": "Polygon"
+ },
+ "description": "",
+ "layerListJSON": [
+ {
+ "alpha": 1,
+ "id": "842c201e-96d7-413d-8688-de5ee4f8a1e0",
+ "label": null,
+ "maxZoom": 24,
+ "minZoom": 0,
+ "sourceDescriptor": {
+ "isAutoSelect": true,
+ "type": "EMS_TMS"
+ },
+ "style": {},
+ "type": "VECTOR_TILE",
+ "visible": true
+ },
+ {
+ "alpha": 0.75,
+ "id": "401944dd-a371-4698-be17-bc4542e9a5d4",
+ "label": "vpc flow action accept",
+ "maxZoom": 24,
+ "minZoom": 0,
+ "query": {
+ "language": "kuery",
+ "query": "aws.vpcflow.action : \"ACCEPT\" "
+ },
+ "sourceDescriptor": {
+ "applyGlobalQuery": true,
+ "filterByMapBounds": true,
+ "geoField": "destination.geo.location",
+ "id": "97903038-e08d-4451-bbd2-eb92c894bdf5",
+ "indexPatternRefName": "layer_1_source_index_pattern",
+ "scalingType": "LIMIT",
+ "sortField": "@timestamp",
+ "sortOrder": "desc",
+ "tooltipProperties": [],
+ "topHitsSize": 1,
+ "type": "ES_SEARCH"
+ },
+ "style": {
+ "properties": {
+ "fillColor": {
+ "options": {
+ "color": "#1EA593"
+ },
+ "type": "STATIC"
+ },
+ "icon": {
+ "options": {
+ "value": "airfield"
+ },
+ "type": "STATIC"
+ },
+ "iconOrientation": {
+ "options": {
+ "orientation": 0
+ },
+ "type": "STATIC"
+ },
+ "iconSize": {
+ "options": {
+ "size": 5
+ },
+ "type": "STATIC"
+ },
+ "lineColor": {
+ "options": {
+ "color": "#167a6d"
+ },
+ "type": "STATIC"
+ },
+ "lineWidth": {
+ "options": {
+ "size": 1
+ },
+ "type": "STATIC"
+ },
+ "symbolizeAs": {
+ "options": {
+ "value": "circle"
+ }
+ }
+ },
+ "type": "VECTOR"
+ },
+ "type": "VECTOR",
+ "visible": true
+ },
+ {
+ "alpha": 0.75,
+ "id": "b1d44a5c-3a04-4c80-8080-57585b02fd48",
+ "label": "vpc flow action reject",
+ "maxZoom": 24,
+ "minZoom": 0,
+ "query": {
+ "language": "kuery",
+ "query": "aws.vpcflow.action : \"REJECT\" "
+ },
+ "sourceDescriptor": {
+ "applyGlobalQuery": true,
+ "filterByMapBounds": true,
+ "geoField": "source.geo.location",
+ "id": "9c0e7cce-4f21-4bcd-bb50-ae36c0fffffb",
+ "indexPatternRefName": "layer_2_source_index_pattern",
+ "scalingType": "LIMIT",
+ "sortField": "@timestamp",
+ "sortOrder": "desc",
+ "tooltipProperties": [],
+ "topHitsSize": 1,
+ "type": "ES_SEARCH"
+ },
+ "style": {
+ "properties": {
+ "fillColor": {
+ "options": {
+ "color": "#f00f0b"
+ },
+ "type": "STATIC"
+ },
+ "icon": {
+ "options": {
+ "value": "airfield"
+ },
+ "type": "STATIC"
+ },
+ "iconOrientation": {
+ "options": {
+ "orientation": 0
+ },
+ "type": "STATIC"
+ },
+ "iconSize": {
+ "options": {
+ "size": 5
+ },
+ "type": "STATIC"
+ },
+ "lineColor": {
+ "options": {
+ "color": "#7a1a18"
+ },
+ "type": "STATIC"
+ },
+ "lineWidth": {
+ "options": {
+ "size": 1
+ },
+ "type": "STATIC"
+ },
+ "symbolizeAs": {
+ "options": {
+ "value": "circle"
+ }
+ }
+ },
+ "type": "VECTOR"
+ },
+ "type": "VECTOR",
+ "visible": true
+ }
+ ],
+ "mapStateJSON": {
+ "center": {
+ "lat": 0,
+ "lon": -108.92402
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "refreshConfig": {
+ "interval": 0,
+ "isPaused": false
+ },
+ "timeFilters": {
+ "from": "now-15d",
+ "to": "now"
+ },
+ "zoom": 0.47
+ },
+ "title": "VPC Flow Action Geo Location[Logs AWS]",
+ "uiStateJSON": {
+ "isLayerTOCOpen": false,
+ "openTOCDetails": []
+ }
+ },
+ "id": "513a3d70-4482-11ea-ad63-791a5dc86f10",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "layer_1_source_index_pattern",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "layer_2_source_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "map"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json b/dev/packages/alpha/aws/0.0.3/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json
new file mode 100644
index 00000000000..9e6eb6ed271
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/map/dae24080-739a-11ea-a345-f985c61fe654.json
@@ -0,0 +1,185 @@
+{
+ "attributes": {
+ "bounds": {
+ "coordinates": [
+ [
+ [
+ -180,
+ 74.14342
+ ],
+ [
+ -180,
+ -58.35006
+ ],
+ [
+ 180,
+ -58.35006
+ ],
+ [
+ 180,
+ 74.14342
+ ],
+ [
+ -180,
+ 74.14342
+ ]
+ ]
+ ],
+ "type": "Polygon"
+ },
+ "description": "",
+ "layerListJSON": [
+ {
+ "alpha": 1,
+ "id": "2c7b49fb-3fb5-4e18-b27f-fabe930971f3",
+ "label": null,
+ "maxZoom": 24,
+ "minZoom": 0,
+ "sourceDescriptor": {
+ "isAutoSelect": true,
+ "type": "EMS_TMS"
+ },
+ "style": {},
+ "type": "VECTOR_TILE",
+ "visible": true
+ },
+ {
+ "alpha": 0.75,
+ "id": "a10fa758-30ad-4e2a-bf9d-472e133a7f17",
+ "joins": [],
+ "label": "CloudTrail Soure Location",
+ "maxZoom": 24,
+ "minZoom": 0,
+ "query": {
+ "language": "kuery",
+ "query": "stream.dataset:aws.cloudtrail"
+ },
+ "sourceDescriptor": {
+ "applyGlobalQuery": true,
+ "filterByMapBounds": true,
+ "geoField": "source.geo.location",
+ "id": "7bfe2df9-9398-4f1a-8cf7-b57aa5f3f31e",
+ "indexPatternRefName": "layer_1_source_index_pattern",
+ "scalingType": "LIMIT",
+ "sortField": "",
+ "sortOrder": "desc",
+ "tooltipProperties": [],
+ "topHitsSize": 1,
+ "type": "ES_SEARCH"
+ },
+ "style": {
+ "isTimeAware": true,
+ "properties": {
+ "fillColor": {
+ "options": {
+ "color": "#54B399"
+ },
+ "type": "STATIC"
+ },
+ "icon": {
+ "options": {
+ "value": "marker"
+ },
+ "type": "STATIC"
+ },
+ "iconOrientation": {
+ "options": {
+ "orientation": 0
+ },
+ "type": "STATIC"
+ },
+ "iconSize": {
+ "options": {
+ "size": 6
+ },
+ "type": "STATIC"
+ },
+ "labelBorderColor": {
+ "options": {
+ "color": "#FFFFFF"
+ },
+ "type": "STATIC"
+ },
+ "labelBorderSize": {
+ "options": {
+ "size": "SMALL"
+ }
+ },
+ "labelColor": {
+ "options": {
+ "color": "#000000"
+ },
+ "type": "STATIC"
+ },
+ "labelSize": {
+ "options": {
+ "size": 14
+ },
+ "type": "STATIC"
+ },
+ "labelText": {
+ "options": {
+ "value": ""
+ },
+ "type": "STATIC"
+ },
+ "lineColor": {
+ "options": {
+ "color": "#41937c"
+ },
+ "type": "STATIC"
+ },
+ "lineWidth": {
+ "options": {
+ "size": 1
+ },
+ "type": "STATIC"
+ },
+ "symbolizeAs": {
+ "options": {
+ "value": "circle"
+ }
+ }
+ },
+ "type": "VECTOR"
+ },
+ "type": "VECTOR",
+ "visible": true
+ }
+ ],
+ "mapStateJSON": {
+ "center": {
+ "lat": 19.94277,
+ "lon": 0
+ },
+ "filters": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "refreshConfig": {
+ "interval": 0,
+ "isPaused": false
+ },
+ "timeFilters": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "zoom": 1.97
+ },
+ "title": "CloudTrail Source Location [Logs AWS]",
+ "uiStateJSON": {
+ "isLayerTOCOpen": true,
+ "openTOCDetails": []
+ }
+ },
+ "id": "dae24080-739a-11ea-a345-f985c61fe654",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "layer_1_source_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "map"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json b/dev/packages/alpha/aws/0.0.3/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json
new file mode 100644
index 00000000000..606738dd8ad
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/search/30ccde50-7397-11ea-a345-f985c61fe654.json
@@ -0,0 +1,66 @@
+{
+ "attributes": {
+ "columns": [
+ "user.id",
+ "event.provider",
+ "aws.cloudtrail.event_type",
+ "event.action",
+ "event.outcome",
+ "source.address",
+ "source.geo.region_name"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "stream.dataset",
+ "negate": false,
+ "params": {
+ "query": "aws.cloudtrail"
+ },
+ "type": "phrase"
+ },
+ "query": {
+ "match_phrase": {
+ "stream.dataset": "aws.cloudtrail"
+ }
+ }
+ }
+ ],
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "sort": [],
+ "title": "CloudTrail Events [Logs AWS]",
+ "version": 1
+ },
+ "id": "30ccde50-7397-11ea-a345-f985c61fe654",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/search/5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb.json b/dev/packages/alpha/aws/0.0.3/kibana/search/5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb.json
new file mode 100644
index 00000000000..805fbf3fbd5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/search/5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb.json
@@ -0,0 +1,102 @@
+{
+ "attributes": {
+ "columns": [
+ "aws.s3access.http_status",
+ "aws.s3access.error_code",
+ "aws.s3access.operation",
+ "aws.s3access.request_uri"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "aws.s3access.http_status",
+ "negate": true,
+ "params": {
+ "query": "200"
+ },
+ "type": "phrase",
+ "value": "200"
+ },
+ "query": {
+ "match": {
+ "aws.s3access.http_status": {
+ "query": "200",
+ "type": "phrase"
+ }
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "key": "fileset.name",
+ "negate": false,
+ "params": {
+ "query": "s3access"
+ },
+ "type": "phrase",
+ "value": "s3access"
+ },
+ "query": {
+ "match": {
+ "fileset.name": {
+ "query": "s3access",
+ "type": "phrase"
+ }
+ }
+ }
+ }
+ ],
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "Error Logs [Logs AWS]",
+ "version": 1
+ },
+ "id": "5e5a3c90-bac0-11e9-9f70-1f7bda85a5eb",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/search/c1aee600-4487-11ea-ad63-791a5dc86f10.json b/dev/packages/alpha/aws/0.0.3/kibana/search/c1aee600-4487-11ea-ad63-791a5dc86f10.json
new file mode 100644
index 00000000000..b51bf0e8e53
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/search/c1aee600-4487-11ea-ad63-791a5dc86f10.json
@@ -0,0 +1,101 @@
+{
+ "attributes": {
+ "columns": [
+ "source.ip",
+ "source.port",
+ "event.original"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "fileset.name",
+ "negate": false,
+ "params": {
+ "query": "vpcflow"
+ },
+ "type": "phrase",
+ "value": "vpcflow"
+ },
+ "query": {
+ "match": {
+ "fileset.name": {
+ "query": "vpcflow",
+ "type": "phrase"
+ }
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "key": "aws.vpcflow.action",
+ "negate": false,
+ "params": {
+ "query": "REJECT"
+ },
+ "type": "phrase",
+ "value": "REJECT"
+ },
+ "query": {
+ "match": {
+ "aws.vpcflow.action": {
+ "query": "REJECT",
+ "type": "phrase"
+ }
+ }
+ }
+ }
+ ],
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "VPC Flow Reject Logs [Logs AWS]",
+ "version": 1
+ },
+ "id": "c1aee600-4487-11ea-ad63-791a5dc86f10",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/007ceec0-694c-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/007ceec0-694c-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..7a24b2eed13
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/007ceec0-694c-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Transit Gateway Packets Drop Count No Route [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.transitgateway.metrics.PacketDropCountNoRoute.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TransitGateway",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "Transit Gateway Packets Drop Count No Route [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "007ceec0-694c-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/00b29040-921d-11e9-aa19-159bf182e06f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/00b29040-921d-11e9-aa19-159bf182e06f.json
new file mode 100644
index 00000000000..23cad93e7d9
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/00b29040-921d-11e9-aa19-159bf182e06f.json
@@ -0,0 +1,91 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "RDS Transaction Blocked [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "background_color": "rgba(164,221,0,1)",
+ "id": "27aaf910-d978-11e9-aff2-99c15d8b7da1",
+ "operator": "lte",
+ "value": 0
+ },
+ {
+ "color": "rgba(244,78,59,1)",
+ "id": "3526a9e0-d978-11e9-aff2-99c15d8b7da1",
+ "operator": "gt",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "bar_color": "rgba(211,49,21,1)",
+ "id": "f8196690-921a-11e9-badf-4b42bd1ef543",
+ "operator": "gt",
+ "value": 0
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drilldown_url": "",
+ "filter": "",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "bar",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "hide_in_legend": 0,
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Transaction Blocked",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.rds.transactions.blocked",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.rds.db_instance.identifier",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "metric"
+ },
+ "title": "RDS Transaction Blocked [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "00b29040-921d-11e9-aa19-159bf182e06f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/01ed5990-694a-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/01ed5990-694a-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..b0edb98194c
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/01ed5990-694a-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Transit Gateway Bytes Drop Count No Route [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.transitgateway.metrics.BytesDropCountNoRoute.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TransitGateway",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "Transit Gateway Bytes Drop Count No Route [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "01ed5990-694a-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/08645080-6891-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/08645080-6891-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..e58bce43bcd
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/08645080-6891-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,82 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Packet Out To Destination [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.PacketsOutToDestination.sum",
+ "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "timeseries"
+ },
+ "title": "NATGateway Packet Out To Destination [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "08645080-6891-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/09857a20-180f-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/09857a20-180f-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..e63994d397f
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/09857a20-180f-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS Notifications Failed To Redrive To DLQ [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Notifications Failed To Redrive To DLQ",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "SNS Notifications Failed To Redrive To DLQ [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "09857a20-180f-11ea-8e91-03c7047cbb9d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/09db13f0-2bdd-11e9-9fe1-cde861544141.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/09db13f0-2bdd-11e9-9fe1-cde861544141.json
new file mode 100644
index 00000000000..758cf1d78e3
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/09db13f0-2bdd-11e9-9fe1-cde861544141.json
@@ -0,0 +1,83 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EC2 Instance State [Metrics AWS] ECS",
+ "uiStateJSON": {
+ "vis": {
+ "colors": {
+ "16": "#629E51",
+ "272": "#DEDAF7",
+ "80": "#E24D42",
+ "running": "#7EB26D",
+ "stopped": "#E24D42"
+ },
+ "legendOpen": true
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "EC2 Instance State"
+ },
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "",
+ "field": "aws.ec2.instance.state.name",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": false,
+ "labels": {
+ "last_level": true,
+ "show": true,
+ "truncate": 100,
+ "values": true
+ },
+ "legendPosition": "right",
+ "type": "pie"
+ },
+ "title": "EC2 Instance State [Metrics AWS] ECS",
+ "type": "pie"
+ }
+ },
+ "id": "09db13f0-2bdd-11e9-9fe1-cde861544141",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/0a36b590-694c-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/0a36b590-694c-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..50798b0bb83
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/0a36b590-694c-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Transit Gateway Packets In [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.transitgateway.metrics.PacketsIn.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TransitGateway",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "Transit Gateway Packets In [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "0a36b590-694c-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/0f056420-739e-11ea-a345-f985c61fe654.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/0f056420-739e-11ea-a345-f985c61fe654.json
new file mode 100644
index 00000000000..3270b29d408
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/0f056420-739e-11ea-a345-f985c61fe654.json
@@ -0,0 +1,70 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "CloudTrail Event Type [Logs AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "CloudTrail Event Type",
+ "field": "aws.cloudtrail.event_type",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": true,
+ "labels": {
+ "last_level": true,
+ "show": false,
+ "truncate": 100,
+ "values": true
+ },
+ "legendPosition": "right",
+ "type": "pie"
+ },
+ "title": "CloudTrail Event Type [Logs AWS]",
+ "type": "pie"
+ }
+ },
+ "id": "0f056420-739e-11ea-a345-f985c61fe654",
+ "references": [
+ {
+ "id": "30ccde50-7397-11ea-a345-f985c61fe654",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/10e0f270-694c-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/10e0f270-694c-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..48cc9af9dce
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/10e0f270-694c-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Transit Gateway Packets Out [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.transitgateway.metrics.PacketsOut.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TransitGateway",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "Transit Gateway Packets Out [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "10e0f270-694c-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/1235fe50-41e7-11e9-b7a0-c99d9d127b61.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/1235fe50-41e7-11e9-b7a0-c99d9d127b61.json
new file mode 100644
index 00000000000..164d3c8a344
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/1235fe50-41e7-11e9-b7a0-c99d9d127b61.json
@@ -0,0 +1,78 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SQS Messages Received [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "1ccb6710-43b3-11e9-8c70-d17a67455a84"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "57cc0200-43b5-11e9-84e9-a97a63579915"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sqs.messages.received",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "series_drop_last_bucket": 1,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.sqs.queue.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "SQS Messages Received [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "1235fe50-41e7-11e9-b7a0-c99d9d127b61",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/128fd450-734e-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/128fd450-734e-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..e20e9a79a00
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/128fd450-734e-11e9-816b-07687310a99a.json
@@ -0,0 +1,75 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Cloudwatch Lambda Invocations Top5 [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "cbb498f0-734c-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Lambda Invocations",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.lambda.metrics.Invocations",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.FunctionName",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "AWS Cloudwatch Lambda Invocations Top5",
+ "type": "metrics"
+ }
+ },
+ "id": "128fd450-734e-11e9-816b-07687310a99a",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/12eff7e0-b7b9-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/12eff7e0-b7b9-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..aec59938a8e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/12eff7e0-b7b9-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,67 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EBS Volume Total Read Time [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Volume Total Read Time",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ebs.metrics.VolumeTotalReadTime.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VolumeId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "EBS Volume Total Read Time [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "12eff7e0-b7b9-11e9-8349-f15f850c5cd0",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/13e624c0-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/13e624c0-180e-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..cfaff502e9c
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/13e624c0-180e-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,119 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS Messages and Notifications [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Messages Published",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.NumberOfMessagesPublished.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(115,216,255,1)",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "204ff2b0-1b77-11ea-9357-231d0e09a8a9",
+ "label": "Notifications Delivered",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.NumberOfNotificationsDelivered.sum",
+ "id": "204ff2b1-1b77-11ea-9357-231d0e09a8a9",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "204ff2b1-1b77-11ea-9357-231d0e09a8a9",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(244,78,59,1)",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "32e925e0-1b77-11ea-9357-231d0e09a8a9",
+ "label": "Notifications Failed",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.NumberOfNotificationsFailed.sum",
+ "id": "32e925e1-1b77-11ea-9357-231d0e09a8a9",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "32e925e1-1b77-11ea-9357-231d0e09a8a9",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "SNS Messages and Notifications [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "13e624c0-180e-11ea-8e91-03c7047cbb9d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/142ad600-693b-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/142ad600-693b-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..431d30b4c23
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/142ad600-693b-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,72 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "VPN Tunnel Data State [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "05e19c00-693b-11ea-8bb6-25461aeac3d5"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "fdd5ac40-693a-11ea-8bb6-25461aeac3d5"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.vpn.metrics.TunnelState.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VpnId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "top_n"
+ },
+ "title": "VPN Tunnel Data State [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "142ad600-693b-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/15818fd0-f7f9-11e8-af03-c999c9dea608-ecs.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/15818fd0-f7f9-11e8-af03-c999c9dea608-ecs.json
new file mode 100644
index 00000000000..4f5a37dff8c
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/15818fd0-f7f9-11e8-af03-c999c9dea608-ecs.json
@@ -0,0 +1,78 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EC2 Network In Bytes [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "annotations": [],
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "23428b30-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,188,0,1)",
+ "fill": "0",
+ "filter": "",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "AWS EC2 Network In Bytes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ec2.network.in.bytes",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "series_drop_last_bucket": 1,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "cloud.instance.id",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "AWS EC2 Network In Bytes",
+ "type": "metrics"
+ }
+ },
+ "id": "15818fd0-f7f9-11e8-af03-c999c9dea608-ecs",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/17fcda50-921b-11e9-aa19-159bf182e06f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/17fcda50-921b-11e9-aa19-159bf182e06f.json
new file mode 100644
index 00000000000..4a8c00372c8
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/17fcda50-921b-11e9-aa19-159bf182e06f.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "RDS Database Connections [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "10bc2760-d978-11e9-aff2-99c15d8b7da1"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f8196690-921a-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "bar",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "hide_in_legend": 0,
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Database Connections",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.rds.database_connections",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.rds.db_instance.identifier",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "metric"
+ },
+ "title": "RDS Database Connections [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "17fcda50-921b-11e9-aa19-159bf182e06f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/1f3f00c0-28d1-11ea-ba6c-49a884eb104f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/1f3f00c0-28d1-11ea-ba6c-49a884eb104f.json
new file mode 100644
index 00000000000..5bb1eafec4f
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/1f3f00c0-28d1-11ea-ba6c-49a884eb104f.json
@@ -0,0 +1,87 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Lambda Top Invoked Functions [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": 0,
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "fbf0eac0-28d0-11ea-8789-f72e3366fb25"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f679afa0-28d0-11ea-8789-f72e3366fb25"
+ }
+ ],
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "ca2e4c60-28cd-11ea-822d-3ba2c0089081",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "ca2e4c61-28cd-11ea-822d-3ba2c0089081",
+ "label": "avg(aws.metrics.Duration.avg)",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.lambda.metrics.Invocations.avg",
+ "id": "ca2e4c62-28cd-11ea-822d-3ba2c0089081",
+ "type": "max"
+ }
+ ],
+ "point_size": "4",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.FunctionName",
+ "terms_order_by": "ca2e4c62-28cd-11ea-822d-3ba2c0089081",
+ "type": "timeseries",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "Lambda Top Invoked Functions [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "1f3f00c0-28d1-11ea-ba6c-49a884eb104f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/1f528f50-b3ce-11e9-87a4-078dbbae220d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/1f528f50-b3ce-11e9-87a4-078dbbae220d.json
new file mode 100644
index 00000000000..af6e31a5b15
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/1f528f50-b3ce-11e9-87a4-078dbbae220d.json
@@ -0,0 +1,87 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB HTTP Backend 2XX [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "7db91990-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "gauge_color_rules": [
+ {
+ "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "formatter": "number",
+ "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971",
+ "label": "HTTP Backend 2XX",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.HTTPCode_Backend_2XX.sum",
+ "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.LoadBalancerName",
+ "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "ELB HTTP Backend 2XX [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "1f528f50-b3ce-11e9-87a4-078dbbae220d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/219c1850-3e82-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/219c1850-3e82-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..3f08b9269c6
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/219c1850-3e82-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,71 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB HTTP 2xx [Logs AWS] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(164,221,0,1)",
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"elb\" and http.response.status_code \u003e= 200 and http.response.status_code\t\u003c 300"
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "HTTP 2xx",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.elb.name",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "ELB HTTP 2xx [Logs AWS] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "219c1850-3e82-11ea-bb0a-69c3ca1d410f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/21f30090-b3ca-11e9-87a4-078dbbae220d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/21f30090-b3ca-11e9-87a4-078dbbae220d.json
new file mode 100644
index 00000000000..ced9c6bd98b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/21f30090-b3ca-11e9-87a4-078dbbae220d.json
@@ -0,0 +1,87 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB HTTP Backend 4XX Errors [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "7db91990-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "gauge_color_rules": [
+ {
+ "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": "0",
+ "formatter": "number",
+ "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971",
+ "label": "HTTP Backend 4XX Errors",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.HTTPCode_Backend_4XX.sum",
+ "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.LoadBalancerName",
+ "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "ELB HTTP Backend 4XX Errors [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "21f30090-b3ca-11e9-87a4-078dbbae220d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/233b3400-f7f9-11e8-af03-c999c9dea608-ecs.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/233b3400-f7f9-11e8-af03-c999c9dea608-ecs.json
new file mode 100644
index 00000000000..749cc47d608
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/233b3400-f7f9-11e8-af03-c999c9dea608-ecs.json
@@ -0,0 +1,78 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EC2 Network Out Bytes [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "annotations": [],
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "23428b30-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,188,0,1)",
+ "fill": "0",
+ "filter": "",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "AWS EC2 Network Out Bytes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ec2.network.out.bytes",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "series_drop_last_bucket": 1,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "cloud.instance.id",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "AWS EC2 Network Out Bytes",
+ "type": "metrics"
+ }
+ },
+ "id": "233b3400-f7f9-11e8-af03-c999c9dea608-ecs",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/247e2990-4699-11ea-ad63-791a5dc86f10.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/247e2990-4699-11ea-ad63-791a5dc86f10.json
new file mode 100644
index 00000000000..cd5b5f17ed6
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/247e2990-4699-11ea-ad63-791a5dc86f10.json
@@ -0,0 +1,53 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "S3 Bucket Name Filter [Logs AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "aws.s3.bucket.name",
+ "id": "1565034367477",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "S3 Bucket Names",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": true
+ },
+ "title": "S3 Bucket Name Filter [Logs AWS]",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "247e2990-4699-11ea-ad63-791a5dc86f10",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/25384bf0-b7b9-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/25384bf0-b7b9-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..913c25cf206
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/25384bf0-b7b9-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,67 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EBS Volume Total Write Time [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Volume Total Write Time",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ebs.metrics.VolumeTotalWriteTime.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VolumeId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "EBS Volume Total Write Time [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "25384bf0-b7b9-11e9-8349-f15f850c5cd0",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/26b73e50-6943-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/26b73e50-6943-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..86442ab5815
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/26b73e50-6943-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "VPN Tunnel Data Out Per VPN ID [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.vpn.metrics.TunnelDataOut.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VpnId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "VPN Tunnel Data Out Per VPN ID [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "26b73e50-6943-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/2929edb0-178e-11ea-8650-fb606deb5be4.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/2929edb0-178e-11ea-8650-fb606deb5be4.json
new file mode 100644
index 00000000000..ae7bade1656
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/2929edb0-178e-11ea-8650-fb606deb5be4.json
@@ -0,0 +1,53 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "AWS Service Filter [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "aws.dimensions.Service",
+ "id": "1549397251041",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "service name",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": false
+ },
+ "title": "AWS Service Filter [Metrics AWS]",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "2929edb0-178e-11ea-8650-fb606deb5be4",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/2b2d58b0-4762-11e9-8062-c98a86cb6f94.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/2b2d58b0-4762-11e9-8062-c98a86cb6f94.json
new file mode 100644
index 00000000000..a2a9a532ae8
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/2b2d58b0-4762-11e9-8062-c98a86cb6f94.json
@@ -0,0 +1,92 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "S3 Request Latency Total Request in ms [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "c0d11b00-4761-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "67cb0930-4761-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "gauge_color_rules": [
+ {
+ "id": "6eafde10-4761-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "1d",
+ "isModelInvalid": false,
+ "pivot_id": "aws.s3.bucket.name",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "color_rules": [
+ {
+ "id": "ac2ef870-4761-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Latency in ms",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.s3_request.latency.total_request.ms",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.s3.bucket.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "S3 Request Latency Total Request in ms [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "2b2d58b0-4762-11e9-8062-c98a86cb6f94",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/2dbb8f90-4760-11e9-8062-c98a86cb6f94.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/2dbb8f90-4760-11e9-8062-c98a86cb6f94.json
new file mode 100644
index 00000000000..5ccc431463f
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/2dbb8f90-4760-11e9-8062-c98a86cb6f94.json
@@ -0,0 +1,85 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "S3 Daily Storage Bucket Size in Bytes [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "f679e680-475f-11e9-a9de-e776805ecfc9"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f703aff0-475f-11e9-a9de-e776805ecfc9"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "gauge_color_rules": [
+ {
+ "id": "f8388670-475f-11e9-a9de-e776805ecfc9"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "1d",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.s3_daily_storage.bucket.size.bytes",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.s3.bucket.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "S3 Daily Storage Bucket Size in Bytes [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "2dbb8f90-4760-11e9-8062-c98a86cb6f94",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/2ee7f420-6943-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/2ee7f420-6943-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..12429ab895d
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/2ee7f420-6943-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "VPN Tunnel Data In Per VPN ID [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.vpn.metrics.TunnelDataIn.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VpnId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "VPN Tunnel Data In Per VPN ID [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "2ee7f420-6943-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/31a4ea90-152b-11ea-841c-01bf20a6c8ba.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/31a4ea90-152b-11ea-841c-01bf20a6c8ba.json
new file mode 100644
index 00000000000..c059de7040b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/31a4ea90-152b-11ea-841c-01bf20a6c8ba.json
@@ -0,0 +1,83 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Top 10 Billing per Service Name [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": 0,
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "729af8b0-152a-11ea-ae8f-79fec1a0d4d3",
+ "index_pattern": "metrics-*",
+ "interval": "12h",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "729b1fc0-152a-11ea-ae8f-79fec1a0d4d3",
+ "label": "avg(aws.billing.metrics.EstimatedCharges.max)",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.billing.metrics.EstimatedCharges.max",
+ "id": "729b1fc1-152a-11ea-ae8f-79fec1a0d4d3",
+ "type": "sum"
+ }
+ ],
+ "override_index_pattern": 0,
+ "point_size": "4",
+ "separate_axis": 0,
+ "series_drop_last_bucket": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "aws.dimensions.ServiceName",
+ "terms_include": "",
+ "terms_order_by": "729b1fc1-152a-11ea-ae8f-79fec1a0d4d3",
+ "terms_size": "10",
+ "type": "timeseries",
+ "value_template": "${{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Top 10 Billing per Service Name [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "31a4ea90-152b-11ea-841c-01bf20a6c8ba",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/31ad4090-2003-11ea-8f72-2f8d21e50b0c.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/31ad4090-2003-11ea-8f72-2f8d21e50b0c.json
new file mode 100644
index 00000000000..3452c2704fb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/31ad4090-2003-11ea-8f72-2f8d21e50b0c.json
@@ -0,0 +1,216 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "DynamoDB Account Provisioned Capacity Utilization [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Write Utilization",
+ "field": "aws.dynamodb.metrics.AccountProvisionedWriteCapacityUtilization.avg"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "drop_partials": false,
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1,
+ "scaleMetricValues": false,
+ "timeRange": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "useNormalizedEsInterval": true
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "Read Utilization",
+ "field": "aws.dynamodb.metrics.AccountProvisionedReadCapacityUtilization.avg"
+ },
+ "schema": "metric",
+ "type": "max"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "filter": true,
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {},
+ "type": "category"
+ }
+ ],
+ "dimensions": {
+ "x": {
+ "accessor": 0,
+ "aggType": "date_histogram",
+ "format": {
+ "id": "date",
+ "params": {
+ "pattern": "HH:mm:ss"
+ }
+ },
+ "label": "@timestamp per 30 seconds",
+ "params": {
+ "bounds": {
+ "max": "2020-04-10T10:29:58.462Z",
+ "min": "2020-04-10T10:14:58.462Z"
+ },
+ "date": true,
+ "format": "HH:mm:ss",
+ "interval": "PT30S",
+ "intervalESUnit": "s",
+ "intervalESValue": 30
+ }
+ },
+ "y": [
+ {
+ "accessor": 1,
+ "aggType": "max",
+ "format": {
+ "id": "number",
+ "params": {
+ "parsedUrl": {
+ "basePath": "",
+ "origin": "http://localhost:5601",
+ "pathname": "/app/kibana"
+ }
+ }
+ },
+ "label": "Write Utilization",
+ "params": {}
+ },
+ {
+ "accessor": 2,
+ "aggType": "max",
+ "format": {
+ "id": "number",
+ "params": {
+ "parsedUrl": {
+ "basePath": "",
+ "origin": "http://localhost:5601",
+ "pathname": "/app/kibana"
+ }
+ }
+ },
+ "label": "Read Utilization",
+ "params": {}
+ }
+ ]
+ },
+ "grid": {
+ "categoryLines": false
+ },
+ "labels": {},
+ "legendPosition": "right",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Write Utilization"
+ },
+ "drawLinesBetweenPoints": true,
+ "mode": "normal",
+ "show": "true",
+ "showCircles": true,
+ "type": "line",
+ "valueAxis": "ValueAxis-1"
+ },
+ {
+ "data": {
+ "id": "3",
+ "label": "Read Utilization"
+ },
+ "drawLinesBetweenPoints": true,
+ "mode": "normal",
+ "show": "true",
+ "showCircles": true,
+ "type": "line",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "thresholdLine": {
+ "color": "#34130C",
+ "show": false,
+ "style": "full",
+ "value": 10,
+ "width": 1
+ },
+ "times": [],
+ "type": "line",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Write Utilization"
+ },
+ "type": "value"
+ }
+ ]
+ },
+ "title": "DynamoDB Account Provisioned Capacity Utilization [Metrics AWS]",
+ "type": "line"
+ }
+ },
+ "id": "31ad4090-2003-11ea-8f72-2f8d21e50b0c",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/396089c0-7399-11ea-a345-f985c61fe654.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/396089c0-7399-11ea-a345-f985c61fe654.json
new file mode 100644
index 00000000000..3c5f8cc2628
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/396089c0-7399-11ea-a345-f985c61fe654.json
@@ -0,0 +1,85 @@
+{
+ "attributes": {
+ "description": "event.action values separated by event.provider.",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "CloudTrail Actions [Logs AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "field": "event.provider",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "field": "event.action",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": true,
+ "labels": {
+ "last_level": true,
+ "show": false,
+ "truncate": 100,
+ "values": true
+ },
+ "legendPosition": "right",
+ "type": "pie"
+ },
+ "title": "CloudTrail Actions [Logs AWS]",
+ "type": "pie"
+ }
+ },
+ "id": "396089c0-7399-11ea-a345-f985c61fe654",
+ "references": [
+ {
+ "id": "30ccde50-7397-11ea-a345-f985c61fe654",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/398d12d0-7352-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/398d12d0-7352-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..d2bda5e4486
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/398d12d0-7352-11e9-816b-07687310a99a.json
@@ -0,0 +1,75 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Cloudwatch Lambda Throttles Top5 [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "cbb498f0-734c-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Lambda Throttles",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.lambda.metrics.Throttles",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.FunctionName",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "AWS Cloudwatch Lambda Throttles Top5",
+ "type": "metrics"
+ }
+ },
+ "id": "398d12d0-7352-11e9-816b-07687310a99a",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/39dfc8d0-28cf-11ea-ba6c-49a884eb104f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/39dfc8d0-28cf-11ea-ba6c-49a884eb104f.json
new file mode 100644
index 00000000000..c836b092ce9
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/39dfc8d0-28cf-11ea-ba6c-49a884eb104f.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Lambda Duration in Milliseconds [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": 0,
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "ca2e4c60-28cd-11ea-822d-3ba2c0089081",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "ca2e4c61-28cd-11ea-822d-3ba2c0089081",
+ "label": "avg(aws.metrics.Duration.avg)",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.lambda.metrics.Duration.avg",
+ "id": "ca2e4c62-28cd-11ea-822d-3ba2c0089081",
+ "type": "avg"
+ }
+ ],
+ "point_size": "4",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.FunctionName",
+ "terms_order_by": "ca2e4c62-28cd-11ea-822d-3ba2c0089081",
+ "type": "timeseries",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Lambda Duration in Milliseconds [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "39dfc8d0-28cf-11ea-ba6c-49a884eb104f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/3a3914d0-4761-11e9-8062-c98a86cb6f94.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/3a3914d0-4761-11e9-8062-c98a86cb6f94.json
new file mode 100644
index 00000000000..b43ff703f8b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/3a3914d0-4761-11e9-8062-c98a86cb6f94.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "S3 Daily Storage Number of Objects [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "167ea870-4761-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "01dad830-4761-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "1d",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.s3_daily_storage.number_of_objects",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.s3.bucket.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "S3 Daily Storage Number of Objects [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "3a3914d0-4761-11e9-8062-c98a86cb6f94",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/3dee68c0-7b0c-11ea-9bb4-e958b64b5685.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/3dee68c0-7b0c-11ea-9bb4-e958b64b5685.json
new file mode 100644
index 00000000000..77caf0de68a
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/3dee68c0-7b0c-11ea-9bb4-e958b64b5685.json
@@ -0,0 +1,60 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "DynamoDB Max Request Latency Per Operation [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "\u003e=1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0.1",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Max Request Latency Per Operation",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.dynamodb.metrics.SuccessfulRequestLatency.max",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "max"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.Operation",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "DynamoDB Max Request Latency Per Operation [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "3dee68c0-7b0c-11ea-9bb4-e958b64b5685",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/415fed40-694f-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/415fed40-694f-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..4aafcee1d31
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/415fed40-694f-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,93 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "TransitGateway Filters [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "cloud.account.name",
+ "id": "1565034367477",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "account name",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ },
+ {
+ "fieldName": "cloud.region",
+ "id": "1584478324642",
+ "indexPatternRefName": "control_1_index_pattern",
+ "label": "region",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ },
+ {
+ "fieldName": "aws.dimensions.TransitGateway",
+ "id": "1584479118709",
+ "indexPatternRefName": "control_2_index_pattern",
+ "label": "transit gateway",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": true
+ },
+ "title": "TransitGateway Filters [Metrics AWS]",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "415fed40-694f-11ea-b0ac-95d4ecb1fecd",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "control_1_index_pattern",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "control_2_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/42016bf0-728f-11e9-9a7b-4d62d5bcf4fc.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/42016bf0-728f-11e9-9a7b-4d62d5bcf4fc.json
new file mode 100644
index 00000000000..a123b35d1b5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/42016bf0-728f-11e9-9a7b-4d62d5bcf4fc.json
@@ -0,0 +1,79 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Cloudwatch ELB Latency [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "annotations": [],
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "23428b30-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "default_index_pattern": "metrics-8*",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,188,0,1)",
+ "fill": "0",
+ "filter": "",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "AWS Cloudwatch ELB Latency",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.Latency",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "series_drop_last_bucket": 1,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "aws.dimensions.LoadBalancerName",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "AWS Cloudwatch ELB Latency",
+ "type": "metrics"
+ }
+ },
+ "id": "42016bf0-728f-11e9-9a7b-4d62d5bcf4fc",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/4658f540-734a-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/4658f540-734a-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..0b33d0f5a0d
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/4658f540-734a-11e9-816b-07687310a99a.json
@@ -0,0 +1,70 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SQS Empty Receives Top5 [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "bar_color_rules": [
+ {
+ "id": "23be77d0-734a-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "auto",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "AWS SQS Empty Receives",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sqs.empty_receives",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.sqs.queue.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "AWS SQS Empty Receives Top5",
+ "type": "metrics"
+ }
+ },
+ "id": "4658f540-734a-11e9-816b-07687310a99a",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/49379b70-7b07-11ea-9bb4-e958b64b5685.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/49379b70-7b07-11ea-9bb4-e958b64b5685.json
new file mode 100644
index 00000000000..af6dcf6903e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/49379b70-7b07-11ea-9bb4-e958b64b5685.json
@@ -0,0 +1,85 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "DynamoDB Consumed Write Capacity Units [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "43e58670-7b05-11ea-8ef8-01625a2f68ac"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "3c733ea0-7b05-11ea-8ef8-01625a2f68ac"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 1,
+ "gauge_color_rules": [
+ {
+ "id": "499c62a0-7b05-11ea-8ef8-01625a2f68ac"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "\u003e=1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0.1",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Consumed Write Capacity Units",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.dynamodb.metrics.ConsumedWriteCapacityUnits.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "offset_time": "",
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "aws.dimensions.TableName",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "DynamoDB Consumed Write Capacity Units [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "49379b70-7b07-11ea-9bb4-e958b64b5685",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/4bf0a740-28d1-11ea-ba6c-49a884eb104f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/4bf0a740-28d1-11ea-ba6c-49a884eb104f.json
new file mode 100644
index 00000000000..75684367d2e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/4bf0a740-28d1-11ea-ba6c-49a884eb104f.json
@@ -0,0 +1,95 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Lambda Top Errors [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": 0,
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "fbf0eac0-28d0-11ea-8789-f72e3366fb25"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f679afa0-28d0-11ea-8789-f72e3366fb25"
+ }
+ ],
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "gauge_color_rules": [
+ {
+ "id": "3eabbde0-28d1-11ea-8789-f72e3366fb25"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "ca2e4c60-28cd-11ea-822d-3ba2c0089081",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "ca2e4c61-28cd-11ea-822d-3ba2c0089081",
+ "label": "avg(aws.metrics.Duration.avg)",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.lambda.metrics.Errors.avg",
+ "id": "ca2e4c62-28cd-11ea-822d-3ba2c0089081",
+ "type": "max"
+ }
+ ],
+ "point_size": "4",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.FunctionName",
+ "terms_order_by": "ca2e4c62-28cd-11ea-822d-3ba2c0089081",
+ "type": "timeseries",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Lambda Top Errors [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "4bf0a740-28d1-11ea-ba6c-49a884eb104f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/4bf62a10-8310-11e9-ac83-47df3568ff90.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/4bf62a10-8310-11e9-ac83-47df3568ff90.json
new file mode 100644
index 00000000000..d249e09cf17
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/4bf62a10-8310-11e9-ac83-47df3568ff90.json
@@ -0,0 +1,98 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Cloudwatch ECS CPU Available [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "bb21d180-830d-11e9-9c4c-391fa0a2e15f"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "lucene",
+ "query": "(aws.cloudwatch.namespace:\"AWS/ECS\") AND (_exists_: aws.ecs.metrics.CPUReservation) AND (_exists_: aws.ecs.metrics.CPUUtilization)"
+ },
+ "formatter": "percent",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ecs.metrics.CPUUtilization",
+ "id": "17f8ddf0-830d-11e9-9f3d-ed346f48a007",
+ "type": "sum"
+ },
+ {
+ "field": "aws.ecs.metrics.CPUReservation",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ },
+ {
+ "id": "68a93050-830e-11e9-9c4c-391fa0a2e15f",
+ "script": "(params.res - params.util) / 100",
+ "type": "math",
+ "variables": [
+ {
+ "field": "17f8ddf0-830d-11e9-9f3d-ed346f48a007",
+ "id": "6f338920-830e-11e9-9c4c-391fa0a2e15f",
+ "name": "util"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "7ab9f9a0-830e-11e9-9c4c-391fa0a2e15f",
+ "name": "res"
+ }
+ ]
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.ClusterName",
+ "terms_order_by": "_key",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "AWS Cloudwatch ECS CPU Available",
+ "type": "metrics"
+ }
+ },
+ "id": "4bf62a10-8310-11e9-ac83-47df3568ff90",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/4c23e4c0-739a-11ea-a345-f985c61fe654.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/4c23e4c0-739a-11ea-a345-f985c61fe654.json
new file mode 100644
index 00000000000..b0bef14daf6
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/4c23e4c0-739a-11ea-a345-f985c61fe654.json
@@ -0,0 +1,151 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "CloudTrail Event Outcome over time [Logs AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "drop_partials": false,
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1,
+ "scaleMetricValues": false,
+ "timeRange": {
+ "from": "now-24h",
+ "to": "now"
+ },
+ "useNormalizedEsInterval": true
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "field": "event.outcome",
+ "missingBucket": true,
+ "missingBucketLabel": "[unknown]",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "group",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "filter": true,
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {},
+ "type": "category"
+ }
+ ],
+ "grid": {
+ "categoryLines": false
+ },
+ "labels": {},
+ "legendPosition": "right",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Count"
+ },
+ "drawLinesBetweenPoints": true,
+ "interpolate": "linear",
+ "lineWidth": 2,
+ "mode": "stacked",
+ "show": true,
+ "showCircles": true,
+ "type": "area",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "thresholdLine": {
+ "color": "#E7664C",
+ "show": false,
+ "style": "full",
+ "value": 10,
+ "width": 1
+ },
+ "times": [],
+ "type": "area",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Count"
+ },
+ "type": "value"
+ }
+ ]
+ },
+ "title": "CloudTrail Event Outcome over time [Logs AWS]",
+ "type": "area"
+ }
+ },
+ "id": "4c23e4c0-739a-11ea-a345-f985c61fe654",
+ "references": [
+ {
+ "id": "30ccde50-7397-11ea-a345-f985c61fe654",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/53730d20-437e-11e9-8697-530f39afc6eb.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/53730d20-437e-11e9-8697-530f39afc6eb.json
new file mode 100644
index 00000000000..6803a4afe06
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/53730d20-437e-11e9-8697-530f39afc6eb.json
@@ -0,0 +1,73 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SQS Oldest Message Age in Seconds [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "bar_color_rules": [
+ {
+ "id": "3e3d3610-437e-11e9-a35d-972620e4f790"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "AWS SQS Oldest Message Age in Seconds",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sqs.oldest_message_age.sec",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "max"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.sqs.queue.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "SQS Oldest Message Age in Seconds [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "53730d20-437e-11e9-8697-530f39afc6eb",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/54e88a40-734e-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/54e88a40-734e-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..9c5040af189
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/54e88a40-734e-11e9-816b-07687310a99a.json
@@ -0,0 +1,75 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Cloudwatch Lambda Errors Top5 [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "cbb498f0-734c-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Lambda Errors",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.lambda.metrics.Errors",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.FunctionName",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "AWS Cloudwatch Lambda Errors Top5",
+ "type": "metrics"
+ }
+ },
+ "id": "54e88a40-734e-11e9-816b-07687310a99a",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/572d40e0-b3ca-11e9-87a4-078dbbae220d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/572d40e0-b3ca-11e9-87a4-078dbbae220d.json
new file mode 100644
index 00000000000..4335f5439fb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/572d40e0-b3ca-11e9-87a4-078dbbae220d.json
@@ -0,0 +1,88 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Backend Connection Errors [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "7db91990-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "gauge_color_rules": [
+ {
+ "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": "00",
+ "formatter": "number",
+ "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971",
+ "label": "Backend Connection Errors",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.BackendConnectionErrors.sum",
+ "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "aws.dimensions.LoadBalancerName",
+ "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "ELB Backend Connection Errors [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "572d40e0-b3ca-11e9-87a4-078dbbae220d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/58e17c10-7349-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/58e17c10-7349-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..8711f57b6ac
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/58e17c10-7349-11e9-816b-07687310a99a.json
@@ -0,0 +1,72 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "S3 Total Error 5xx [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "59207fe0-4762-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "5ad9a190-4762-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Total # of HTTP 5xx Errors",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.s3_request.errors.5xx",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "metric"
+ },
+ "title": "AWS S3 Total Error 5xx",
+ "type": "metrics"
+ }
+ },
+ "id": "58e17c10-7349-11e9-816b-07687310a99a",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..ee117c36752
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,72 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "VPN Tunnel Data State Per Tunnel IP [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "05e19c00-693b-11ea-8bb6-25461aeac3d5"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "fdd5ac40-693a-11ea-8bb6-25461aeac3d5"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.vpn.metrics.TunnelState.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TunnelIpAddress",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "top_n"
+ },
+ "title": "VPN Tunnel Data State Per Tunnel IP [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "58f5a3c0-6943-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/59defc90-17a5-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/59defc90-17a5-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..c548d83261a
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/59defc90-17a5-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,53 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS Topic Name Filter [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "aws.dimensions.TopicName",
+ "id": "1565034367477",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "topic name",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": true
+ },
+ "title": "SNS Topic Name Filter [Metrics AWS]",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "59defc90-17a5-11ea-8e91-03c7047cbb9d",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/59e2e110-178d-11ea-8650-fb606deb5be4.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/59e2e110-178d-11ea-8650-fb606deb5be4.json
new file mode 100644
index 00000000000..686ccd72843
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/59e2e110-178d-11ea-8650-fb606deb5be4.json
@@ -0,0 +1,71 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Usage Resource Count Per Service [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": "aws.dimensions.Type : \"Resource\" "
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.usage.metrics.ResourceCount.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": "4",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.Service",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Usage Resource Count Per Service [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "59e2e110-178d-11ea-8650-fb606deb5be4",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json
new file mode 100644
index 00000000000..2550a00fa18
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/5c93cd10-bac3-11e9-9f70-1f7bda85a5eb.json
@@ -0,0 +1,107 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Http Status over time [Logs AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": {
+ "language": "lucene",
+ "query": "stream.dataset:aws.s3access"
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "logs-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "bar",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Http Status",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_filters": [
+ {
+ "color": "#68BC00",
+ "filter": {
+ "language": "kuery",
+ "query": "aws.s3access.http_status \u003c 300 and aws.s3access.http_status \u003e= 200"
+ },
+ "id": "5acdc750-a29d-11e7-a062-a1c3587f4874",
+ "label": "200s"
+ },
+ {
+ "color": "rgba(252,196,0,1)",
+ "filter": {
+ "language": "kuery",
+ "query": "aws.s3access.http_status \u003c 400 and aws.s3access.http_status \u003e= 300"
+ },
+ "id": "6efd2ae0-a29d-11e7-a062-a1c3587f4874",
+ "label": "300s"
+ },
+ {
+ "color": "rgba(211,49,21,1)",
+ "filter": {
+ "language": "kuery",
+ "query": "aws.s3access.http_status \u003c 500 and aws.s3access.http_status \u003e= 400"
+ },
+ "id": "76089a90-a29d-11e7-a062-a1c3587f4874",
+ "label": "400s"
+ },
+ {
+ "color": "rgba(171,20,158,1)",
+ "filter": {
+ "language": "kuery",
+ "query": "aws.s3access.http_status \u003c 600 and aws.s3access.http_status \u003e= 500"
+ },
+ "id": "7c7929d0-a29d-11e7-a062-a1c3587f4874",
+ "label": "500s"
+ }
+ ],
+ "split_mode": "filters",
+ "stacked": "stacked",
+ "terms_field": "http.response.status_code",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Http Status over time [Logs AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "5c93cd10-bac3-11e9-9f70-1f7bda85a5eb",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/6392bc30-b3c9-11e9-87a4-078dbbae220d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/6392bc30-b3c9-11e9-87a4-078dbbae220d.json
new file mode 100644
index 00000000000..868a5f2293b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/6392bc30-b3c9-11e9-87a4-078dbbae220d.json
@@ -0,0 +1,90 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Healthy Host Count [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "background_color": "rgba(104,188,0,1)",
+ "color": "rgba(255,255,255,1)",
+ "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226",
+ "operator": "gt",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "7db91990-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "gauge_color_rules": [
+ {
+ "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "formatter": "number",
+ "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971",
+ "label": "Healthy Host Count",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.HealthyHostCount.max",
+ "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "type": "max"
+ }
+ ],
+ "point_size": 0,
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.AvailabilityZone",
+ "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "metric"
+ },
+ "title": "ELB Healthy Host Count [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "6392bc30-b3c9-11e9-87a4-078dbbae220d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/67f43080-b7b9-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/67f43080-b7b9-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..2df22016c39
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/67f43080-b7b9-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,68 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EBS Volume Idle Time [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_min": "0",
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,1",
+ "hide_in_legend": 0,
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Volume Idle Time",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ebs.metrics.VolumeIdleTime.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VolumeId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "EBS Volume Idle Time [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "67f43080-b7b9-11e9-8349-f15f850c5cd0",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/681aab60-178c-11ea-8650-fb606deb5be4.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/681aab60-178c-11ea-8650-fb606deb5be4.json
new file mode 100644
index 00000000000..c05c918c382
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/681aab60-178c-11ea-8650-fb606deb5be4.json
@@ -0,0 +1,151 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Usage CallCount [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "field": "aws.usage.metrics.CallCount.sum"
+ },
+ "schema": "metric",
+ "type": "sum"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "filters": [
+ {
+ "input": {
+ "language": "kuery",
+ "query": "aws.dimensions.Type : \"API\" "
+ },
+ "label": ""
+ }
+ ],
+ "row": true
+ },
+ "schema": "split",
+ "type": "filters"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "field": "aws.dimensions.Service",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": true,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "4",
+ "params": {
+ "field": "aws.dimensions.Resource",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": true,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "dimensions": {
+ "buckets": [
+ {
+ "accessor": 2,
+ "aggType": "terms",
+ "format": {
+ "id": "terms",
+ "params": {
+ "id": "string",
+ "missingBucketLabel": "Missing",
+ "otherBucketLabel": "Other"
+ }
+ },
+ "params": {}
+ },
+ {
+ "accessor": 4,
+ "aggType": "terms",
+ "format": {
+ "id": "terms",
+ "params": {
+ "id": "string",
+ "missingBucketLabel": "Missing",
+ "otherBucketLabel": "Other"
+ }
+ },
+ "params": {}
+ }
+ ],
+ "metric": {
+ "accessor": 3,
+ "aggType": "sum",
+ "format": {
+ "id": "number"
+ },
+ "params": {}
+ },
+ "splitRow": [
+ {
+ "accessor": 0,
+ "aggType": "filters",
+ "format": {},
+ "params": {}
+ }
+ ]
+ },
+ "isDonut": true,
+ "labels": {
+ "last_level": false,
+ "show": true,
+ "truncate": 100,
+ "values": true
+ },
+ "legendPosition": "right",
+ "type": "pie"
+ },
+ "title": "Usage CallCount [Metrics AWS]",
+ "type": "pie"
+ }
+ },
+ "id": "681aab60-178c-11ea-8650-fb606deb5be4",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/68970b10-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/68970b10-6890-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..2e4692d09a7
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/68970b10-6890-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,81 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Connection Established [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0",
+ "label": "Total Connections Established",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.ConnectionEstablishedCount.sum",
+ "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "sum"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "metric"
+ },
+ "title": "NATGateway Connection Established [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "68970b10-6890-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/6e3285d0-4763-11e9-8062-c98a86cb6f94.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/6e3285d0-4763-11e9-8062-c98a86cb6f94.json
new file mode 100644
index 00000000000..a60696ca78f
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/6e3285d0-4763-11e9-8062-c98a86cb6f94.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "S3 Filters [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "cloud.region",
+ "id": "1549397251041",
+ "indexPattern": "metrics-*",
+ "label": "region",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ },
+ {
+ "fieldName": "aws.s3.bucket.name",
+ "id": "1549512142947",
+ "indexPattern": "metrics-*",
+ "label": "s3 bucket name",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": false
+ },
+ "title": "AWS S3 Filters",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "6e3285d0-4763-11e9-8062-c98a86cb6f94",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/6f7f7680-180c-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/6f7f7680-180c-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..fb0f626c061
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/6f7f7680-180c-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS Publish Size [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Publish Size",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.PublishSize.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "SNS Publish Size [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "6f7f7680-180c-11ea-8e91-03c7047cbb9d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/6fc1efd0-b3c9-11e9-87a4-078dbbae220d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/6fc1efd0-b3c9-11e9-87a4-078dbbae220d.json
new file mode 100644
index 00000000000..14c1bc91a79
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/6fc1efd0-b3c9-11e9-87a4-078dbbae220d.json
@@ -0,0 +1,90 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Unhealthy Host Count [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "background_color": "rgba(244,78,59,1)",
+ "color": "rgba(255,255,255,1)",
+ "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226",
+ "operator": "gt",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "7db91990-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "gauge_color_rules": [
+ {
+ "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "formatter": "number",
+ "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971",
+ "label": "Unhealthy Host Count",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.UnHealthyHostCount.max",
+ "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "type": "max"
+ }
+ ],
+ "point_size": 0,
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.AvailabilityZone",
+ "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "metric"
+ },
+ "title": "ELB Unhealthy Host Count [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "6fc1efd0-b3c9-11e9-87a4-078dbbae220d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/73970bc0-3e86-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/73970bc0-3e86-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..113c7375389
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/73970bc0-3e86-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,101 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Top User Agents [Logs AWS] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "29527130-3e86-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "cc6d5070-3e85-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "gauge_color_rules": [
+ {
+ "id": "2b29c940-3e86-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "pivot_id": "user_agent.original",
+ "pivot_type": "string",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,188,0,1)",
+ "color_rules": [
+ {
+ "id": "42e14220-3e86-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"elb\" "
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "User Agent",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "2010cb20-3e87-11ea-9067-cf383a4ea3b3",
+ "type": "cumulative_sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "user_agent.original",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "top_n"
+ },
+ "title": "ELB Top User Agents [Logs AWS] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "73970bc0-3e86-11ea-bb0a-69c3ca1d410f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/749cd470-1530-11ea-841c-01bf20a6c8ba.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/749cd470-1530-11ea-841c-01bf20a6c8ba.json
new file mode 100644
index 00000000000..f555f41ba0a
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/749cd470-1530-11ea-841c-01bf20a6c8ba.json
@@ -0,0 +1,118 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Estimated Billing Pie Chart [Metrics AWS]",
+ "uiStateJSON": {
+ "vis": {
+ "colors": {
+ "16": "#629E51",
+ "272": "#DEDAF7",
+ "80": "#E24D42",
+ "running": "#7EB26D",
+ "stopped": "#E24D42"
+ },
+ "legendOpen": true
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "",
+ "field": "aws.billing.metrics.EstimatedCharges.max"
+ },
+ "schema": "metric",
+ "type": "sum"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "",
+ "field": "aws.dimensions.ServiceName",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderAgg": {
+ "enabled": true,
+ "id": "2-orderAgg",
+ "params": {
+ "field": "aws.billing.metrics.EstimatedCharges.max"
+ },
+ "schema": "orderAgg",
+ "type": "avg"
+ },
+ "orderBy": "custom",
+ "otherBucket": true,
+ "otherBucketLabel": "Other",
+ "size": 10
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "dimensions": {
+ "buckets": [
+ {
+ "accessor": 0,
+ "aggType": "terms",
+ "format": {
+ "id": "terms",
+ "params": {
+ "id": "string",
+ "missingBucketLabel": "Missing",
+ "otherBucketLabel": "Other"
+ }
+ },
+ "params": {}
+ }
+ ],
+ "metric": {
+ "accessor": 1,
+ "aggType": "sum",
+ "format": {
+ "id": "number"
+ },
+ "params": {}
+ }
+ },
+ "isDonut": false,
+ "labels": {
+ "last_level": true,
+ "show": true,
+ "truncate": 100,
+ "values": true
+ },
+ "legendPosition": "right",
+ "type": "pie"
+ },
+ "title": "Estimated Billing Pie Chart [Metrics AWS]",
+ "type": "pie"
+ }
+ },
+ "id": "749cd470-1530-11ea-841c-01bf20a6c8ba",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/75853f20-4484-11ea-ad63-791a5dc86f10.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/75853f20-4484-11ea-ad63-791a5dc86f10.json
new file mode 100644
index 00000000000..c69f3c232f4
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/75853f20-4484-11ea-ad63-791a5dc86f10.json
@@ -0,0 +1,105 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "VPC Flow Top IP Addresses [Logs AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "29527130-3e86-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "cc6d5070-3e85-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "gauge_color_rules": [
+ {
+ "id": "2b29c940-3e86-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "pivot_id": "user_agent.original",
+ "pivot_type": "string",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(115,216,255,1)",
+ "color_rules": [
+ {
+ "id": "42e14220-3e86-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"vpcflow\" "
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "IP address",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "40c52370-3e87-11ea-9067-cf383a4ea3b3",
+ "type": "cumulative_sum"
+ }
+ ],
+ "override_index_pattern": 1,
+ "point_size": 1,
+ "separate_axis": 0,
+ "series_drop_last_bucket": 0,
+ "series_index_pattern": "logs-*",
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "source.ip",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "top_n"
+ },
+ "title": "VPC Flow Top IP Addresses [Logs AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "75853f20-4484-11ea-ad63-791a5dc86f10",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/75ebfda0-1789-11ea-8650-fb606deb5be4.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/75ebfda0-1789-11ea-8650-fb606deb5be4.json
new file mode 100644
index 00000000000..1fa628da253
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/75ebfda0-1789-11ea-8650-fb606deb5be4.json
@@ -0,0 +1,71 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Usage Call Count Per Service [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": "aws.dimensions.Type : \"API\" "
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.usage.metrics.CallCount.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": "4",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.Service",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Usage Call Count Per Service [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "75ebfda0-1789-11ea-8650-fb606deb5be4",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/76af8140-3e84-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/76af8140-3e84-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..a1dc3326945
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/76af8140-3e84-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,72 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Inbound Traffic [Logs AWS] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,204,202,1)",
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"elb\""
+ },
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Inbound",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "source.bytes",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.elb.name",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "ELB Inbound Traffic [Logs AWS] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "76af8140-3e84-11ea-bb0a-69c3ca1d410f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/7b93bab0-7b0a-11ea-9bb4-e958b64b5685.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/7b93bab0-7b0a-11ea-9bb4-e958b64b5685.json
new file mode 100644
index 00000000000..abea8f172ad
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/7b93bab0-7b0a-11ea-9bb4-e958b64b5685.json
@@ -0,0 +1,60 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "DynamoDB Read Throttle Events [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "\u003e=1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0.1",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Read Throttle Events",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.dynamodb.metrics.ReadThrottleEvents.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "max"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TableName",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "DynamoDB Read Throttle Events [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "7b93bab0-7b0a-11ea-9bb4-e958b64b5685",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/7bca4f50-739c-11ea-a345-f985c61fe654.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/7bca4f50-739c-11ea-a345-f985c61fe654.json
new file mode 100644
index 00000000000..1fbdea54bdf
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/7bca4f50-739c-11ea-a345-f985c61fe654.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "CloudTrail User Agents [Logs AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "field": "user_agent.name",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": true,
+ "labels": {
+ "last_level": true,
+ "show": false,
+ "truncate": 100,
+ "values": true
+ },
+ "legendPosition": "right",
+ "type": "pie"
+ },
+ "title": "CloudTrail User Agents [Logs AWS]",
+ "type": "pie"
+ }
+ },
+ "id": "7bca4f50-739c-11ea-a345-f985c61fe654",
+ "references": [
+ {
+ "id": "30ccde50-7397-11ea-a345-f985c61fe654",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/7d1e0870-7a3f-11ea-bfa4-dfea8c457654.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/7d1e0870-7a3f-11ea-bfa4-dfea8c457654.json
new file mode 100644
index 00000000000..80e2afafbb9
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/7d1e0870-7a3f-11ea-bfa4-dfea8c457654.json
@@ -0,0 +1,237 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
+ }
+ },
+ "title": "DynamoDB Max Read/Write Account Limits [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Reads",
+ "field": "aws.dynamodb.metrics.AccountMaxReads.max"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Table Reads",
+ "field": "aws.dynamodb.metrics.AccountMaxTableLevelReads.max"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "Writes",
+ "field": "aws.dynamodb.metrics.AccountMaxWrites.max"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "4",
+ "params": {
+ "customLabel": "Table Writes",
+ "field": "aws.dynamodb.metrics.AccountMaxTableLevelWrites.max"
+ },
+ "schema": "metric",
+ "type": "max"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "filter": true,
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {},
+ "type": "category"
+ }
+ ],
+ "dimensions": {
+ "x": null,
+ "y": [
+ {
+ "accessor": 0,
+ "aggType": "max",
+ "format": {
+ "id": "number",
+ "params": {
+ "parsedUrl": {
+ "basePath": "",
+ "origin": "http://localhost:5601",
+ "pathname": "/app/kibana"
+ }
+ }
+ },
+ "label": "Reads",
+ "params": {}
+ },
+ {
+ "accessor": 1,
+ "aggType": "max",
+ "format": {
+ "id": "number",
+ "params": {
+ "parsedUrl": {
+ "basePath": "",
+ "origin": "http://localhost:5601",
+ "pathname": "/app/kibana"
+ }
+ }
+ },
+ "label": "Table Reads",
+ "params": {}
+ },
+ {
+ "accessor": 2,
+ "aggType": "max",
+ "format": {
+ "id": "number",
+ "params": {
+ "parsedUrl": {
+ "basePath": "",
+ "origin": "http://localhost:5601",
+ "pathname": "/app/kibana"
+ }
+ }
+ },
+ "label": "Writes",
+ "params": {}
+ }
+ ]
+ },
+ "grid": {
+ "categoryLines": false
+ },
+ "labels": {
+ "show": false
+ },
+ "legendPosition": "right",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Reads"
+ },
+ "drawLinesBetweenPoints": true,
+ "lineWidth": 2,
+ "mode": "normal",
+ "show": true,
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ },
+ {
+ "data": {
+ "id": "2",
+ "label": "Table Reads"
+ },
+ "drawLinesBetweenPoints": true,
+ "lineWidth": 2,
+ "mode": "normal",
+ "show": true,
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ },
+ {
+ "data": {
+ "id": "3",
+ "label": "Writes"
+ },
+ "drawLinesBetweenPoints": true,
+ "lineWidth": 2,
+ "mode": "normal",
+ "show": true,
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ },
+ {
+ "data": {
+ "id": "4",
+ "label": "Table Writes"
+ },
+ "drawLinesBetweenPoints": true,
+ "lineWidth": 2,
+ "mode": "normal",
+ "show": true,
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "thresholdLine": {
+ "color": "#E7664C",
+ "show": false,
+ "style": "full",
+ "value": 10,
+ "width": 1
+ },
+ "times": [],
+ "type": "histogram",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Account Max Reads"
+ },
+ "type": "value"
+ }
+ ]
+ },
+ "title": "DynamoDB Max Read/Write Account Limits [Metrics AWS]",
+ "type": "histogram"
+ }
+ },
+ "id": "7d1e0870-7a3f-11ea-bfa4-dfea8c457654",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/81d83c70-4762-11e9-8062-c98a86cb6f94.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/81d83c70-4762-11e9-8062-c98a86cb6f94.json
new file mode 100644
index 00000000000..f19c4c64abc
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/81d83c70-4762-11e9-8062-c98a86cb6f94.json
@@ -0,0 +1,71 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "S3 Total Error 4xx [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "59207fe0-4762-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "5ad9a190-4762-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Total # of HTTP 4xx Errors",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.s3_request.errors.4xx",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "metric"
+ },
+ "title": "AWS S3 Total Error 4xx",
+ "type": "metrics"
+ }
+ },
+ "id": "81d83c70-4762-11e9-8062-c98a86cb6f94",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/8345d580-6891-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8345d580-6891-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..73526a731e3
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8345d580-6891-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,93 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "NATGateway Filters [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "cloud.account.name",
+ "id": "1565034367477",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "account name",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ },
+ {
+ "fieldName": "cloud.region",
+ "id": "1584478324642",
+ "indexPatternRefName": "control_1_index_pattern",
+ "label": "region",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ },
+ {
+ "fieldName": "aws.dimensions.NatGatewayId",
+ "id": "1584479118709",
+ "indexPatternRefName": "control_2_index_pattern",
+ "label": "NATGateway ID",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": true
+ },
+ "title": "NATGateway Filters [Metrics AWS]",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "8345d580-6891-11ea-b0ac-95d4ecb1fecd",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "control_1_index_pattern",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "control_2_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/83f08eb0-1532-11ea-841c-01bf20a6c8ba.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/83f08eb0-1532-11ea-841c-01bf20a6c8ba.json
new file mode 100644
index 00000000000..589f568c467
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/83f08eb0-1532-11ea-841c-01bf20a6c8ba.json
@@ -0,0 +1,92 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Total Estimated Charges [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "88a80e30-1530-11ea-961e-c1db9cc6166e"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "ebb52700-1531-11ea-961e-c1db9cc6166e"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "gauge_color_rules": [
+ {
+ "id": "e8a045e0-1531-11ea-961e-c1db9cc6166e"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "12h",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "not aws.dimensions.ServiceName : * "
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Total Estimated Charges",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.billing.metrics.EstimatedCharges.max",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "override_index_pattern": 0,
+ "point_size": 1,
+ "separate_axis": 0,
+ "series_drop_last_bucket": 0,
+ "series_interval": "12h",
+ "split_color_mode": "gradient",
+ "split_mode": "filter",
+ "stacked": "none",
+ "time_range_mode": "last_value",
+ "value_template": "${{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "metric"
+ },
+ "title": "Total Estimated Charges [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "83f08eb0-1532-11ea-841c-01bf20a6c8ba",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/8b34a100-4762-11e9-8062-c98a86cb6f94.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8b34a100-4762-11e9-8062-c98a86cb6f94.json
new file mode 100644
index 00000000000..9dcdeddef2c
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8b34a100-4762-11e9-8062-c98a86cb6f94.json
@@ -0,0 +1,71 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "S3 Total Error 5xx [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "59207fe0-4762-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "5ad9a190-4762-11e9-bf81-69a4e579cab5"
+ }
+ ],
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Total # of HTTP 5xx Errors",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.s3_request.errors.5xx",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "metric"
+ },
+ "title": "AWS S3 Total Error 5xx",
+ "type": "metrics"
+ }
+ },
+ "id": "8b34a100-4762-11e9-8062-c98a86cb6f94",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/8b8a7f80-921c-11e9-aa19-159bf182e06f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8b8a7f80-921c-11e9-aa19-159bf182e06f.json
new file mode 100644
index 00000000000..2cfef3e61cd
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8b8a7f80-921c-11e9-aa19-159bf182e06f.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "RDS Insert Latency in Milliseconds [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f8196690-921a-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "ms,ms,",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Insert Latency in Milliseconds",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.rds.latency.insert",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.rds.db_instance.identifier",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "RDS Insert Latency in Milliseconds [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "8b8a7f80-921c-11e9-aa19-159bf182e06f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/8cf5fbe0-7b07-11ea-9bb4-e958b64b5685.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8cf5fbe0-7b07-11ea-9bb4-e958b64b5685.json
new file mode 100644
index 00000000000..fac7a2ca55f
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8cf5fbe0-7b07-11ea-9bb4-e958b64b5685.json
@@ -0,0 +1,85 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "DynamoDB Successful Request Latency [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "43e58670-7b05-11ea-8ef8-01625a2f68ac"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "3c733ea0-7b05-11ea-8ef8-01625a2f68ac"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 1,
+ "gauge_color_rules": [
+ {
+ "id": "499c62a0-7b05-11ea-8ef8-01625a2f68ac"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "\u003e=1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0.1",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Successful Request Latency",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.dynamodb.metrics.SuccessfulRequestLatency.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "offset_time": "",
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "aws.dimensions.TableName",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "DynamoDB Successful Request Latency [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "8cf5fbe0-7b07-11ea-9bb4-e958b64b5685",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/8ec43590-739b-11ea-a345-f985c61fe654.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8ec43590-739b-11ea-a345-f985c61fe654.json
new file mode 100644
index 00000000000..c067d20952b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/8ec43590-739b-11ea-a345-f985c61fe654.json
@@ -0,0 +1,80 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "CloudTrail Top User IDs [Logs AWS]",
+ "uiStateJSON": {
+ "vis": {
+ "params": {
+ "sort": {
+ "columnIndex": null,
+ "direction": null
+ }
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Event Count"
+ },
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "User ID",
+ "field": "user.id",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 25
+ },
+ "schema": "bucket",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "perPage": 10,
+ "percentageCol": "",
+ "showMetricsAtAllLevels": false,
+ "showPartialRows": false,
+ "showTotal": false,
+ "sort": {
+ "columnIndex": null,
+ "direction": null
+ },
+ "totalFunc": "sum"
+ },
+ "title": "CloudTrail Top User IDs [Logs AWS]",
+ "type": "table"
+ }
+ },
+ "id": "8ec43590-739b-11ea-a345-f985c61fe654",
+ "references": [
+ {
+ "id": "30ccde50-7397-11ea-a345-f985c61fe654",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/9121ac90-734d-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9121ac90-734d-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..64a72130a65
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9121ac90-734d-11e9-816b-07687310a99a.json
@@ -0,0 +1,75 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Cloudwatch ELB Unhealthy Host Count [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "cbb498f0-734c-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "ELB Unhealthy Host Count",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.UnHealthyHostCount",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.LoadBalancerName",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "AWS Cloudwatch ELB Unhealthy Host Count",
+ "type": "metrics"
+ }
+ },
+ "id": "9121ac90-734d-11e9-816b-07687310a99a",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/915bcd50-28d1-11ea-ba6c-49a884eb104f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/915bcd50-28d1-11ea-ba6c-49a884eb104f.json
new file mode 100644
index 00000000000..5a95b972554
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/915bcd50-28d1-11ea-ba6c-49a884eb104f.json
@@ -0,0 +1,95 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Lambda Top Throttles [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": 0,
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "fbf0eac0-28d0-11ea-8789-f72e3366fb25"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f679afa0-28d0-11ea-8789-f72e3366fb25"
+ }
+ ],
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "gauge_color_rules": [
+ {
+ "id": "3eabbde0-28d1-11ea-8789-f72e3366fb25"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "ca2e4c60-28cd-11ea-822d-3ba2c0089081",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "ca2e4c61-28cd-11ea-822d-3ba2c0089081",
+ "label": "avg(aws.metrics.Duration.avg)",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.lambda.metrics.Duration.avg",
+ "id": "ca2e4c62-28cd-11ea-822d-3ba2c0089081",
+ "type": "max"
+ }
+ ],
+ "point_size": "4",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.FunctionName",
+ "terms_order_by": "ca2e4c62-28cd-11ea-822d-3ba2c0089081",
+ "type": "timeseries",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "Lambda Top Throttles [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "915bcd50-28d1-11ea-ba6c-49a884eb104f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/9202d1a0-178c-11ea-8650-fb606deb5be4.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9202d1a0-178c-11ea-8650-fb606deb5be4.json
new file mode 100644
index 00000000000..1acbf7282e4
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9202d1a0-178c-11ea-8650-fb606deb5be4.json
@@ -0,0 +1,151 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Usage ResourceCount [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "field": "aws.usage.metrics.ResourceCount.sum"
+ },
+ "schema": "metric",
+ "type": "sum"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "filters": [
+ {
+ "input": {
+ "language": "kuery",
+ "query": "aws.dimensions.Type : \"Resource\" "
+ },
+ "label": ""
+ }
+ ],
+ "row": true
+ },
+ "schema": "split",
+ "type": "filters"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "field": "aws.dimensions.Service",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": true,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "4",
+ "params": {
+ "field": "aws.dimensions.Resource",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": true,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "dimensions": {
+ "buckets": [
+ {
+ "accessor": 2,
+ "aggType": "terms",
+ "format": {
+ "id": "terms",
+ "params": {
+ "id": "string",
+ "missingBucketLabel": "Missing",
+ "otherBucketLabel": "Other"
+ }
+ },
+ "params": {}
+ },
+ {
+ "accessor": 4,
+ "aggType": "terms",
+ "format": {
+ "id": "terms",
+ "params": {
+ "id": "string",
+ "missingBucketLabel": "Missing",
+ "otherBucketLabel": "Other"
+ }
+ },
+ "params": {}
+ }
+ ],
+ "metric": {
+ "accessor": 3,
+ "aggType": "sum",
+ "format": {
+ "id": "number"
+ },
+ "params": {}
+ },
+ "splitRow": [
+ {
+ "accessor": 0,
+ "aggType": "filters",
+ "format": {},
+ "params": {}
+ }
+ ]
+ },
+ "isDonut": true,
+ "labels": {
+ "last_level": false,
+ "show": true,
+ "truncate": 100,
+ "values": true
+ },
+ "legendPosition": "right",
+ "type": "pie"
+ },
+ "title": "Usage ResourceCount [Metrics AWS]",
+ "type": "pie"
+ }
+ },
+ "id": "9202d1a0-178c-11ea-8650-fb606deb5be4",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/95b322f0-734a-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/95b322f0-734a-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..1720fe0e6fa
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/95b322f0-734a-11e9-816b-07687310a99a.json
@@ -0,0 +1,70 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SQS Messages Delayed Top5 [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "bar_color_rules": [
+ {
+ "id": "23be77d0-734a-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "auto",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "AWS SQS Messages Delayed",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sqs.messages.delayed",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.sqs.queue.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "AWS SQS Messages Delayed Top5",
+ "type": "metrics"
+ }
+ },
+ "id": "95b322f0-734a-11e9-816b-07687310a99a",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/966ae990-d979-11e9-9458-bbef63ad717b.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/966ae990-d979-11e9-9458-bbef63ad717b.json
new file mode 100644
index 00000000000..e24cd401a83
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/966ae990-d979-11e9-9458-bbef63ad717b.json
@@ -0,0 +1,78 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "RDS Disk Queue Depth [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f8196690-921a-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "'0.000'",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Select Throughput Count/Second",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.rds.disk_queue_depth",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.rds.db_instance.identifier",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "RDS Disk Queue Depth [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "966ae990-d979-11e9-9458-bbef63ad717b",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/99ffdb00-bacb-11e9-9f70-1f7bda85a5eb.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/99ffdb00-bacb-11e9-9f70-1f7bda85a5eb.json
new file mode 100644
index 00000000000..0dc11fb0a1e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/99ffdb00-bacb-11e9-9f70-1f7bda85a5eb.json
@@ -0,0 +1,134 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Top URLs [Logs AWS]",
+ "uiStateJSON": {
+ "vis": {
+ "colors": {
+ "404": "#EAB839"
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Request Uri",
+ "field": "aws.s3access.request_uri",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "row": false,
+ "size": 5
+ },
+ "schema": "split",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "HTTP Status",
+ "field": "aws.s3access.http_status",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "dimensions": {
+ "buckets": [
+ {
+ "accessor": 2,
+ "aggType": "terms",
+ "format": {
+ "id": "terms",
+ "params": {
+ "id": "number",
+ "missingBucketLabel": "Missing",
+ "otherBucketLabel": "Other"
+ }
+ },
+ "params": {}
+ }
+ ],
+ "metric": {
+ "accessor": 3,
+ "aggType": "count",
+ "format": {
+ "id": "number"
+ },
+ "params": {}
+ },
+ "splitColumn": [
+ {
+ "accessor": 0,
+ "aggType": "terms",
+ "format": {
+ "id": "terms",
+ "params": {
+ "id": "string",
+ "missingBucketLabel": "Missing",
+ "otherBucketLabel": "Other"
+ }
+ },
+ "params": {}
+ }
+ ]
+ },
+ "isDonut": false,
+ "labels": {
+ "last_level": true,
+ "show": false,
+ "truncate": 100,
+ "values": true
+ },
+ "legendPosition": "right",
+ "type": "pie"
+ },
+ "title": "Top URLs [Logs AWS]",
+ "type": "pie"
+ }
+ },
+ "id": "99ffdb00-bacb-11e9-9f70-1f7bda85a5eb",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..4c1496522f5
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,81 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Packet Drop [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0",
+ "label": "Total Packets Drop",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.PacketsDropCount.sum",
+ "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "sum"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "metric"
+ },
+ "title": "NATGateway Packet Drop [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "9bf8e1e0-6890-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/9d284bc0-7b08-11ea-9bb4-e958b64b5685.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9d284bc0-7b08-11ea-9bb4-e958b64b5685.json
new file mode 100644
index 00000000000..9725b05fa82
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9d284bc0-7b08-11ea-9bb4-e958b64b5685.json
@@ -0,0 +1,85 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "DynamoDB Consumed Read Capacity Units [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "43e58670-7b05-11ea-8ef8-01625a2f68ac"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "3c733ea0-7b05-11ea-8ef8-01625a2f68ac"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 1,
+ "gauge_color_rules": [
+ {
+ "id": "499c62a0-7b05-11ea-8ef8-01625a2f68ac"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "\u003e=1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0.1",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Consumed Read Capacity Units",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.dynamodb.metrics.ConsumedReadCapacityUnits.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "offset_time": "",
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "aws.dimensions.TableName",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "DynamoDB Consumed Read Capacity Units [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "9d284bc0-7b08-11ea-9bb4-e958b64b5685",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs.json
new file mode 100644
index 00000000000..251d74afe4c
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs.json
@@ -0,0 +1,81 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EC2 Status Check Failed [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "d13f6b50-f7f6-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "ad6d62d0-f7f7-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "gauge_color_rules": [
+ {
+ "id": "b0c5b590-f7f7-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "EC2 Status Check Failed",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ec2.status.check_failed",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "cloud.instance.id",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "metric"
+ },
+ "title": "AWS EC2 Status Check Failed",
+ "type": "metrics"
+ }
+ },
+ "id": "9e8c6030-f7f8-11e8-af03-c999c9dea608-ecs",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/9f0425c0-7b0a-11ea-9bb4-e958b64b5685.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9f0425c0-7b0a-11ea-9bb4-e958b64b5685.json
new file mode 100644
index 00000000000..7e5f9ad6624
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/9f0425c0-7b0a-11ea-9bb4-e958b64b5685.json
@@ -0,0 +1,60 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "DynamoDB Throttle Requests [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "\u003e=1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0.1",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Throttled Requests",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.dynamodb.metrics.ThrottledRequests.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "max"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TableName",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "DynamoDB Throttle Requests [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "9f0425c0-7b0a-11ea-9bb4-e958b64b5685",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/abdc7480-180b-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/abdc7480-180b-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..cf775340fda
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/abdc7480-180b-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS SMS Success Rate [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "SMS Success Rate",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.SMSSuccessRate.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "SNS SMS Success Rate [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "abdc7480-180b-11ea-8e91-03c7047cbb9d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/b00c4390-b7b8-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b00c4390-b7b8-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..c73bae820f9
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b00c4390-b7b8-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,67 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EBS Volume Read Bytes [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Volume Read Bytes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ebs.metrics.VolumeReadBytes.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VolumeId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "EBS Volume Read Bytes [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "b00c4390-b7b8-11e9-8349-f15f850c5cd0",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/1cfceda0-728b-11ea-9bc8-6b38f4d29a16.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b0afd3e0-43b7-11e9-8697-530f39afc6eb.json
similarity index 50%
rename from dev/packages/alpha/endpoint/1.0.0/kibana/visualization/1cfceda0-728b-11ea-9bc8-6b38f4d29a16.json
rename to dev/packages/alpha/aws/0.0.3/kibana/visualization/b0afd3e0-43b7-11e9-8697-530f39afc6eb.json
index 4695d0a3e7e..fdd8f773935 100644
--- a/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/1cfceda0-728b-11ea-9bc8-6b38f4d29a16.json
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b0afd3e0-43b7-11e9-8697-530f39afc6eb.json
@@ -2,71 +2,72 @@
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
- "searchSourceJSON": {}
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
},
- "title": "[Endpoint] Controls",
+ "title": "SQS Filters [Metrics AWS]",
"uiStateJSON": {},
"version": 1,
"visState": {
- "title": "[Endpoint] Controls",
- "type": "input_control_vis",
+ "aggs": [],
"params": {
"controls": [
{
- "id": "1585575202047",
- "fieldName": "host.os.name",
- "parent": "",
- "label": "Operating Systems",
- "type": "list",
+ "fieldName": "cloud.region",
+ "id": "1549397251041",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "region",
"options": {
- "type": "terms",
- "multiselect": true,
"dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
"size": 5,
- "order": "desc"
+ "type": "terms"
},
- "indexPatternRefName": "control_0_index_pattern"
+ "parent": "",
+ "type": "list"
},
{
- "id": "1585575244711",
- "fieldName": "event.category",
- "parent": "",
- "label": "Event Categories",
- "type": "list",
+ "fieldName": "aws.sqs.queue.name",
+ "id": "1549512142947",
+ "indexPatternRefName": "control_1_index_pattern",
+ "label": "queue name",
"options": {
- "type": "terms",
- "multiselect": true,
"dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
"size": 5,
- "order": "desc"
+ "type": "terms"
},
- "indexPatternRefName": "control_1_index_pattern"
+ "parent": "",
+ "type": "list"
}
],
- "updateFiltersOnChange": false,
- "useTimeFilter": true,
- "pinFilters": false
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": false
},
- "aggs": []
+ "title": "AWS SQS Filters",
+ "type": "input_control_vis"
}
},
- "id": "1cfceda0-728b-11ea-9bc8-6b38f4d29a16",
- "migrationVersion": {
- "visualization": "7.4.2"
- },
+ "id": "b0afd3e0-43b7-11e9-8697-530f39afc6eb",
"references": [
{
- "id": "events-*",
+ "id": "metrics-*",
"name": "control_0_index_pattern",
"type": "index-pattern"
},
{
- "id": "events-*",
+ "id": "metrics-*",
"name": "control_1_index_pattern",
"type": "index-pattern"
}
],
- "type": "visualization",
- "updated_at": "2020-04-01T16:08:32.353Z",
- "version": "WzIyOCwxXQ=="
+ "type": "visualization"
}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/b2191dd0-734c-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b2191dd0-734c-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..39e3ebaab87
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b2191dd0-734c-11e9-816b-07687310a99a.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Cloudwatch ELB Request Count Top5 [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "bar_color_rules": [
+ {
+ "id": "94f2ce40-734c-11e9-a683-47ca322fa6f9"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "auto",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "ELB Request Count Top5",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.RequestCount",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.LoadBalancerName",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "AWS Cloudwatch ELB Request Count Top5",
+ "type": "metrics"
+ }
+ },
+ "id": "b2191dd0-734c-11e9-816b-07687310a99a",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/b2ea15a0-b3c7-11e9-87a4-078dbbae220d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b2ea15a0-b3c7-11e9-87a4-078dbbae220d.json
new file mode 100644
index 00000000000..80839d59795
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b2ea15a0-b3c7-11e9-87a4-078dbbae220d.json
@@ -0,0 +1,87 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Latency in Seconds [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "7db91990-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "gauge_color_rules": [
+ {
+ "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "formatter": "s,s,3",
+ "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971",
+ "label": "Latency in seconds",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.Latency.avg",
+ "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.LoadBalancerName",
+ "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "ELB Latency in Seconds [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "b2ea15a0-b3c7-11e9-87a4-078dbbae220d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/b36532e0-688e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b36532e0-688e-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..2ce6e45db27
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b36532e0-688e-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Bytes In From Destination [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.BytesInFromDestination.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "timeseries"
+ },
+ "title": "NATGateway Bytes In From Destination [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "b36532e0-688e-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/b403f7b0-7b15-11ea-9bb4-e958b64b5685.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b403f7b0-7b15-11ea-9bb4-e958b64b5685.json
new file mode 100644
index 00000000000..bad83f297d1
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b403f7b0-7b15-11ea-9bb4-e958b64b5685.json
@@ -0,0 +1,60 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "DynamoDB Write Throttle Events [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "\u003e=1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0.1",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Write Throttle Events",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.dynamodb.metrics.WriteThrottleEvents.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "max"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TableName",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "DynamoDB Write Throttle Events [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "b403f7b0-7b15-11ea-9bb4-e958b64b5685",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/b5308940-7347-11e9-816b-07687310a99a.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b5308940-7347-11e9-816b-07687310a99a.json
new file mode 100644
index 00000000000..f9360547580
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b5308940-7347-11e9-816b-07687310a99a.json
@@ -0,0 +1,53 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "AWS Region Filter [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "cloud.region",
+ "id": "1549397251041",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "region name",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": false
+ },
+ "title": "AWS Region Filter",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "b5308940-7347-11e9-816b-07687310a99a",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/b6a308f0-3e82-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b6a308f0-3e82-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..dca7c76ccd9
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b6a308f0-3e82-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,71 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB HTTP 4xx [Logs AWS] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(174,161,255,1)",
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"elb\" and http.response.status_code \u003e= 400 and http.response.status_code \u003c 500"
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "HTTP 4xx",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.elb.name",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "ELB HTTP 4xx [Logs AWS] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "b6a308f0-3e82-11ea-bb0a-69c3ca1d410f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/b7f8bf90-180f-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b7f8bf90-180f-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..60ef0983521
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b7f8bf90-180f-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS SMS Month To Date Spent USD [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "SMS Month To Date Spent USD",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.SMSMonthToDateSpentUSD.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "SNS SMS Month To Date Spent USD [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "b7f8bf90-180f-11ea-8e91-03c7047cbb9d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/b9703dd0-b3c9-11e9-87a4-078dbbae220d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b9703dd0-b3c9-11e9-87a4-078dbbae220d.json
new file mode 100644
index 00000000000..e800faf1bdd
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/b9703dd0-b3c9-11e9-87a4-078dbbae220d.json
@@ -0,0 +1,87 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB HTTP 5XX Errors [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "7db91990-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "gauge_color_rules": [
+ {
+ "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "formatter": "number",
+ "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971",
+ "label": "HTTP 5XX Errors",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.HTTPCode_ELB_5XX.sum",
+ "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.LoadBalancerName",
+ "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "ELB HTTP 5XX Errors [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "b9703dd0-b3c9-11e9-87a4-078dbbae220d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/bad8c910-4485-11ea-ad63-791a5dc86f10.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bad8c910-4485-11ea-ad63-791a5dc86f10.json
new file mode 100644
index 00000000000..96db2184387
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bad8c910-4485-11ea-ad63-791a5dc86f10.json
@@ -0,0 +1,173 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "VPC Flow Total Requests [Logs AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color": "rgba(255,255,255,1)",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "right",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(211,49,21,1)",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"vpcflow\" and aws.vpcflow.action : \"REJECT\" "
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "REJECT",
+ "line_width": "2",
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "override_index_pattern": 1,
+ "point_size": "3",
+ "separate_axis": 0,
+ "series_drop_last_bucket": 0,
+ "series_index_pattern": "logs-*",
+ "series_time_field": "@timestamp",
+ "split_color_mode": "rainbow",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.vpcflow.action",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,188,0,1)",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"vpcflow\" and aws.vpcflow.action : \"ACCEPT\" "
+ },
+ "formatter": "number",
+ "id": "7ec99260-4485-11ea-9ee9-2d27e9149ae8",
+ "label": "ACCEPT",
+ "line_width": "2",
+ "metrics": [
+ {
+ "id": "7ec99261-4485-11ea-9ee9-2d27e9149ae8",
+ "type": "count"
+ }
+ ],
+ "override_index_pattern": 1,
+ "point_size": "3",
+ "separate_axis": 0,
+ "series_drop_last_bucket": 0,
+ "series_index_pattern": "logs-*",
+ "series_time_field": "@timestamp",
+ "split_color_mode": "rainbow",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.vpcflow.action",
+ "terms_order_by": "7ec99261-4485-11ea-9ee9-2d27e9149ae8",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(252,220,0,1)",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"vpcflow\" and aws.vpcflow.action : \"-\" "
+ },
+ "formatter": "number",
+ "id": "8d550580-4485-11ea-9ee9-2d27e9149ae8",
+ "label": "-",
+ "line_width": "2",
+ "metrics": [
+ {
+ "id": "8d552c90-4485-11ea-9ee9-2d27e9149ae8",
+ "type": "count"
+ }
+ ],
+ "override_index_pattern": 1,
+ "point_size": "3",
+ "separate_axis": 0,
+ "series_drop_last_bucket": 0,
+ "series_index_pattern": "logs-*",
+ "series_time_field": "@timestamp",
+ "split_color_mode": "rainbow",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.vpcflow.action",
+ "terms_order_by": "8d552c90-4485-11ea-9ee9-2d27e9149ae8",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(115,216,255,1)",
+ "fill": "0.5",
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"vpcflow\""
+ },
+ "formatter": "number",
+ "id": "c8c27df0-4485-11ea-9ee9-2d27e9149ae8",
+ "label": "Total Requests",
+ "line_width": "2",
+ "metrics": [
+ {
+ "id": "c8c27df1-4485-11ea-9ee9-2d27e9149ae8",
+ "type": "count"
+ }
+ ],
+ "override_index_pattern": 1,
+ "point_size": "3",
+ "separate_axis": 0,
+ "series_drop_last_bucket": 0,
+ "series_index_pattern": "logs-*",
+ "series_time_field": "@timestamp",
+ "split_color_mode": "rainbow",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.vpcflow.action",
+ "terms_order_by": "c8c27df1-4485-11ea-9ee9-2d27e9149ae8",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "VPC Flow Total Requests [Logs AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "bad8c910-4485-11ea-ad63-791a5dc86f10",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..c530be0ca61
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,67 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EBS Volume Read Ops [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Number of Read Operation",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ebs.metrics.VolumeReadOps.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VolumeId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "EBS Volume Read Ops [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "bb3a6cd0-b7b6-11e9-8349-f15f850c5cd0",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892.json
new file mode 100644
index 00000000000..3c464f70c02
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892.json
@@ -0,0 +1,94 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SQS Empty Receives [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "d95adba0-6b8a-11e9-98b0-9b2c3d14a4c1"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "a7e8c370-6c25-11e9-9cd1-3bdb0c7db024"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "gauge_color_rules": [
+ {
+ "id": "a778eaa0-6c25-11e9-9cd1-3bdb0c7db024"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sqs.empty_receives",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "numerator": "",
+ "percentiles": [
+ {
+ "id": "74323cf0-6c25-11e9-9cd1-3bdb0c7db024",
+ "mode": "line",
+ "shade": 0.2,
+ "value": 50
+ }
+ ],
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.sqs.queue.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "SQS Empty Receives [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "bb82c4d0-6c25-11e9-81bc-7f4cd8b3d892",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..07c59ee72a7
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Bytes In From Source [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.BytesInFromSource.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "timeseries"
+ },
+ "title": "NATGateway Bytes In From Source [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "bc5dcc90-688e-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0.json
new file mode 100644
index 00000000000..beb98e23102
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0.json
@@ -0,0 +1,73 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Region/Account Filters [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "cloud.region",
+ "id": "1549397251041",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "region",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ },
+ {
+ "fieldName": "cloud.account.name",
+ "id": "1549512126406",
+ "indexPatternRefName": "control_1_index_pattern",
+ "label": "account name",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": false
+ },
+ "title": "Region/Account Filters [Metrics AWS]",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "bc8bd8f0-31fd-11ea-bcbf-59cb7eefc1f0",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "control_1_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/bd37d720-3e84-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bd37d720-3e84-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..6e3fd18e92b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bd37d720-3e84-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,72 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Outbound Traffic [Logs AWS] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(253,161,255,1)",
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"elb\""
+ },
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Outbound",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "destination.bytes",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.elb.name",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "ELB Outbound Traffic [Logs AWS] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "bd37d720-3e84-11ea-bb0a-69c3ca1d410f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..0f3d9185015
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,82 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Packet In From Destination [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.PacketsInFromDestination.sum",
+ "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "timeseries"
+ },
+ "title": "NATGateway Packet In From Destination [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "bdb8ddd0-6890-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/be6c4180-41e6-11e9-b7a0-c99d9d127b61.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/be6c4180-41e6-11e9-b7a0-c99d9d127b61.json
new file mode 100644
index 00000000000..2be698c0c61
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/be6c4180-41e6-11e9-b7a0-c99d9d127b61.json
@@ -0,0 +1,67 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SQS Messages Deleted [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sqs.messages.deleted",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.sqs.queue.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "SQS Messages Deleted [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "be6c4180-41e6-11e9-b7a0-c99d9d127b61",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/be8828d0-f7f6-11e8-af03-c999c9dea608-ecs.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/be8828d0-f7f6-11e8-af03-c999c9dea608-ecs.json
new file mode 100644
index 00000000000..9e73a482538
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/be8828d0-f7f6-11e8-af03-c999c9dea608-ecs.json
@@ -0,0 +1,78 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EC2 CPU Utilization [Metrics AWS] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "annotations": [],
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "23428b30-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,188,0,1)",
+ "fill": "0",
+ "filter": "",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "AWS EC2 CPU Utilization ECS",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ec2.cpu.total.pct",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "series_drop_last_bucket": 1,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "cloud.instance.id",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "AWS EC2 CPU Utilization ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "be8828d0-f7f6-11e8-af03-c999c9dea608-ecs",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/bf81e030-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bf81e030-180e-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..edab4b002c6
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/bf81e030-180e-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS Notifications Filtered Out [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Notifications Filtered Out",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.NumberOfNotificationsFilteredOut.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "SNS Notifications Filtered Out [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "bf81e030-180e-11ea-8e91-03c7047cbb9d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/c0e32d50-b7b8-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c0e32d50-b7b8-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..05562769081
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c0e32d50-b7b8-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,67 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EBS Volume Write Bytes [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Volume Write Bytes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ebs.metrics.VolumeWriteBytes.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VolumeId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "EBS Volume Write Bytes [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "c0e32d50-b7b8-11e9-8349-f15f850c5cd0",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/c186b610-688d-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c186b610-688d-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..6274b466a1b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c186b610-688d-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,73 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Active Connection Count Top10 [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "3",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.ActiveConnectionCount.max",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "2",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "top_n"
+ },
+ "title": "NATGateway Active Connection Count Top10 [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "c186b610-688d-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/c1afd130-921e-11e9-aa19-159bf182e06f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c1afd130-921e-11e9-aa19-159bf182e06f.json
new file mode 100644
index 00000000000..2740f23dd46
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c1afd130-921e-11e9-aa19-159bf182e06f.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "RDS Insert Throughput in Count/Second [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f8196690-921a-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "'0.0'",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Insert Throughput Count/Second",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.rds.throughput.insert",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.rds.db_instance.identifier",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "RDS Insert Throughput in Count/Second [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "c1afd130-921e-11e9-aa19-159bf182e06f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/c1db9b80-694b-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c1db9b80-694b-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..8495c8059b3
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c1db9b80-694b-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Transit Gateway Packets Drop Count Blackhole [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.transitgateway.metrics.PacketDropCountBlackhole.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TransitGateway",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "Transit Gateway Packets Drop Count Blackhole [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "c1db9b80-694b-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..6638a43533f
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Bytes Out To Source [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.BytesOutToSource.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "timeseries"
+ },
+ "title": "NATGateway Bytes Out To Source [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "c7d6cf90-688e-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..b7a59c43803
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,82 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Packet In From Source [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.PacketsInFromSource.sum",
+ "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "timeseries"
+ },
+ "title": "NATGateway Packet In From Source [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "c84ed3d0-6890-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/cc3a1950-921c-11e9-aa19-159bf182e06f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/cc3a1950-921c-11e9-aa19-159bf182e06f.json
new file mode 100644
index 00000000000..c7286635445
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/cc3a1950-921c-11e9-aa19-159bf182e06f.json
@@ -0,0 +1,76 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "RDS Select Latency in Milliseconds [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f8196690-921a-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "ms,ms,",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Select Latency in Milliseconds",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.rds.latency.select",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.rds.db_instance.identifier",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "RDS Select Latency in Milliseconds [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "cc3a1950-921c-11e9-aa19-159bf182e06f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/cd6419c0-6949-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/cd6419c0-6949-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..b1fc0e56799
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/cd6419c0-6949-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Transit Gateway Bytes In [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.transitgateway.metrics.BytesIn.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TransitGateway",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "Transit Gateway Bytes In [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "cd6419c0-6949-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/ce7445c0-688f-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/ce7445c0-688f-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..2c300003e83
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/ce7445c0-688f-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,82 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Error Port Allocation [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Total Error of Port Allocation",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.ErrorPortAllocation.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "_count",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "metric"
+ },
+ "title": "NATGateway Error Port Allocation [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "ce7445c0-688f-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/ceb7c030-3e86-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/ceb7c030-3e86-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..a67774b5568
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/ceb7c030-3e86-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,101 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Top IP Addresses [Logs AWS] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "29527130-3e86-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "cc6d5070-3e85-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "gauge_color_rules": [
+ {
+ "id": "2b29c940-3e86-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "pivot_id": "user_agent.original",
+ "pivot_type": "string",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(115,216,255,1)",
+ "color_rules": [
+ {
+ "id": "42e14220-3e86-11ea-9067-cf383a4ea3b3"
+ }
+ ],
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"elb\" "
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "IP address",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "40c52370-3e87-11ea-9067-cf383a4ea3b3",
+ "type": "cumulative_sum"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "source.ip",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "top_n"
+ },
+ "title": "ELB Top IP Addresses [Logs AWS] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "ceb7c030-3e86-11ea-bb0a-69c3ca1d410f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/d045d120-b7b9-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d045d120-b7b9-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..3258621b85e
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d045d120-b7b9-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,53 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EBS Volume ID Filter [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "aws.dimensions.VolumeId",
+ "id": "1565034367477",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "volume id",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": true
+ },
+ "title": "EBS Volume ID Filter [Metrics AWS]",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "d045d120-b7b9-11e9-8349-f15f850c5cd0",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/d186fd50-4763-11e9-8062-c98a86cb6f94.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d186fd50-4763-11e9-8062-c98a86cb6f94.json
new file mode 100644
index 00000000000..0083f6ce1fb
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d186fd50-4763-11e9-8062-c98a86cb6f94.json
@@ -0,0 +1,78 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "S3 Total Requests [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "c03c4320-4763-11e9-b811-fd5d24a641d7"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "c7b9fca0-4763-11e9-b811-fd5d24a641d7"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "1d",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.s3_request.requests.total",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "offset_time": "",
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.s3.bucket.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "S3 Total Requests [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "d186fd50-4763-11e9-8062-c98a86cb6f94",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/d19a71b0-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d19a71b0-180e-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..a721cc0d241
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d19a71b0-180e-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS Notifications Filtered Out Invalid Attributes [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Notifications Filtered Out Invalid Attributes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "SNS Notifications Filtered Out Invalid Attributes [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "d19a71b0-180e-11ea-8e91-03c7047cbb9d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/d2f46190-830f-11e9-ac83-47df3568ff90.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d2f46190-830f-11e9-ac83-47df3568ff90.json
new file mode 100644
index 00000000000..5836d48d4f3
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d2f46190-830f-11e9-ac83-47df3568ff90.json
@@ -0,0 +1,99 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Cloudwatch ECS Memory Available [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "bb21d180-830d-11e9-9c4c-391fa0a2e15f"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "lucene",
+ "query": "(aws.cloudwatch.namespace:\"AWS/ECS\") AND (_exists_: aws.ecs.metrics.MemoryReservation) AND (_exists_: aws.ecs.metrics.MemoryUtilization)"
+ },
+ "formatter": "percent",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ecs.metrics.MemoryUtilization",
+ "id": "17f8ddf0-830d-11e9-9f3d-ed346f48a007",
+ "type": "sum"
+ },
+ {
+ "field": "aws.ecs.metrics.MemoryReservation",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ },
+ {
+ "id": "68a93050-830e-11e9-9c4c-391fa0a2e15f",
+ "script": "(params.res - params.util) / 100",
+ "type": "math",
+ "variables": [
+ {
+ "field": "17f8ddf0-830d-11e9-9f3d-ed346f48a007",
+ "id": "6f338920-830e-11e9-9c4c-391fa0a2e15f",
+ "name": "util"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "7ab9f9a0-830e-11e9-9c4c-391fa0a2e15f",
+ "name": "res"
+ }
+ ]
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.ClusterName",
+ "terms_order_by": "_key",
+ "terms_size": "5",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "AWS Cloudwatch ECS Memory Available",
+ "type": "metrics"
+ }
+ },
+ "id": "d2f46190-830f-11e9-ac83-47df3568ff90",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/d560de70-b3c7-11e9-87a4-078dbbae220d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d560de70-b3c7-11e9-87a4-078dbbae220d.json
new file mode 100644
index 00000000000..6de1c6151f7
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d560de70-b3c7-11e9-87a4-078dbbae220d.json
@@ -0,0 +1,88 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Request Count [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "7e66beb0-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "7db91990-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": "",
+ "gauge_color_rules": [
+ {
+ "id": "7d0b9b80-b3c6-11e9-af6e-ef22c5680226"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "35d3cbc0-b3c6-11e9-bf3f-29d51aa3d971",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#3185FC",
+ "fill": 0,
+ "formatter": "number",
+ "id": "35d3cbc1-b3c6-11e9-bf3f-29d51aa3d971",
+ "label": "Request Count",
+ "line_width": 2,
+ "metrics": [
+ {
+ "field": "aws.elb.metrics.RequestCount.sum",
+ "id": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.LoadBalancerName",
+ "terms_order_by": "35d3cbc2-b3c6-11e9-bf3f-29d51aa3d971",
+ "type": "timeseries",
+ "value_template": "{{value}}"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "ELB Request Count [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "d560de70-b3c7-11e9-87a4-078dbbae220d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/d8b1e830-3e82-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d8b1e830-3e82-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..ea98d841e30
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/d8b1e830-3e82-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,71 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB HTTP 5xx [Logs AWS] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(244,78,59,1)",
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"elb\" and http.response.status_code \u003e= 500 and http.response.status_code \u003c 600"
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "HTTP 5xx",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.elb.name",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "ELB HTTP 5xx [Logs AWS] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "d8b1e830-3e82-11ea-bb0a-69c3ca1d410f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..223ce7886b1
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Transit Gateway Bytes Out [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.transitgateway.metrics.BytesOut.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TransitGateway",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "Transit Gateway Bytes Out [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "dc5f65b0-6949-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/dcd31cd0-41e5-11e9-b7a0-c99d9d127b61.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/dcd31cd0-41e5-11e9-b7a0-c99d9d127b61.json
new file mode 100644
index 00000000000..96df3661d29
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/dcd31cd0-41e5-11e9-b7a0-c99d9d127b61.json
@@ -0,0 +1,67 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SQS Messages Delayed [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sqs.messages.delayed",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.sqs.queue.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "SQS Messages Delayed [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "dcd31cd0-41e5-11e9-b7a0-c99d9d127b61",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/dd2f2a10-41e6-11e9-b7a0-c99d9d127b61.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/dd2f2a10-41e6-11e9-b7a0-c99d9d127b61.json
new file mode 100644
index 00000000000..8fe86f7bf9c
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/dd2f2a10-41e6-11e9-b7a0-c99d9d127b61.json
@@ -0,0 +1,72 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SQS Messages Sent [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "d95adba0-6b8a-11e9-98b0-9b2c3d14a4c1"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sqs.messages.sent",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.sqs.queue.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "SQS Messages Sent [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "dd2f2a10-41e6-11e9-b7a0-c99d9d127b61",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/deab0260-2981-11e9-86eb-a3a07a77f530.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/deab0260-2981-11e9-86eb-a3a07a77f530.json
new file mode 100644
index 00000000000..95ed67fe6e8
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/deab0260-2981-11e9-86eb-a3a07a77f530.json
@@ -0,0 +1,53 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "AWS Account Filter [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "cloud.account.name",
+ "id": "1549397251041",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "account name",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": false
+ },
+ "title": "AWS Account Filter [Metrics AWS]",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "deab0260-2981-11e9-86eb-a3a07a77f530",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/dffa19e0-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/dffa19e0-180e-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..21725d1e0a3
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/dffa19e0-180e-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS Notifications Filtered Out No Message Attributes [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Notifications Filtered Out No Message Attributes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "SNS Notifications Filtered Out No Message Attributes [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "dffa19e0-180e-11ea-8e91-03c7047cbb9d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/e06e4cf0-921e-11e9-aa19-159bf182e06f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/e06e4cf0-921e-11e9-aa19-159bf182e06f.json
new file mode 100644
index 00000000000..e6e99961c81
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/e06e4cf0-921e-11e9-aa19-159bf182e06f.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "RDS Select Throughput in Count/Second [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "28cacdf0-921c-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "f8196690-921a-11e9-badf-4b42bd1ef543"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "'0.0'",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Select Throughput Count/Second",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.rds.throughput.select",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.rds.db_instance.identifier",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "RDS Select Throughput in Count/Second [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "e06e4cf0-921e-11e9-aa19-159bf182e06f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/e0e65e60-688e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/e0e65e60-688e-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..74aaa9ff8e0
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/e0e65e60-688e-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,77 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Bytes Out To Destination [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.BytesOutToDestination.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "timeseries"
+ },
+ "title": "NATGateway Bytes Out To Destination [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "e0e65e60-688e-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f.json
new file mode 100644
index 00000000000..88ae101a696
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f.json
@@ -0,0 +1,71 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "ELB Total Requests [Logs AWS] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "logs-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(115,216,255,1)",
+ "fill": 0.5,
+ "filter": {
+ "language": "kuery",
+ "query": "fileset.name : \"elb\" "
+ },
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Total Requests",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.elb.name",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "ELB Total Requests [Logs AWS] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "e50c51e0-3e7f-11ea-bb0a-69c3ca1d410f",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..b649f985f18
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "VPN Tunnel Data In [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.vpn.metrics.TunnelDataIn.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TunnelIpAddress",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "VPN Tunnel Data In [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "ea9e3d40-693a-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs.json
new file mode 100644
index 00000000000..16c29e47e8b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs.json
@@ -0,0 +1,78 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EC2 DiskIO Read Bytes [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "annotations": [],
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "23428b30-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,188,0,1)",
+ "fill": "0",
+ "filter": "",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "AWS EC2 DiskIO Read Bytes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ec2.diskio.read.bytes",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "series_drop_last_bucket": 1,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "cloud.instance.id",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "AWS EC2 DiskIO Read Bytes",
+ "type": "metrics"
+ }
+ },
+ "id": "f1db6ec0-f7f8-11e8-af03-c999c9dea608-ecs",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/f58f99b0-693a-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f58f99b0-693a-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..4d037086492
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f58f99b0-693a-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "VPN Tunnel Data Out [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.vpn.metrics.TunnelDataOut.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TunnelIpAddress",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "VPN Tunnel Data Out [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "f58f99b0-693a-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/f6831f30-b7b6-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f6831f30-b7b6-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..44eb8efc95b
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f6831f30-b7b6-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,67 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EBS Volume Write Ops [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Number of Write Operation",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ebs.metrics.VolumeWriteOps.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VolumeId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "EBS Volume Write Ops [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "f6831f30-b7b6-11e9-8349-f15f850c5cd0",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/f74eb760-41e8-11e9-b7a0-c99d9d127b61.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f74eb760-41e8-11e9-b7a0-c99d9d127b61.json
new file mode 100644
index 00000000000..33a59f7428c
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f74eb760-41e8-11e9-b7a0-c99d9d127b61.json
@@ -0,0 +1,86 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SQS Messages Visible [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "d5b83c70-41e8-11e9-9e94-11d4d21d3f4b"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "d2d14920-41e8-11e9-9e94-11d4d21d3f4b"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "gauge_color_rules": [
+ {
+ "id": "d2163680-41e8-11e9-9e94-11d4d21d3f4b"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "SQS Message Visible",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sqs.messages.visible",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.sqs.queue.name",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "SQS Messages Visible [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "f74eb760-41e8-11e9-b7a0-c99d9d127b61",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/f7c17000-6949-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f7c17000-6949-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..af2f065db71
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f7c17000-6949-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,62 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Transit Gateway Bytes Drop Count Blackhole [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.transitgateway.metrics.BytesDropCountBlackhole.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.TransitGateway",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "Transit Gateway Bytes Drop Count Blackhole [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "f7c17000-6949-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/f8b63860-739e-11ea-a345-f985c61fe654.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f8b63860-739e-11ea-a345-f985c61fe654.json
new file mode 100644
index 00000000000..d7c7b9f838a
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/f8b63860-739e-11ea-a345-f985c61fe654.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "CloudTrail Error Code [Logs AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "field": "aws.cloudtrail.error_code",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 20
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": true,
+ "labels": {
+ "last_level": true,
+ "show": false,
+ "truncate": 100,
+ "values": true
+ },
+ "legendPosition": "right",
+ "type": "pie"
+ },
+ "title": "CloudTrail Error Code [Logs AWS]",
+ "type": "pie"
+ }
+ },
+ "id": "f8b63860-739e-11ea-a345-f985c61fe654",
+ "references": [
+ {
+ "id": "30ccde50-7397-11ea-a345-f985c61fe654",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/fc0869c0-180e-11ea-8e91-03c7047cbb9d.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fc0869c0-180e-11ea-8e91-03c7047cbb9d.json
new file mode 100644
index 00000000000..e87e62754a6
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fc0869c0-180e-11ea-8e91-03c7047cbb9d.json
@@ -0,0 +1,69 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SNS Notifications Redriven To DLQ [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "s,s,3",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Notifications Redriven To DLQ",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": null,
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "SNS Notifications Redriven To DLQ [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "fc0869c0-180e-11ea-8e91-03c7047cbb9d",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..29aad97e9db
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,113 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "VPN Filters [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "cloud.account.name",
+ "id": "1565034367477",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "account name",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ },
+ {
+ "fieldName": "cloud.region",
+ "id": "1584478324642",
+ "indexPatternRefName": "control_1_index_pattern",
+ "label": "region",
+ "options": {
+ "dynamicOptions": false,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ },
+ {
+ "fieldName": "aws.dimensions.VpnId",
+ "id": "1584552913938",
+ "indexPatternRefName": "control_2_index_pattern",
+ "label": "VPN ID",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ },
+ {
+ "fieldName": "aws.dimensions.TunnelIpAddress",
+ "id": "1584552958445",
+ "indexPatternRefName": "control_3_index_pattern",
+ "label": "Tunnel IP",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": true
+ },
+ "title": "VPN Filters [Metrics AWS]",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "fcfc8d80-693e-11ea-b0ac-95d4ecb1fecd",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "control_1_index_pattern",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "control_2_index_pattern",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "control_3_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/fd915180-6890-11ea-b0ac-95d4ecb1fecd.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fd915180-6890-11ea-b0ac-95d4ecb1fecd.json
new file mode 100644
index 00000000000..540aca2974a
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fd915180-6890-11ea-b0ac-95d4ecb1fecd.json
@@ -0,0 +1,82 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "NATGateway Packet Out To Source [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "688b0480-688d-11ea-8b7d-fd9d15a13cd0",
+ "value": 0
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "6b6b1a00-688d-11ea-8b7d-fd9d15a13cd0"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "drop_last_bucket": 0,
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "1m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "formatter": "number",
+ "id": "f444c0e0-688f-11ea-8b7d-fd9d15a13cd0",
+ "label": "",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "aws.natgateway.metrics.PacketsOutToSource.sum",
+ "id": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "avg"
+ }
+ ],
+ "point_size": "3",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.NatGatewayId",
+ "terms_order_by": "f444c0e1-688f-11ea-8b7d-fd9d15a13cd0",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "time_range_mode": "last_value",
+ "type": "timeseries"
+ },
+ "title": "NATGateway Packet Out To Source [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "fd915180-6890-11ea-b0ac-95d4ecb1fecd",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/fe0581b0-b7b8-11e9-8349-f15f850c5cd0.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fe0581b0-b7b8-11e9-8349-f15f850c5cd0.json
new file mode 100644
index 00000000000..c68d31e30ea
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fe0581b0-b7b8-11e9-8349-f15f850c5cd0.json
@@ -0,0 +1,67 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EBS Volume Queue Length [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": "0",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "",
+ "interval": "5m",
+ "isModelInvalid": false,
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Volume Queue Length",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ebs.metrics.VolumeQueueLength.avg",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "5",
+ "separate_axis": 0,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "aws.dimensions.VolumeId",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "",
+ "type": "timeseries"
+ },
+ "title": "EBS Volume Queue Length [Metrics AWS]",
+ "type": "metrics"
+ }
+ },
+ "id": "fe0581b0-b7b8-11e9-8349-f15f850c5cd0",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/kibana/visualization/fed59380-f7f8-11e8-af03-c999c9dea608-ecs.json b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fed59380-f7f8-11e8-af03-c999c9dea608-ecs.json
new file mode 100644
index 00000000000..b6ac6efdc56
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/kibana/visualization/fed59380-f7f8-11e8-af03-c999c9dea608-ecs.json
@@ -0,0 +1,78 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "EC2 DiskIO Write Bytes [Metrics AWS]",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "annotations": [],
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "23428b30-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "2592bcc0-f7f2-11e8-bff8-21537b07dd44"
+ }
+ ],
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "5m",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,188,0,1)",
+ "fill": "0",
+ "filter": "",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "AWS EC2 DiskIO Write Bytes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "aws.ec2.diskio.write.bytes",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "series_drop_last_bucket": 1,
+ "split_color_mode": "rainbow",
+ "split_mode": "terms",
+ "stacked": "none",
+ "steps": 0,
+ "terms_field": "cloud.instance.id",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "terms_size": "5"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "AWS EC2 DiskIO Write Bytes",
+ "type": "metrics"
+ }
+ },
+ "id": "fed59380-f7f8-11e8-af03-c999c9dea608-ecs",
+ "references": [],
+ "type": "visualization"
+}
\ No newline at end of file
diff --git a/dev/packages/alpha/aws/0.0.3/manifest.yml b/dev/packages/alpha/aws/0.0.3/manifest.yml
new file mode 100644
index 00000000000..9b9e6e29611
--- /dev/null
+++ b/dev/packages/alpha/aws/0.0.3/manifest.yml
@@ -0,0 +1,259 @@
+format_version: 1.0.0
+name: aws
+title: aws
+version: 0.0.3
+license: basic
+description: aws Integration
+type: integration
+categories:
+- logs
+- metrics
+release: beta
+removable: true
+requirement:
+ kibana:
+ versions: '>=8.0.0-SNAPSHOT <8.0.0'
+ elasticsearch:
+ versions: '>7.0.1'
+screenshots:
+- src: /img/filebeat-aws-cloudtrail.png
+ title: filebeat aws cloudtrail
+ size: 1702x1063
+ type: image/png
+- src: /img/filebeat-aws-elb-overview.png
+ title: filebeat aws elb overview
+ size: 5120x2704
+ type: image/png
+- src: /img/filebeat-aws-s3access-overview.png
+ title: filebeat aws s3access overview
+ size: 1684x897
+ type: image/png
+- src: /img/filebeat-aws-vpcflow-overview.png
+ title: filebeat aws vpcflow overview
+ size: 5111x2609
+ type: image/png
+- src: /img/metricbeat-aws-overview.png
+ title: metricbeat aws overview
+ size: 3848x2440
+ type: image/png
+- src: /img/metricbeat-aws-billing-overview.png
+ title: metricbeat aws billing overview
+ size: 2176x1826
+ type: image/png
+- src: /img/metricbeat-aws-dynamodb-overview.png
+ title: metricbeat aws dynamodb overview
+ size: 1873x846
+ type: image/png
+- src: /img/metricbeat-aws-ebs-overview.png
+ title: metricbeat aws ebs overview
+ size: 3372x2104
+ type: image/png
+- src: /img/metricbeat-aws-ec2-overview.png
+ title: metricbeat aws ec2 overview
+ size: 2640x2240
+ type: image/png
+- src: /img/metricbeat-aws-elb-overview.png
+ title: metricbeat aws elb overview
+ size: 2676x2384
+ type: image/png
+- src: /img/metricbeat-aws-lambda-overview.png
+ title: metricbeat aws lambda overview
+ size: 2582x2206
+ type: image/png
+- src: /img/metricbeat-aws-rds-overview.png
+ title: metricbeat aws rds overview
+ size: 3468x2290
+ type: image/png
+- src: /img/metricbeat-aws-s3-overview.png
+ title: metricbeat aws s3 overview
+ size: 2048x1504
+ type: image/png
+- src: /img/metricbeat-aws-sqs-overview.png
+ title: metricbeat aws sqs overview
+ size: 2560x1440
+ type: image/png
+- src: /img/metricbeat-aws-usage-overview.png
+ title: metricbeat aws usage overview
+ size: 2238x2438
+ type: image/png
+- src: /img/metricbeat-aws-billing-overview.png
+ title: metricbeat aws billing overview
+ size: 2176x1826
+ type: image/png
+- src: /img/metricbeat-aws-ebs-overview.png
+ title: metricbeat aws ebs overview
+ size: 3372x2104
+ type: image/png
+- src: /img/metricbeat-aws-ec2-overview.png
+ title: metricbeat aws ec2 overview
+ size: 2640x2240
+ type: image/png
+- src: /img/metricbeat-aws-elb-overview.png
+ title: metricbeat aws elb overview
+ size: 2676x2384
+ type: image/png
+- src: /img/metricbeat-aws-lambda-overview.png
+ title: metricbeat aws lambda overview
+ size: 2582x2206
+ type: image/png
+- src: /img/metricbeat-aws-rds-overview.png
+ title: metricbeat aws rds overview
+ size: 3468x2290
+ type: image/png
+- src: /img/metricbeat-aws-s3-overview.png
+ title: metricbeat aws s3 overview
+ size: 2048x1504
+ type: image/png
+- src: /img/metricbeat-aws-s3-overview.png
+ title: metricbeat aws s3 overview
+ size: 2048x1504
+ type: image/png
+- src: /img/metricbeat-aws-sns-overview.png
+ title: metricbeat aws sns overview
+ size: 3840x2676
+ type: image/png
+- src: /img/metricbeat-aws-sqs-overview.png
+ title: metricbeat aws sqs overview
+ size: 2560x1440
+ type: image/png
+- src: /img/metricbeat-aws-usage-overview.png
+ title: metricbeat aws usage overview
+ size: 2238x2438
+ type: image/png
+icons:
+- src: /img/logo_aws.svg
+ title: logo aws
+ size: 32x32
+ type: image/svg+xml
+datasources:
+- name: aws
+ title: aws logs and metrics
+ description: Collect logs and metrics from aws instances
+ inputs:
+ - type: logs
+ title: Collect logs from aws instances
+ description: Collecting aws cloudtrail, cloudwatch, ec2, elb, s3access and vpcflow
+ logs
+ vars:
+ - name: queue_url
+ type: text
+ title: Queue URL
+ multi: false
+ required: true
+ show_user: true
+ description: URL of the AWS SQS queue that messages will be received from.
+ - name: visibility_timeout
+ type: text
+ title: Visibility Timeout
+ multi: false
+ required: false
+ show_user: false
+ description: The duration that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. The maximum is 12 hours.
+ - name: api_timeout
+ type: text
+ title: API Timeout
+ multi: false
+ required: false
+ show_user: false
+ description: The maximum duration of AWS API can take. The maximum is half of the visibility timeout value.
+ - name: shared_credential_file
+ type: text
+ title: Shared Credential File
+ multi: false
+ required: false
+ show_user: false
+ description: Directory of the shared credentials file.
+ - name: credential_profile_name
+ type: text
+ title: Credential Profile Name
+ multi: false
+ required: false
+ show_user: true
+ - name: access_key_id
+ type: text
+ title: Access Key ID
+ multi: false
+ required: false
+ show_user: false
+ - name: secret_access_key
+ type: text
+ title: Secret Access Key
+ multi: false
+ required: false
+ show_user: false
+ - name: session_token
+ type: text
+ title: Session Token
+ multi: false
+ required: false
+ show_user: false
+ - name: role_arn
+ type: text
+ title: Role ARN
+ multi: false
+ required: false
+ show_user: false
+ - name: endpoint
+ type: text
+ title: Endpoint
+ multi: false
+ required: false
+ show_user: false
+ default: "amazonaws.com"
+ description: URL of the entry point for an AWS web service.
+ - type: aws/metrics
+ title: Collect metrics from AWS instances
+ description: Collecting aws billing, cloudwatch, dynamodb, ebs, ec2, elb, lambda,
+ natgateway, rds, s3_daily_storage, s3_request, sns, sqs, transitgateway, usage
+ and vpn metrics
+ vars:
+ - name: access_key_id
+ type: text
+ title: Access Key ID
+ multi: false
+ required: false
+ show_user: false
+ default: ""
+ - name: secret_access_key
+ type: text
+ title: Secret Access Key
+ multi: false
+ required: false
+ show_user: false
+ default: ""
+ - name: session_token
+ type: text
+ title: Session Token
+ multi: false
+ required: false
+ show_user: false
+ default: ""
+ - name: shared_credential_file
+ type: text
+ title: Shared Credential File
+ multi: false
+ required: false
+ show_user: false
+ default: ""
+ - name: credential_profile_name
+ type: text
+ title: Credential Profile Name
+ multi: false
+ required: false
+ show_user: true
+ default: ""
+ - name: role_arn
+ type: text
+ title: Role ARN
+ multi: false
+ required: false
+ show_user: false
+ default: ""
+ - name: endpoint
+ type: text
+ title: Endpoint
+ multi: false
+ required: false
+ show_user: false
+ default: "amazonaws.com"
+ description: URL of the entry point for an AWS web service.
diff --git a/dev/packages/alpha/base/1.0.0/docs/README.md b/dev/packages/alpha/base/1.0.0/docs/README.md
deleted file mode 100644
index 152200ea6db..00000000000
--- a/dev/packages/alpha/base/1.0.0/docs/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Base package
-
-This is installed in the background by EPM to setup the Elastic Stack.
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/events-mappings.json b/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/events-mappings.json
deleted file mode 100644
index 35488413ae3..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/events-mappings.json
+++ /dev/null
@@ -1,148 +0,0 @@
-{
- "template": {
- "mappings": {
- "_meta": {
- },
- "dynamic_templates": [
- {
- "strings_as_keyword": {
- "mapping": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "match_mapping_type": "string"
- }
- }
- ],
- "date_detection": false,
- "properties": {
- "@timestamp": {
- "type": "date"
- },
- "stream": {
- "properties": {
- "type": {
- "type": "constant_keyword"
- },
- "dataset": {
- "type": "constant_keyword"
- },
- "namespace": {
- "type": "constant_keyword"
- }
- }
- },
- "agent": {
- "properties": {
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ephemeral_id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ecs": {
- "properties": {
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "host": {
- "properties": {
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "os": {
- "properties": {
- "build": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "kernel": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "codename": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "family": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "platform": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ip": {
- "type": "ip"
- },
- "containerized": {
- "type": "boolean"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "mac": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "architecture": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "message": {
- "type": "text"
- }
- }
- },
- "aliases": {}
- }
-}
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/events-settings.json b/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/events-settings.json
deleted file mode 100644
index 3cd594414e2..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/events-settings.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "template": {
- "settings": {
- "index": {
- "lifecycle": {
- "name": "events-default"
- },
- "codec": "best_compression",
- "refresh_interval": "5s",
- "number_of_shards": "1",
- "query": {
- "default_field": [
- "message"
- ]
- },
- "number_of_routing_shards": "30"
- }
- },
- "aliases": {}
- }
-}
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/logs-mappings.json b/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/logs-mappings.json
deleted file mode 100644
index 35488413ae3..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/logs-mappings.json
+++ /dev/null
@@ -1,148 +0,0 @@
-{
- "template": {
- "mappings": {
- "_meta": {
- },
- "dynamic_templates": [
- {
- "strings_as_keyword": {
- "mapping": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "match_mapping_type": "string"
- }
- }
- ],
- "date_detection": false,
- "properties": {
- "@timestamp": {
- "type": "date"
- },
- "stream": {
- "properties": {
- "type": {
- "type": "constant_keyword"
- },
- "dataset": {
- "type": "constant_keyword"
- },
- "namespace": {
- "type": "constant_keyword"
- }
- }
- },
- "agent": {
- "properties": {
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ephemeral_id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ecs": {
- "properties": {
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "host": {
- "properties": {
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "os": {
- "properties": {
- "build": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "kernel": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "codename": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "family": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "platform": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ip": {
- "type": "ip"
- },
- "containerized": {
- "type": "boolean"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "mac": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "architecture": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "message": {
- "type": "text"
- }
- }
- },
- "aliases": {}
- }
-}
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/logs-settings.json b/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/logs-settings.json
deleted file mode 100644
index eaaa60a9a3b..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/logs-settings.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "template": {
- "settings": {
- "index": {
- "lifecycle": {
- "name": "logs-default"
- },
- "codec": "best_compression",
- "refresh_interval": "5s",
- "number_of_shards": "1",
- "query": {
- "default_field": [
- "message"
- ]
- },
- "number_of_routing_shards": "30"
- }
- },
- "aliases": {}
- }
-}
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/metrics-mappings.json b/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/metrics-mappings.json
deleted file mode 100644
index 29f7d8bd10f..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/metrics-mappings.json
+++ /dev/null
@@ -1,145 +0,0 @@
-{
- "template": {
- "mappings": {
- "_meta": {
- },
- "dynamic_templates": [
- {
- "strings_as_keyword": {
- "mapping": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "match_mapping_type": "string"
- }
- }
- ],
- "date_detection": false,
- "properties": {
- "@timestamp": {
- "type": "date"
- },
- "stream": {
- "properties": {
- "type": {
- "type": "constant_keyword"
- },
- "dataset": {
- "type": "constant_keyword"
- },
- "namespace": {
- "type": "constant_keyword"
- }
- }
- },
- "agent": {
- "properties": {
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ephemeral_id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ecs": {
- "properties": {
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "host": {
- "properties": {
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "os": {
- "properties": {
- "build": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "kernel": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "codename": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "family": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "platform": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ip": {
- "type": "ip"
- },
- "containerized": {
- "type": "boolean"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "mac": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "architecture": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "aliases": {}
- }
-}
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/metrics-settings.json b/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/metrics-settings.json
deleted file mode 100644
index 539f79ed9dd..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/component-template/metrics-settings.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "template": {
- "settings": {
- "index": {
- "lifecycle": {
- "name": "metrics-default"
- },
- "codec": "best_compression",
- "refresh_interval": "5s",
- "number_of_shards": "1",
- "query": {
- "default_field": [
- "message"
- ]
- },
- "number_of_routing_shards": "30"
- }
- },
- "aliases": {}
- }
-}
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/ilm-policy/events-default.json b/dev/packages/alpha/base/1.0.0/elasticsearch/ilm-policy/events-default.json
deleted file mode 100644
index 26115b3a31c..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/ilm-policy/events-default.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- "policy": {
- "phases": {
- "hot": {
- "min_age": "0ms",
- "actions": {
- "rollover": {
- "max_size": "50gb",
- "max_age": "30d"
- }
- }
- }
- }
- }
-}
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/ilm-policy/logs-default.json b/dev/packages/alpha/base/1.0.0/elasticsearch/ilm-policy/logs-default.json
deleted file mode 100644
index 8d8db418e7a..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/ilm-policy/logs-default.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- "policy": {
- "phases": {
- "hot": {
- "min_age": "0ms",
- "actions": {
- "rollover": {
- "max_size": "50gb",
- "max_age": "30d"
- }
- }
- }
- }
- }
-}
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/ilm-policy/metrics-default.json b/dev/packages/alpha/base/1.0.0/elasticsearch/ilm-policy/metrics-default.json
deleted file mode 100644
index 26115b3a31c..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/ilm-policy/metrics-default.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
- "policy": {
- "phases": {
- "hot": {
- "min_age": "0ms",
- "actions": {
- "rollover": {
- "max_size": "50gb",
- "max_age": "30d"
- }
- }
- }
- }
- }
-}
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/index-template/events.json b/dev/packages/alpha/base/1.0.0/elasticsearch/index-template/events.json
deleted file mode 100644
index 2d0a06c0879..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/index-template/events.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "index_patterns": [
- "events-*-*"
- ],
- "priority": 0,
- "composed_of": [
- "events-mappings",
- "events-settings"
- ]
-}
\ No newline at end of file
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/index-template/logs.json b/dev/packages/alpha/base/1.0.0/elasticsearch/index-template/logs.json
deleted file mode 100644
index ac4e5f69a1a..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/index-template/logs.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "index_patterns": [
- "logs-*-*"
- ],
- "priority": 0,
- "composed_of": [
- "logs-mappings",
- "logs-settings"
- ]
-}
\ No newline at end of file
diff --git a/dev/packages/alpha/base/1.0.0/elasticsearch/index-template/metrics.json b/dev/packages/alpha/base/1.0.0/elasticsearch/index-template/metrics.json
deleted file mode 100644
index c07ef16aff4..00000000000
--- a/dev/packages/alpha/base/1.0.0/elasticsearch/index-template/metrics.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "index_patterns": [
- "metrics-*-*"
- ],
- "priority": 0,
- "composed_of": [
- "metrics-mappings",
- "metrics-settings"
- ]
-}
\ No newline at end of file
diff --git a/dev/packages/alpha/base/1.0.0/manifest.yml b/dev/packages/alpha/base/1.0.0/manifest.yml
deleted file mode 100644
index 7cf61d19100..00000000000
--- a/dev/packages/alpha/base/1.0.0/manifest.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-format_version: 1.0.0
-
-name: base
-title: Base package
-description: >
- The base package contains assets which are needed for the basic setup of the stack.
-
- It contains the default ILM policies.
-version: 1.0.0
-categories: []
-release: ga
-
-# The base package cannot be removed
-removable: false
-
-# The user should not see this package and not be able to install it
-internal: true
-
-license: basic
-# This is called type integration because it is required for all the integration packages
-type: integration
-
-requirement:
- elasticsearch:
- # Requires ILM which was released in 6.6.
- versions: ">6.6.0"
-
-# No icons
-icons:
-
diff --git a/dev/packages/alpha/endpoint/1.0.0/dataset/events/fields/fields.yml b/dev/packages/alpha/endpoint/1.0.0/dataset/events/fields/fields.yml
deleted file mode 100644
index 04afd73e472..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/dataset/events/fields/fields.yml
+++ /dev/null
@@ -1,3861 +0,0 @@
-- name: "@timestamp"
- level: core
- required: true
- type: date
- description: "Date/time when the event originated.
-
- This is the date/time extracted from the event, typically representing when
- the event was generated by the source.
-
- If the event source has no original timestamp, this value is typically populated
- by the first time the event was received by the pipeline.
-
- Required field for all events."
- example: "2016-05-23T08:05:34.853Z"
-- name: message
- level: core
- type: text
- description:
- "For log events the message field contains the log message, optimized
- for viewing in a log viewer.
-
- For structured logs without an original message field, other fields can be concatenated
- to form a human-readable summary of the event.
-
- If multiple messages exist, they can be combined into one message."
- example: Hello World
-- name: agent
- title: Agent
- group: 2
- description: "The agent fields contain the data about the software entity, if
- any, that collects, detects, or observes events on a host, or takes measurements
- on a host.
-
- Examples include Beats. Agents may also run on observers. ECS agent.* fields
- shall be populated with details of the agent running on the host or observer
- where the event happened or the measurement was taken."
- footnote:
- "Examples: In the case of Beats for logs, the agent.name is filebeat.
- For APM, it is the agent running in the app/service. The agent information does
- not change if data is sent through queuing systems like Kafka, Redis, or processing
- systems such as Logstash or APM Server."
- type: group
- fields:
- - name: ephemeral_id
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Ephemeral identifier of this agent (if one exists).
-
- This id normally changes across restarts, but `agent.id` does not."
- example: 8a4f500f
- - name: id
- level: core
- type: keyword
- ignore_above: 1024
- description: "Unique identifier of this agent (if one exists).
-
- Example: For Beats this would be beat.id."
- example: 8a4f500d
- - name: name
- level: core
- type: keyword
- ignore_above: 1024
- description: "Custom name of the agent.
-
- This is a name that can be given to an agent. This can be helpful if for example
- two Filebeat instances are running on the same host but a human readable separation
- is needed on which Filebeat instance data is coming from.
-
- If no name is given, the name is often left empty."
- example: foo
- - name: type
- level: core
- type: keyword
- ignore_above: 1024
- description: "Type of the agent.
-
- The agent type stays always the same and should be given by the agent used.
- In case of Filebeat the agent would always be Filebeat also if two Filebeat
- instances are run on the same machine."
- example: filebeat
- - name: version
- level: core
- type: keyword
- ignore_above: 1024
- description: Version of the agent.
- example: 6.0.0-rc2
-- name: destination
- title: Destination
- group: 2
- description:
- "Destination fields describe details about the destination of a packet/event.
-
- Destination fields are usually populated in conjunction with source fields."
- type: group
- fields:
- - name: address
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- "Some event destination addresses are defined ambiguously. The
- event will sometimes list an IP, a domain or a unix socket. You should always
- store the raw address in the `.address` field.
-
- Then it should be duplicated to `.ip` or `.domain`, depending on which one
- it is."
- - name: bytes
- level: core
- type: long
- format: bytes
- description: Bytes sent from the destination to the source.
- example: 184
- - name: domain
- level: core
- type: keyword
- ignore_above: 1024
- description: Destination domain.
- - name: ip
- level: core
- type: ip
- description: "IP address of the destination.
-
- Can be one or multiple IPv4 or IPv6 addresses."
- - name: packets
- level: core
- type: long
- description: Packets sent from the destination to the source.
- example: 12
- - name: port
- level: core
- type: long
- format: string
- description: Port of the destination.
- - name: registered_domain
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- 'The highest registered destination domain, stripped of the subdomain.
-
- For example, the registered domain for "foo.google.com" is "google.com".
-
- This value can be determined precisely with a list like the public suffix
- list (http://publicsuffix.org). Trying to approximate this by simply taking
- the last two labels will not work well for TLDs such as "co.uk".'
- example: google.com
- - name: top_level_domain
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- 'The effective top level domain (eTLD), also known as the domain
- suffix, is the last part of the domain name. For example, the top level domain
- for google.com is "com".
-
- This value can be determined precisely with a list like the public suffix
- list (http://publicsuffix.org). Trying to approximate this by simply taking
- the last label will not work well for effective TLDs such as "co.uk".'
- example: co.uk
-- name: dll
- title: DLL
- group: 2
- description:
- 'These fields contain information about code libraries dynamically
- loaded into processes.
-
-
- Many operating systems refer to "shared code libraries" with different names,
- but this field set refers to all of the following:
-
- * Dynamic-link library (`.dll`) commonly used on Windows
-
- * Shared Object (`.so`) commonly used on Unix-like operating systems
-
- * Dynamic library (`.dylib`) commonly used on macOS'
- type: group
- fields:
- - name: code_signature.exists
- level: core
- type: boolean
- description: Boolean to capture if a signature is present.
- example: "true"
- default_field: false
- - name: code_signature.status
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Additional information about the certificate status.
-
- This is useful for logging cryptographic errors with the certificate validity
- or trust status. Leave unpopulated if the validity or trust of the certificate
- was unchecked."
- example: ERROR_UNTRUSTED_ROOT
- default_field: false
- - name: code_signature.subject_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Subject name of the code signer
- example: Microsoft Corporation
- default_field: false
- - name: code_signature.trusted
- level: extended
- type: boolean
- description: "Stores the trust status of the certificate chain.
-
- Validating the trust of the certificate chain may be complicated, and this
- field should only be populated by tools that actively check the status."
- example: "true"
- default_field: false
- - name: code_signature.valid
- level: extended
- type: boolean
- description:
- "Boolean to capture if the digital signature is verified against
- the binary content.
-
- Leave unpopulated if a certificate was unchecked."
- example: "true"
- default_field: false
- - name: compile_time
- level: custom
- type: date
- description: Timestamp from when the module was compiled.
- default_field: false
- - name: hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- default_field: false
- - name: hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- default_field: false
- - name: hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- default_field: false
- - name: hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- default_field: false
- - name: malware_classification.features.data.buffer
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- The features extracted from this file and evaluated by the model. Usually
- an array of floats. Likely zlib-encoded.
- default_field: false
- - name: malware_classification.features.data.decompressed_size
- level: custom
- type: integer
- description: The decompressed size of buffer.
- default_field: false
- - name: malware_classification.features.data.encoding
- level: custom
- type: keyword
- ignore_above: 1024
- description: The encoding of buffer (e.g. zlib).
- default_field: false
- - name: malware_classification.identifier
- level: custom
- type: keyword
- ignore_above: 1024
- description: The model's unique identifier.
- default_field: false
- - name: malware_classification.score
- level: custom
- type: double
- description: The score produced by the classification model.
- default_field: false
- - name: malware_classification.threshold
- level: custom
- type: double
- description:
- The score threshold for the model. Files that score above this
- threshold are considered malicious.
- default_field: false
- - name: malware_classification.upx_packed
- level: custom
- type: boolean
- description: Whether UPX packing was detected.
- default_field: false
- - name: malware_classification.version
- level: custom
- type: keyword
- ignore_above: 1024
- description: The version of the model used.
- default_field: false
- - name: mapped_address
- level: custom
- type: keyword
- ignore_above: 1024
- description: The base address where this module is loaded.
- default_field: false
- - name: mapped_size
- level: custom
- type: long
- description: The size of this module's memory mapping, in bytes.
- default_field: false
- - name: name
- level: core
- type: keyword
- ignore_above: 1024
- description: "Name of the library.
-
- This generally maps to the name of the file on disk."
- example: kernel32.dll
- default_field: false
- - name: path
- level: extended
- type: keyword
- ignore_above: 1024
- description: Full file path of the library.
- example: C:\Windows\System32\kernel32.dll
- default_field: false
- - name: pe.company
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal company name of the file, provided at compile-time.
- example: Microsoft Corporation
- default_field: false
- - name: pe.description
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal description of the file, provided at compile-time.
- example: Paint
- default_field: false
- - name: pe.file_version
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal version of the file, provided at compile-time.
- example: 6.3.9600.17415
- default_field: false
- - name: pe.original_file_name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal name of the file, provided at compile-time.
- example: MSPAINT.EXE
- default_field: false
- - name: pe.product
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal product name of the file, provided at compile-time.
- example: "Microsoft\xAE Windows\xAE Operating System"
- default_field: false
-- name: dns
- title: DNS
- group: 2
- description: "Fields describing DNS queries and answers.
-
- DNS events should either represent a single DNS query prior to getting answers
- (`dns.type:query`) or they should represent a full exchange and contain the
- query details as well as all of the answers that were provided for this query
- (`dns.type:answer`)."
- type: group
- fields:
- - name: question.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: 'The name being queried.
-
- If the name field contains non-printable characters (below 32 or above 126),
- those characters should be represented as escaped base 10 integers (\DDD).
- Back slashes and quotes should be escaped. Tabs, carriage returns, and line
- feeds should be converted to \t, \r, and \n respectively.'
- example: www.google.com
- - name: question.registered_domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: 'The highest registered domain, stripped of the subdomain.
-
- For example, the registered domain for "foo.google.com" is "google.com".
-
- This value can be determined precisely with a list like the public suffix
- list (http://publicsuffix.org). Trying to approximate this by simply taking
- the last two labels will not work well for TLDs such as "co.uk".'
- example: google.com
- - name: question.subdomain
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- 'The subdomain is all of the labels under the registered_domain.
-
- If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com",
- the subdomain field should contain "sub2.sub1", with no trailing period.'
- example: www
- - name: question.top_level_domain
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- 'The effective top level domain (eTLD), also known as the domain
- suffix, is the last part of the domain name. For example, the top level domain
- for google.com is "com".
-
- This value can be determined precisely with a list like the public suffix
- list (http://publicsuffix.org). Trying to approximate this by simply taking
- the last label will not work well for effective TLDs such as "co.uk".'
- example: co.uk
- - name: question.type
- level: extended
- type: keyword
- ignore_above: 1024
- description: The type of record being queried.
- example: AAAA
- - name: resolved_ip
- level: extended
- type: ip
- description: "Array containing all IPs seen in `answers.data`.
-
- The `answers` array can be difficult to use, because of the variety of data
- formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip`
- makes it possible to index them as IP addresses, and makes them easier to
- visualize and query for."
- example:
- - 10.10.10.10
- - 10.10.10.11
-- name: ecs
- title: ECS
- group: 2
- description: Meta-information specific to ECS.
- type: group
- fields:
- - name: version
- level: core
- required: true
- type: keyword
- ignore_above: 1024
- description:
- "ECS version this event conforms to. `ecs.version` is a required
- field and must exist in all events.
-
- When querying across multiple indices -- which may conform to slightly different
- ECS versions -- this field lets integrations adjust to the schema version
- of the events."
- example: 1.0.0
-- name: endpoint
- title: Endpoint
- group: 2
- description: Fields describing the state of the Elastic Endpoint when an event
- occurs.
- type: group
- fields:
- - name: artifact.hash
- level: custom
- type: keyword
- ignore_above: 1024
- description: Hash of artifact in use by endpoint when event was created.
- default_field: false
- - name: artifact.name
- level: custom
- type: keyword
- ignore_above: 1024
- description: Name of artifact in use by endpoint when event was created.
- default_field: false
- - name: artifact.version
- level: custom
- type: keyword
- ignore_above: 1024
- description: Version of artifact in use by endpoint when event was created.
- default_field: false
- - name: file
- level: custom
- type: object
- object_type: keyword
- description: Extended "file" field set
- default_field: false
- - name: file.original
- level: custom
- type: object
- object_type: keyword
- description: Original file information during a modification event.
- default_field: false
- - name: file.original.gid
- level: custom
- type: keyword
- ignore_above: 1024
- description: Primary group ID (GID) of the file.
- example: "1001"
- default_field: false
- - name: file.original.group
- level: custom
- type: keyword
- ignore_above: 1024
- description: Primary group name of the file.
- example: alice
- default_field: false
- - name: file.original.mode
- level: custom
- type: keyword
- ignore_above: 1024
- description: Original file mode prior to a modification event
- default_field: false
- - name: file.original.name
- level: custom
- type: keyword
- ignore_above: 1024
- description: Original file name prior to a modification event
- default_field: false
- - name: file.original.owner
- level: custom
- type: keyword
- ignore_above: 1024
- description: File owner's username.
- example: alice
- default_field: false
- - name: file.original.path
- level: custom
- type: keyword
- ignore_above: 1024
- description: Original file path prior to a modification event
- default_field: false
- - name: file.original.uid
- level: custom
- type: keyword
- ignore_above: 1024
- description: The user ID (UID) or security identifier (SID) of the file owner.
- example: "1001"
- default_field: false
- - name: file.windows
- level: custom
- type: object
- object_type: keyword
- description: Platform-specific Windows fields
- default_field: false
- - name: file.windows.zone_identifier
- level: custom
- type: keyword
- ignore_above: 1024
- description: Windows zone identifier for a file
- default_field: false
- - name: group
- level: custom
- type: object
- object_type: keyword
- description: Extended "group" field set
- default_field: false
- - name: group.real
- level: custom
- type: object
- object_type: keyword
- description: Group info prior to any setgid operations.
- default_field: false
- - name: group.real.id
- level: custom
- type: keyword
- ignore_above: 1024
- description: Unique identifier for the group on the system/platform.
- default_field: false
- - name: group.real.name
- level: custom
- type: keyword
- ignore_above: 1024
- description: Name of the group.
- default_field: false
- - name: policy
- level: custom
- type: object
- object_type: keyword
- description: The policy fields are used to hold information about applied policy.
- default_field: false
- - name: policy.id
- level: custom
- type: keyword
- ignore_above: 1024
- description: ID of the policy that was active when the event was created.
- example: c2a9093e-e289-4c0a-aa44-8c32a414fa7a
- default_field: false
- - name: process
- level: custom
- type: object
- object_type: keyword
- description: Extended "process" field set
- default_field: false
- - name: process.authentication_id
- level: custom
- type: keyword
- ignore_above: 1024
- description: Process authentication ID
- default_field: false
- - name: process.parent
- level: custom
- type: object
- object_type: keyword
- description: Extended "process.parent" field set.
- default_field: false
- - name: process.parent.real
- level: custom
- type: object
- object_type: keyword
- description:
- The field set containing parent process info in case of any ppid
- spoofing.
- default_field: false
- - name: process.parent.real.pid
- level: custom
- type: long
- description:
- The ppid of the process that actually spawned the current process,
- in case of ppid spoofing.
- default_field: false
- - name: process.session
- level: custom
- type: keyword
- ignore_above: 1024
- description: Session information for the current process
- default_field: false
- - name: user
- level: custom
- type: object
- object_type: keyword
- description: Extended "user" field set
- default_field: false
- - name: user.real
- level: custom
- type: object
- object_type: keyword
- description: User info prior to any setuid operations.
- default_field: false
- - name: user.real.id
- level: custom
- type: keyword
- ignore_above: 1024
- description: One or multiple unique identifiers of the user.
- default_field: false
- - name: user.real.name
- level: custom
- type: keyword
- ignore_above: 1024
- description: Short name or login of the user.
- default_field: false
-- name: event
- title: Event
- group: 2
- description: "The event fields are used for context information about the log
- or metric event itself.
-
- A log is defined as an event containing details of something that happened.
- Log events must include the time at which the thing happened. Examples of log
- events include a process starting on a host, a network packet being sent from
- a source to a destination, or a network connection between a client and a server
- being initiated or closed. A metric is defined as an event containing one or
- more numerical or categorical measurements and the time at which the measurement
- was taken. Examples of metric events include memory pressure measured on a host,
- or vulnerabilities measured on a scanned host."
- type: group
- fields:
- - name: action
- level: core
- type: keyword
- ignore_above: 1024
- description: "The action captured by the event.
-
- This describes the information in the event. It is more specific than `event.category`.
- Examples are `group-add`, `process-started`, `file-created`. The value is
- normally defined by the implementer."
- example: user-password-change
- - name: category
- level: core
- type: keyword
- ignore_above: 1024
- description:
- 'This is one of four ECS Categorization Fields, and indicates the
- second level in the ECS category hierarchy.
-
- `event.category` represents the "big buckets" of ECS categories. For example,
- filtering on `event.category:process` yields all events relating to process
- activity. This field is closely related to `event.type`, which is used as
- a subcategory.
-
- This field is an array. This will allow proper categorization of some events
- that fall in multiple categories.'
- example: authentication
- - name: created
- level: core
- type: date
- description:
- "event.created contains the date/time when the event was first
- read by an agent, or by your pipeline.
-
- This field is distinct from @timestamp in that @timestamp typically contain
- the time extracted from the original event.
-
- In most situations, these two timestamps will be slightly different. The difference
- can be used to calculate the delay between your source generating an event,
- and the time when your agent first processed it. This can be used to monitor
- your agent's or pipeline's ability to keep up with your event source.
-
- In case the two timestamps are identical, @timestamp should be used."
- example: "2016-05-23T08:05:34.857Z"
- - name: dataset
- level: core
- type: keyword
- ignore_above: 1024
- description: "Name of the dataset.
-
- If an event source publishes more than one type of log or events (e.g. access
- log, error log), the dataset is used to specify which one the event comes
- from.
-
- It's recommended but not required to start the dataset name with the module
- name, followed by a dot, then the dataset name."
- example: apache.access
- - name: hash
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- Hash (perhaps logstash fingerprint) of raw field to be able to
- demonstrate log integrity.
- example: 123456789012345678901234567890ABCD
- - name: id
- level: core
- type: keyword
- ignore_above: 1024
- description: Unique ID to describe the event.
- example: 8a4f500d
- - name: ingested
- level: core
- type: date
- description: "Timestamp when an event arrived in the central data store.
-
- This is different from `@timestamp`, which is when the event originally occurred. It's
- also different from `event.created`, which is meant to capture the first time
- an agent saw the event.
-
- In normal conditions, assuming no tampering, the timestamps should chronologically
- look like this: `@timestamp` < `event.created` < `event.ingested`."
- example: "2016-05-23T08:05:35.101Z"
- default_field: false
- - name: kind
- level: core
- type: keyword
- ignore_above: 1024
- description:
- "This is one of four ECS Categorization Fields, and indicates the
- highest level in the ECS category hierarchy.
-
- `event.kind` gives high-level information about what type of information the
- event contains, without being specific to the contents of the event. For example,
- values of this field distinguish alert events from metric events.
-
- The value of this field can be used to inform how these kinds of events should
- be handled. They may warrant different retention, different access control,
- it may also help understand whether the data coming in at a regular interval
- or not."
- example: alert
- - name: module
- level: core
- type: keyword
- ignore_above: 1024
- description: "Name of the module this data is coming from.
-
- If your monitoring agent supports the concept of modules or plugins to process
- events of a given source (e.g. Apache logs), `event.module` should contain
- the name of this module."
- example: apache
- - name: outcome
- level: core
- type: keyword
- ignore_above: 1024
- description:
- "This is one of four ECS Categorization Fields, and indicates the
- lowest level in the ECS category hierarchy.
-
- `event.outcome` simply denotes whether the event represent a success or a
- failure. Note that not all events will have an associated outcome. For example,
- this field is generally not populated for metric events or events with `event.type:info`."
- example: success
- - name: sequence
- level: extended
- type: long
- format: string
- description: "Sequence number of the event.
-
- The sequence number is a value published by some event sources, to make the
- exact ordering of events unambiguous, regardless of the timestamp precision."
- - name: type
- level: core
- type: keyword
- ignore_above: 1024
- description:
- 'This is one of four ECS Categorization Fields, and indicates the
- third level in the ECS category hierarchy.
-
- `event.type` represents a categorization "sub-bucket" that, when used along
- with the `event.category` field values, enables filtering events down to a
- level appropriate for single visualization.
-
- This field is an array. This will allow proper categorization of some events
- that fall in multiple event types.'
-- name: file
- title: File
- group: 2
- description: "A file is defined as a set of information that has been created
- on, or has existed on a filesystem.
-
- File objects can be associated with host events, network events, and/or file
- events (e.g., those produced by File Integrity Monitoring [FIM] products or
- services). File fields provide details about the affected file associated with
- the event or metric."
- type: group
- fields:
- - name: accessed
- level: extended
- type: date
- description: "Last time the file was accessed.
-
- Note that not all filesystems keep track of access time."
- - name: attributes
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Array of file attributes.
-
- Attributes names will vary by platform. Here's a non-exhaustive list of values
- that are expected in this field: archive, compressed, directory, encrypted,
- execute, hidden, read, readonly, system, write."
- example: '["readonly", "system"]'
- default_field: false
- - name: code_signature.exists
- level: core
- type: boolean
- description: Boolean to capture if a signature is present.
- example: "true"
- default_field: false
- - name: code_signature.status
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Additional information about the certificate status.
-
- This is useful for logging cryptographic errors with the certificate validity
- or trust status. Leave unpopulated if the validity or trust of the certificate
- was unchecked."
- example: ERROR_UNTRUSTED_ROOT
- default_field: false
- - name: code_signature.subject_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Subject name of the code signer
- example: Microsoft Corporation
- default_field: false
- - name: code_signature.trusted
- level: extended
- type: boolean
- description: "Stores the trust status of the certificate chain.
-
- Validating the trust of the certificate chain may be complicated, and this
- field should only be populated by tools that actively check the status."
- example: "true"
- default_field: false
- - name: code_signature.valid
- level: extended
- type: boolean
- description:
- "Boolean to capture if the digital signature is verified against
- the binary content.
-
- Leave unpopulated if a certificate was unchecked."
- example: "true"
- default_field: false
- - name: created
- level: extended
- type: date
- description: "File creation time.
-
- Note that not all filesystems store the creation time."
- - name: ctime
- level: extended
- type: date
- description: "Last time the file attributes or metadata changed.
-
- Note that changes to the file content will update `mtime`. This implies `ctime`
- will be adjusted at the same time, since `mtime` is an attribute of the file."
- - name: device
- level: extended
- type: keyword
- ignore_above: 1024
- description: Device that is the source of the file.
- example: sda
- - name: directory
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- Directory where the file is located. It should include the drive
- letter, when appropriate.
- example: /home/alice
- - name: drive_letter
- level: extended
- type: keyword
- ignore_above: 1
- description:
- "Drive letter where the file is located. This field is only relevant
- on Windows.
-
- The value should be uppercase, and not include the colon."
- example: C
- default_field: false
- - name: entry_modified
- level: custom
- type: double
- description: Time of last status change. See `st_ctim` member of `struct stat`.
- default_field: false
- - name: extension
- level: extended
- type: keyword
- ignore_above: 1024
- description: File extension.
- example: png
- - name: gid
- level: extended
- type: keyword
- ignore_above: 1024
- description: Primary group ID (GID) of the file.
- example: "1001"
- - name: group
- level: extended
- type: keyword
- ignore_above: 1024
- description: Primary group name of the file.
- example: alice
- - name: hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- - name: hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- - name: hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- - name: hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- - name: inode
- level: extended
- type: keyword
- ignore_above: 1024
- description: Inode representing the file in the filesystem.
- example: "256383"
- - name: macro.code_page
- level: custom
- type: long
- description: Identifies the character encoding used for this macro. https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers
- default_field: false
- - name: macro.collection
- level: custom
- type: object
- object_type: keyword
- description: Object containing hashes for the macro collection.
- default_field: false
- - name: macro.collection.hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- default_field: false
- - name: macro.collection.hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- default_field: false
- - name: macro.collection.hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- default_field: false
- - name: macro.collection.hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- default_field: false
- - name: macro.errors
- level: custom
- type: nested
- description: Errors that occurred when parsing this document file.
- default_field: false
- - name: macro.errors.count
- level: custom
- type: long
- description: Number of times this error that occurred.
- default_field: false
- - name: macro.errors.error_type
- level: custom
- type: keyword
- ignore_above: 1024
- description: The type of parsing error that occurred.
- default_field: false
- - name: macro.file_extension
- level: custom
- type: keyword
- ignore_above: 1024
- description: The extension of the file containing this macro (e.g. .docm)
- default_field: false
- - name: macro.project_file
- level: custom
- type: object
- object_type: keyword
- description: Metadata about the corresponding VBA project file
- default_field: false
- - name: macro.project_file.hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- default_field: false
- - name: macro.project_file.hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- default_field: false
- - name: macro.project_file.hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- default_field: false
- - name: macro.project_file.hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- default_field: false
- - name: macro.stream
- level: custom
- type: nested
- description: Streams associated with the document.
- default_field: false
- - name: macro.stream.hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- default_field: false
- - name: macro.stream.hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- default_field: false
- - name: macro.stream.hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- default_field: false
- - name: macro.stream.hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- default_field: false
- - name: macro.stream.name
- level: custom
- type: keyword
- ignore_above: 1024
- description: Name of the stream.
- default_field: false
- - name: macro.stream.raw_code
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- First 100KB of raw stream binary. Can be useful to analyze false
- positives and malicious payloads.
- default_field: false
- - name: macro.stream.raw_code_size
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- The original stream size. Indicates whether stream.raw_code was
- truncated.
- default_field: false
- - name: malware_classification.features.data.buffer
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- The features extracted from this file and evaluated by the model. Usually
- an array of floats. Likely zlib-encoded.
- default_field: false
- - name: malware_classification.features.data.decompressed_size
- level: custom
- type: integer
- description: The decompressed size of buffer.
- default_field: false
- - name: malware_classification.features.data.encoding
- level: custom
- type: keyword
- ignore_above: 1024
- description: The encoding of buffer (e.g. zlib).
- default_field: false
- - name: malware_classification.identifier
- level: custom
- type: keyword
- ignore_above: 1024
- description: The model's unique identifier.
- default_field: false
- - name: malware_classification.score
- level: custom
- type: double
- description: The score produced by the classification model.
- default_field: false
- - name: malware_classification.threshold
- level: custom
- type: double
- description:
- The score threshold for the model. Files that score above this
- threshold are considered malicious.
- default_field: false
- - name: malware_classification.upx_packed
- level: custom
- type: boolean
- description: Whether UPX packing was detected.
- default_field: false
- - name: malware_classification.version
- level: custom
- type: keyword
- ignore_above: 1024
- description: The version of the model used.
- default_field: false
- - name: mode
- level: extended
- type: keyword
- ignore_above: 1024
- description: Mode of the file in octal representation.
- example: "0640"
- - name: mtime
- level: extended
- type: date
- description: Last time the file content was modified.
- - name: name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Name of the file including the extension, without the directory.
- example: example.png
- - name: owner
- level: extended
- type: keyword
- ignore_above: 1024
- description: File owner's username.
- example: alice
- - name: path
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description:
- Full path to the file, including the file name. It should include
- the drive letter, when appropriate.
- example: /home/alice/example.png
- - name: pe.company
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal company name of the file, provided at compile-time.
- example: Microsoft Corporation
- default_field: false
- - name: pe.description
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal description of the file, provided at compile-time.
- example: Paint
- default_field: false
- - name: pe.file_version
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal version of the file, provided at compile-time.
- example: 6.3.9600.17415
- default_field: false
- - name: pe.original_file_name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal name of the file, provided at compile-time.
- example: MSPAINT.EXE
- default_field: false
- - name: pe.product
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal product name of the file, provided at compile-time.
- example: "Microsoft\xAE Windows\xAE Operating System"
- default_field: false
- - name: size
- level: extended
- type: long
- description: 'File size in bytes.
-
- Only relevant when `file.type` is "file".'
- example: 16384
- - name: target_path
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: Target path for symlinks.
- - name: temp_file_path
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- Path on endpoint where a copy of the file is being stored. Used
- to make ephemeral files retrievable.
- default_field: false
- - name: type
- level: extended
- type: keyword
- ignore_above: 1024
- description: File type (file, dir, or symlink).
- example: file
- - name: uid
- level: extended
- type: keyword
- ignore_above: 1024
- description: The user ID (UID) or security identifier (SID) of the file owner.
- example: "1001"
-- name: group
- title: Group
- group: 2
- description: The group fields are meant to represent groups that are relevant
- to the event.
- type: group
- fields:
- - name: id
- level: extended
- type: keyword
- ignore_above: 1024
- description: Unique identifier for the group on the system/platform.
- - name: name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Name of the group.
-- name: host
- title: Host
- group: 2
- description: "A host is defined as a general computing instance.
-
- ECS host.* fields should be populated with details about the host on which the
- event happened, or from which the measurement was taken. Host types include
- hardware, virtual machines, Docker containers, and Kubernetes nodes."
- type: group
- fields:
- - name: architecture
- level: core
- type: keyword
- ignore_above: 1024
- description: Operating system architecture.
- example: x86_64
- - name: domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Name of the domain of which the host is a member.
-
- For example, on Windows this could be the host's Active Directory domain
- or NetBIOS domain name. For Linux this could be the domain of the host's
- LDAP provider."
- example: CONTOSO
- default_field: false
- - name: geo.city_name
- level: core
- type: keyword
- ignore_above: 1024
- description: City name.
- example: Montreal
- - name: geo.continent_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Name of the continent.
- example: North America
- - name: geo.country_iso_code
- level: core
- type: keyword
- ignore_above: 1024
- description: Country ISO code.
- example: CA
- - name: geo.country_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Country name.
- example: Canada
- - name: geo.location
- level: core
- type: geo_point
- description: Longitude and latitude.
- example: '{ "lon": -73.614830, "lat": 45.505918 }'
- - name: geo.name
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- "User-defined description of a location, at the level of granularity
- they care about.
-
- Could be the name of their data centers, the floor number, if this describes
- a local physical entity, city names.
-
- Not typically used in automated geolocation."
- example: boston-dc
- - name: geo.region_iso_code
- level: core
- type: keyword
- ignore_above: 1024
- description: Region ISO code.
- example: CA-QC
- - name: geo.region_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Region name.
- example: Quebec
- - name: hostname
- level: core
- type: keyword
- ignore_above: 1024
- description: "Hostname of the host.
-
- It normally contains what the `hostname` command returns on the host machine."
- - name: id
- level: core
- type: keyword
- ignore_above: 1024
- description: "Unique host id.
-
- As hostname is not always unique, use values that are meaningful in your environment.
-
- Example: The current usage of `beat.name`."
- - name: ip
- level: core
- type: ip
- description: Host ip addresses.
- - name: mac
- level: core
- type: keyword
- ignore_above: 1024
- description: Host mac addresses.
- - name: name
- level: core
- type: keyword
- ignore_above: 1024
- description: "Name of the host.
-
- It can contain what `hostname` returns on Unix systems, the fully qualified
- domain name, or a name specified by the user. The sender decides which value
- to use."
- - name: os.family
- level: extended
- type: keyword
- ignore_above: 1024
- description: OS family (such as redhat, debian, freebsd, windows).
- example: debian
- - name: os.full
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: Operating system name, including the version or code name.
- example: Mac OS Mojave
- - name: os.kernel
- level: extended
- type: keyword
- ignore_above: 1024
- description: Operating system kernel version as a raw string.
- example: 4.4.0-112-generic
- - name: os.name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: Operating system name, without the version.
- example: Mac OS X
- - name: os.platform
- level: extended
- type: keyword
- ignore_above: 1024
- description: Operating system platform (such centos, ubuntu, windows).
- example: darwin
- - name: os.variant
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- A string value or phrase that further aid to classify or qualify
- the operating system (OS). For example the distribution for a Linux OS will
- be entered in this field.
- example: Ubuntu
- default_field: false
- - name: os.version
- level: extended
- type: keyword
- ignore_above: 1024
- description: Operating system version as a raw string.
- example: 10.14.1
- - name: type
- level: core
- type: keyword
- ignore_above: 1024
- description: "Type of host.
-
- For Cloud providers this can be the machine type like `t2.medium`. If vm,
- this could be the container, for example, or other information meaningful
- in your environment."
- - name: uptime
- level: extended
- type: long
- description: Seconds the host has been up.
- example: 1325
- - name: user.domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Name of the directory the user is a member of.
-
- For example, an LDAP or Active Directory domain name."
- - name: user.email
- level: extended
- type: keyword
- ignore_above: 1024
- description: User email address.
- - name: user.full_name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: User's full name, if available.
- example: Albert Einstein
- - name: user.group.domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Name of the directory the group is a member of.
-
- For example, an LDAP or Active Directory domain name."
- - name: user.group.id
- level: extended
- type: keyword
- ignore_above: 1024
- description: Unique identifier for the group on the system/platform.
- - name: user.group.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Name of the group.
- - name: user.hash
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- "Unique user hash to correlate information for a user in anonymized
- form.
-
- Useful if `user.id` or `user.name` contain confidential information and cannot
- be used."
- - name: user.id
- level: core
- type: keyword
- ignore_above: 1024
- description: Unique identifiers of the user.
- - name: user.name
- level: core
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: Short name or login of the user.
- example: albert
-- name: http
- title: HTTP
- group: 2
- description: Fields related to HTTP activity. Use the `url` field set to store
- the url of the request.
- type: group
- fields:
- - name: request.body.bytes
- level: extended
- type: long
- format: bytes
- description: Size in bytes of the request body.
- example: 887
- - name: request.body.content
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: The full HTTP request body.
- example: Hello world
- - name: request.bytes
- level: extended
- type: long
- format: bytes
- description: Total size in bytes of the request (body and headers).
- example: 1437
- - name: response.body.bytes
- level: extended
- type: long
- format: bytes
- description: Size in bytes of the response body.
- example: 887
- - name: response.body.content
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: The full HTTP response body.
- example: Hello world
- - name: response.bytes
- level: extended
- type: long
- format: bytes
- description: Total size in bytes of the response (body and headers).
- example: 1437
- - name: response.status_code
- level: extended
- type: long
- format: string
- description: HTTP response status code.
- example: 404
- - name: response.version
- level: custom
- type: keyword
- ignore_above: 1024
- description: HTTP version
- default_field: false
-- name: network
- title: Network
- group: 2
- description:
- "The network is defined as the communication path over which a host
- or network event happens.
-
- The network.* fields should be populated with details about the network activity
- associated with an event."
- type: group
- fields:
- - name: bytes
- level: core
- type: long
- format: bytes
- description: "Total bytes transferred in both directions.
-
- If `source.bytes` and `destination.bytes` are known, `network.bytes` is their
- sum."
- example: 368
- - name: community_id
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- "A hash of source and destination IPs and ports, as well as the
- protocol used in a communication. This is a tool-agnostic standard to identify
- flows.
-
- Learn more at https://github.com/corelight/community-id-spec."
- example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=
- - name: direction
- level: core
- type: keyword
- ignore_above: 1024
- description:
- "Direction of the network traffic.\nRecommended values are:\n \
- \ * inbound\n * outbound\n * internal\n * external\n * unknown\n\nWhen\
- \ mapping events from a host-based monitoring context, populate this field\
- \ from the host's point of view.\nWhen mapping events from a network or perimeter-based\
- \ monitoring context, populate this field from the point of view of your network\
- \ perimeter."
- example: inbound
- - name: iana_number
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).
- Standardized list of protocols. This aligns well with NetFlow and sFlow related
- logs which use the IANA Protocol Number.
- example: 6
- - name: packets
- level: core
- type: long
- description: "Total packets transferred in both directions.
-
- If `source.packets` and `destination.packets` are known, `network.packets`
- is their sum."
- example: 24
- - name: protocol
- level: core
- type: keyword
- ignore_above: 1024
- description:
- 'L7 Network protocol name. ex. http, lumberjack, transport protocol.
-
- The field value must be normalized to lowercase for querying. See the documentation
- section "Implementing ECS".'
- example: http
- - name: transport
- level: core
- type: keyword
- ignore_above: 1024
- description:
- 'Same as network.iana_number, but instead using the Keyword name
- of the transport layer (udp, tcp, ipv6-icmp, etc.)
-
- The field value must be normalized to lowercase for querying. See the documentation
- section "Implementing ECS".'
- example: tcp
- - name: type
- level: core
- type: keyword
- ignore_above: 1024
- description:
- 'In the OSI Model this would be the Network Layer. ipv4, ipv6,
- ipsec, pim, etc
-
- The field value must be normalized to lowercase for querying. See the documentation
- section "Implementing ECS".'
- example: ipv4
-- name: package
- title: Package
- group: 2
- description:
- These fields contain information about an installed software package.
- It contains general information about a package, such as name, version or size.
- It also contains installation details, such as time or location.
- type: group
- fields:
- - name: name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Package name
- example: go
-- name: process
- title: Process
- group: 2
- description: "These fields contain information about a process.
-
- These fields can help you correlate metrics information with a process id/name
- from a log message. The `process.pid` often stays in the metric itself and
- is copied to the global field for correlation."
- type: group
- fields:
- - name: args
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- "Array of process arguments, starting with the absolute path to
- the executable.
-
- May be filtered to protect sensitive information."
- example:
- - /usr/bin/ssh
- - -l
- - user
- - 10.0.0.16
- - name: args_count
- level: extended
- type: long
- description: "Length of the process.args array.
-
- This field can be useful for querying or performing bucket analysis on how
- many arguments were provided to start a process. More arguments may be an
- indication of suspicious activity."
- example: 4
- default_field: false
- - name: code_signature.exists
- level: core
- type: boolean
- description: Boolean to capture if a signature is present.
- example: "true"
- default_field: false
- - name: code_signature.status
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Additional information about the certificate status.
-
- This is useful for logging cryptographic errors with the certificate validity
- or trust status. Leave unpopulated if the validity or trust of the certificate
- was unchecked."
- example: ERROR_UNTRUSTED_ROOT
- default_field: false
- - name: code_signature.subject_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Subject name of the code signer
- example: Microsoft Corporation
- default_field: false
- - name: code_signature.trusted
- level: extended
- type: boolean
- description: "Stores the trust status of the certificate chain.
-
- Validating the trust of the certificate chain may be complicated, and this
- field should only be populated by tools that actively check the status."
- example: "true"
- default_field: false
- - name: code_signature.valid
- level: extended
- type: boolean
- description:
- "Boolean to capture if the digital signature is verified against
- the binary content.
-
- Leave unpopulated if a certificate was unchecked."
- example: "true"
- default_field: false
- - name: command_line
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description:
- "Full command line that started the process, including the absolute
- path to the executable, and all arguments.
-
- Some arguments may be filtered to protect sensitive information."
- example: /usr/bin/ssh -l user 10.0.0.16
- default_field: false
- - name: entity_id
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Unique identifier for the process.
-
- The implementation of this is specified by the data source, but some examples
- of what could be used here are a process-generated UUID, Sysmon Process GUIDs,
- or a hash of some uniquely identifying components of a process.
-
- Constructing a globally unique identifier is a common practice to mitigate
- PID reuse as well as to identify a specific process over time, across multiple
- monitored hosts."
- example: c2c455d9f99375d
- default_field: false
- - name: executable
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: Absolute path to the process executable.
- example: /usr/bin/ssh
- - name: exit_code
- level: extended
- type: long
- description:
- "The exit code of the process, if this is a termination event.
-
- The field should be absent if there is no exit code for the event (e.g. process
- start)."
- example: 137
- default_field: false
- - name: hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- - name: hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- - name: hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- - name: hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- - name: malware_classification.features.data.buffer
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- The features extracted from this file and evaluated by the model. Usually
- an array of floats. Likely zlib-encoded.
- default_field: false
- - name: malware_classification.features.data.decompressed_size
- level: custom
- type: integer
- description: The decompressed size of buffer.
- default_field: false
- - name: malware_classification.features.data.encoding
- level: custom
- type: keyword
- ignore_above: 1024
- description: The encoding of buffer (e.g. zlib).
- default_field: false
- - name: malware_classification.identifier
- level: custom
- type: keyword
- ignore_above: 1024
- description: The model's unique identifier.
- default_field: false
- - name: malware_classification.score
- level: custom
- type: double
- description: The score produced by the classification model.
- default_field: false
- - name: malware_classification.threshold
- level: custom
- type: double
- description:
- The score threshold for the model. Files that score above this
- threshold are considered malicious.
- default_field: false
- - name: malware_classification.upx_packed
- level: custom
- type: boolean
- description: Whether UPX packing was detected.
- default_field: false
- - name: malware_classification.version
- level: custom
- type: keyword
- ignore_above: 1024
- description: The version of the model used.
- default_field: false
- - name: name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: "Process name.
-
- Sometimes called program name or similar."
- example: ssh
- - name: parent.args
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Array of process arguments.
-
- May be filtered to protect sensitive information."
- example:
- - ssh
- - -l
- - user
- - 10.0.0.16
- default_field: false
- - name: parent.args_count
- level: extended
- type: long
- description: "Length of the process.args array.
-
- This field can be useful for querying or performing bucket analysis on how
- many arguments were provided to start a process. More arguments may be an
- indication of suspicious activity."
- example: 4
- default_field: false
- - name: parent.code_signature.exists
- level: core
- type: boolean
- description: Boolean to capture if a signature is present.
- example: "true"
- default_field: false
- - name: parent.code_signature.status
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Additional information about the certificate status.
-
- This is useful for logging cryptographic errors with the certificate validity
- or trust status. Leave unpopulated if the validity or trust of the certificate
- was unchecked."
- example: ERROR_UNTRUSTED_ROOT
- default_field: false
- - name: parent.code_signature.subject_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Subject name of the code signer
- example: Microsoft Corporation
- default_field: false
- - name: parent.code_signature.trusted
- level: extended
- type: boolean
- description: "Stores the trust status of the certificate chain.
-
- Validating the trust of the certificate chain may be complicated, and this
- field should only be populated by tools that actively check the status."
- example: "true"
- default_field: false
- - name: parent.code_signature.valid
- level: extended
- type: boolean
- description:
- "Boolean to capture if the digital signature is verified against
- the binary content.
-
- Leave unpopulated if a certificate was unchecked."
- example: "true"
- default_field: false
- - name: parent.command_line
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description:
- "Full command line that started the process, including the absolute
- path to the executable, and all arguments.
-
- Some arguments may be filtered to protect sensitive information."
- example: /usr/bin/ssh -l user 10.0.0.16
- default_field: false
- - name: parent.entity_id
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Unique identifier for the process.
-
- The implementation of this is specified by the data source, but some examples
- of what could be used here are a process-generated UUID, Sysmon Process GUIDs,
- or a hash of some uniquely identifying components of a process.
-
- Constructing a globally unique identifier is a common practice to mitigate
- PID reuse as well as to identify a specific process over time, across multiple
- monitored hosts."
- example: c2c455d9f99375d
- default_field: false
- - name: parent.executable
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: Absolute path to the process executable.
- example: /usr/bin/ssh
- default_field: false
- - name: parent.exit_code
- level: extended
- type: long
- description:
- "The exit code of the process, if this is a termination event.
-
- The field should be absent if there is no exit code for the event (e.g. process
- start)."
- example: 137
- default_field: false
- - name: parent.hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- default_field: false
- - name: parent.hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- default_field: false
- - name: parent.hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- default_field: false
- - name: parent.hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- default_field: false
- - name: parent.name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: "Process name.
-
- Sometimes called program name or similar."
- example: ssh
- default_field: false
- - name: parent.pgid
- level: extended
- type: long
- format: string
- description: Identifier of the group of processes the process belongs to.
- default_field: false
- - name: parent.pid
- level: core
- type: long
- format: string
- description: Process id.
- example: 4242
- default_field: false
- - name: parent.ppid
- level: extended
- type: long
- format: string
- description: Parent process' pid.
- example: 4241
- default_field: false
- - name: parent.start
- level: extended
- type: date
- description: The time the process started.
- example: "2016-05-23T08:05:34.853Z"
- default_field: false
- - name: parent.thread.id
- level: extended
- type: long
- format: string
- description: Thread ID.
- example: 4242
- default_field: false
- - name: parent.thread.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Thread name.
- example: thread-0
- default_field: false
- - name: parent.title
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: "Process title.
-
- The proctitle, some times the same as process name. Can also be different:
- for example a browser setting its title to the web page currently opened."
- default_field: false
- - name: parent.uptime
- level: extended
- type: long
- description: Seconds the process has been up.
- example: 1325
- default_field: false
- - name: parent.working_directory
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: The working directory of the process.
- example: /home/alice
- default_field: false
- - name: pe.company
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal company name of the file, provided at compile-time.
- example: Microsoft Corporation
- default_field: false
- - name: pe.description
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal description of the file, provided at compile-time.
- example: Paint
- default_field: false
- - name: pe.file_version
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal version of the file, provided at compile-time.
- example: 6.3.9600.17415
- default_field: false
- - name: pe.original_file_name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal name of the file, provided at compile-time.
- example: MSPAINT.EXE
- default_field: false
- - name: pe.product
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal product name of the file, provided at compile-time.
- example: "Microsoft\xAE Windows\xAE Operating System"
- default_field: false
- - name: pgid
- level: extended
- type: long
- format: string
- description: Identifier of the group of processes the process belongs to.
- - name: pid
- level: core
- type: long
- format: string
- description: Process id.
- example: 4242
- - name: ppid
- level: extended
- type: long
- format: string
- description: Parent process' pid.
- example: 4241
- - name: services
- level: custom
- type: keyword
- ignore_above: 1024
- description: Services running in this process.
- default_field: false
- - name: start
- level: extended
- type: date
- description: The time the process started.
- example: "2016-05-23T08:05:34.853Z"
- - name: thread
- level: extended
- type: object
- object_type: keyword
- description:
- The thread fields are used to describe by which process thread
- the event belongs to.
- default_field: false
- - name: thread.call_stack.instruction_pointer
- level: custom
- type: keyword
- ignore_above: 1024
- description: The return address of this stack frame.
- default_field: false
- - name: thread.call_stack.memory_section.address
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- Base address of the memory region containing `instruction_pointer`. Corresponds
- to `MEMORY_BASIC_INFORMATION.BaseAddress`
- default_field: false
- - name: thread.call_stack.memory_section.protection
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- Memory protection flags of this memory region. Corresponds to
- `MEMORY_BASIC_INFORMATION.Protect`
- default_field: false
- - name: thread.call_stack.memory_section.size
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- Size of the memory region containing `instruction_pointer`. Corresponds
- to `MEMORY_BASIC_INFORMATION.RegionSize`
- default_field: false
- - name: thread.call_stack.module_path
- level: custom
- type: keyword
- ignore_above: 1024
- description: The DLL/module containing `instruction_pointer`.
- default_field: false
- - name: thread.call_stack.rva
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- The relative virtual address of `instruction_pointer`. Computed
- as `instruction_pointer - MEMORY_BASIC_INFORMATION.AllocationBase`.
- default_field: false
- - name: thread.call_stack.symbol_info
- level: custom
- type: keyword
- ignore_above: 1024
- description: The nearest symbol for `instruction_pointer`.
- default_field: false
- - name: thread.id
- level: extended
- type: long
- format: string
- description: Thread ID.
- example: 4242
- - name: thread.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Thread name.
- example: thread-0
- - name: thread.service
- level: extended
- type: keyword
- ignore_above: 1024
- description: Service associated with the thread.
- example: VaultSvc
- default_field: false
- - name: thread.start
- level: extended
- type: date
- description: The time the thread started.
- example: "2016-05-23T08:05:34.853Z"
- default_field: false
- - name: thread.start_address
- level: extended
- type: keyword
- ignore_above: 1024
- description: Memory address where the thread began execution.
- example: 5442508
- default_field: false
- - name: thread.start_address_module
- level: extended
- type: keyword
- ignore_above: 1024
- description: The dll/module where the thread began execution.
- example: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
- default_field: false
- - name: thread.token.domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: Domain of token user.
- default_field: false
- - name: thread.token.elevation
- level: custom
- type: boolean
- description: Whether the token is elevated or not
- default_field: false
- - name: thread.token.elevation_type
- level: custom
- type: keyword
- ignore_above: 1024
- description: What level of elevation the token has
- example: one of "default", "full", "limited"
- default_field: false
- - name: thread.token.impersonation_level
- level: extended
- type: keyword
- ignore_above: 1024
- description: Impersonation level. Only valid for impersonation tokens.
- default_field: false
- - name: thread.token.integrity_level
- level: extended
- type: long
- description: Numeric integrity level.
- default_field: false
- - name: thread.token.integrity_level_name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Human readable integrity level.
- example: one of "system", "high", "medium", "low", "untrusted"
- default_field: false
- - name: thread.token.is_appcontainer
- level: extended
- type: boolean
- description: Whether or not this is an appcontainer token.
- default_field: false
- - name: thread.token.privileges
- level: extended
- type: nested
- description: Array describing the privileges associated with the token.
- default_field: false
- - name: thread.token.privileges.description
- level: extended
- type: keyword
- ignore_above: 1024
- description: Description of the privilege.
- default_field: false
- - name: thread.token.privileges.enabled
- level: extended
- type: boolean
- description: Whether or not the privilege is enabled.
- default_field: false
- - name: thread.token.privileges.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Name of the privilege.
- default_field: false
- - name: thread.token.sid
- level: extended
- type: keyword
- ignore_above: 1024
- description: Token user's Security Identifier (SID).
- default_field: false
- - name: thread.token.type
- level: extended
- type: keyword
- ignore_above: 1024
- description: Type of the token, either primary or impersonation.
- default_field: false
- - name: thread.token.user
- level: extended
- type: keyword
- ignore_above: 1024
- description: Username of token owner.
- default_field: false
- - name: thread.uptime
- level: custom
- type: long
- description: Seconds since thread started.
- default_field: false
- - name: title
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: "Process title.
-
- The proctitle, some times the same as process name. Can also be different:
- for example a browser setting its title to the web page currently opened."
- - name: token.domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: Domain of token user.
- default_field: false
- - name: token.elevation
- level: custom
- type: boolean
- description: Whether the token is elevated or not
- default_field: false
- - name: token.elevation_type
- level: custom
- type: keyword
- ignore_above: 1024
- description: What level of elevation the token has
- example: one of "default", "full", "limited"
- default_field: false
- - name: token.impersonation_level
- level: extended
- type: keyword
- ignore_above: 1024
- description: Impersonation level. Only valid for impersonation tokens.
- default_field: false
- - name: token.integrity_level
- level: extended
- type: long
- description: Numeric integrity level.
- default_field: false
- - name: token.integrity_level_name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Human readable integrity level.
- example: one of "system", "high", "medium", "low", "untrusted"
- default_field: false
- - name: token.is_appcontainer
- level: extended
- type: boolean
- description: Whether or not this is an appcontainer token.
- default_field: false
- - name: token.privileges
- level: extended
- type: nested
- description: Array describing the privileges associated with the token.
- default_field: false
- - name: token.privileges.description
- level: extended
- type: keyword
- ignore_above: 1024
- description: Description of the privilege.
- default_field: false
- - name: token.privileges.enabled
- level: extended
- type: boolean
- description: Whether or not the privilege is enabled.
- default_field: false
- - name: token.privileges.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Name of the privilege.
- default_field: false
- - name: token.sid
- level: extended
- type: keyword
- ignore_above: 1024
- description: Token user's Security Identifier (SID).
- default_field: false
- - name: token.type
- level: extended
- type: keyword
- ignore_above: 1024
- description: Type of the token, either primary or impersonation.
- default_field: false
- - name: token.user
- level: extended
- type: keyword
- ignore_above: 1024
- description: Username of token owner.
- default_field: false
- - name: uptime
- level: extended
- type: long
- description: Seconds the process has been up.
- example: 1325
- - name: user
- level: custom
- type: keyword
- ignore_above: 1024
- description: User associated with the running process.
- default_field: false
- - name: working_directory
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: The working directory of the process.
- example: /home/alice
-- name: registry
- title: Registry
- group: 2
- description: Fields related to Windows Registry operations.
- type: group
- fields:
- - name: data.bytes
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Original bytes written with base64 encoding.
-
- For Windows registry operations, such as SetValueEx and RegQueryValueEx, this
- corresponds to the data pointed by `lp_data`. This is optional but provides
- better recoverability and should be populated for REG_BINARY encoded values."
- example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA=
- default_field: false
- - name: data.strings
- level: core
- type: keyword
- ignore_above: 1024
- description: 'Content when writing string types.
-
- Populated as an array when writing string data to the registry. For single
- string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with
- one string. For sequences of string with REG_MULTI_SZ, this array will be
- variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should
- be populated with the decimal representation (e.g `"1"`).'
- example: '["C:\rta\red_ttp\bin\myapp.exe"]'
- default_field: false
- - name: hive
- level: core
- type: keyword
- ignore_above: 1024
- description: Abbreviated name for the hive.
- example: HKLM
- default_field: false
- - name: key
- level: core
- type: keyword
- ignore_above: 1024
- description: Hive-relative path of keys.
- example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe
- default_field: false
- - name: path
- level: core
- type: keyword
- ignore_above: 1024
- description: Full path, including hive, key and value
- example:
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution
- Options\winword.exe\Debugger
- default_field: false
- - name: value
- level: core
- type: keyword
- ignore_above: 1024
- description: Name of the value written.
- example: Debugger
- default_field: false
-- name: rule
- title: Rule
- group: 2
- description: "Rule fields are used to capture the specifics of any observer or
- agent rules that generate alerts or other notable events.
-
- Examples of data sources that would populate the rule fields include: network
- admission control platforms, network or host IDS/IPS, network firewalls, web
- application firewalls, url filters, endpoint detection and response (EDR) systems,
- etc."
- type: group
- fields:
- - name: category
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- A categorization value keyword used by the entity using the rule
- for detection of this event.
- example: Attempted Information Leak
- default_field: false
- - name: description
- level: extended
- type: keyword
- ignore_above: 1024
- description: The description of the rule generating the event.
- example: Block requests to public DNS over HTTPS / TLS protocols
- default_field: false
- - name: id
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- A rule ID that is unique within the scope of an agent, observer,
- or other entity using the rule for detection of this event.
- example: 101
- default_field: false
- - name: name
- level: extended
- type: keyword
- ignore_above: 1024
- description: The name of the rule or signature generating the event.
- example: BLOCK_DNS_over_TLS
- default_field: false
- - name: reference
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- "Reference URL to additional information about the rule used to
- generate this event.
-
- The URL can point to the vendor's documentation about the rule. If that's
- not available, it can also be a link to a more general page describing this
- type of alert."
- example: https://en.wikipedia.org/wiki/DNS_over_TLS
- default_field: false
- - name: ruleset
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- Name of the ruleset, policy, group, or parent category in which
- the rule used to generate this event is a member.
- example: Standard_Protocol_Filters
- default_field: false
- - name: uuid
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- A rule ID that is unique within the scope of a set or group of
- agents, observers, or other entities using the rule for detection of this
- event.
- example: 1100110011
- default_field: false
- - name: version
- level: extended
- type: keyword
- ignore_above: 1024
- description: The version / revision of the rule being used for analysis.
- example: 1.1
- default_field: false
-- name: source
- title: Source
- group: 2
- description:
- "Source fields describe details about the source of a packet/event.
-
- Source fields are usually populated in conjunction with destination fields."
- type: group
- fields:
- - name: address
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- "Some event source addresses are defined ambiguously. The event
- will sometimes list an IP, a domain or a unix socket. You should always store
- the raw address in the `.address` field.
-
- Then it should be duplicated to `.ip` or `.domain`, depending on which one
- it is."
- - name: bytes
- level: core
- type: long
- format: bytes
- description: Bytes sent from the source to the destination.
- example: 184
- - name: domain
- level: core
- type: keyword
- ignore_above: 1024
- description: Source domain.
- - name: ip
- level: core
- type: ip
- description: "IP address of the source.
-
- Can be one or multiple IPv4 or IPv6 addresses."
- - name: packets
- level: core
- type: long
- description: Packets sent from the source to the destination.
- example: 12
- - name: port
- level: core
- type: long
- format: string
- description: Port of the source.
- - name: registered_domain
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- 'The highest registered source domain, stripped of the subdomain.
-
- For example, the registered domain for "foo.google.com" is "google.com".
-
- This value can be determined precisely with a list like the public suffix
- list (http://publicsuffix.org). Trying to approximate this by simply taking
- the last two labels will not work well for TLDs such as "co.uk".'
- example: google.com
- - name: top_level_domain
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- 'The effective top level domain (eTLD), also known as the domain
- suffix, is the last part of the domain name. For example, the top level domain
- for google.com is "com".
-
- This value can be determined precisely with a list like the public suffix
- list (http://publicsuffix.org). Trying to approximate this by simply taking
- the last label will not work well for effective TLDs such as "co.uk".'
- example: co.uk
-- name: target
- title: Target
- group: 2
- description: "These fields contain information about a target.
-
- These fields provide more context about the target process and thread that are
- related to the data in the document. Useful in a security context where a target
- process or thread may be acted on by another process or thread."
- type: group
- fields:
- - name: dll.code_signature.exists
- level: core
- type: boolean
- description: Boolean to capture if a signature is present.
- example: "true"
- default_field: false
- - name: dll.code_signature.status
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Additional information about the certificate status.
-
- This is useful for logging cryptographic errors with the certificate validity
- or trust status. Leave unpopulated if the validity or trust of the certificate
- was unchecked."
- example: ERROR_UNTRUSTED_ROOT
- default_field: false
- - name: dll.code_signature.subject_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Subject name of the code signer
- example: Microsoft Corporation
- default_field: false
- - name: dll.code_signature.trusted
- level: extended
- type: boolean
- description: "Stores the trust status of the certificate chain.
-
- Validating the trust of the certificate chain may be complicated, and this
- field should only be populated by tools that actively check the status."
- example: "true"
- default_field: false
- - name: dll.code_signature.valid
- level: extended
- type: boolean
- description:
- "Boolean to capture if the digital signature is verified against
- the binary content.
-
- Leave unpopulated if a certificate was unchecked."
- example: "true"
- default_field: false
- - name: dll.compile_time
- level: custom
- type: date
- description: Timestamp from when the module was compiled.
- default_field: false
- - name: dll.hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- default_field: false
- - name: dll.hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- default_field: false
- - name: dll.hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- default_field: false
- - name: dll.hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- default_field: false
- - name: dll.malware_classification.features.data.buffer
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- The features extracted from this file and evaluated by the model. Usually
- an array of floats. Likely zlib-encoded.
- default_field: false
- - name: dll.malware_classification.features.data.decompressed_size
- level: custom
- type: integer
- description: The decompressed size of buffer.
- default_field: false
- - name: dll.malware_classification.features.data.encoding
- level: custom
- type: keyword
- ignore_above: 1024
- description: The encoding of buffer (e.g. zlib).
- default_field: false
- - name: dll.malware_classification.identifier
- level: custom
- type: keyword
- ignore_above: 1024
- description: The model's unique identifier.
- default_field: false
- - name: dll.malware_classification.score
- level: custom
- type: double
- description: The score produced by the classification model.
- default_field: false
- - name: dll.malware_classification.threshold
- level: custom
- type: double
- description:
- The score threshold for the model. Files that score above this
- threshold are considered malicious.
- default_field: false
- - name: dll.malware_classification.upx_packed
- level: custom
- type: boolean
- description: Whether UPX packing was detected.
- default_field: false
- - name: dll.malware_classification.version
- level: custom
- type: keyword
- ignore_above: 1024
- description: The version of the model used.
- default_field: false
- - name: dll.mapped_address
- level: custom
- type: keyword
- ignore_above: 1024
- description: The base address where this module is loaded.
- default_field: false
- - name: dll.mapped_size
- level: custom
- type: long
- description: The size of this module's memory mapping, in bytes.
- default_field: false
- - name: dll.name
- level: core
- type: keyword
- ignore_above: 1024
- description: "Name of the library.
-
- This generally maps to the name of the file on disk."
- example: kernel32.dll
- default_field: false
- - name: dll.path
- level: extended
- type: keyword
- ignore_above: 1024
- description: Full file path of the library.
- example: C:\Windows\System32\kernel32.dll
- default_field: false
- - name: dll.pe.company
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal company name of the file, provided at compile-time.
- example: Microsoft Corporation
- default_field: false
- - name: dll.pe.description
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal description of the file, provided at compile-time.
- example: Paint
- default_field: false
- - name: dll.pe.file_version
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal version of the file, provided at compile-time.
- example: 6.3.9600.17415
- default_field: false
- - name: dll.pe.original_file_name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal name of the file, provided at compile-time.
- example: MSPAINT.EXE
- default_field: false
- - name: dll.pe.product
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal product name of the file, provided at compile-time.
- example: "Microsoft\xAE Windows\xAE Operating System"
- default_field: false
- - name: process.args
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- "Array of process arguments, starting with the absolute path to
- the executable.
-
- May be filtered to protect sensitive information."
- example:
- - /usr/bin/ssh
- - -l
- - user
- - 10.0.0.16
- default_field: false
- - name: process.args_count
- level: extended
- type: long
- description: "Length of the process.args array.
-
- This field can be useful for querying or performing bucket analysis on how
- many arguments were provided to start a process. More arguments may be an
- indication of suspicious activity."
- example: 4
- default_field: false
- - name: process.code_signature.exists
- level: core
- type: boolean
- description: Boolean to capture if a signature is present.
- example: "true"
- default_field: false
- - name: process.code_signature.status
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Additional information about the certificate status.
-
- This is useful for logging cryptographic errors with the certificate validity
- or trust status. Leave unpopulated if the validity or trust of the certificate
- was unchecked."
- example: ERROR_UNTRUSTED_ROOT
- default_field: false
- - name: process.code_signature.subject_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Subject name of the code signer
- example: Microsoft Corporation
- default_field: false
- - name: process.code_signature.trusted
- level: extended
- type: boolean
- description: "Stores the trust status of the certificate chain.
-
- Validating the trust of the certificate chain may be complicated, and this
- field should only be populated by tools that actively check the status."
- example: "true"
- default_field: false
- - name: process.code_signature.valid
- level: extended
- type: boolean
- description:
- "Boolean to capture if the digital signature is verified against
- the binary content.
-
- Leave unpopulated if a certificate was unchecked."
- example: "true"
- default_field: false
- - name: process.command_line
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description:
- "Full command line that started the process, including the absolute
- path to the executable, and all arguments.
-
- Some arguments may be filtered to protect sensitive information."
- example: /usr/bin/ssh -l user 10.0.0.16
- default_field: false
- - name: process.entity_id
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Unique identifier for the process.
-
- The implementation of this is specified by the data source, but some examples
- of what could be used here are a process-generated UUID, Sysmon Process GUIDs,
- or a hash of some uniquely identifying components of a process.
-
- Constructing a globally unique identifier is a common practice to mitigate
- PID reuse as well as to identify a specific process over time, across multiple
- monitored hosts."
- example: c2c455d9f99375d
- default_field: false
- - name: process.executable
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: Absolute path to the process executable.
- example: /usr/bin/ssh
- default_field: false
- - name: process.exit_code
- level: extended
- type: long
- description:
- "The exit code of the process, if this is a termination event.
-
- The field should be absent if there is no exit code for the event (e.g. process
- start)."
- example: 137
- default_field: false
- - name: process.hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- default_field: false
- - name: process.hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- default_field: false
- - name: process.hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- default_field: false
- - name: process.hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- default_field: false
- - name: process.malware_classification.features.data.buffer
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- The features extracted from this file and evaluated by the model. Usually
- an array of floats. Likely zlib-encoded.
- default_field: false
- - name: process.malware_classification.features.data.decompressed_size
- level: custom
- type: integer
- description: The decompressed size of buffer.
- default_field: false
- - name: process.malware_classification.features.data.encoding
- level: custom
- type: keyword
- ignore_above: 1024
- description: The encoding of buffer (e.g. zlib).
- default_field: false
- - name: process.malware_classification.identifier
- level: custom
- type: keyword
- ignore_above: 1024
- description: The model's unique identifier.
- default_field: false
- - name: process.malware_classification.score
- level: custom
- type: double
- description: The score produced by the classification model.
- default_field: false
- - name: process.malware_classification.threshold
- level: custom
- type: double
- description:
- The score threshold for the model. Files that score above this
- threshold are considered malicious.
- default_field: false
- - name: process.malware_classification.upx_packed
- level: custom
- type: boolean
- description: Whether UPX packing was detected.
- default_field: false
- - name: process.malware_classification.version
- level: custom
- type: keyword
- ignore_above: 1024
- description: The version of the model used.
- default_field: false
- - name: process.name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: "Process name.
-
- Sometimes called program name or similar."
- example: ssh
- default_field: false
- - name: process.parent.args
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Array of process arguments.
-
- May be filtered to protect sensitive information."
- example:
- - ssh
- - -l
- - user
- - 10.0.0.16
- default_field: false
- - name: process.parent.args_count
- level: extended
- type: long
- description: "Length of the process.args array.
-
- This field can be useful for querying or performing bucket analysis on how
- many arguments were provided to start a process. More arguments may be an
- indication of suspicious activity."
- example: 4
- default_field: false
- - name: process.parent.code_signature.exists
- level: core
- type: boolean
- description: Boolean to capture if a signature is present.
- example: "true"
- default_field: false
- - name: process.parent.code_signature.status
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Additional information about the certificate status.
-
- This is useful for logging cryptographic errors with the certificate validity
- or trust status. Leave unpopulated if the validity or trust of the certificate
- was unchecked."
- example: ERROR_UNTRUSTED_ROOT
- default_field: false
- - name: process.parent.code_signature.subject_name
- level: core
- type: keyword
- ignore_above: 1024
- description: Subject name of the code signer
- example: Microsoft Corporation
- default_field: false
- - name: process.parent.code_signature.trusted
- level: extended
- type: boolean
- description: "Stores the trust status of the certificate chain.
-
- Validating the trust of the certificate chain may be complicated, and this
- field should only be populated by tools that actively check the status."
- example: "true"
- default_field: false
- - name: process.parent.code_signature.valid
- level: extended
- type: boolean
- description:
- "Boolean to capture if the digital signature is verified against
- the binary content.
-
- Leave unpopulated if a certificate was unchecked."
- example: "true"
- default_field: false
- - name: process.parent.command_line
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description:
- "Full command line that started the process, including the absolute
- path to the executable, and all arguments.
-
- Some arguments may be filtered to protect sensitive information."
- example: /usr/bin/ssh -l user 10.0.0.16
- default_field: false
- - name: process.parent.entity_id
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Unique identifier for the process.
-
- The implementation of this is specified by the data source, but some examples
- of what could be used here are a process-generated UUID, Sysmon Process GUIDs,
- or a hash of some uniquely identifying components of a process.
-
- Constructing a globally unique identifier is a common practice to mitigate
- PID reuse as well as to identify a specific process over time, across multiple
- monitored hosts."
- example: c2c455d9f99375d
- default_field: false
- - name: process.parent.executable
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: Absolute path to the process executable.
- example: /usr/bin/ssh
- default_field: false
- - name: process.parent.exit_code
- level: extended
- type: long
- description:
- "The exit code of the process, if this is a termination event.
-
- The field should be absent if there is no exit code for the event (e.g. process
- start)."
- example: 137
- default_field: false
- - name: process.parent.hash.md5
- level: extended
- type: keyword
- ignore_above: 1024
- description: MD5 hash.
- default_field: false
- - name: process.parent.hash.sha1
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA1 hash.
- default_field: false
- - name: process.parent.hash.sha256
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA256 hash.
- default_field: false
- - name: process.parent.hash.sha512
- level: extended
- type: keyword
- ignore_above: 1024
- description: SHA512 hash.
- default_field: false
- - name: process.parent.name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: "Process name.
-
- Sometimes called program name or similar."
- example: ssh
- default_field: false
- - name: process.parent.pgid
- level: extended
- type: long
- format: string
- description: Identifier of the group of processes the process belongs to.
- default_field: false
- - name: process.parent.pid
- level: core
- type: long
- format: string
- description: Process id.
- example: 4242
- default_field: false
- - name: process.parent.ppid
- level: extended
- type: long
- format: string
- description: Parent process' pid.
- example: 4241
- default_field: false
- - name: process.parent.start
- level: extended
- type: date
- description: The time the process started.
- example: "2016-05-23T08:05:34.853Z"
- default_field: false
- - name: process.parent.thread.id
- level: extended
- type: long
- format: string
- description: Thread ID.
- example: 4242
- default_field: false
- - name: process.parent.thread.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Thread name.
- example: thread-0
- default_field: false
- - name: process.parent.title
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: "Process title.
-
- The proctitle, some times the same as process name. Can also be different:
- for example a browser setting its title to the web page currently opened."
- default_field: false
- - name: process.parent.uptime
- level: extended
- type: long
- description: Seconds the process has been up.
- example: 1325
- default_field: false
- - name: process.parent.working_directory
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: The working directory of the process.
- example: /home/alice
- default_field: false
- - name: process.pe.company
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal company name of the file, provided at compile-time.
- example: Microsoft Corporation
- default_field: false
- - name: process.pe.description
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal description of the file, provided at compile-time.
- example: Paint
- default_field: false
- - name: process.pe.file_version
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal version of the file, provided at compile-time.
- example: 6.3.9600.17415
- default_field: false
- - name: process.pe.original_file_name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal name of the file, provided at compile-time.
- example: MSPAINT.EXE
- default_field: false
- - name: process.pe.product
- level: extended
- type: keyword
- ignore_above: 1024
- description: Internal product name of the file, provided at compile-time.
- example: "Microsoft\xAE Windows\xAE Operating System"
- default_field: false
- - name: process.pgid
- level: extended
- type: long
- format: string
- description: Identifier of the group of processes the process belongs to.
- default_field: false
- - name: process.pid
- level: core
- type: long
- format: string
- description: Process id.
- example: 4242
- default_field: false
- - name: process.ppid
- level: extended
- type: long
- format: string
- description: Parent process' pid.
- example: 4241
- default_field: false
- - name: process.services
- level: custom
- type: keyword
- ignore_above: 1024
- description: Services running in this process.
- default_field: false
- - name: process.start
- level: extended
- type: date
- description: The time the process started.
- example: "2016-05-23T08:05:34.853Z"
- default_field: false
- - name: process.thread
- level: extended
- type: object
- object_type: keyword
- description:
- The thread fields are used to describe by which process thread
- the event belongs to.
- default_field: false
- - name: process.thread.call_stack.instruction_pointer
- level: custom
- type: keyword
- ignore_above: 1024
- description: The return address of this stack frame.
- default_field: false
- - name: process.thread.call_stack.memory_section.address
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- Base address of the memory region containing `instruction_pointer`. Corresponds
- to `MEMORY_BASIC_INFORMATION.BaseAddress`
- default_field: false
- - name: process.thread.call_stack.memory_section.protection
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- Memory protection flags of this memory region. Corresponds to
- `MEMORY_BASIC_INFORMATION.Protect`
- default_field: false
- - name: process.thread.call_stack.memory_section.size
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- Size of the memory region containing `instruction_pointer`. Corresponds
- to `MEMORY_BASIC_INFORMATION.RegionSize`
- default_field: false
- - name: process.thread.call_stack.module_path
- level: custom
- type: keyword
- ignore_above: 1024
- description: The DLL/module containing `instruction_pointer`.
- default_field: false
- - name: process.thread.call_stack.rva
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- The relative virtual address of `instruction_pointer`. Computed
- as `instruction_pointer - MEMORY_BASIC_INFORMATION.AllocationBase`.
- default_field: false
- - name: process.thread.call_stack.symbol_info
- level: custom
- type: keyword
- ignore_above: 1024
- description: The nearest symbol for `instruction_pointer`.
- default_field: false
- - name: process.thread.id
- level: extended
- type: long
- format: string
- description: Thread ID.
- example: 4242
- default_field: false
- - name: process.thread.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Thread name.
- example: thread-0
- default_field: false
- - name: process.thread.service
- level: extended
- type: keyword
- ignore_above: 1024
- description: Service associated with the thread.
- example: VaultSvc
- default_field: false
- - name: process.thread.start
- level: extended
- type: date
- description: The time the thread started.
- example: "2016-05-23T08:05:34.853Z"
- default_field: false
- - name: process.thread.start_address
- level: extended
- type: keyword
- ignore_above: 1024
- description: Memory address where the thread began execution.
- example: 5442508
- default_field: false
- - name: process.thread.start_address_module
- level: extended
- type: keyword
- ignore_above: 1024
- description: The dll/module where the thread began execution.
- example: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
- default_field: false
- - name: process.thread.token.domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: Domain of token user.
- default_field: false
- - name: process.thread.token.elevation
- level: custom
- type: boolean
- description: Whether the token is elevated or not
- default_field: false
- - name: process.thread.token.elevation_type
- level: custom
- type: keyword
- ignore_above: 1024
- description: What level of elevation the token has
- example: one of "default", "full", "limited"
- default_field: false
- - name: process.thread.token.impersonation_level
- level: extended
- type: keyword
- ignore_above: 1024
- description: Impersonation level. Only valid for impersonation tokens.
- default_field: false
- - name: process.thread.token.integrity_level
- level: extended
- type: long
- description: Numeric integrity level.
- default_field: false
- - name: process.thread.token.integrity_level_name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Human readable integrity level.
- example: one of "system", "high", "medium", "low", "untrusted"
- default_field: false
- - name: process.thread.token.is_appcontainer
- level: extended
- type: boolean
- description: Whether or not this is an appcontainer token.
- default_field: false
- - name: process.thread.token.privileges
- level: extended
- type: nested
- description: Array describing the privileges associated with the token.
- default_field: false
- - name: process.thread.token.privileges.description
- level: extended
- type: keyword
- ignore_above: 1024
- description: Description of the privilege.
- default_field: false
- - name: process.thread.token.privileges.enabled
- level: extended
- type: boolean
- description: Whether or not the privilege is enabled.
- default_field: false
- - name: process.thread.token.privileges.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Name of the privilege.
- default_field: false
- - name: process.thread.token.sid
- level: extended
- type: keyword
- ignore_above: 1024
- description: Token user's Security Identifier (SID).
- default_field: false
- - name: process.thread.token.type
- level: extended
- type: keyword
- ignore_above: 1024
- description: Type of the token, either primary or impersonation.
- default_field: false
- - name: process.thread.token.user
- level: extended
- type: keyword
- ignore_above: 1024
- description: Username of token owner.
- default_field: false
- - name: process.thread.uptime
- level: custom
- type: long
- description: Seconds since thread started.
- default_field: false
- - name: process.title
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: "Process title.
-
- The proctitle, some times the same as process name. Can also be different:
- for example a browser setting its title to the web page currently opened."
- default_field: false
- - name: process.token.domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: Domain of token user.
- default_field: false
- - name: process.token.elevation
- level: custom
- type: boolean
- description: Whether the token is elevated or not
- default_field: false
- - name: process.token.elevation_type
- level: custom
- type: keyword
- ignore_above: 1024
- description: What level of elevation the token has
- example: one of "default", "full", "limited"
- default_field: false
- - name: process.token.impersonation_level
- level: extended
- type: keyword
- ignore_above: 1024
- description: Impersonation level. Only valid for impersonation tokens.
- default_field: false
- - name: process.token.integrity_level
- level: extended
- type: long
- description: Numeric integrity level.
- default_field: false
- - name: process.token.integrity_level_name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Human readable integrity level.
- example: one of "system", "high", "medium", "low", "untrusted"
- default_field: false
- - name: process.token.is_appcontainer
- level: extended
- type: boolean
- description: Whether or not this is an appcontainer token.
- default_field: false
- - name: process.token.privileges
- level: extended
- type: nested
- description: Array describing the privileges associated with the token.
- default_field: false
- - name: process.token.privileges.description
- level: extended
- type: keyword
- ignore_above: 1024
- description: Description of the privilege.
- default_field: false
- - name: process.token.privileges.enabled
- level: extended
- type: boolean
- description: Whether or not the privilege is enabled.
- default_field: false
- - name: process.token.privileges.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Name of the privilege.
- default_field: false
- - name: process.token.sid
- level: extended
- type: keyword
- ignore_above: 1024
- description: Token user's Security Identifier (SID).
- default_field: false
- - name: process.token.type
- level: extended
- type: keyword
- ignore_above: 1024
- description: Type of the token, either primary or impersonation.
- default_field: false
- - name: process.token.user
- level: extended
- type: keyword
- ignore_above: 1024
- description: Username of token owner.
- default_field: false
- - name: process.uptime
- level: extended
- type: long
- description: Seconds the process has been up.
- example: 1325
- default_field: false
- - name: process.user
- level: custom
- type: keyword
- ignore_above: 1024
- description: User associated with the running process.
- default_field: false
- - name: process.working_directory
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- description: The working directory of the process.
- example: /home/alice
- default_field: false
-- name: threat
- title: Threat
- group: 2
- description:
- 'Fields to classify events and alerts according to a threat taxonomy
- such as the Mitre ATT&CK framework.
-
- These fields are for users to classify alerts from all of their sources (e.g.
- IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to
- capture the high level category of the threat (e.g. "impact"). The threat.technique.*
- fields are meant to capture which kind of approach is used by this detected
- threat, to accomplish the goal (e.g. "endpoint denial of service").'
- type: group
- fields:
- - name: framework
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- Name of the threat framework used to further categorize and classify
- the tactic and technique of the reported threat. Framework classification
- can be provided by detecting systems, evaluated at ingest time, or retrospectively
- tagged to events.
- example: MITRE ATT&CK
- - name: tactic.id
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- The id of tactic used by this threat. You can use the Mitre ATT&CK
- Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/
- )
- example: TA0040
- - name: tactic.name
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- Name of the type of tactic used by this threat. You can use the
- Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/
- )
- example: impact
- - name: tactic.reference
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- The reference url of tactic used by this threat. You can use the
- Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/tactics/TA0040/
- )
- example: https://attack.mitre.org/tactics/TA0040/
- - name: technique.id
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- The id of technique used by this tactic. You can use the Mitre
- ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/
- )
- example: T1499
- - name: technique.name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description:
- The name of technique used by this tactic. You can use the Mitre
- ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/
- )
- example: endpoint denial of service
- - name: technique.reference
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- The reference url of technique used by this tactic. You can use
- the Mitre ATT&CK Matrix Tactic categorization, for example. (ex. https://attack.mitre.org/techniques/T1499/
- )
- example: https://attack.mitre.org/techniques/T1499/
-- name: user
- title: User
- group: 2
- description:
- "The user fields describe information about the user that is relevant
- to the event.
-
- Fields can have one entry or multiple entries. If a user has more than one id,
- provide an array that includes all of them."
- type: group
- fields:
- - name: domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Name of the directory the user is a member of.
-
- For example, an LDAP or Active Directory domain name."
- - name: email
- level: extended
- type: keyword
- ignore_above: 1024
- description: User email address.
- - name: full_name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: User's full name, if available.
- example: Albert Einstein
- - name: group.domain
- level: extended
- type: keyword
- ignore_above: 1024
- description: "Name of the directory the group is a member of.
-
- For example, an LDAP or Active Directory domain name."
- - name: group.id
- level: extended
- type: keyword
- ignore_above: 1024
- description: Unique identifier for the group on the system/platform.
- - name: group.name
- level: extended
- type: keyword
- ignore_above: 1024
- description: Name of the group.
- - name: hash
- level: extended
- type: keyword
- ignore_above: 1024
- description:
- "Unique user hash to correlate information for a user in anonymized
- form.
-
- Useful if `user.id` or `user.name` contain confidential information and cannot
- be used."
- - name: id
- level: core
- type: keyword
- ignore_above: 1024
- description: Unique identifiers of the user.
- - name: name
- level: core
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: Short name or login of the user.
- example: albert
diff --git a/dev/packages/alpha/endpoint/1.0.0/dataset/events/manifest.yml b/dev/packages/alpha/endpoint/1.0.0/dataset/events/manifest.yml
deleted file mode 100644
index 2af9b963b0f..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/dataset/events/manifest.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-title: Endpoint Events
-
-type: events
-
-id: endpoint
-
-default: true
-
-# This stream definition is only here as a placeholder. The config is generated by the UI.
-streams:
- - input: events
- title: Endpoint events
- description: Collect Endpoint events
diff --git a/dev/packages/alpha/endpoint/1.0.0/dataset/metadata/fields/fields.yml b/dev/packages/alpha/endpoint/1.0.0/dataset/metadata/fields/fields.yml
deleted file mode 100644
index 646037161a7..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/dataset/metadata/fields/fields.yml
+++ /dev/null
@@ -1,232 +0,0 @@
-- name: "@timestamp"
- level: core
- required: true
- type: date
- description: "Date/time when the event originated.
-
- This is the date/time extracted from the event, typically representing when
- the event was generated by the source.
-
- If the event source has no original timestamp, this value is typically populated
- by the first time the event was received by the pipeline.
-
- Required field for all events."
- example: "2016-05-23T08:05:34.853Z"
-- name: agent
- title: Agent
- group: 2
- description: "The agent fields contain the data about the software entity, if
- any, that collects, detects, or observes events on a host, or takes measurements
- on a host.
-
- Examples include Beats. Agents may also run on observers. ECS agent.* fields
- shall be populated with details of the agent running on the host or observer
- where the event happened or the measurement was taken."
- footnote:
- "Examples: In the case of Beats for logs, the agent.name is filebeat.
- For APM, it is the agent running in the app/service. The agent information does
- not change if data is sent through queuing systems like Kafka, Redis, or processing
- systems such as Logstash or APM Server."
- type: group
- fields:
- - name: id
- level: core
- type: keyword
- ignore_above: 1024
- description: "Unique identifier of this agent (if one exists).
-
- Example: For Beats this would be beat.id."
- example: 8a4f500d
- - name: name
- level: core
- type: keyword
- ignore_above: 1024
- description: "Custom name of the agent.
-
- This is a name that can be given to an agent. This can be helpful if for example
- two Filebeat instances are running on the same host but a human readable separation
- is needed on which Filebeat instance data is coming from.
-
- If no name is given, the name is often left empty."
- example: foo
- - name: version
- level: core
- type: keyword
- ignore_above: 1024
- description: Version of the agent.
- example: 6.0.0-rc2
-- name: ecs
- title: ECS
- group: 2
- description: Meta-information specific to ECS.
- type: group
- fields:
- - name: version
- level: core
- required: true
- type: keyword
- ignore_above: 1024
- description:
- "ECS version this event conforms to. `ecs.version` is a required
- field and must exist in all events.
-
- When querying across multiple indices -- which may conform to slightly different
- ECS versions -- this field lets integrations adjust to the schema version
- of the events."
- example: 1.0.0
-- name: elastic
- title: Elastic
- group: 2
- description:
- Holds fields and properties of data points and concepts in the elastic
- domain or namespace.
- type: group
- fields:
- - name: agent
- level: custom
- type: object
- object_type: keyword
- description:
- The agent fields contain data about the Elastic Agent. The Elastic
- Agent is the management agent that manages other agents or process on the
- host.
- default_field: false
- - name: agent.id
- level: custom
- type: keyword
- ignore_above: 1024
- description: Unique identifier of this elastic agent (if one exists).
- example: c2a9093e-e289-4c0a-aa44-8c32a414fa7a
- default_field: false
-- name: endpoint
- title: Endpoint
- group: 2
- description: Fields describing the state of the Elastic Endpoint when an event
- occurs.
- type: group
- fields:
- - name: policy
- level: custom
- type: object
- object_type: keyword
- description: The policy fields are used to hold information about applied policy.
- default_field: false
- - name: policy.id
- level: custom
- type: keyword
- ignore_above: 1024
- description: ID of the policy that was active when the event was created.
- example: c2a9093e-e289-4c0a-aa44-8c32a414fa7a
- default_field: false
-- name: event
- title: Event
- group: 2
- description: "The event fields are used for context information about the log
- or metric event itself.
-
- A log is defined as an event containing details of something that happened.
- Log events must include the time at which the thing happened. Examples of log
- events include a process starting on a host, a network packet being sent from
- a source to a destination, or a network connection between a client and a server
- being initiated or closed. A metric is defined as an event containing one or
- more numerical or categorical measurements and the time at which the measurement
- was taken. Examples of metric events include memory pressure measured on a host,
- or vulnerabilities measured on a scanned host."
- type: group
- fields:
- - name: created
- level: core
- type: date
- description:
- "event.created contains the date/time when the event was first
- read by an agent, or by your pipeline.
-
- This field is distinct from @timestamp in that @timestamp typically contain
- the time extracted from the original event.
-
- In most situations, these two timestamps will be slightly different. The difference
- can be used to calculate the delay between your source generating an event,
- and the time when your agent first processed it. This can be used to monitor
- your agent's or pipeline's ability to keep up with your event source.
-
- In case the two timestamps are identical, @timestamp should be used."
- example: "2016-05-23T08:05:34.857Z"
-- name: host
- title: Host
- group: 2
- description: "A host is defined as a general computing instance.
-
- ECS host.* fields should be populated with details about the host on which the
- event happened, or from which the measurement was taken. Host types include
- hardware, virtual machines, Docker containers, and Kubernetes nodes."
- type: group
- fields:
- - name: architecture
- level: core
- type: keyword
- ignore_above: 1024
- description: Operating system architecture.
- example: x86_64
- - name: hostname
- level: core
- type: keyword
- ignore_above: 1024
- description: "Hostname of the host.
-
- It normally contains what the `hostname` command returns on the host machine."
- - name: id
- level: core
- type: keyword
- ignore_above: 1024
- description: "Unique host id.
-
- As hostname is not always unique, use values that are meaningful in your environment.
-
- Example: The current usage of `beat.name`."
- - name: ip
- level: core
- type: ip
- description: Host ip addresses.
- - name: mac
- level: core
- type: keyword
- ignore_above: 1024
- description: Host mac addresses.
- - name: os.full
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: Operating system name, including the version or code name.
- example: Mac OS Mojave
- - name: os.name
- level: extended
- type: keyword
- ignore_above: 1024
- multi_fields:
- - name: text
- type: text
- norms: false
- default_field: false
- description: Operating system name, without the version.
- example: Mac OS X
- - name: os.variant
- level: custom
- type: keyword
- ignore_above: 1024
- description:
- A string value or phrase that further aid to classify or qualify
- the operating system (OS). For example the distribution for a Linux OS will
- be entered in this field.
- example: Ubuntu
- default_field: false
- - name: os.version
- level: extended
- type: keyword
- ignore_above: 1024
- description: Operating system version as a raw string.
- example: 10.14.1
diff --git a/dev/packages/alpha/endpoint/1.0.0/dataset/metadata/manifest.yml b/dev/packages/alpha/endpoint/1.0.0/dataset/metadata/manifest.yml
deleted file mode 100644
index 801506975dc..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/dataset/metadata/manifest.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-title: Endpoint Metadata
-
-type: metrics
-
-id: endpoint
-
-# If set to true, this will be enabled by default in the input selection
-default: true
-
-# This stream definition is only here as a placeholder. The config is generated by the UI.
-streams:
- - input: metrics
- title: Endpoint Metadata
- description: Collect Endpoint metadata
diff --git a/dev/packages/alpha/endpoint/1.0.0/docs/README.md b/dev/packages/alpha/endpoint/1.0.0/docs/README.md
deleted file mode 100644
index 5748706855f..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/docs/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Endpoint package
-
-This is a module for the Endpoint Kibana App and Elastic Endpoint. It sets up the templates, index patterns, aliases, and dashboards.
diff --git a/dev/packages/alpha/endpoint/1.0.0/img/logo-endpoint-64-color.svg b/dev/packages/alpha/endpoint/1.0.0/img/logo-endpoint-64-color.svg
deleted file mode 100644
index b03007a76ff..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/img/logo-endpoint-64-color.svg
+++ /dev/null
@@ -1,7 +0,0 @@
-
diff --git a/dev/packages/alpha/endpoint/1.0.0/kibana/dashboard/826759f0-7074-11ea-9bc8-6b38f4d29a16.json b/dev/packages/alpha/endpoint/1.0.0/kibana/dashboard/826759f0-7074-11ea-9bc8-6b38f4d29a16.json
deleted file mode 100644
index bdb7c42479f..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/kibana/dashboard/826759f0-7074-11ea-9bc8-6b38f4d29a16.json
+++ /dev/null
@@ -1,168 +0,0 @@
-{
- "attributes": {
- "description": "",
- "hits": 0,
- "kibanaSavedObjectMeta": {
- "searchSourceJSON": {
- "query": {
- "language": "kuery",
- "query": ""
- },
- "filter": [
- {
- "meta": {
- "alias": "Endpoint Data Filter",
- "negate": false,
- "disabled": false,
- "type": "phrase",
- "key": "agent.type",
- "params": {
- "query": "endpoint"
- },
- "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index"
- },
- "query": {
- "match_phrase": {
- "agent.type": "endpoint"
- }
- },
- "$state": {
- "store": "appState"
- }
- }
- ]
- }
- },
- "optionsJSON": {
- "hidePanelTitles": false,
- "useMargins": true
- },
- "panelsJSON": [
- {
- "embeddableConfig": {
- "title": "Controls"
- },
- "gridData": {
- "h": 7,
- "i": "c923502a-9a0e-47bb-8d1b-e642b399c8e3",
- "w": 48,
- "x": 0,
- "y": 0
- },
- "panelIndex": "c923502a-9a0e-47bb-8d1b-e642b399c8e3",
- "title": "Controls",
- "version": "7.6.1",
- "panelRefName": "panel_0"
- },
- {
- "embeddableConfig": {
- "hiddenLayers": [],
- "isLayerTOCOpen": false,
- "mapCenter": {
- "lat": 37.4065,
- "lon": -94.14774,
- "zoom": 0.74
- },
- "openTOCDetails": []
- },
- "gridData": {
- "h": 15,
- "i": "728b8d81-2f01-4e52-8b9a-94a5c9b62f0f",
- "w": 48,
- "x": 0,
- "y": 7
- },
- "panelIndex": "728b8d81-2f01-4e52-8b9a-94a5c9b62f0f",
- "version": "7.6.1",
- "panelRefName": "panel_1"
- },
- {
- "embeddableConfig": {},
- "gridData": {
- "h": 10,
- "i": "2b6b6a19-3870-4127-bccf-c81c51e10544",
- "w": 48,
- "x": 0,
- "y": 22
- },
- "panelIndex": "2b6b6a19-3870-4127-bccf-c81c51e10544",
- "version": "7.6.1",
- "panelRefName": "panel_2"
- },
- {
- "embeddableConfig": {
- "title": "Endpoint Count by Operating System"
- },
- "gridData": {
- "h": 15,
- "i": "996c9423-7803-49e0-92d8-4ccfde71b425",
- "w": 25,
- "x": 0,
- "y": 32
- },
- "panelIndex": "996c9423-7803-49e0-92d8-4ccfde71b425",
- "title": "Endpoint Count by Operating System",
- "version": "7.6.1",
- "panelRefName": "panel_3"
- },
- {
- "embeddableConfig": {
- "title": "Event Count by Category"
- },
- "gridData": {
- "h": 15,
- "i": "e16e025f-20c4-4075-8342-76820c2ff4c7",
- "w": 23,
- "x": 25,
- "y": 32
- },
- "panelIndex": "e16e025f-20c4-4075-8342-76820c2ff4c7",
- "title": "Event Count by Category",
- "version": "7.6.1",
- "panelRefName": "panel_4"
- }
- ],
- "timeRestore": false,
- "title": "Endpoint Dashboard",
- "version": 1
- },
- "id": "826759f0-7074-11ea-9bc8-6b38f4d29a16",
- "migrationVersion": {
- "dashboard": "7.3.0"
- },
- "references": [
- {
- "id": "events-*",
- "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
- "type": "index-pattern"
- },
- {
- "id": "1cfceda0-728b-11ea-9bc8-6b38f4d29a16",
- "name": "panel_0",
- "type": "visualization"
- },
- {
- "id": "a3a3bd10-706b-11ea-9bc8-6b38f4d29a16",
- "name": "panel_1",
- "type": "map"
- },
- {
- "id": "55387750-729c-11ea-9bc8-6b38f4d29a16",
- "name": "panel_2",
- "type": "visualization"
- },
- {
- "id": "92b1edc0-706a-11ea-9bc8-6b38f4d29a16",
- "name": "panel_3",
- "type": "visualization"
- },
- {
- "id": "1e525190-7074-11ea-9bc8-6b38f4d29a16",
- "name": "panel_4",
- "type": "visualization"
- }
- ],
- "type": "dashboard",
- "updated_at": "2020-04-01T16:40:15.811Z",
- "version": "WzI1MywxXQ=="
-}
\ No newline at end of file
diff --git a/dev/packages/alpha/endpoint/1.0.0/kibana/map/a3a3bd10-706b-11ea-9bc8-6b38f4d29a16.json b/dev/packages/alpha/endpoint/1.0.0/kibana/map/a3a3bd10-706b-11ea-9bc8-6b38f4d29a16.json
deleted file mode 100644
index aed34dc4ca8..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/kibana/map/a3a3bd10-706b-11ea-9bc8-6b38f4d29a16.json
+++ /dev/null
@@ -1,197 +0,0 @@
-{
- "attributes": {
- "bounds": {
- "coordinates": [
- [
- [
- -180,
- 79.49858
- ],
- [
- -180,
- -84.59877
- ],
- [
- 180,
- -84.59877
- ],
- [
- 180,
- 79.49858
- ],
- [
- -180,
- 79.49858
- ]
- ]
- ],
- "type": "Polygon"
- },
- "description": "",
- "layerListJSON": [
- {
- "sourceDescriptor": {
- "type": "EMS_TMS",
- "isAutoSelect": true
- },
- "id": "526f1956-b031-487b-887f-15901691696a",
- "label": null,
- "minZoom": 0,
- "maxZoom": 24,
- "alpha": 1,
- "visible": true,
- "style": {},
- "type": "VECTOR_TILE"
- },
- {
- "sourceDescriptor": {
- "type": "ES_GEO_GRID",
- "id": "872f1625-c279-44a8-b4d3-f698b0a5e907",
- "geoField": "host.geo.location",
- "requestType": "point",
- "resolution": "COARSE",
- "applyGlobalQuery": true,
- "metrics": [
- {
- "type": "cardinality",
- "label": "Number of Endpoints",
- "field": "agent.id"
- }
- ],
- "indexPatternRefName": "layer_1_source_index_pattern"
- },
- "style": {
- "type": "VECTOR",
- "properties": {
- "fillColor": {
- "type": "STATIC",
- "options": {
- "color": "#54B399"
- }
- },
- "lineColor": {
- "type": "STATIC",
- "options": {
- "color": "#FFF"
- }
- },
- "lineWidth": {
- "type": "STATIC",
- "options": {
- "size": 0
- }
- },
- "iconSize": {
- "type": "DYNAMIC",
- "options": {
- "minSize": 10,
- "maxSize": 35,
- "fieldMetaOptions": {
- "isEnabled": true,
- "sigma": 3
- },
- "field": {
- "label": "Number of Endpoints",
- "name": "cardinality_of_agent.id",
- "origin": "source"
- }
- }
- },
- "iconOrientation": {
- "type": "STATIC",
- "options": {
- "orientation": 0
- }
- },
- "labelText": {
- "type": "DYNAMIC",
- "options": {
- "field": {
- "label": "Number of Endpoints",
- "name": "cardinality_of_agent.id",
- "origin": "source"
- }
- }
- },
- "labelColor": {
- "type": "STATIC",
- "options": {
- "color": "#000000"
- }
- },
- "labelSize": {
- "type": "STATIC",
- "options": {
- "size": 14
- }
- },
- "labelBorderColor": {
- "type": "STATIC",
- "options": {
- "color": "#FFFFFF"
- }
- },
- "symbol": {
- "options": {
- "symbolizeAs": "circle",
- "symbolId": "airfield"
- }
- },
- "labelBorderSize": {
- "options": {
- "size": "SMALL"
- }
- }
- },
- "isTimeAware": true
- },
- "id": "da92df53-51bf-446f-8f88-21933fea8fe3",
- "label": "Endpoints",
- "minZoom": 0,
- "maxZoom": 24,
- "alpha": 0.75,
- "visible": true,
- "type": "VECTOR"
- }
- ],
- "mapStateJSON": {
- "zoom": 0.71,
- "center": {
- "lon": -72.02031,
- "lat": -18.76202
- },
- "timeFilters": {
- "from": "now-15d",
- "to": "now"
- },
- "refreshConfig": {
- "isPaused": false,
- "interval": 0
- },
- "query": {
- "query": "",
- "language": "kuery"
- },
- "filters": []
- },
- "title": "[Endpoint] Endpoint Map",
- "uiStateJSON": {
- "isLayerTOCOpen": true,
- "openTOCDetails": []
- }
- },
- "id": "a3a3bd10-706b-11ea-9bc8-6b38f4d29a16",
- "migrationVersion": {
- "map": "7.6.0"
- },
- "references": [
- {
- "id": "events-*",
- "name": "layer_1_source_index_pattern",
- "type": "index-pattern"
- }
- ],
- "type": "map",
- "updated_at": "2020-04-01T16:27:16.377Z",
- "version": "WzIzNywxXQ=="
-}
diff --git a/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/55387750-729c-11ea-9bc8-6b38f4d29a16.json b/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/55387750-729c-11ea-9bc8-6b38f4d29a16.json
deleted file mode 100644
index 39613a54999..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/55387750-729c-11ea-9bc8-6b38f4d29a16.json
+++ /dev/null
@@ -1,170 +0,0 @@
-{
- "attributes": {
- "description": "",
- "kibanaSavedObjectMeta": {
- "searchSourceJSON": {
- "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
- }
- },
- "title": "[Endpoint] Event Count by Hostname Table",
- "uiStateJSON": {
- "vis": {
- "params": {
- "sort": {
- "columnIndex": null,
- "direction": null
- }
- }
- }
- },
- "version": 1,
- "visState": {
- "title": "[Endpoint] Event Count by Hostname Table",
- "type": "table",
- "params": {
- "perPage": 10,
- "showPartialRows": false,
- "showMetricsAtAllLevels": false,
- "sort": {
- "columnIndex": null,
- "direction": null
- },
- "showTotal": false,
- "totalFunc": "sum",
- "percentageCol": "",
- "dimensions": {
- "metrics": [
- {
- "accessor": 3,
- "format": {
- "id": "number"
- },
- "params": {},
- "label": "Event Count",
- "aggType": "cardinality"
- }
- ],
- "buckets": [
- {
- "accessor": 0,
- "format": {
- "id": "terms",
- "params": {
- "id": "string",
- "otherBucketLabel": "Other",
- "missingBucketLabel": "Missing",
- "parsedUrl": {
- "origin": "https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243",
- "pathname": "/app/kibana",
- "basePath": ""
- }
- }
- },
- "params": {},
- "label": "Hostname",
- "aggType": "terms"
- },
- {
- "accessor": 1,
- "format": {
- "id": "terms",
- "params": {
- "id": "string",
- "otherBucketLabel": "Other",
- "missingBucketLabel": "Missing",
- "parsedUrl": {
- "origin": "https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243",
- "pathname": "/app/kibana",
- "basePath": ""
- }
- }
- },
- "params": {},
- "label": "Operating System",
- "aggType": "terms"
- },
- {
- "accessor": 2,
- "format": {
- "id": "terms",
- "params": {
- "id": "ip",
- "otherBucketLabel": "Other",
- "missingBucketLabel": "Missing",
- "parsedUrl": {
- "origin": "https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243",
- "pathname": "/app/kibana",
- "basePath": ""
- }
- }
- },
- "params": {},
- "label": "IP Address",
- "aggType": "terms"
- }
- ]
- }
- },
- "aggs": [
- {
- "id": "1",
- "enabled": true,
- "type": "cardinality",
- "schema": "metric",
- "params": {
- "field": "event.id",
- "customLabel": "Event Count"
- }
- },
- {
- "id": "2",
- "enabled": true,
- "type": "terms",
- "schema": "bucket",
- "params": {
- "field": "host.name",
- "orderBy": "1",
- "order": "desc",
- "size": 10,
- "otherBucket": false,
- "otherBucketLabel": "Other",
- "missingBucket": false,
- "missingBucketLabel": "Missing",
- "customLabel": "Hostname"
- }
- },
- {
- "id": "3",
- "enabled": true,
- "type": "terms",
- "schema": "bucket",
- "params": {
- "field": "host.os.name",
- "orderBy": "1",
- "order": "desc",
- "size": 5,
- "otherBucket": false,
- "otherBucketLabel": "Other",
- "missingBucket": false,
- "missingBucketLabel": "Missing",
- "customLabel": "Operating System"
- }
- }
- ]
- }
- },
- "id": "55387750-729c-11ea-9bc8-6b38f4d29a16",
- "migrationVersion": {
- "visualization": "7.4.2"
- },
- "references": [
- {
- "id": "events-*",
- "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
- "type": "index-pattern"
- }
- ],
- "type": "visualization",
- "updated_at": "2020-04-01T16:08:56.259Z",
- "version": "WzIyOSwxXQ=="
-}
\ No newline at end of file
diff --git a/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/92b1edc0-706a-11ea-9bc8-6b38f4d29a16.json b/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/92b1edc0-706a-11ea-9bc8-6b38f4d29a16.json
deleted file mode 100644
index 242fa2aca02..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/92b1edc0-706a-11ea-9bc8-6b38f4d29a16.json
+++ /dev/null
@@ -1,177 +0,0 @@
-{
- "attributes": {
- "description": "",
- "kibanaSavedObjectMeta": {
- "searchSourceJSON": {
- "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
- }
- },
- "title": "[Endpoint] Endpoint Count by Operating System",
- "uiStateJSON": {
- "vis": {
- "legendOpen": false,
- "colors": {
- "Endpoint Count": "#7EB26D"
- }
- }
- },
- "version": 1,
- "visState": {
- "title": "[Endpoint] Endpoint Count by Operating System",
- "type": "histogram",
- "params": {
- "type": "histogram",
- "grid": {
- "categoryLines": false
- },
- "categoryAxes": [
- {
- "id": "CategoryAxis-1",
- "type": "category",
- "position": "bottom",
- "show": true,
- "style": {},
- "scale": {
- "type": "linear"
- },
- "labels": {
- "show": true,
- "filter": true,
- "truncate": 100,
- "rotate": 0
- },
- "title": {}
- }
- ],
- "valueAxes": [
- {
- "id": "ValueAxis-1",
- "name": "LeftAxis-1",
- "type": "value",
- "position": "left",
- "show": true,
- "style": {},
- "scale": {
- "type": "linear",
- "mode": "normal"
- },
- "labels": {
- "show": true,
- "rotate": 0,
- "filter": false,
- "truncate": 100
- },
- "title": {
- "text": "Endpoint Count"
- }
- }
- ],
- "seriesParams": [
- {
- "show": true,
- "type": "histogram",
- "mode": "stacked",
- "data": {
- "label": "Endpoint Count",
- "id": "1"
- },
- "valueAxis": "ValueAxis-1",
- "drawLinesBetweenPoints": true,
- "lineWidth": 2,
- "showCircles": true
- }
- ],
- "addTooltip": true,
- "addLegend": true,
- "legendPosition": "right",
- "times": [],
- "addTimeMarker": false,
- "labels": {
- "show": false
- },
- "thresholdLine": {
- "show": false,
- "value": 10,
- "width": 1,
- "style": "full",
- "color": "#E7664C"
- },
- "dimensions": {
- "x": {
- "accessor": 0,
- "format": {
- "id": "terms",
- "params": {
- "id": "string",
- "otherBucketLabel": "Other",
- "missingBucketLabel": "Missing",
- "parsedUrl": {
- "origin": "https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243",
- "pathname": "/app/kibana",
- "basePath": ""
- }
- }
- },
- "params": {},
- "label": "Operating System",
- "aggType": "terms"
- },
- "y": [
- {
- "accessor": 1,
- "format": {
- "id": "number"
- },
- "params": {},
- "label": "Endpoint Count",
- "aggType": "cardinality"
- }
- ]
- }
- },
- "aggs": [
- {
- "id": "1",
- "enabled": true,
- "type": "cardinality",
- "schema": "metric",
- "params": {
- "field": "agent.id",
- "customLabel": "Endpoint Count"
- }
- },
- {
- "id": "2",
- "enabled": true,
- "type": "terms",
- "schema": "segment",
- "params": {
- "field": "host.os.name",
- "orderBy": "1",
- "order": "desc",
- "size": 10,
- "otherBucket": false,
- "otherBucketLabel": "Other",
- "missingBucket": false,
- "missingBucketLabel": "Missing",
- "customLabel": "Operating System"
- }
- }
- ]
- }
- },
- "id": "92b1edc0-706a-11ea-9bc8-6b38f4d29a16",
- "migrationVersion": {
- "visualization": "7.4.2"
- },
- "references": [
- {
- "id": "events-*",
- "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
- "type": "index-pattern"
- }
- ],
- "type": "visualization",
- "updated_at": "2020-04-01T16:09:15.736Z",
- "version": "WzIzMCwxXQ=="
-}
\ No newline at end of file
diff --git a/dev/packages/alpha/endpoint/1.0.0/manifest.yml b/dev/packages/alpha/endpoint/1.0.0/manifest.yml
deleted file mode 100644
index 6eb73a69efb..00000000000
--- a/dev/packages/alpha/endpoint/1.0.0/manifest.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-format_version: 1.0.0
-name: endpoint
-title: Elastic Endpoint
-description: This is the Elastic Endpoint package.
-version: 1.0.0
-categories: ["security"]
-# Options are experimental, beta, ga
-release: beta
-# The package type. The options for now are [integration, solution], more type might be added in the future.
-# The default type is integration and will be set if empty.
-type: solution
-license: basic
-# The endpoint package cannot be removed
-removable: false
-
-datasources:
- - name: endpoint
- title: Endpoint data source
- description: Interact with the endpoint.
-
- # This tells the UI that for configuration, it must link to a specific solution
- # Only solution packages can contain this field.
- solution: endpoint
- multiple: false
-
-requirement:
- elasticsearch:
- versions: ">7.4.0"
- kibana:
- versions: ">7.4.0"
-
-icons:
- - src: "/img/logo-endpoint-64-color.svg"
- size: "16x16"
- type: "image/svg+xml"
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/error/agent/stream/stream.yml.hbs b/dev/packages/alpha/mysql/0.1.0/dataset/error/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..364aa85f53e
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/error/agent/stream/stream.yml.hbs
@@ -0,0 +1,12 @@
+paths:
+{{#each paths}}
+ - {{this}}
+{{/each}}
+exclude_files: [".gz$"]
+multiline:
+ # Consider lines without timestamp part of the previous message
+ pattern: '^([0-9]{4}-[0-9]{2}-[0-9]{2}|[0-9]{6})'
+ negate: true
+ match: after
+processors:
+- add_locale: ~
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/error/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/mysql/0.1.0/dataset/error/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..9362ef4c089
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/error/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,71 @@
+---
+description: Pipeline for parsing MySQL error logs
+processors:
+- grok:
+ field: message
+ patterns:
+ - '%{MYSQLDATETIME}%{SPACE}(%{NUMBER:mysql.thread_id:long}%{SPACE})?(\[%{DATA:log.level}\]%{SPACE})?%{GREEDYMULTILINE:message}'
+ - '%{GREEDYDATA:message}'
+ ignore_missing: true
+ pattern_definitions:
+ LOCALDATETIME: (?:%{YEAR}-%{MONTHNUM}-%{MONTHDAY}|%{NUMBER})%{SPACE}%{TIME}
+ MYSQLDATETIME: (?:%{LOCALDATETIME:_tmp.local_timestamp}|%{TIMESTAMP_ISO8601:_tmp.timestamp})
+ GREEDYMULTILINE: |-
+ (.|
+ )+
+- grok:
+ field: message
+ patterns:
+ - '(\[%{DATA:event.code}\])%{SPACE}(\[%{DATA:event.provider}\])%{SPACE}%{GREEDYMULTILINE}'
+ - '%{GREEDYDATA}'
+ ignore_missing: true
+ ignore_failure: true
+ pattern_definitions:
+ GREEDYMULTILINE: |-
+ (.|
+ )+
+- rename:
+ field: '@timestamp'
+ target_field: event.created
+- date:
+ if: ctx._tmp?.local_timestamp != null && ctx.event?.timezone == null
+ field: _tmp.local_timestamp
+ formats:
+ - yyMMdd H:m:s
+ - yyMMdd H:m:s
+ - yyyy-MM-dd H:m:s
+ - yyyy-MM-dd H:m:s
+- date:
+ if: ctx._tmp?.local_timestamp != null && ctx.event?.timezone != null
+ field: _tmp.local_timestamp
+ timezone: '{{ event.timezone }}'
+ formats:
+ - yyMMdd H:m:s
+ - yyMMdd H:m:s
+ - yyyy-MM-dd H:m:s
+ - yyyy-MM-dd H:m:s
+- date:
+ if: ctx._tmp?.timestamp != null
+ field: _tmp.timestamp
+ formats:
+ - ISO8601
+- remove:
+ field: _tmp
+ ignore_missing: true
+- set:
+ field: event.kind
+ value: event
+- append:
+ field: event.category
+ value: database
+- append:
+ field: event.type
+ value: info
+- append:
+ field: event.type
+ value: error
+ if: "ctx?.log?.level != null && ctx.log.level.toLowerCase() == 'error'"
+on_failure:
+- set:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/error/fields/ecs.yml b/dev/packages/alpha/mysql/0.1.0/dataset/error/fields/ecs.yml
new file mode 100644
index 00000000000..42840dcb488
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/error/fields/ecs.yml
@@ -0,0 +1,20 @@
+- name: message
+ level: core
+ type: text
+ description: |-
+ For log events the message field contains the log message, optimized for viewing in a log viewer.
+ For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event.
+ If multiple messages exist, they can be combined into one message.
+- name: log
+ title: Log
+ group: 2
+ type: group
+ fields:
+ - name: level
+ level: core
+ type: keyword
+ description: |-
+ Original log level of the log event.
+ If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).
+ Some examples are `warn`, `err`, `i`, `informational`.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/error/fields/fields.yml b/dev/packages/alpha/mysql/0.1.0/dataset/error/fields/fields.yml
new file mode 100644
index 00000000000..6f5883d4d12
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/error/fields/fields.yml
@@ -0,0 +1,23 @@
+- name: mysql.error
+ type: group
+- name: event.code
+ type: keyword
+ description: Identification code for this event
+- name: event.provider
+ type: keyword
+ description: Source of the event (e.g. Server)
+- name: event.created
+ type: date
+ description: Date/time when the event was first read by an agent, or by your pipeline.
+- name: event.timezone
+ type: keyword
+ description: Time zone information
+- name: event.kind
+ type: keyword
+ description: Event kind (e.g. event)
+- name: event.category
+ type: keyword
+ description: Event category (e.g. database)
+- name: event.type
+ type: keyword
+ description: Event severity (e.g. info, error)
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/error/fields/package-fields.yml b/dev/packages/alpha/mysql/0.1.0/dataset/error/fields/package-fields.yml
new file mode 100644
index 00000000000..a35a72d6dd7
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/error/fields/package-fields.yml
@@ -0,0 +1,7 @@
+- name: mysql
+ type: group
+ fields:
+ - name: thread_id
+ type: long
+ description: |
+ The connection or thread ID for the query.
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/error/manifest.yml b/dev/packages/alpha/mysql/0.1.0/dataset/error/manifest.yml
new file mode 100644
index 00000000000..573ebb59750
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/error/manifest.yml
@@ -0,0 +1,23 @@
+title: MySQL error logs
+type: logs
+release: beta
+streams:
+- input: logs
+ vars:
+ - name: paths
+ type: text
+ title: Error log paths
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - /var/log/mysql/error.log*
+ - /var/log/mysqld.log*
+ os.darwin:
+ default:
+ - /usr/local/var/mysql/localhost.localdomain.err*
+ os.windows:
+ default:
+ - c:/programdata/MySQL/MySQL Server*/error.log*
+ title: MySQL error logs
+ description: Collect MySQL error logs
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/agent/stream/stream.yml.hbs b/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..cd1e5c57c2c
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/agent/stream/stream.yml.hbs
@@ -0,0 +1,15 @@
+metricsets: ["galera_status"]
+hosts:
+{{#each hosts}}
+ - {{this}}
+{{/each}}
+{{#if password}}
+password: {{password}}
+{{/if}}
+period: {{period}}
+{{#if raw}}
+raw: {{raw}}
+{{/if}}
+{{#if username}}
+username: {{username}}
+{{/if}}
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/fields/fields.yml b/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/fields/fields.yml
new file mode 100644
index 00000000000..56458b40882
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/fields/fields.yml
@@ -0,0 +1,201 @@
+- name: mysql.galera_status
+ type: group
+ release: beta
+ fields:
+ - name: apply
+ type: group
+ fields:
+ - name: oooe
+ type: double
+ description: |
+ How often applier started write-set applying out-of-order (parallelization efficiency).
+ - name: oool
+ type: double
+ description: |
+ How often write-set was so slow to apply that write-set with higher seqno's were applied earlier. Values closer to 0 refer to a greater gap between slow and fast write-sets.
+ - name: window
+ type: double
+ description: |
+ Average distance between highest and lowest concurrently applied seqno.
+ - name: cert
+ type: group
+ fields:
+ - name: deps_distance
+ type: double
+ description: |
+ Average distance between highest and lowest seqno value that can be possibly applied in parallel (potential degree of parallelization).
+ - name: index_size
+ type: long
+ description: |
+ The number of entries in the certification index.
+ - name: interval
+ type: double
+ description: |
+ Average number of transactions received while a transaction replicates.
+ - name: cluster
+ type: group
+ fields:
+ - name: conf_id
+ type: long
+ description: |
+ Total number of cluster membership changes happened.
+ - name: size
+ type: long
+ description: |
+ Current number of members in the cluster.
+ - name: status
+ type: keyword
+ description: |
+ Status of this cluster component. That is, whether the node is part of a PRIMARY or NON_PRIMARY component.
+ - name: commit
+ type: group
+ fields:
+ - name: oooe
+ type: double
+ description: |
+ How often a transaction was committed out of order.
+ - name: window
+ type: long
+ description: |
+ Average distance between highest and lowest concurrently committed seqno.
+ - name: connected
+ type: keyword
+ description: |
+ If the value is OFF, the node has not yet connected to any of the cluster components. This may be due to misconfiguration. Check the error log for proper diagnostics.
+ - name: evs
+ type: group
+ fields:
+ - name: evict
+ type: keyword
+ description: |
+ Lists the UUID's of all nodes evicted from the cluster. Evicted nodes cannot rejoin the cluster until you restart their mysqld processes.
+ - name: state
+ type: keyword
+ description: |
+ Shows the internal state of the EVS Protocol.
+ - name: flow_ctl
+ type: group
+ fields:
+ - name: paused
+ type: double
+ description: |
+ The fraction of time since the last FLUSH STATUS command that replication was paused due to flow control. In other words, how much the slave lag is slowing down the cluster.
+ - name: paused_ns
+ type: long
+ description: |
+ The total time spent in a paused state measured in nanoseconds.
+ - name: recv
+ type: long
+ description: |
+ Returns the number of FC_PAUSE events the node has received, including those the node has sent. Unlike most status variables, the counter for this one does not reset every time you run the query.
+ - name: sent
+ type: long
+ description: |
+ Returns the number of FC_PAUSE events the node has sent. Unlike most status variables, the counter for this one does not reset every time you run the query.
+ - name: last_committed
+ type: long
+ description: |
+ The sequence number, or seqno, of the last committed transaction.
+ - name: local
+ type: group
+ fields:
+ - name: bf_aborts
+ type: long
+ description: |
+ Total number of local transactions that were aborted by slave transactions while in execution.
+ - name: cert_failures
+ type: long
+ description: |
+ Total number of local transactions that failed certification test.
+ - name: commits
+ type: long
+ description: |
+ Total number of local transactions committed.
+ - name: recv
+ type: group
+ fields:
+ - name: queue
+ type: long
+ description: |
+ Current (instantaneous) length of the recv queue.
+ - name: queue_avg
+ type: double
+ description: |
+ Recv queue length averaged over interval since the last FLUSH STATUS command. Values considerably larger than 0.0 mean that the node cannot apply write-sets as fast as they are received and will generate a lot of replication throttling.
+ - name: queue_max
+ type: long
+ description: |
+ The maximum length of the recv queue since the last FLUSH STATUS command.
+ - name: queue_min
+ type: long
+ description: |
+ The minimum length of the recv queue since the last FLUSH STATUS command.
+ - name: replays
+ type: long
+ description: |
+ Total number of transaction replays due to asymmetric lock granularity.
+ - name: send
+ type: group
+ fields:
+ - name: queue
+ type: long
+ description: |
+ Current (instantaneous) length of the send queue.
+ - name: queue_avg
+ type: double
+ description: |
+ Send queue length averaged over time since the last FLUSH STATUS command. Values considerably larger than 0.0 indicate replication throttling or network throughput issue.
+ - name: queue_max
+ type: long
+ description: |
+ The maximum length of the send queue since the last FLUSH STATUS command.
+ - name: queue_min
+ type: long
+ description: |
+ The minimum length of the send queue since the last FLUSH STATUS command.
+ - name: state
+ type: keyword
+ description: |
+ Internal Galera Cluster FSM state number.
+ - name: ready
+ type: keyword
+ description: |
+ Whether the server is ready to accept queries.
+ - name: received
+ type: group
+ fields:
+ - name: count
+ type: long
+ description: |
+ Total number of write-sets received from other nodes.
+ - name: bytes
+ type: long
+ description: |
+ Total size of write-sets received from other nodes.
+ - name: repl
+ type: group
+ fields:
+ - name: data_bytes
+ type: long
+ description: |
+ Total size of data replicated.
+ - name: keys
+ type: long
+ description: |
+ Total number of keys replicated.
+ - name: keys_bytes
+ type: long
+ description: |
+ Total size of keys replicated.
+ - name: other_bytes
+ type: long
+ description: |
+ Total size of other bits replicated.
+ - name: count
+ type: long
+ description: |
+ Total number of write-sets replicated (sent to other nodes).
+ - name: bytes
+ type: long
+ description: |
+ Total size of write-sets replicated.
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/fields/package-fields.yml b/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/fields/package-fields.yml
new file mode 100644
index 00000000000..57436911ee5
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: mysql
+ type: group
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/manifest.yml b/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/manifest.yml
new file mode 100644
index 00000000000..6829901e7a9
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/galera_status/manifest.yml
@@ -0,0 +1,22 @@
+title: MySQL galera_status metrics
+type: metrics
+release: beta
+streams:
+- input: mysql/metrics
+ enabled: false
+ vars:
+ - name: period
+ type: text
+ title: Period
+ required: true
+ show_user: true
+ default: 10s
+ - name: raw
+ type: bool
+ title: Raw
+ description: >
+ When enabled, in addition to the existing data structure, all fields available from the mysql service through
+ "SHOW /*!50002 GLOBAL */ STATUS;" will be added to the event.
+ default: false
+ title: MySQL galera_status metrics
+ description: Collect MySQL galera_status metrics
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/agent/stream/stream.yml.hbs b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..ac9eba50f69
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/agent/stream/stream.yml.hbs
@@ -0,0 +1,10 @@
+paths:
+{{#each paths}}
+ - {{this}}
+{{/each}}
+exclude_files: ['.gz$']
+multiline:
+ pattern: '^(# User@Host: |# Time: )'
+ negate: true
+ match: after
+exclude_lines: ['^[\/\w\.]+, Version: .* started with:.*', '^# Time:.*'] # Exclude the header and time
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/elasticsearch/ingest-pipeline/default.json b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/elasticsearch/ingest-pipeline/default.json
new file mode 100644
index 00000000000..93ce577a330
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/elasticsearch/ingest-pipeline/default.json
@@ -0,0 +1,86 @@
+{
+ "description": "Pipeline for parsing MySQL slow logs.",
+ "processors": [{
+ "grok": {
+ "field": "message",
+ "patterns":[
+ "^# User@Host: %{USER:user.name}(\\[%{USER:mysql.slowlog.current_user}\\])? @ %{HOSTNAME:source.domain}? \\[%{IP:source.ip}?\\]%{METRICSPACE}(Id:%{SPACE}%{NUMBER:mysql.thread_id:long}%{METRICSPACE})?(Thread_id:%{SPACE}%{NUMBER:mysql.thread_id}%{METRICSPACE})?(Schema:%{SPACE}%{WORD:mysql.slowlog.schema}?%{METRICSPACE})?(Last_errno: %{NUMBER:mysql.slowlog.last_errno:long}%{METRICSPACE})?(Killed: %{NUMBER:mysql.slowlog.killed:long}%{METRICSPACE})?(QC_hit: %{WORD:mysql.slowlog.query_cache_hit}%{METRICSPACE})?(Query_time: %{NUMBER:temp.duration:float}%{METRICSPACE})?(Lock_time: %{NUMBER:mysql.slowlog.lock_time.sec:float}%{METRICSPACE})?(Rows_sent: %{NUMBER:mysql.slowlog.rows_sent:long}%{METRICSPACE})?(Rows_examined: %{NUMBER:mysql.slowlog.rows_examined:long}%{METRICSPACE})?(Rows_affected: %{NUMBER:mysql.slowlog.rows_affected:long}%{METRICSPACE})?(Thread_id: %{NUMBER:mysql.thread_id}%{METRICSPACE})?(Errno: %{NUMBER:mysql.slowlog.last_errno:long}%{METRICSPACE})?(Killed: %{NUMBER:mysql.slowlog.killed:long}%{METRICSPACE})?(Bytes_received: %{NUMBER:mysql.slowlog.bytes_received:long}%{METRICSPACE})?(Bytes_sent: %{NUMBER:mysql.slowlog.bytes_sent:long}%{METRICSPACE})?(Read_first: %{NUMBER:mysql.slowlog.read_first:long}%{METRICSPACE})?(Read_last: %{NUMBER:mysql.slowlog.read_last:long}%{METRICSPACE})?(Read_key: %{NUMBER:mysql.slowlog.read_key:long}%{METRICSPACE})?(Read_next: %{NUMBER:mysql.slowlog.read_next:long}%{METRICSPACE})?(Read_prev: %{NUMBER:mysql.slowlog.read_prev:long}%{METRICSPACE})?(Read_rnd: %{NUMBER:mysql.slowlog.read_rnd:long}%{METRICSPACE})?(Read_rnd_next: %{NUMBER:mysql.slowlog.read_rnd_next:long}%{METRICSPACE})?(Sort_merge_passes: %{NUMBER:mysql.slowlog.sort_merge_passes:long}%{METRICSPACE})?(Sort_range_count: %{NUMBER:mysql.slowlog.sort_range_count:long}%{METRICSPACE})?(Sort_rows: %{NUMBER:mysql.slowlog.sort_rows:long}%{METRICSPACE})?(Sort_scan_count: %{NUMBER:mysql.slowlog.sort_scan_count:long}%{METRICSPACE})?(Created_tmp_disk_tables: %{NUMBER:mysql.slowlog.tmp_disk_tables:long}%{METRICSPACE})?(Created_tmp_tables: %{NUMBER:mysql.slowlog.tmp_tables:long}%{METRICSPACE})?(Tmp_tables: %{NUMBER:mysql.slowlog.tmp_tables:long}%{METRICSPACE})?(Tmp_disk_tables: %{NUMBER:mysql.slowlog.tmp_disk_tables}%{METRICSPACE})?(Tmp_table_sizes: %{NUMBER:mysql.slowlog.tmp_table_sizes:long}%{METRICSPACE})?(Start: %{TIMESTAMP_ISO8601:event.start}%{METRICSPACE})?(End: %{TIMESTAMP_ISO8601:event.end}%{METRICSPACE})?(InnoDB_trx_id: %{WORD:mysql.slowlog.innodb.trx_id}%{METRICSPACE})?(QC_Hit: %{WORD:mysql.slowlog.query_cache_hit}%{METRICSPACE})?(Full_scan: %{WORD:mysql.slowlog.full_scan}%{METRICSPACE})?(Full_join: %{WORD:mysql.slowlog.full_join}%{METRICSPACE})?(Tmp_table: %{WORD:mysql.slowlog.tmp_table}%{METRICSPACE})?(Tmp_table_on_disk: %{WORD:mysql.slowlog.tmp_table_on_disk}%{METRICSPACE})?(Filesort: %{WORD:mysql.slowlog.filesort}%{METRICSPACE})?(Filesort_on_disk: %{WORD:mysql.slowlog.filesort_on_disk}%{METRICSPACE})?(Merge_passes: %{NUMBER:mysql.slowlog.merge_passes:long}%{METRICSPACE})?(Priority_queue: %{WORD:mysql.slowlog.priority_queue}%{METRICSPACE})?(No InnoDB statistics available for this query%{METRICSPACE})?(InnoDB_IO_r_ops: %{NUMBER:mysql.slowlog.innodb.io_r_ops:long}%{METRICSPACE})?(InnoDB_IO_r_bytes: %{NUMBER:mysql.slowlog.innodb.io_r_bytes:long}%{METRICSPACE})?(InnoDB_IO_r_wait: %{NUMBER:mysql.slowlog.innodb.io_r_wait.sec:float}%{METRICSPACE})?(InnoDB_rec_lock_wait: %{NUMBER:mysql.slowlog.innodb.rec_lock_wait.sec:float}%{METRICSPACE})?(InnoDB_queue_wait: %{NUMBER:mysql.slowlog.innodb.queue_wait.sec:float}%{METRICSPACE})?(InnoDB_pages_distinct: %{NUMBER:mysql.slowlog.innodb.pages_distinct:long}%{METRICSPACE})?(Log_slow_rate_type: %{WORD:mysql.slowlog.log_slow_rate_type}%{METRICSPACE})?(Log_slow_rate_limit: %{NUMBER:mysql.slowlog.log_slow_rate_limit:long}%{METRICSPACE})?%{EXPLAIN}(use %{WORD:mysql.slowlog.schema};\n)?SET timestamp=%{NUMBER:mysql.slowlog.timestamp:long};\n%{GREEDYMULTILINE:mysql.slowlog.query}"
+ ],
+ "pattern_definitions" : {
+ "GREEDYMULTILINE": "(.|\n)*",
+ "METRICSPACE": "([ #\n]*)",
+ "EXPLAIN": "(# explain:.*\n|#\\s*\n)*"
+ },
+ "ignore_missing": true
+ }
+ }, {
+ "remove":{
+ "field": "message"
+ }
+ }, {
+ "script": {
+ "lang": "painless",
+ "source": "for (field in params.fields) { def v = ctx.mysql.slowlog.get(field); if (v != null) { ctx.mysql.slowlog.put(field, params.mapping.get(v)) } }",
+ "params": {
+ "mapping": {
+ "Yes": true,
+ "No": false
+ },
+ "fields": [
+ "query_cache_hit",
+ "tmp_table",
+ "tmp_table_on_disk",
+ "filesort",
+ "filesort_on_disk",
+ "priority_queue",
+ "full_scan",
+ "full_join"
+ ]
+ }
+ }
+ }, {
+ "script": {
+ "lang": "painless",
+ "source": "ctx.event.duration = Math.round(ctx.temp.duration * 1000000) * 1000",
+ "if": "ctx.temp?.duration != null"
+ }
+ }, {
+ "remove": {
+ "field": "temp.duration",
+ "ignore_missing": true
+ }
+ }, {
+ "date": {
+ "field": "mysql.slowlog.timestamp",
+ "target_field": "@timestamp",
+ "formats": ["UNIX"],
+ "ignore_failure": true
+ }
+ }, {
+ "remove":{
+ "field": "mysql.slowlog.timestamp",
+ "ignore_missing": true
+ }
+ }, {
+ "set":{
+ "field": "event.kind",
+ "value": "event"
+ }
+ }, {
+ "append":{
+ "field": "event.category",
+ "value": "database"
+ }
+ }, {
+ "append":{
+ "field": "event.type",
+ "value": "info"
+ }
+ }],
+ "on_failure" : [{
+ "set" : {
+ "field" : "error.message",
+ "value" : "{{ _ingest.on_failure_message }}"
+ }
+ }]
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/fields/ecs.yml b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/fields/ecs.yml
new file mode 100644
index 00000000000..ba864aa07fb
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/fields/ecs.yml
@@ -0,0 +1,29 @@
+- name: source
+ title: Source
+ group: 2
+ type: group
+ fields:
+ - name: domain
+ level: core
+ type: keyword
+ description: Source domain.
+ ignore_above: 1024
+ - name: ip
+ level: core
+ type: ip
+ description: IP address of the source (IPv4 or IPv6).
+- name: user
+ title: User
+ group: 2
+ type: group
+ fields:
+ - name: name
+ level: core
+ type: keyword
+ description: Short name or login of the user.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ default_field: false
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/fields/fields.yml b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/fields/fields.yml
new file mode 100644
index 00000000000..681c9d98d93
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/fields/fields.yml
@@ -0,0 +1,180 @@
+- name: mysql.slowlog
+ type: group
+ fields:
+ - name: lock_time.sec
+ type: float
+ description: |
+ The amount of time the query waited for the lock to be available. The value is in seconds, as a floating point number.
+ - name: rows_sent
+ type: long
+ description: |
+ The number of rows returned by the query.
+ - name: rows_examined
+ type: long
+ description: |
+ The number of rows scanned by the query.
+ - name: rows_affected
+ type: long
+ description: |
+ The number of rows modified by the query.
+ - name: bytes_sent
+ type: long
+ format: bytes
+ description: |
+ The number of bytes sent to client.
+ - name: bytes_received
+ type: long
+ format: bytes
+ description: |
+ The number of bytes received from client.
+ - name: query
+ type: keyword
+ description: |
+ The slow query.
+ - name: schema
+ type: keyword
+ description: |
+ The schema where the slow query was executed.
+ - name: current_user
+ type: keyword
+ description: |
+ Current authenticated user, used to determine access privileges. Can differ from the value for user.
+ - name: last_errno
+ type: keyword
+ description: |
+ Last SQL error seen.
+ - name: killed
+ type: keyword
+ description: |
+ Code of the reason if the query was killed.
+ - name: query_cache_hit
+ type: boolean
+ description: |
+ Whether the query cache was hit.
+ - name: tmp_table
+ type: boolean
+ description: |
+ Whether a temporary table was used to resolve the query.
+ - name: tmp_table_on_disk
+ type: boolean
+ description: |
+ Whether the query needed temporary tables on disk.
+ - name: tmp_tables
+ type: long
+ description: |
+ Number of temporary tables created for this query
+ - name: tmp_disk_tables
+ type: long
+ description: |
+ Number of temporary tables created on disk for this query.
+ - name: tmp_table_sizes
+ type: long
+ format: bytes
+ description: Size of temporary tables created for this query.
+ - name: filesort
+ type: boolean
+ description: |
+ Whether filesort optimization was used.
+ - name: filesort_on_disk
+ type: boolean
+ description: |
+ Whether filesort optimization was used and it needed temporary tables on disk.
+ - name: priority_queue
+ type: boolean
+ description: |
+ Whether a priority queue was used for filesort.
+ - name: full_scan
+ type: boolean
+ description: |
+ Whether a full table scan was needed for the slow query.
+ - name: full_join
+ type: boolean
+ description: |
+ Whether a full join was needed for the slow query (no indexes were used for joins).
+ - name: merge_passes
+ type: long
+ description: |
+ Number of merge passes executed for the query.
+ - name: sort_merge_passes
+ type: long
+ description: |
+ Number of merge passes that the sort algorithm has had to do.
+ - name: sort_range_count
+ type: long
+ description: "Number of sorts that were done using ranges. \n"
+ - name: sort_rows
+ type: long
+ description: |
+ Number of sorted rows.
+ - name: sort_scan_count
+ type: long
+ description: |
+ Number of sorts that were done by scanning the table.
+ - name: log_slow_rate_type
+ type: keyword
+ description: |
+ Type of slow log rate limit, it can be `session` if the rate limit is applied per session, or `query` if it applies per query.
+ - name: log_slow_rate_limit
+ type: keyword
+ description: |
+ Slow log rate limit, a value of 100 means that one in a hundred queries or sessions are being logged.
+ - name: read_first
+ type: long
+ description: |
+ The number of times the first entry in an index was read.
+ - name: read_last
+ type: long
+ description: |
+ The number of times the last key in an index was read.
+ - name: read_key
+ type: long
+ description: |
+ The number of requests to read a row based on a key.
+ - name: read_next
+ type: long
+ description: |
+ The number of requests to read the next row in key order.
+ - name: read_prev
+ type: long
+ description: |
+ The number of requests to read the previous row in key order.
+ - name: read_rnd
+ type: long
+ description: "The number of requests to read a row based on a fixed position.
+ \n"
+ - name: read_rnd_next
+ type: long
+ description: |
+ The number of requests to read the next row in the data file.
+ - name: innodb
+ type: group
+ fields:
+ - name: trx_id
+ type: keyword
+ description: |
+ Transaction ID
+ - name: io_r_ops
+ type: long
+ description: |
+ Number of page read operations.
+ - name: io_r_bytes
+ type: long
+ format: bytes
+ description: |
+ Bytes read during page read operations.
+ - name: io_r_wait.sec
+ type: long
+ description: |
+ How long it took to read all needed data from storage.
+ - name: rec_lock_wait.sec
+ type: long
+ description: |
+ How long the query waited for locks.
+ - name: queue_wait.sec
+ type: long
+ description: |
+ How long the query waited to enter the InnoDB queue and to be executed once in the queue.
+ - name: pages_distinct
+ type: long
+ description: |
+ Approximated count of pages accessed to execute the query.
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/fields/package-fields.yml b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/fields/package-fields.yml
new file mode 100644
index 00000000000..a35a72d6dd7
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/fields/package-fields.yml
@@ -0,0 +1,7 @@
+- name: mysql
+ type: group
+ fields:
+ - name: thread_id
+ type: long
+ description: |
+ The connection or thread ID for the query.
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/manifest.yml b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/manifest.yml
new file mode 100644
index 00000000000..b0ef940e3ec
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/slowlog/manifest.yml
@@ -0,0 +1,22 @@
+title: MySQL slowlog logs
+type: logs
+release: beta
+streams:
+- input: logs
+ vars:
+ - name: paths
+ type: text
+ title: Slowlog paths
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - /var/log/mysql/mysql-slow.log*
+ os.darwin:
+ default:
+ - /usr/local/var/mysql/localhost-slow.log*
+ os.windows:
+ default:
+ - c:/programdata/MySQL/MySQL Server*/mysql-slow.log*
+ title: MySQL slowlog logs
+ description: Collect MySQL slowlog logs
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/status/agent/stream/stream.yml.hbs b/dev/packages/alpha/mysql/0.1.0/dataset/status/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..8cb5142b3d3
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/status/agent/stream/stream.yml.hbs
@@ -0,0 +1,15 @@
+metricsets: ["status"]
+hosts:
+{{#each hosts}}
+ - {{this}}
+{{/each}}
+{{#if password}}
+password: {{password}}
+{{/if}}
+period: {{period}}
+{{#if raw}}
+raw: {{raw}}
+{{/if}}
+{{#if username}}
+username: {{username}}
+{{/if}}
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/status/fields/fields.yml b/dev/packages/alpha/mysql/0.1.0/dataset/status/fields/fields.yml
new file mode 100644
index 00000000000..901a3728b25
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/status/fields/fields.yml
@@ -0,0 +1,282 @@
+- name: mysql.status
+ type: group
+ release: ga
+ fields:
+ - name: aborted
+ type: group
+ fields:
+ - name: clients
+ type: long
+ description: |
+ The number of connections that were aborted because the client died without closing the connection properly.
+ - name: connects
+ type: long
+ description: |
+ The number of failed attempts to connect to the MySQL server.
+ - name: binlog
+ type: group
+ fields:
+ - name: cache.disk_use
+ type: long
+ - name: cache.use
+ type: long
+ - name: bytes
+ type: group
+ fields:
+ - name: received
+ type: long
+ format: bytes
+ description: |
+ The number of bytes received from all clients.
+ - name: sent
+ type: long
+ format: bytes
+ description: |
+ The number of bytes sent to all clients.
+ - name: threads
+ type: group
+ fields:
+ - name: cached
+ type: long
+ description: |
+ The number of cached threads.
+ - name: created
+ type: long
+ description: |
+ The number of created threads.
+ - name: connected
+ type: long
+ description: |
+ The number of connected threads.
+ - name: running
+ type: long
+ description: |
+ The number of running threads.
+ - name: connections
+ type: long
+ - name: created
+ type: group
+ fields:
+ - name: tmp.disk_tables
+ type: long
+ - name: tmp.files
+ type: long
+ - name: tmp.tables
+ type: long
+ - name: delayed
+ type: group
+ fields:
+ - name: errors
+ type: long
+ - name: insert_threads
+ type: long
+ - name: writes
+ type: long
+ - name: flush_commands
+ type: long
+ - name: max_used_connections
+ type: long
+ - name: open
+ type: group
+ fields:
+ - name: files
+ type: long
+ - name: streams
+ type: long
+ - name: tables
+ type: long
+ - name: opened_tables
+ type: long
+ - name: command
+ type: group
+ fields:
+ - name: delete
+ type: long
+ description: |
+ The number of DELETE queries since startup.
+ - name: insert
+ type: long
+ description: |
+ The number of INSERT queries since startup.
+ - name: select
+ type: long
+ description: |
+ The number of SELECT queries since startup.
+ - name: update
+ type: long
+ description: |
+ The number of UPDATE queries since startup.
+ - name: queries
+ type: long
+ description: |
+ The number of statements executed by the server. This variable includes statements executed within stored programs, unlike the Questions variable. It does not count COM_PING or COM_STATISTICS commands.
+ - name: questions
+ type: long
+ description: |
+ The number of statements executed by the server. This includes only statements sent to the server by clients and not statements executed within stored programs, unlike the Queries variable. This variable does not count COM_PING, COM_STATISTICS, COM_STMT_PREPARE, COM_STMT_CLOSE, or COM_STMT_RESET commands.
+ - name: handler
+ type: group
+ fields:
+ - name: commit
+ type: long
+ description: |
+ The number of internal COMMIT statements.
+ - name: delete
+ type: long
+ description: |
+ The number of times that rows have been deleted from tables.
+ - name: external_lock
+ type: long
+ description: |
+ The server increments this variable for each call to its external_lock() function, which generally occurs at the beginning and end of access to a table instance.
+ - name: mrr_init
+ type: long
+ description: |
+ The number of times the server uses a storage engine's own Multi-Range Read implementation for table access.
+ - name: prepare
+ type: long
+ description: |
+ A counter for the prepare phase of two-phase commit operations.
+ - name: read
+ type: group
+ fields:
+ - name: first
+ type: long
+ description: |
+ The number of times the first entry in an index was read.
+ - name: key
+ type: long
+ description: |
+ The number of requests to read a row based on a key.
+ - name: last
+ type: long
+ description: "The number of requests to read the last key in an index. \n"
+ - name: next
+ type: long
+ description: |
+ The number of requests to read the next row in key order.
+ - name: prev
+ type: long
+ description: |
+ The number of requests to read the previous row in key order.
+ - name: rnd
+ type: long
+ description: "The number of requests to read a row based on a fixed position.
+ \n"
+ - name: rnd_next
+ type: long
+ description: "The number of requests to read the next row in the data file.
+ \n"
+ - name: rollback
+ type: long
+ description: |
+ The number of requests for a storage engine to perform a rollback operation.
+ - name: savepoint
+ type: long
+ description: |
+ The number of requests for a storage engine to place a savepoint.
+ - name: savepoint_rollback
+ type: long
+ description: |
+ The number of requests for a storage engine to roll back to a savepoint.
+ - name: update
+ type: long
+ description: |
+ The number of requests to update a row in a table.
+ - name: write
+ type: long
+ description: |
+ The number of requests to insert a row in a table.
+ - name: innodb
+ type: group
+ fields:
+ - name: buffer_pool
+ type: group
+ fields:
+ - name: dump_status
+ type: long
+ description: |
+ The progress of an operation to record the pages held in the InnoDB buffer pool, triggered by the setting of innodb_buffer_pool_dump_at_shutdown or innodb_buffer_pool_dump_now.
+ - name: load_status
+ type: long
+ description: |
+ The progress of an operation to warm up the InnoDB buffer pool by reading in a set of pages corresponding to an earlier point in time, triggered by the setting of innodb_buffer_pool_load_at_startup or innodb_buffer_pool_load_now.
+ - name: bytes
+ type: group
+ fields:
+ - name: data
+ type: long
+ description: "The total number of bytes in the InnoDB buffer pool containing
+ data. \n"
+ - name: dirty
+ type: long
+ description: |
+ The total current number of bytes held in dirty pages in the InnoDB buffer pool.
+ - name: pages
+ type: group
+ fields:
+ - name: data
+ type: long
+ description: |
+ he number of pages in the InnoDB buffer pool containing data.
+ - name: dirty
+ type: long
+ description: |
+ The current number of dirty pages in the InnoDB buffer pool.
+ - name: flushed
+ type: long
+ description: |
+ The number of requests to flush pages from the InnoDB buffer pool.
+ - name: free
+ type: long
+ description: |
+ The number of free pages in the InnoDB buffer pool.
+ - name: latched
+ type: long
+ description: |
+ The number of latched pages in the InnoDB buffer pool.
+ - name: misc
+ type: long
+ description: |
+ The number of pages in the InnoDB buffer pool that are busy because they have been allocated for administrative overhead, such as row locks or the adaptive hash index.
+ - name: total
+ type: long
+ description: |
+ The total size of the InnoDB buffer pool, in pages.
+ - name: read
+ type: group
+ fields:
+ - name: ahead
+ type: long
+ description: |
+ The number of pages read into the InnoDB buffer pool by the read-ahead background thread.
+ - name: ahead_evicted
+ type: long
+ description: |
+ The number of pages read into the InnoDB buffer pool by the read-ahead background thread that were subsequently evicted without having been accessed by queries.
+ - name: ahead_rnd
+ type: long
+ description: |
+ The number of "random" read-aheads initiated by InnoDB.
+ - name: requests
+ type: long
+ description: |
+ The number of logical read requests.
+ - name: pool
+ type: group
+ fields:
+ - name: reads
+ type: long
+ description: |
+ The number of logical reads that InnoDB could not satisfy from the buffer pool, and had to read directly from disk.
+ - name: resize_status
+ type: long
+ description: |
+ The status of an operation to resize the InnoDB buffer pool dynamically, triggered by setting the innodb_buffer_pool_size parameter dynamically.
+ - name: wait_free
+ type: long
+ description: |
+ Normally, writes to the InnoDB buffer pool happen in the background. When InnoDB needs to read or create a page and no clean pages are available, InnoDB flushes some dirty pages first and waits for that operation to finish. This counter counts instances of these waits.
+ - name: write_requests
+ type: long
+ description: The number of writes done to the InnoDB buffer pool.
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/status/fields/package-fields.yml b/dev/packages/alpha/mysql/0.1.0/dataset/status/fields/package-fields.yml
new file mode 100644
index 00000000000..57436911ee5
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/status/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: mysql
+ type: group
diff --git a/dev/packages/alpha/mysql/0.1.0/dataset/status/manifest.yml b/dev/packages/alpha/mysql/0.1.0/dataset/status/manifest.yml
new file mode 100644
index 00000000000..b9175fe7c06
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/dataset/status/manifest.yml
@@ -0,0 +1,21 @@
+title: MySQL status metrics
+type: metrics
+release: beta
+streams:
+- input: mysql/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ required: true
+ show_user: true
+ default: 10s
+ - name: raw
+ type: bool
+ title: Raw
+ description: >
+ When enabled, in addition to the existing data structure, all fields available from the mysql service through
+ "SHOW /*!50002 GLOBAL */ STATUS;" will be added to the event.
+ default: false
+ title: MySQL status metrics
+ description: Collect MySQL status metrics
diff --git a/dev/packages/alpha/mysql/0.1.0/docs/README.md b/dev/packages/alpha/mysql/0.1.0/docs/README.md
new file mode 100644
index 00000000000..68dac87331b
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/docs/README.md
@@ -0,0 +1,465 @@
+# MySQL Integration
+
+This integration periodically fetches logs and metrics from [https://www.mysql.com/](MySQL) servers.
+
+## Compatibility
+
+The `error` and `slowlog` datasets were tested with logs from MySQL 5.5, 5.7 and 8.0, MariaDB 10.1, 10.2 and 10.3, and Percona 5.7 and 8.0.
+
+The `galera_status` and `status` datasets were tested with MySQL and Percona 5.7 and 8.0 and are expected to work with all
+versions >= 5.7.0. It is also tested with MariaDB 10.2, 10.3 and 10.4.
+
+## Logs
+
+### error
+
+The `error` dataset collects the MySQL error logs.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| event.category | Event category (e.g. database) | keyword |
+| event.code | Identification code for this event | keyword |
+| event.created | Date/time when the event was first read by an agent, or by your pipeline. | date |
+| event.kind | Event kind (e.g. event) | keyword |
+| event.provider | Source of the event (e.g. Server) | keyword |
+| event.timezone | Time zone information | keyword |
+| event.type | Event severity (e.g. info, error) | keyword |
+| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword |
+| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text |
+| mysql.thread_id | The connection or thread ID for the query. | long |
+
+
+### slowlog
+
+The `slowlog` dataset collects the MySQL slow logs.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| mysql.slowlog.bytes_received | The number of bytes received from client. | long |
+| mysql.slowlog.bytes_sent | The number of bytes sent to client. | long |
+| mysql.slowlog.current_user | Current authenticated user, used to determine access privileges. Can differ from the value for user. | keyword |
+| mysql.slowlog.filesort | Whether filesort optimization was used. | boolean |
+| mysql.slowlog.filesort_on_disk | Whether filesort optimization was used and it needed temporary tables on disk. | boolean |
+| mysql.slowlog.full_join | Whether a full join was needed for the slow query (no indexes were used for joins). | boolean |
+| mysql.slowlog.full_scan | Whether a full table scan was needed for the slow query. | boolean |
+| mysql.slowlog.innodb.io_r_bytes | Bytes read during page read operations. | long |
+| mysql.slowlog.innodb.io_r_ops | Number of page read operations. | long |
+| mysql.slowlog.innodb.io_r_wait.sec | How long it took to read all needed data from storage. | long |
+| mysql.slowlog.innodb.pages_distinct | Approximated count of pages accessed to execute the query. | long |
+| mysql.slowlog.innodb.queue_wait.sec | How long the query waited to enter the InnoDB queue and to be executed once in the queue. | long |
+| mysql.slowlog.innodb.rec_lock_wait.sec | How long the query waited for locks. | long |
+| mysql.slowlog.innodb.trx_id | Transaction ID | keyword |
+| mysql.slowlog.killed | Code of the reason if the query was killed. | keyword |
+| mysql.slowlog.last_errno | Last SQL error seen. | keyword |
+| mysql.slowlog.lock_time.sec | The amount of time the query waited for the lock to be available. The value is in seconds, as a floating point number. | float |
+| mysql.slowlog.log_slow_rate_limit | Slow log rate limit, a value of 100 means that one in a hundred queries or sessions are being logged. | keyword |
+| mysql.slowlog.log_slow_rate_type | Type of slow log rate limit, it can be `session` if the rate limit is applied per session, or `query` if it applies per query. | keyword |
+| mysql.slowlog.merge_passes | Number of merge passes executed for the query. | long |
+| mysql.slowlog.priority_queue | Whether a priority queue was used for filesort. | boolean |
+| mysql.slowlog.query | The slow query. | keyword |
+| mysql.slowlog.query_cache_hit | Whether the query cache was hit. | boolean |
+| mysql.slowlog.read_first | The number of times the first entry in an index was read. | long |
+| mysql.slowlog.read_key | The number of requests to read a row based on a key. | long |
+| mysql.slowlog.read_last | The number of times the last key in an index was read. | long |
+| mysql.slowlog.read_next | The number of requests to read the next row in key order. | long |
+| mysql.slowlog.read_prev | The number of requests to read the previous row in key order. | long |
+| mysql.slowlog.read_rnd | The number of requests to read a row based on a fixed position. | long |
+| mysql.slowlog.read_rnd_next | The number of requests to read the next row in the data file. | long |
+| mysql.slowlog.rows_affected | The number of rows modified by the query. | long |
+| mysql.slowlog.rows_examined | The number of rows scanned by the query. | long |
+| mysql.slowlog.rows_sent | The number of rows returned by the query. | long |
+| mysql.slowlog.schema | The schema where the slow query was executed. | keyword |
+| mysql.slowlog.sort_merge_passes | Number of merge passes that the sort algorithm has had to do. | long |
+| mysql.slowlog.sort_range_count | Number of sorts that were done using ranges. | long |
+| mysql.slowlog.sort_rows | Number of sorted rows. | long |
+| mysql.slowlog.sort_scan_count | Number of sorts that were done by scanning the table. | long |
+| mysql.slowlog.tmp_disk_tables | Number of temporary tables created on disk for this query. | long |
+| mysql.slowlog.tmp_table | Whether a temporary table was used to resolve the query. | boolean |
+| mysql.slowlog.tmp_table_on_disk | Whether the query needed temporary tables on disk. | boolean |
+| mysql.slowlog.tmp_table_sizes | Size of temporary tables created for this query. | long |
+| mysql.slowlog.tmp_tables | Number of temporary tables created for this query | long |
+| mysql.thread_id | The connection or thread ID for the query. | long |
+| source.domain | Source domain. | keyword |
+| source.ip | IP address of the source (IPv4 or IPv6). | ip |
+| user.name | Short name or login of the user. | keyword |
+
+
+## Metrics
+
+### galera_status
+
+The `galera_status` dataset periodically fetches metrics from [http://galeracluster.com/](Galera)-MySQL cluster servers.
+
+An example event for `galera_status` looks as following:
+
+```$json
+{
+ "@timestamp":"2020-04-20T12:33:24.613Z",
+ "mysql":{
+ "galera_status":{
+ "apply":{
+ "oooe":0,
+ "oool":0,
+ "window":1
+ },
+ "connected":"ON",
+ "flow_ctl":{
+ "recv":0,
+ "sent":0,
+ "paused":0,
+ "paused_ns":0
+ },
+ "ready":"ON",
+ "received":{
+ "count":173,
+ "bytes":152425
+ },
+ "local":{
+ "state":"Synced",
+ "bf_aborts":0,
+ "cert_failures":0,
+ "commits":1325,
+ "recv":{
+ "queue_max":2,
+ "queue_min":0,
+ "queue":0,
+ "queue_avg":0.011561
+ },
+ "replays":0,
+ "send":{
+ "queue_min":0,
+ "queue":0,
+ "queue_avg":0,
+ "queue_max":1
+ }
+ },
+ "evs":{
+ "evict":"",
+ "state":"OPERATIONAL"
+ },
+ "repl":{
+ "bytes":1689804,
+ "data_bytes":1540647,
+ "keys":4170,
+ "keys_bytes":63973,
+ "other_bytes":0,
+ "count":1331
+ },
+ "commit":{
+ "oooe":0,
+ "window":1
+ },
+ "cluster":{
+ "conf_id":930,
+ "size":3,
+ "status":"Primary"
+ },
+ "last_committed":23944,
+ "cert":{
+ "deps_distance":43.524557,
+ "index_size":22,
+ "interval":0
+ }
+ }
+ },
+ "fields":{
+ "stream":{
+ "type":"metrics",
+ "dataset":"mysql.galera_status",
+ "namespace":"default"
+ }
+ },
+ "ecs":{
+ "version":"1.5.0"
+ },
+ "agent":{
+ "hostname":"MacBook-Elastic.local",
+ "id":"ede0be38-46a9-4ffc-8f1e-2ff9195193b6",
+ "version":"8.0.0",
+ "type":"metricbeat",
+ "ephemeral_id":"4c773a2e-16d5-4d86-be49-cfb3573f4f4f"
+ },
+ "event":{
+ "dataset":"mysql.galera_status",
+ "module":"mysql",
+ "duration":3275482
+ },
+ "metricset":{
+ "name":"galera_status",
+ "period":10000
+ },
+ "service":{
+ "address":"127.0.0.1:3306",
+ "type":"mysql"
+ }
+}
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| mysql.galera_status.apply.oooe | How often applier started write-set applying out-of-order (parallelization efficiency). | double |
+| mysql.galera_status.apply.oool | How often write-set was so slow to apply that write-set with higher seqno's were applied earlier. Values closer to 0 refer to a greater gap between slow and fast write-sets. | double |
+| mysql.galera_status.apply.window | Average distance between highest and lowest concurrently applied seqno. | double |
+| mysql.galera_status.cert.deps_distance | Average distance between highest and lowest seqno value that can be possibly applied in parallel (potential degree of parallelization). | double |
+| mysql.galera_status.cert.index_size | The number of entries in the certification index. | long |
+| mysql.galera_status.cert.interval | Average number of transactions received while a transaction replicates. | double |
+| mysql.galera_status.cluster.conf_id | Total number of cluster membership changes happened. | long |
+| mysql.galera_status.cluster.size | Current number of members in the cluster. | long |
+| mysql.galera_status.cluster.status | Status of this cluster component. That is, whether the node is part of a PRIMARY or NON_PRIMARY component. | keyword |
+| mysql.galera_status.commit.oooe | How often a transaction was committed out of order. | double |
+| mysql.galera_status.commit.window | Average distance between highest and lowest concurrently committed seqno. | long |
+| mysql.galera_status.connected | If the value is OFF, the node has not yet connected to any of the cluster components. This may be due to misconfiguration. Check the error log for proper diagnostics. | keyword |
+| mysql.galera_status.evs.evict | Lists the UUID's of all nodes evicted from the cluster. Evicted nodes cannot rejoin the cluster until you restart their mysqld processes. | keyword |
+| mysql.galera_status.evs.state | Shows the internal state of the EVS Protocol. | keyword |
+| mysql.galera_status.flow_ctl.paused | The fraction of time since the last FLUSH STATUS command that replication was paused due to flow control. In other words, how much the slave lag is slowing down the cluster. | double |
+| mysql.galera_status.flow_ctl.paused_ns | The total time spent in a paused state measured in nanoseconds. | long |
+| mysql.galera_status.flow_ctl.recv | Returns the number of FC_PAUSE events the node has received, including those the node has sent. Unlike most status variables, the counter for this one does not reset every time you run the query. | long |
+| mysql.galera_status.flow_ctl.sent | Returns the number of FC_PAUSE events the node has sent. Unlike most status variables, the counter for this one does not reset every time you run the query. | long |
+| mysql.galera_status.last_committed | The sequence number, or seqno, of the last committed transaction. | long |
+| mysql.galera_status.local.bf_aborts | Total number of local transactions that were aborted by slave transactions while in execution. | long |
+| mysql.galera_status.local.cert_failures | Total number of local transactions that failed certification test. | long |
+| mysql.galera_status.local.commits | Total number of local transactions committed. | long |
+| mysql.galera_status.local.recv.queue | Current (instantaneous) length of the recv queue. | long |
+| mysql.galera_status.local.recv.queue_avg | Recv queue length averaged over interval since the last FLUSH STATUS command. Values considerably larger than 0.0 mean that the node cannot apply write-sets as fast as they are received and will generate a lot of replication throttling. | double |
+| mysql.galera_status.local.recv.queue_max | The maximum length of the recv queue since the last FLUSH STATUS command. | long |
+| mysql.galera_status.local.recv.queue_min | The minimum length of the recv queue since the last FLUSH STATUS command. | long |
+| mysql.galera_status.local.replays | Total number of transaction replays due to asymmetric lock granularity. | long |
+| mysql.galera_status.local.send.queue | Current (instantaneous) length of the send queue. | long |
+| mysql.galera_status.local.send.queue_avg | Send queue length averaged over time since the last FLUSH STATUS command. Values considerably larger than 0.0 indicate replication throttling or network throughput issue. | double |
+| mysql.galera_status.local.send.queue_max | The maximum length of the send queue since the last FLUSH STATUS command. | long |
+| mysql.galera_status.local.send.queue_min | The minimum length of the send queue since the last FLUSH STATUS command. | long |
+| mysql.galera_status.local.state | Internal Galera Cluster FSM state number. | keyword |
+| mysql.galera_status.ready | Whether the server is ready to accept queries. | keyword |
+| mysql.galera_status.received.bytes | Total size of write-sets received from other nodes. | long |
+| mysql.galera_status.received.count | Total number of write-sets received from other nodes. | long |
+| mysql.galera_status.repl.bytes | Total size of write-sets replicated. | long |
+| mysql.galera_status.repl.count | Total number of write-sets replicated (sent to other nodes). | long |
+| mysql.galera_status.repl.data_bytes | Total size of data replicated. | long |
+| mysql.galera_status.repl.keys | Total number of keys replicated. | long |
+| mysql.galera_status.repl.keys_bytes | Total size of keys replicated. | long |
+| mysql.galera_status.repl.other_bytes | Total size of other bits replicated. | long |
+
+
+### status
+
+The MySQL `status` dataset collects data from MySQL by running a `SHOW GLOBAL STATUS;` SQL query. This query returns a large number of metrics.
+
+An example event for `status` looks as following:
+
+```$json
+{
+ "@timestamp":"2020-04-20T12:32:54.614Z",
+ "mysql":{
+ "status":{
+ "max_used_connections":3,
+ "queries":479,
+ "handler":{
+ "prepare":0,
+ "savepoint":0,
+ "update":0,
+ "delete":0,
+ "read":{
+ "rnd_next":59604,
+ "first":8,
+ "key":6,
+ "last":0,
+ "next":1,
+ "prev":0,
+ "rnd":0
+ },
+ "rollback":0,
+ "write":0,
+ "commit":5,
+ "savepoint_rollback":0,
+ "external_lock":552,
+ "mrr_init":0
+ },
+ "aborted":{
+ "clients":0,
+ "connects":0
+ },
+ "threads":{
+ "running":2,
+ "cached":1,
+ "created":3,
+ "connected":2
+ },
+ "flush_commands":1,
+ "created":{
+ "tmp":{
+ "disk_tables":0,
+ "files":6,
+ "tables":0
+ }
+ },
+ "connections":159,
+ "command":{
+ "insert":0,
+ "select":155,
+ "update":0,
+ "delete":0
+ },
+ "opened_tables":122,
+ "binlog":{
+ "cache":{
+ "use":0,
+ "disk_use":0
+ }
+ },
+ "delayed":{
+ "writes":0,
+ "errors":0,
+ "insert_threads":0
+ },
+ "questions":479,
+ "innodb":{
+ "buffer_pool":{
+ "read":{
+ "ahead_rnd":0,
+ "requests":1488,
+ "ahead":0,
+ "ahead_evicted":0
+ },
+ "pool":{
+ "wait_free":0,
+ "reads":405
+ },
+ "write_requests":325,
+ "bytes":{
+ "data":7176192,
+ "dirty":0
+ },
+ "pages":{
+ "dirty":0,
+ "flushed":36,
+ "free":7753,
+ "misc":0,
+ "total":8191,
+ "data":438
+ }
+ }
+ },
+ "bytes":{
+ "received":38468,
+ "sent":1622162
+ },
+ "open":{
+ "streams":0,
+ "tables":115,
+ "files":14
+ }
+ }
+ },
+ "event":{
+ "dataset":"mysql.status",
+ "module":"mysql",
+ "duration":4708776
+ },
+ "metricset":{
+ "name":"status",
+ "period":10000
+ },
+ "fields":{
+ "stream":{
+ "type":"metrics",
+ "dataset":"mysql.status",
+ "namespace":"default"
+ }
+ },
+ "ecs":{
+ "version":"1.5.0"
+ },
+ "agent":{
+ "id":"ede0be38-46a9-4ffc-8f1e-2ff9195193b6",
+ "version":"8.0.0",
+ "type":"metricbeat",
+ "ephemeral_id":"4c773a2e-16d5-4d86-be49-cfb3573f4f4f",
+ "hostname":"MacBook-Elastic.local"
+ },
+ "service":{
+ "address":"127.0.0.1:3306",
+ "type":"mysql"
+ }
+}
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| mysql.status.aborted.clients | The number of connections that were aborted because the client died without closing the connection properly. | long |
+| mysql.status.aborted.connects | The number of failed attempts to connect to the MySQL server. | long |
+| mysql.status.binlog.cache.disk_use | | long |
+| mysql.status.binlog.cache.use | | long |
+| mysql.status.bytes.received | The number of bytes received from all clients. | long |
+| mysql.status.bytes.sent | The number of bytes sent to all clients. | long |
+| mysql.status.command.delete | The number of DELETE queries since startup. | long |
+| mysql.status.command.insert | The number of INSERT queries since startup. | long |
+| mysql.status.command.select | The number of SELECT queries since startup. | long |
+| mysql.status.command.update | The number of UPDATE queries since startup. | long |
+| mysql.status.connections | | long |
+| mysql.status.created.tmp.disk_tables | | long |
+| mysql.status.created.tmp.files | | long |
+| mysql.status.created.tmp.tables | | long |
+| mysql.status.delayed.errors | | long |
+| mysql.status.delayed.insert_threads | | long |
+| mysql.status.delayed.writes | | long |
+| mysql.status.flush_commands | | long |
+| mysql.status.handler.commit | The number of internal COMMIT statements. | long |
+| mysql.status.handler.delete | The number of times that rows have been deleted from tables. | long |
+| mysql.status.handler.external_lock | The server increments this variable for each call to its external_lock() function, which generally occurs at the beginning and end of access to a table instance. | long |
+| mysql.status.handler.mrr_init | The number of times the server uses a storage engine's own Multi-Range Read implementation for table access. | long |
+| mysql.status.handler.prepare | A counter for the prepare phase of two-phase commit operations. | long |
+| mysql.status.handler.read.first | The number of times the first entry in an index was read. | long |
+| mysql.status.handler.read.key | The number of requests to read a row based on a key. | long |
+| mysql.status.handler.read.last | The number of requests to read the last key in an index. | long |
+| mysql.status.handler.read.next | The number of requests to read the next row in key order. | long |
+| mysql.status.handler.read.prev | The number of requests to read the previous row in key order. | long |
+| mysql.status.handler.read.rnd | The number of requests to read a row based on a fixed position. | long |
+| mysql.status.handler.read.rnd_next | The number of requests to read the next row in the data file. | long |
+| mysql.status.handler.rollback | The number of requests for a storage engine to perform a rollback operation. | long |
+| mysql.status.handler.savepoint | The number of requests for a storage engine to place a savepoint. | long |
+| mysql.status.handler.savepoint_rollback | The number of requests for a storage engine to roll back to a savepoint. | long |
+| mysql.status.handler.update | The number of requests to update a row in a table. | long |
+| mysql.status.handler.write | The number of requests to insert a row in a table. | long |
+| mysql.status.innodb.buffer_pool.bytes.data | The total number of bytes in the InnoDB buffer pool containing data. | long |
+| mysql.status.innodb.buffer_pool.bytes.dirty | The total current number of bytes held in dirty pages in the InnoDB buffer pool. | long |
+| mysql.status.innodb.buffer_pool.dump_status | The progress of an operation to record the pages held in the InnoDB buffer pool, triggered by the setting of innodb_buffer_pool_dump_at_shutdown or innodb_buffer_pool_dump_now. | long |
+| mysql.status.innodb.buffer_pool.load_status | The progress of an operation to warm up the InnoDB buffer pool by reading in a set of pages corresponding to an earlier point in time, triggered by the setting of innodb_buffer_pool_load_at_startup or innodb_buffer_pool_load_now. | long |
+| mysql.status.innodb.buffer_pool.pages.data | he number of pages in the InnoDB buffer pool containing data. | long |
+| mysql.status.innodb.buffer_pool.pages.dirty | The current number of dirty pages in the InnoDB buffer pool. | long |
+| mysql.status.innodb.buffer_pool.pages.flushed | The number of requests to flush pages from the InnoDB buffer pool. | long |
+| mysql.status.innodb.buffer_pool.pages.free | The number of free pages in the InnoDB buffer pool. | long |
+| mysql.status.innodb.buffer_pool.pages.latched | The number of latched pages in the InnoDB buffer pool. | long |
+| mysql.status.innodb.buffer_pool.pages.misc | The number of pages in the InnoDB buffer pool that are busy because they have been allocated for administrative overhead, such as row locks or the adaptive hash index. | long |
+| mysql.status.innodb.buffer_pool.pages.total | The total size of the InnoDB buffer pool, in pages. | long |
+| mysql.status.innodb.buffer_pool.pool.reads | The number of logical reads that InnoDB could not satisfy from the buffer pool, and had to read directly from disk. | long |
+| mysql.status.innodb.buffer_pool.pool.resize_status | The status of an operation to resize the InnoDB buffer pool dynamically, triggered by setting the innodb_buffer_pool_size parameter dynamically. | long |
+| mysql.status.innodb.buffer_pool.pool.wait_free | Normally, writes to the InnoDB buffer pool happen in the background. When InnoDB needs to read or create a page and no clean pages are available, InnoDB flushes some dirty pages first and waits for that operation to finish. This counter counts instances of these waits. | long |
+| mysql.status.innodb.buffer_pool.read.ahead | The number of pages read into the InnoDB buffer pool by the read-ahead background thread. | long |
+| mysql.status.innodb.buffer_pool.read.ahead_evicted | The number of pages read into the InnoDB buffer pool by the read-ahead background thread that were subsequently evicted without having been accessed by queries. | long |
+| mysql.status.innodb.buffer_pool.read.ahead_rnd | The number of "random" read-aheads initiated by InnoDB. | long |
+| mysql.status.innodb.buffer_pool.read.requests | The number of logical read requests. | long |
+| mysql.status.innodb.buffer_pool.write_requests | The number of writes done to the InnoDB buffer pool. | long |
+| mysql.status.max_used_connections | | long |
+| mysql.status.open.files | | long |
+| mysql.status.open.streams | | long |
+| mysql.status.open.tables | | long |
+| mysql.status.opened_tables | | long |
+| mysql.status.queries | The number of statements executed by the server. This variable includes statements executed within stored programs, unlike the Questions variable. It does not count COM_PING or COM_STATISTICS commands. | long |
+| mysql.status.questions | The number of statements executed by the server. This includes only statements sent to the server by clients and not statements executed within stored programs, unlike the Queries variable. This variable does not count COM_PING, COM_STATISTICS, COM_STMT_PREPARE, COM_STMT_CLOSE, or COM_STMT_RESET commands. | long |
+| mysql.status.threads.cached | The number of cached threads. | long |
+| mysql.status.threads.connected | The number of connected threads. | long |
+| mysql.status.threads.created | The number of created threads. | long |
+| mysql.status.threads.running | The number of running threads. | long |
+
diff --git a/dev/packages/alpha/mysql/0.1.0/img/kibana-mysql.png b/dev/packages/alpha/mysql/0.1.0/img/kibana-mysql.png
new file mode 100644
index 00000000000..13c5ea4d276
Binary files /dev/null and b/dev/packages/alpha/mysql/0.1.0/img/kibana-mysql.png differ
diff --git a/dev/packages/alpha/mysql/0.1.0/img/logo_mysql.svg b/dev/packages/alpha/mysql/0.1.0/img/logo_mysql.svg
new file mode 100644
index 00000000000..cfe6cbb664e
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/img/logo_mysql.svg
@@ -0,0 +1,6 @@
+
diff --git a/dev/packages/alpha/mysql/0.1.0/img/metricbeat-mysql.png b/dev/packages/alpha/mysql/0.1.0/img/metricbeat-mysql.png
new file mode 100644
index 00000000000..ee6ec195d46
Binary files /dev/null and b/dev/packages/alpha/mysql/0.1.0/img/metricbeat-mysql.png differ
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/dashboard/57b3fb50-6309-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/dashboard/57b3fb50-6309-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..23cd35e3f4d
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/dashboard/57b3fb50-6309-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,282 @@
+{
+ "attributes": {
+ "description": "Overview of MySQL server",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "optionsJSON": {
+ "darkTheme": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "title": "Open Tables, Files, Streams"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "14",
+ "w": 24,
+ "x": 24,
+ "y": 38
+ },
+ "panelIndex": "14",
+ "panelRefName": "panel_0",
+ "title": "Open Tables, Files, Streams",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Rate of Questions"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "050b110b-0b4d-404a-86c0-fa97f7eed2a0",
+ "w": 16,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "050b110b-0b4d-404a-86c0-fa97f7eed2a0",
+ "panelRefName": "panel_1",
+ "title": "Rate of Questions",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Rate of SELECT statements"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "988a61d7-ac3e-481e-a6ae-aa75aaa32a3a",
+ "w": 16,
+ "x": 16,
+ "y": 0
+ },
+ "panelIndex": "988a61d7-ac3e-481e-a6ae-aa75aaa32a3a",
+ "panelRefName": "panel_2",
+ "title": "Rate of SELECT statements",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Rate of INSERT, UPDATE, DELETE"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "a1f8fa38-a62f-4e05-adde-e995dae9ad83",
+ "w": 16,
+ "x": 32,
+ "y": 0
+ },
+ "panelIndex": "a1f8fa38-a62f-4e05-adde-e995dae9ad83",
+ "panelRefName": "panel_3",
+ "title": "Rate of INSERT, UPDATE, DELETE",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Connected Threads"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "d126fb61-605f-43af-b5d5-3fa3c128f726",
+ "w": 6,
+ "x": 0,
+ "y": 12
+ },
+ "panelIndex": "d126fb61-605f-43af-b5d5-3fa3c128f726",
+ "panelRefName": "panel_4",
+ "title": "Connected Threads",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Connections"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "59586d96-3abd-48a3-a258-cfd620826ec2",
+ "w": 14,
+ "x": 6,
+ "y": 12
+ },
+ "panelIndex": "59586d96-3abd-48a3-a258-cfd620826ec2",
+ "panelRefName": "panel_5",
+ "title": "Connections",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Aborted Connections Rate"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "dd0cf202-fe22-4daf-8f25-09c64d412bf3",
+ "w": 14,
+ "x": 20,
+ "y": 12
+ },
+ "panelIndex": "dd0cf202-fe22-4daf-8f25-09c64d412bf3",
+ "panelRefName": "panel_6",
+ "title": "Aborted Connections Rate",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Thread Activity"
+ },
+ "gridData": {
+ "h": 12,
+ "i": "ead16a55-a2d3-49ae-a09b-a0b03560e9a0",
+ "w": 14,
+ "x": 34,
+ "y": 12
+ },
+ "panelIndex": "ead16a55-a2d3-49ae-a09b-a0b03560e9a0",
+ "panelRefName": "panel_7",
+ "title": "Thread Activity",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Buffer Pool Pages"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "24fc2926-610d-4910-8f3e-eb63ca69788c",
+ "w": 15,
+ "x": 0,
+ "y": 24
+ },
+ "panelIndex": "24fc2926-610d-4910-8f3e-eb63ca69788c",
+ "panelRefName": "panel_8",
+ "title": "Buffer Pool Pages",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Buffer Pool Utilization"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "33c10c95-be67-492e-afb5-863f375cffc2",
+ "w": 16,
+ "x": 15,
+ "y": 24
+ },
+ "panelIndex": "33c10c95-be67-492e-afb5-863f375cffc2",
+ "panelRefName": "panel_9",
+ "title": "Buffer Pool Utilization",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Network Traffic"
+ },
+ "gridData": {
+ "h": 15,
+ "i": "3cd58868-0d03-4715-9ecc-9fba3cde47c1",
+ "w": 24,
+ "x": 0,
+ "y": 38
+ },
+ "panelIndex": "3cd58868-0d03-4715-9ecc-9fba3cde47c1",
+ "panelRefName": "panel_10",
+ "title": "Network Traffic",
+ "version": "7.3.1"
+ },
+ {
+ "embeddableConfig": {
+ "title": "Buffer Pool Efficiency"
+ },
+ "gridData": {
+ "h": 14,
+ "i": "d35d7c5e-8832-40e2-8c77-953ad320c853",
+ "w": 17,
+ "x": 31,
+ "y": 24
+ },
+ "panelIndex": "d35d7c5e-8832-40e2-8c77-953ad320c853",
+ "panelRefName": "panel_11",
+ "title": "Buffer Pool Efficiency",
+ "version": "7.3.1"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics MySQL] Database Overview",
+ "version": 1
+ },
+ "id": "57b3fb50-6309-11ea-a83e-25b8612d00cc",
+ "references": [
+ {
+ "id": "aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "4fa69a10-630b-11ea-a83e-25b8612d00cc",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "7ea77d30-630a-11ea-a83e-25b8612d00cc",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "779ee920-6309-11ea-a83e-25b8612d00cc",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "fc6b5a40-630d-11ea-a83e-25b8612d00cc",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "493e8460-630d-11ea-a83e-25b8612d00cc",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "bf60bc10-639b-11ea-a83e-25b8612d00cc",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "822df290-630f-11ea-a83e-25b8612d00cc",
+ "name": "panel_7",
+ "type": "visualization"
+ },
+ {
+ "id": "98c7bca0-63a2-11ea-a83e-25b8612d00cc",
+ "name": "panel_8",
+ "type": "visualization"
+ },
+ {
+ "id": "96d46630-63a4-11ea-a83e-25b8612d00cc",
+ "name": "panel_9",
+ "type": "visualization"
+ },
+ {
+ "id": "c8661020-6310-11ea-a83e-25b8612d00cc",
+ "name": "panel_10",
+ "type": "visualization"
+ },
+ {
+ "id": "a1e00160-63a4-11ea-a83e-25b8612d00cc",
+ "name": "panel_11",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/dashboard/Filebeat-MySQL-Dashboard-ecs.json b/dev/packages/alpha/mysql/0.1.0/kibana/dashboard/Filebeat-MySQL-Dashboard-ecs.json
new file mode 100644
index 00000000000..d5999c4f88b
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/dashboard/Filebeat-MySQL-Dashboard-ecs.json
@@ -0,0 +1,155 @@
+{
+ "attributes": {
+ "description": "Overview dashboard for the MySQL integration (logs)",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "optionsJSON": {
+ "darkTheme": false
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "vis": {
+ "params": {
+ "sort": {
+ "columnIndex": null,
+ "direction": null
+ }
+ }
+ }
+ },
+ "gridData": {
+ "h": 16,
+ "i": "1",
+ "w": 24,
+ "x": 0,
+ "y": 28
+ },
+ "panelIndex": "1",
+ "panelRefName": "panel_0",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "2",
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_1",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "3",
+ "w": 24,
+ "x": 24,
+ "y": 0
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_2",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "columns": [
+ "log.level",
+ "message"
+ ],
+ "sort": [
+ "@timestamp",
+ "desc"
+ ]
+ },
+ "gridData": {
+ "h": 20,
+ "i": "4",
+ "w": 24,
+ "x": 24,
+ "y": 28
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_3",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 16,
+ "i": "5",
+ "w": 24,
+ "x": 24,
+ "y": 12
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_4",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 16,
+ "i": "6",
+ "w": 24,
+ "x": 0,
+ "y": 12
+ },
+ "panelIndex": "6",
+ "panelRefName": "panel_5",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Logs MySQL] Overview ECS",
+ "version": 1
+ },
+ "id": "Logs-MySQL-Dashboard-ecs",
+ "references": [
+ {
+ "id": "MySQL-slowest-queries-ecs",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "MySQL-Slow-queries-over-time-ecs",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "MySQL-error-logs-ecs",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "Logs-MySQL-error-log-ecs",
+ "name": "panel_3",
+ "type": "search"
+ },
+ {
+ "id": "MySQL-Error-logs-levels-ecs",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "MySQL-Slow-logs-by-count-ecs",
+ "name": "panel_5",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/search/Filebeat-MySQL-Slow-log-ecs.json b/dev/packages/alpha/mysql/0.1.0/kibana/search/Filebeat-MySQL-Slow-log-ecs.json
new file mode 100644
index 00000000000..af029653679
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/search/Filebeat-MySQL-Slow-log-ecs.json
@@ -0,0 +1,109 @@
+{
+ "attributes": {
+ "columns": [
+ "_source"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "query",
+ "negate": false,
+ "type": "custom",
+ "value": "{\"match_phrase_prefix\":{\"event.dataset\":{\"query\":\"mysql.\"}}}"
+ },
+ "query": {
+ "match_phrase_prefix": {
+ "event.dataset": {
+ "query": "mysql."
+ }
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "key": "fileset.name",
+ "negate": false,
+ "params": {
+ "query": "slowlog",
+ "type": "phrase"
+ },
+ "type": "phrase",
+ "value": "slowlog"
+ },
+ "query": {
+ "match": {
+ "fileset.name": {
+ "query": "slowlog",
+ "type": "phrase"
+ }
+ }
+ }
+ }
+ ],
+ "highlight": {
+ "fields": {
+ "*": {}
+ },
+ "fragment_size": 2147483647,
+ "post_tags": [
+ "@/kibana-highlighted-field@"
+ ],
+ "pre_tags": [
+ "@kibana-highlighted-field@"
+ ],
+ "require_field_match": false
+ },
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "Slow logs [Logs MySQL] ECS",
+ "version": 1
+ },
+ "id": "Logs-MySQL-Slow-log-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/search/Filebeat-MySQL-error-log-ecs.json b/dev/packages/alpha/mysql/0.1.0/kibana/search/Filebeat-MySQL-error-log-ecs.json
new file mode 100644
index 00000000000..17f2fad7770
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/search/Filebeat-MySQL-error-log-ecs.json
@@ -0,0 +1,110 @@
+{
+ "attributes": {
+ "columns": [
+ "log.level",
+ "message"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "query",
+ "negate": false,
+ "type": "custom",
+ "value": "{\"match_phrase_prefix\":{\"event.dataset\":{\"query\":\"mysql.\"}}}"
+ },
+ "query": {
+ "match_phrase_prefix": {
+ "event.dataset": {
+ "query": "mysql."
+ }
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "key": "fileset.name",
+ "negate": false,
+ "params": {
+ "query": "error",
+ "type": "phrase"
+ },
+ "type": "phrase",
+ "value": "error"
+ },
+ "query": {
+ "match": {
+ "fileset.name": {
+ "query": "error",
+ "type": "phrase"
+ }
+ }
+ }
+ }
+ ],
+ "highlight": {
+ "fields": {
+ "*": {}
+ },
+ "fragment_size": 2147483647,
+ "post_tags": [
+ "@/kibana-highlighted-field@"
+ ],
+ "pre_tags": [
+ "@kibana-highlighted-field@"
+ ],
+ "require_field_match": false
+ },
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "Error logs [Logs MySQL] ECS",
+ "version": 1
+ },
+ "id": "Logs-MySQL-error-log-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/493e8460-630d-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/493e8460-630d-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..ef02add1fd4
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/493e8460-630d-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,121 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Connections [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(198,135,31,1)",
+ "fill": "0.2",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Connection rate",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "mysql.status.connections",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "max"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "caee3e70-630c-11ea-99e6-b5eed31db613",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "field": "caee3e70-630c-11ea-99e6-b5eed31db613",
+ "id": "d4eb4fd0-630c-11ea-99e6-b5eed31db613",
+ "type": "positive_only",
+ "unit": ""
+ }
+ ],
+ "point_size": "0",
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(115,216,255,0.89)",
+ "fill": "0.3",
+ "formatter": "number",
+ "id": "fe9af660-630b-11ea-99e6-b5eed31db613",
+ "label": "Connected",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "mysql.status.threads.connected",
+ "id": "fe9af661-630b-11ea-99e6-b5eed31db613",
+ "type": "max"
+ }
+ ],
+ "point_size": "0",
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "number",
+ "id": "e3d46bf0-630f-11ea-99e6-b5eed31db613",
+ "label": "Max Used Connections",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.max_used_connections",
+ "id": "e3d46bf1-630f-11ea-99e6-b5eed31db613",
+ "type": "avg"
+ }
+ ],
+ "point_size": "0",
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Connections [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "493e8460-630d-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/4fa69a10-630b-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/4fa69a10-630b-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..dcfe0518205
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/4fa69a10-630b-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,82 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Question rates [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "bar_color_rules": [
+ {
+ "id": "d61928d0-6309-11ea-99e6-b5eed31db613"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "right",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(252,220,0,1)",
+ "fill": "0.3",
+ "formatter": "'0.0a'",
+ "id": "3c2a2a40-f1f4-11e7-a752-236fe3270d99",
+ "label": "SELECT",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.questions",
+ "id": "3c2a2a41-f1f4-11e7-a752-236fe3270d99",
+ "type": "max"
+ },
+ {
+ "field": "3c2a2a41-f1f4-11e7-a752-236fe3270d99",
+ "id": "3c2a2a42-f1f4-11e7-a752-236fe3270d99",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "field": "3c2a2a42-f1f4-11e7-a752-236fe3270d99",
+ "id": "82f59710-6309-11ea-99e6-b5eed31db613",
+ "type": "positive_only",
+ "unit": ""
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 0,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Question rates [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "4fa69a10-630b-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/779ee920-6309-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/779ee920-6309-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..eed7f9d41a3
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/779ee920-6309-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,150 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Insert, Update, Delete rates [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "bar_color_rules": [
+ {
+ "id": "d61928d0-6309-11ea-99e6-b5eed31db613"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(104,204,202,1)",
+ "fill": "0.3",
+ "formatter": "number",
+ "id": "3c2a2a40-f1f4-11e7-a752-236fe3270d99",
+ "label": "INSERT",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.command.insert",
+ "id": "3c2a2a41-f1f4-11e7-a752-236fe3270d99",
+ "type": "max"
+ },
+ {
+ "field": "3c2a2a41-f1f4-11e7-a752-236fe3270d99",
+ "id": "3c2a2a42-f1f4-11e7-a752-236fe3270d99",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "field": "3c2a2a42-f1f4-11e7-a752-236fe3270d99",
+ "id": "82f59710-6309-11ea-99e6-b5eed31db613",
+ "type": "positive_only",
+ "unit": ""
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(252,220,0,1)",
+ "fill": "0.3",
+ "formatter": "number",
+ "id": "485ce050-f1f4-11e7-a752-236fe3270d99",
+ "label": "UPDATE",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.command.update",
+ "id": "485ce051-f1f4-11e7-a752-236fe3270d99",
+ "type": "max"
+ },
+ {
+ "field": "485ce051-f1f4-11e7-a752-236fe3270d99",
+ "id": "485ce052-f1f4-11e7-a752-236fe3270d99",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "field": "485ce052-f1f4-11e7-a752-236fe3270d99",
+ "id": "a4092660-6309-11ea-99e6-b5eed31db613",
+ "type": "positive_only",
+ "unit": ""
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(244,78,59,1)",
+ "fill": "0.3",
+ "formatter": "number",
+ "id": "543a4a70-f1f4-11e7-a752-236fe3270d99",
+ "label": "DELETE",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.command.delete",
+ "id": "543a4a71-f1f4-11e7-a752-236fe3270d99",
+ "type": "max"
+ },
+ {
+ "field": "543a4a71-f1f4-11e7-a752-236fe3270d99",
+ "id": "543a4a72-f1f4-11e7-a752-236fe3270d99",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "field": "543a4a72-f1f4-11e7-a752-236fe3270d99",
+ "id": "bae29b50-6309-11ea-99e6-b5eed31db613",
+ "type": "positive_only",
+ "unit": ""
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Insert, Update, Delete rates [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "779ee920-6309-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/7ea77d30-630a-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/7ea77d30-630a-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..784c3d9065a
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/7ea77d30-630a-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,82 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "SELECT rates [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "bar_color_rules": [
+ {
+ "id": "d61928d0-6309-11ea-99e6-b5eed31db613"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "right",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(0,156,224,1)",
+ "fill": "0.3",
+ "formatter": "'0.0a'",
+ "id": "3c2a2a40-f1f4-11e7-a752-236fe3270d99",
+ "label": "SELECT",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.command.select",
+ "id": "3c2a2a41-f1f4-11e7-a752-236fe3270d99",
+ "type": "max"
+ },
+ {
+ "field": "3c2a2a41-f1f4-11e7-a752-236fe3270d99",
+ "id": "3c2a2a42-f1f4-11e7-a752-236fe3270d99",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "field": "3c2a2a42-f1f4-11e7-a752-236fe3270d99",
+ "id": "82f59710-6309-11ea-99e6-b5eed31db613",
+ "type": "positive_only",
+ "unit": ""
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 0,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "SELECT rates [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "7ea77d30-630a-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/822df290-630f-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/822df290-630f-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..d24596b602a
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/822df290-630f-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,109 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Thread Activity [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(226,115,0,1)",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Avg Threads Running",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.threads.running",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "0",
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(22,165,165,1)",
+ "fill": "0",
+ "formatter": "number",
+ "id": "895f0820-630e-11ea-99e6-b5eed31db613",
+ "label": "Peak Threads Running",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "mysql.status.threads.running",
+ "id": "895f0821-630e-11ea-99e6-b5eed31db613",
+ "type": "max"
+ }
+ ],
+ "point_size": "0",
+ "separate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(77,77,77,1)",
+ "fill": "0",
+ "formatter": "number",
+ "id": "f8752460-630e-11ea-99e6-b5eed31db613",
+ "label": "Peak Threads Connected",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "mysql.status.threads.connected",
+ "id": "f8752461-630e-11ea-99e6-b5eed31db613",
+ "type": "max"
+ }
+ ],
+ "point_size": "0",
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Thread Activity [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "822df290-630f-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/96d46630-63a4-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/96d46630-63a4-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..852d88485b5
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/96d46630-63a4-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,110 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Buffer Pool Utilization [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": 0,
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "0f20fa60-63a3-11ea-90a2-c51229c5db5f"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "0e1ecca0-63a3-11ea-90a2-c51229c5db5f"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "gauge_color_rules": [
+ {
+ "id": "07c08ce0-63a3-11ea-90a2-c51229c5db5f"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "515b9dd0-639f-11ea-96d8-1943b9bb65d9",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(226,115,0,1)",
+ "fill": "0.1",
+ "formatter": "percent",
+ "id": "256f1f40-63a3-11ea-90a2-c51229c5db5f",
+ "label": "Utilization",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "mysql.status.innodb.buffer_pool.pages.total",
+ "id": "256f1f41-63a3-11ea-90a2-c51229c5db5f",
+ "type": "max"
+ },
+ {
+ "field": "mysql.status.innodb.buffer_pool.pages.free",
+ "id": "256f1f43-63a3-11ea-90a2-c51229c5db5f",
+ "type": "max"
+ },
+ {
+ "id": "256f1f45-63a3-11ea-90a2-c51229c5db5f",
+ "script": "params.total != null \u0026\u0026 params.total \u003e 0 ? (params.total - params.free)/params.total : null",
+ "type": "calculation",
+ "variables": [
+ {
+ "field": "256f1f41-63a3-11ea-90a2-c51229c5db5f",
+ "id": "256f1f42-63a3-11ea-90a2-c51229c5db5f",
+ "name": "total"
+ },
+ {
+ "field": "256f1f43-63a3-11ea-90a2-c51229c5db5f",
+ "id": "256f1f44-63a3-11ea-90a2-c51229c5db5f",
+ "name": "free"
+ }
+ ]
+ }
+ ],
+ "point_size": "2",
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Buffer Pool Utilization [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "96d46630-63a4-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/98c7bca0-63a2-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/98c7bca0-63a2-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..b1190feaeaa
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/98c7bca0-63a2-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,114 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Buffer Pool Pages [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": 0,
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "id": "515b9dd0-639f-11ea-96d8-1943b9bb65d9",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0",
+ "formatter": "'0.0a'",
+ "id": "37f2d600-63a0-11ea-90a2-c51229c5db5f",
+ "label": "Buffer Pool Pages Data",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.innodb.buffer_pool.pages.data",
+ "id": "37f2d601-63a0-11ea-90a2-c51229c5db5f",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(22,165,165,1)",
+ "fill": "0",
+ "formatter": "'0.0a'",
+ "id": "57ae9d80-63a0-11ea-90a2-c51229c5db5f",
+ "label": "Buffer Pool Pages Free",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "mysql.status.innodb.buffer_pool.pages.free",
+ "id": "57ae9d81-63a0-11ea-90a2-c51229c5db5f",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(102,102,102,1)",
+ "fill": "0",
+ "formatter": "'0.0a'",
+ "id": "c86cc470-63a0-11ea-90a2-c51229c5db5f",
+ "label": "Buffer Pool Pages Total",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "mysql.status.innodb.buffer_pool.pages.total",
+ "id": "c86ceb80-63a0-11ea-90a2-c51229c5db5f",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Buffer Pool Pages [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "98c7bca0-63a2-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-Error-logs-levels-ecs.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-Error-logs-levels-ecs.json
new file mode 100644
index 00000000000..a8fd71d4ecc
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-Error-logs-levels-ecs.json
@@ -0,0 +1,64 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Error logs levels breakdown [Logs MySQL] ECS",
+ "uiStateJSON": {
+ "vis": {
+ "colors": {
+ "ERROR": "#E24D42",
+ "Note": "#9AC48A",
+ "Warning": "#F9934E"
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "field": "log.level",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": false,
+ "legendPosition": "bottom",
+ "shareYAxis": true,
+ "type": "pie"
+ },
+ "title": "Error logs levels breakdown [Logs MySQL] ECS",
+ "type": "pie"
+ }
+ },
+ "id": "MySQL-Error-logs-levels-ecs",
+ "references": [
+ {
+ "id": "Logs-MySQL-error-log-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-Slow-logs-by-count-ecs.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-Slow-logs-by-count-ecs.json
new file mode 100644
index 00000000000..c20a6316e38
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-Slow-logs-by-count-ecs.json
@@ -0,0 +1,56 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Slow logs breakdown [Logs MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "field": "mysql.slowlog.query",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": false,
+ "legendPosition": "bottom",
+ "shareYAxis": true,
+ "type": "pie"
+ },
+ "title": "Slow logs breakdown [Logs MySQL] ECS",
+ "type": "pie"
+ }
+ },
+ "id": "MySQL-Slow-logs-by-count-ecs",
+ "references": [
+ {
+ "id": "Logs-MySQL-Slow-log-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-Slow-queries-over-time-ecs.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-Slow-queries-over-time-ecs.json
new file mode 100644
index 00000000000..ea84aea02c6
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-Slow-queries-over-time-ecs.json
@@ -0,0 +1,132 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Slow queries over time [Logs MySQL] ECS",
+ "uiStateJSON": {
+ "vis": {
+ "colors": {
+ "Slow queries": "#EF843C"
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Slow queries"
+ },
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "@timestamp per 30 seconds"
+ },
+ "type": "category"
+ }
+ ],
+ "defaultYExtents": false,
+ "grid": {
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
+ },
+ "legendPosition": "right",
+ "mode": "stacked",
+ "scale": "linear",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Slow queries"
+ },
+ "drawLinesBetweenPoints": true,
+ "mode": "stacked",
+ "show": "true",
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "setYExtents": false,
+ "shareYAxis": true,
+ "times": [],
+ "type": "histogram",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Slow queries"
+ },
+ "type": "value"
+ }
+ ],
+ "yAxis": {}
+ },
+ "title": "Slow queries over time [Logs MySQL] ECS",
+ "type": "histogram"
+ }
+ },
+ "id": "MySQL-Slow-queries-over-time-ecs",
+ "references": [
+ {
+ "id": "Logs-MySQL-Slow-log-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-error-logs-ecs.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-error-logs-ecs.json
new file mode 100644
index 00000000000..02b54de6326
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-error-logs-ecs.json
@@ -0,0 +1,133 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Error logs over time [Logs MySQL] ECS",
+ "uiStateJSON": {
+ "vis": {
+ "colors": {
+ "Count": "#447EBC",
+ "Error logs": "#1F78C1"
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Error logs"
+ },
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "@timestamp per 30 seconds"
+ },
+ "type": "category"
+ }
+ ],
+ "defaultYExtents": false,
+ "grid": {
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
+ },
+ "legendPosition": "right",
+ "mode": "stacked",
+ "scale": "linear",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Error logs"
+ },
+ "drawLinesBetweenPoints": true,
+ "mode": "stacked",
+ "show": "true",
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "setYExtents": false,
+ "shareYAxis": true,
+ "times": [],
+ "type": "histogram",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Error logs"
+ },
+ "type": "value"
+ }
+ ],
+ "yAxis": {}
+ },
+ "title": "Error logs over time [Logs MySQL] ECS",
+ "type": "histogram"
+ }
+ },
+ "id": "MySQL-error-logs-ecs",
+ "references": [
+ {
+ "id": "Logs-MySQL-error-log-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-slowest-queries-ecs.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-slowest-queries-ecs.json
new file mode 100644
index 00000000000..21202a06a89
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/MySQL-slowest-queries-ecs.json
@@ -0,0 +1,85 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Top slowest queries [Logs MySQL] ECS",
+ "uiStateJSON": {
+ "vis": {
+ "params": {
+ "sort": {
+ "columnIndex": null,
+ "direction": null
+ }
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Query time",
+ "field": "event.duration"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Query",
+ "field": "mysql.slowlog.query",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "bucket",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "User",
+ "field": "user.name",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "bucket",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "perPage": 10,
+ "showMeticsAtAllLevels": false,
+ "showPartialRows": false,
+ "showTotal": false,
+ "sort": {
+ "columnIndex": null,
+ "direction": null
+ },
+ "totalFunc": "sum"
+ },
+ "title": "Top slowest queries [Logs MySQL] ECS",
+ "type": "table"
+ }
+ },
+ "id": "MySQL-slowest-queries-ecs",
+ "references": [
+ {
+ "id": "Logs-MySQL-Slow-log-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/a1e00160-63a4-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/a1e00160-63a4-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..ddc4a1c6760
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/a1e00160-63a4-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,111 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Buffer Pool Efficiency [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_min": 0,
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "0f20fa60-63a3-11ea-90a2-c51229c5db5f"
+ }
+ ],
+ "bar_color_rules": [
+ {
+ "id": "0e1ecca0-63a3-11ea-90a2-c51229c5db5f"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "filter": {
+ "language": "kuery",
+ "query": ""
+ },
+ "gauge_color_rules": [
+ {
+ "id": "07c08ce0-63a3-11ea-90a2-c51229c5db5f"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "515b9dd0-639f-11ea-96d8-1943b9bb65d9",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(87,177,211,1)",
+ "fill": "0.1",
+ "formatter": "number",
+ "hidden": false,
+ "id": "a397d570-63a2-11ea-90a2-c51229c5db5f",
+ "label": "Effeciency (lower is better)",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "mysql.status.innodb.buffer_pool.pool.reads",
+ "id": "a397d571-63a2-11ea-90a2-c51229c5db5f",
+ "type": "max"
+ },
+ {
+ "field": "mysql.status.innodb.buffer_pool.read.requests",
+ "id": "ad177970-63a2-11ea-90a2-c51229c5db5f",
+ "type": "max"
+ },
+ {
+ "id": "af58ddf0-63a2-11ea-90a2-c51229c5db5f",
+ "script": "params.pool_read_requests != null \u0026\u0026 params.pool_read_requests \u003e 0 ? (params.pool_reads/params.pool_read_requests) * 100: null",
+ "type": "calculation",
+ "variables": [
+ {
+ "field": "a397d571-63a2-11ea-90a2-c51229c5db5f",
+ "id": "b1b6cb20-63a2-11ea-90a2-c51229c5db5f",
+ "name": "pool_reads"
+ },
+ {
+ "field": "ad177970-63a2-11ea-90a2-c51229c5db5f",
+ "id": "c3fe5be0-63a2-11ea-90a2-c51229c5db5f",
+ "name": "pool_read_requests"
+ }
+ ]
+ }
+ ],
+ "point_size": "2",
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Buffer Pool Efficiency [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "a1e00160-63a4-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs.json
new file mode 100644
index 00000000000..5b616a64289
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs.json
@@ -0,0 +1,109 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Open tables, files, streams [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(22,165,165,1)",
+ "fill": "0.3",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Open Tables",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.open.tables",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": "0",
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(252,196,0,1)",
+ "fill": "0.3",
+ "formatter": "number",
+ "id": "615a2400-6312-11ea-99e6-b5eed31db613",
+ "label": "Open Files",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.open.files",
+ "id": "615a2401-6312-11ea-99e6-b5eed31db613",
+ "type": "avg"
+ }
+ ],
+ "point_size": "0",
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(226,115,0,1)",
+ "fill": "0.3",
+ "formatter": "number",
+ "id": "15d7bcd0-6313-11ea-99e6-b5eed31db613",
+ "label": "Open Streams",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.open.streams",
+ "id": "15d7bcd1-6313-11ea-99e6-b5eed31db613",
+ "type": "avg"
+ }
+ ],
+ "point_size": "0",
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Open tables, files, streams [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "aaa326b0-f1f5-11e7-85ab-594b1652e0d1-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/bf60bc10-639b-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/bf60bc10-639b-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..ca451cfed61
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/bf60bc10-639b-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,114 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Aborted Connections Rate [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "bar_color_rules": [
+ {
+ "id": "d61928d0-6309-11ea-99e6-b5eed31db613"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(176,188,0,1)",
+ "fill": "0.3",
+ "formatter": "'0.0a'",
+ "id": "3c2a2a40-f1f4-11e7-a752-236fe3270d99",
+ "label": "Aborted Connections",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.aborted.clients",
+ "id": "3c2a2a41-f1f4-11e7-a752-236fe3270d99",
+ "type": "max"
+ },
+ {
+ "field": "3c2a2a41-f1f4-11e7-a752-236fe3270d99",
+ "id": "6d053540-639b-11ea-83d6-4f7a6fe5aed4",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "field": "6d053540-639b-11ea-83d6-4f7a6fe5aed4",
+ "id": "7548afc0-639b-11ea-83d6-4f7a6fe5aed4",
+ "type": "positive_only",
+ "unit": ""
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(251,158,0,1)",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "d6572ee0-639b-11ea-83d6-4f7a6fe5aed4",
+ "label": "Failed Attempts to Connect ",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.aborted.connects",
+ "id": "d6572ee1-639b-11ea-83d6-4f7a6fe5aed4",
+ "type": "max"
+ },
+ {
+ "field": "d6572ee1-639b-11ea-83d6-4f7a6fe5aed4",
+ "id": "e4a63540-639b-11ea-83d6-4f7a6fe5aed4",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "id": "ec492a00-639b-11ea-83d6-4f7a6fe5aed4",
+ "type": "positive_only"
+ }
+ ],
+ "point_size": 1,
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Aborted Connections Rate [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "bf60bc10-639b-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/c8661020-6310-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/c8661020-6310-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..ea4eeb9fee5
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/c8661020-6310-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,123 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Network Traffic [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(0,98,177,1)",
+ "fill": 0.5,
+ "formatter": "bytes",
+ "id": "2b1c2390-f1f7-11e7-a752-236fe3270d99",
+ "label": "Received bytes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.bytes.received",
+ "id": "2b1c2391-f1f7-11e7-a752-236fe3270d99",
+ "type": "max"
+ },
+ {
+ "field": "2b1c2391-f1f7-11e7-a752-236fe3270d99",
+ "id": "2b1c2392-f1f7-11e7-a752-236fe3270d99",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "field": "2b1c2392-f1f7-11e7-a752-236fe3270d99",
+ "id": "788d3c90-6310-11ea-99e6-b5eed31db613",
+ "type": "positive_only",
+ "unit": ""
+ },
+ {
+ "id": "88f8e160-6310-11ea-99e6-b5eed31db613",
+ "script": "params.received != null \u0026\u0026 params.received \u003e 0 ? params.received * -1 : null",
+ "type": "calculation",
+ "variables": [
+ {
+ "field": "788d3c90-6310-11ea-99e6-b5eed31db613",
+ "id": "8beb4660-6310-11ea-99e6-b5eed31db613",
+ "name": "received"
+ }
+ ]
+ }
+ ],
+ "point_size": "0",
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Sent bytes",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "mysql.status.bytes.sent",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "max"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "23cfda50-f1f7-11e7-a752-236fe3270d99",
+ "type": "derivative",
+ "unit": "1s"
+ },
+ {
+ "field": "23cfda50-f1f7-11e7-a752-236fe3270d99",
+ "id": "ad26a900-6310-11ea-99e6-b5eed31db613",
+ "type": "positive_only",
+ "unit": ""
+ }
+ ],
+ "point_size": "0",
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Network Traffic [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "c8661020-6310-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/kibana/visualization/fc6b5a40-630d-11ea-a83e-25b8612d00cc.json b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/fc6b5a40-630d-11ea-a83e-25b8612d00cc.json
new file mode 100644
index 00000000000..198a468d8d1
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/kibana/visualization/fc6b5a40-630d-11ea-a83e-25b8612d00cc.json
@@ -0,0 +1,78 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Connected Threads [Metrics MySQL] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "axis_scale": "normal",
+ "background_color_rules": [
+ {
+ "id": "d5fcf170-630d-11ea-99e6-b5eed31db613"
+ }
+ ],
+ "default_index_pattern": "metrics-*",
+ "default_timefield": "@timestamp",
+ "gauge_color_rules": [
+ {
+ "id": "f1321f60-630d-11ea-99e6-b5eed31db613"
+ }
+ ],
+ "gauge_inner_width": 10,
+ "gauge_style": "half",
+ "gauge_width": 10,
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "isModelInvalid": false,
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(115,216,255,0.89)",
+ "fill": "0.3",
+ "formatter": "number",
+ "id": "fe9af660-630b-11ea-99e6-b5eed31db613",
+ "label": "Connections",
+ "line_width": "2",
+ "metrics": [
+ {
+ "field": "mysql.status.threads.connected",
+ "id": "fe9af661-630b-11ea-99e6-b5eed31db613",
+ "type": "max"
+ }
+ ],
+ "point_size": "0",
+ "separate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none",
+ "type": "timeseries"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "gauge"
+ },
+ "title": "Connected Threads [Metrics MySQL] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "fc6b5a40-630d-11ea-a83e-25b8612d00cc",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/mysql/0.1.0/manifest.yml b/dev/packages/alpha/mysql/0.1.0/manifest.yml
new file mode 100644
index 00000000000..920a2b4adf7
--- /dev/null
+++ b/dev/packages/alpha/mysql/0.1.0/manifest.yml
@@ -0,0 +1,59 @@
+format_version: 1.0.0
+name: mysql
+title: MySQL
+version: 0.1.0
+license: basic
+description: MySQL Integration
+type: integration
+categories:
+- logs
+- metrics
+release: beta
+removable: true
+requirement:
+ kibana:
+ versions: '>=7.3.1 <8.0.0'
+ elasticsearch:
+ versions: '>7.0.1'
+screenshots:
+- src: /img/kibana-mysql.png
+ title: kibana mysql
+ size: 1227x1026
+ type: image/png
+- src: /img/metricbeat-mysql.png
+ title: metricbeat mysql
+ size: 2562x2540
+ type: image/png
+icons:
+- src: /img/logo_mysql.svg
+ title: logo mysql
+ size: 32x32
+ type: image/svg+xml
+datasources:
+- name: mysql
+ title: MySQL logs and metrics
+ description: Collect logs and metrics from MySQL instances
+ inputs:
+ - type: logs
+ title: Collect logs from MySQL hosts
+ description: Collecting MySQL error and slowlog logs
+ - type: mysql/metrics
+ title: Collect metrics from MySQL hosts
+ description: Collecting MySQL status and galera_status metrics
+ vars:
+ - name: hosts
+ type: text
+ title: MySQL DSN
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - tcp(127.0.0.1:3306)/
+ - name: username
+ type: text
+ title: Username
+ default: root
+ - name: password
+ type: password
+ title: Password
+ default: test
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/access/agent/stream/stream.yml.hbs b/dev/packages/alpha/nginx/0.1.0/dataset/access/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..d0d5ed877c7
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/access/agent/stream/stream.yml.hbs
@@ -0,0 +1,7 @@
+paths:
+{{#each paths}}
+ - {{this}}
+{{/each}}
+exclude_files: [".gz$"]
+processors:
+- add_locale: ~
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/access/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/nginx/0.1.0/dataset/access/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..9de5d5e7c4b
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/access/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,168 @@
+---
+description: Pipeline for parsing Nginx access logs. Requires the geoip and user_agent
+ plugins.
+processors:
+- grok:
+ field: message
+ patterns:
+ - (%{NGINX_HOST} )?"?(?:%{NGINX_ADDRESS_LIST:nginx.access.remote_ip_list}|%{NOTSPACE:source.address})
+ - (-|%{DATA:user.name}) \[%{HTTPDATE:nginx.access.time}\] "%{DATA:nginx.access.info}"
+ %{NUMBER:http.response.status_code:long} %{NUMBER:http.response.body.bytes:long}
+ "(-|%{DATA:http.request.referrer})" "(-|%{DATA:user_agent.original})"
+ pattern_definitions:
+ NGINX_HOST: (?:%{IP:destination.ip}|%{NGINX_NOTSEPARATOR:destination.domain})(:%{NUMBER:destination.port})?
+ NGINX_NOTSEPARATOR: "[^\t ,:]+"
+ NGINX_ADDRESS_LIST: (?:%{IP}|%{WORD})("?,?\s*(?:%{IP}|%{WORD}))*
+ ignore_missing: true
+- grok:
+ field: nginx.access.info
+ patterns:
+ - '%{WORD:http.request.method} %{DATA:url.original} HTTP/%{NUMBER:http.version}'
+ - ""
+ ignore_missing: true
+- remove:
+ field: nginx.access.info
+- split:
+ field: nginx.access.remote_ip_list
+ separator: '"?,?\s+'
+ ignore_missing: true
+- split:
+ field: nginx.access.origin
+ separator: '"?,?\s+'
+ ignore_missing: true
+- set:
+ field: source.address
+ if: ctx.source?.address == null
+ value: ""
+- script:
+ if: ctx.nginx?.access?.remote_ip_list != null && ctx.nginx.access.remote_ip_list.length > 0
+ lang: painless
+ source: >-
+ boolean isPrivate(def dot, def ip) {
+ try {
+ StringTokenizer tok = new StringTokenizer(ip, dot);
+ int firstByte = Integer.parseInt(tok.nextToken());
+ int secondByte = Integer.parseInt(tok.nextToken());
+ if (firstByte == 10) {
+ return true;
+ }
+ if (firstByte == 192 && secondByte == 168) {
+ return true;
+ }
+ if (firstByte == 172 && secondByte >= 16 && secondByte <= 31) {
+ return true;
+ }
+ if (firstByte == 127) {
+ return true;
+ }
+ return false;
+ }
+ catch (Exception e) {
+ return false;
+ }
+ }
+ try {
+ ctx.source.address = null;
+ if (ctx.nginx.access.remote_ip_list == null) {
+ return;
+ }
+ def found = false;
+ for (def item : ctx.nginx.access.remote_ip_list) {
+ if (!isPrivate(params.dot, item)) {
+ ctx.source.address = item;
+ found = true;
+ break;
+ }
+ }
+ if (!found) {
+ ctx.source.address = ctx.nginx.access.remote_ip_list[0];
+ }
+ }
+ catch (Exception e) {
+ ctx.source.address = null;
+ }
+ params:
+ dot: .
+- remove:
+ field: source.address
+ if: ctx.source.address == null
+- grok:
+ field: source.address
+ patterns:
+ - ^%{IP:source.ip}$
+ ignore_failure: true
+- remove:
+ field: message
+- rename:
+ field: '@timestamp'
+ target_field: event.created
+- date:
+ field: nginx.access.time
+ target_field: '@timestamp'
+ formats:
+ - dd/MMM/yyyy:H:m:s Z
+ on_failure:
+ - append:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
+- remove:
+ field: nginx.access.time
+- user_agent:
+ field: user_agent.original
+ ignore_missing: true
+- geoip:
+ field: source.ip
+ target_field: source.geo
+ ignore_missing: true
+- geoip:
+ database_file: GeoLite2-ASN.mmdb
+ field: source.ip
+ target_field: source.as
+ properties:
+ - asn
+ - organization_name
+ ignore_missing: true
+- rename:
+ field: source.as.asn
+ target_field: source.as.number
+ ignore_missing: true
+- rename:
+ field: source.as.organization_name
+ target_field: source.as.organization.name
+ ignore_missing: true
+- set:
+ field: event.kind
+ value: event
+- append:
+ field: event.category
+ value: web
+- append:
+ field: event.type
+ value: access
+- set:
+ field: event.outcome
+ value: success
+ if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400"
+- set:
+ field: event.outcome
+ value: failure
+ if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400"
+- lowercase:
+ field: http.request.method
+ ignore_missing: true
+- append:
+ field: related.ip
+ value: "{{source.ip}}"
+ if: "ctx?.source?.ip != null"
+- append:
+ field: related.ip
+ value: "{{destination.ip}}"
+ if: "ctx?.destination?.ip != null"
+- append:
+ field: related.user
+ value: "{{user.name}}"
+ if: "ctx?.user?.name != null"
+on_failure:
+- set:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/access/fields/ecs.yml b/dev/packages/alpha/nginx/0.1.0/dataset/access/fields/ecs.yml
new file mode 100644
index 00000000000..98ad5bf38ce
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/access/fields/ecs.yml
@@ -0,0 +1,133 @@
+- name: http
+ title: HTTP
+ group: 2
+ type: group
+ fields:
+ - name: request.method
+ level: extended
+ type: keyword
+ description: |-
+ HTTP request method.
+ The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS".
+ ignore_above: 1024
+ - name: request.referrer
+ level: extended
+ type: keyword
+ description: Referrer for this HTTP request.
+ ignore_above: 1024
+ - name: response.body.bytes
+ level: extended
+ type: long
+ format: bytes
+ description: Size in bytes of the response body.
+ - name: response.status_code
+ level: extended
+ type: long
+ format: string
+ description: HTTP response status code.
+ - name: version
+ level: extended
+ type: keyword
+ description: HTTP version.
+ ignore_above: 1024
+- name: source
+ title: Source
+ group: 2
+ type: group
+ fields:
+ - name: geo.city_name
+ level: core
+ type: keyword
+ description: City name.
+ ignore_above: 1024
+ - name: geo.continent_name
+ level: core
+ type: keyword
+ description: Name of the continent.
+ ignore_above: 1024
+ - name: geo.country_iso_code
+ level: core
+ type: keyword
+ description: Country ISO code.
+ ignore_above: 1024
+ - name: geo.location
+ level: core
+ type: geo_point
+ description: Longitude and latitude.
+ - name: geo.region_iso_code
+ level: core
+ type: keyword
+ description: Region ISO code.
+ ignore_above: 1024
+ - name: geo.region_name
+ level: core
+ type: keyword
+ description: Region name.
+ ignore_above: 1024
+- name: url
+ title: URL
+ group: 2
+ type: group
+ fields:
+ - name: original
+ level: extended
+ type: keyword
+ description: |-
+ Unmodified original url as seen in the event source.
+ Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path.
+ This field is meant to represent the URL as it was observed, complete or not.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ default_field: false
+- name: user
+ title: User
+ group: 2
+ type: group
+ fields:
+ - name: name
+ level: core
+ type: keyword
+ description: Short name or login of the user.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ default_field: false
+- name: user_agent
+ title: User agent
+ group: 2
+ type: group
+ fields:
+ - name: device.name
+ level: extended
+ type: keyword
+ description: Name of the device.
+ ignore_above: 1024
+ - name: name
+ level: extended
+ type: keyword
+ description: Name of the user agent.
+ ignore_above: 1024
+ - name: original
+ level: extended
+ type: keyword
+ description: Unparsed user_agent string.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ - name: os.name
+ level: extended
+ type: keyword
+ description: Operating system name, without the version.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ default_field: false
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/access/fields/fields.yml b/dev/packages/alpha/nginx/0.1.0/dataset/access/fields/fields.yml
new file mode 100644
index 00000000000..8e9190cfe84
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/access/fields/fields.yml
@@ -0,0 +1,11 @@
+- name: nginx.access
+ type: group
+ fields:
+ - name: remote_ip_list
+ type: array
+ description: |
+ An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`.
+ - name: user_agent
+ type: group
+ - name: geoip
+ type: group
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/access/fields/package-fields.yml b/dev/packages/alpha/nginx/0.1.0/dataset/access/fields/package-fields.yml
new file mode 100644
index 00000000000..1f8692738cc
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/access/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: nginx
+ type: group
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/access/manifest.yml b/dev/packages/alpha/nginx/0.1.0/dataset/access/manifest.yml
new file mode 100644
index 00000000000..bf0ac1dd526
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/access/manifest.yml
@@ -0,0 +1,23 @@
+title: Nginx access logs
+type: logs
+release: beta
+streams:
+- input: logs
+ vars:
+ - name: paths
+ type: text
+ title: Paths
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - /var/log/nginx/access.log*
+ os:
+ darwin:
+ default:
+ - /usr/local/var/log/nginx/access.log*
+ windows:
+ default:
+ - c:/programdata/nginx/logs/*access.log*
+ title: Nginx access logs
+ description: Collect Nginx access logs
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/error/agent/stream/stream.yml.hbs b/dev/packages/alpha/nginx/0.1.0/dataset/error/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..85ff82a8ecc
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/error/agent/stream/stream.yml.hbs
@@ -0,0 +1,11 @@
+paths:
+{{#each paths}}
+ - {{this}}
+{{/each}}
+exclude_files: [".gz$"]
+multiline:
+ pattern: '^\d{4}\/\d{2}\/\d{2} '
+ negate: true
+ match: after
+processors:
+- add_locale: ~
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/error/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/nginx/0.1.0/dataset/error/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..96b46eb9c98
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/error/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,52 @@
+---
+description: Pipeline for parsing the Nginx error logs
+processors:
+- grok:
+ field: message
+ patterns:
+ - '%{DATA:nginx.error.time} \[%{DATA:log.level}\] %{NUMBER:process.pid:long}#%{NUMBER:process.thread.id:long}:
+ (\*%{NUMBER:nginx.error.connection_id:long} )?%{GREEDYMULTILINE:message}'
+ pattern_definitions:
+ GREEDYMULTILINE: |-
+ (.|
+ | )*
+ ignore_missing: true
+- rename:
+ field: '@timestamp'
+ target_field: event.created
+- date:
+ if: ctx.event.timezone == null
+ field: nginx.error.time
+ target_field: '@timestamp'
+ formats:
+ - yyyy/MM/dd H:m:s
+ on_failure:
+ - append:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
+- date:
+ if: ctx.event.timezone != null
+ field: nginx.error.time
+ target_field: '@timestamp'
+ formats:
+ - yyyy/MM/dd H:m:s
+ timezone: '{{ event.timezone }}'
+ on_failure:
+ - append:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
+- remove:
+ field: nginx.error.time
+- set:
+ field: event.kind
+ value: event
+- append:
+ field: event.category
+ value: web
+- append:
+ field: event.type
+ value: error
+on_failure:
+- set:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/error/fields/ecs.yml b/dev/packages/alpha/nginx/0.1.0/dataset/error/fields/ecs.yml
new file mode 100644
index 00000000000..8cca86575b7
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/error/fields/ecs.yml
@@ -0,0 +1,35 @@
+- name: message
+ level: core
+ type: text
+ description: |-
+ For log events the message field contains the log message, optimized for viewing in a log viewer.
+ For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event.
+ If multiple messages exist, they can be combined into one message.
+- name: log
+ title: Log
+ group: 2
+ type: group
+ fields:
+ - name: level
+ level: core
+ type: keyword
+ description: |-
+ Original log level of the log event.
+ If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).
+ Some examples are `warn`, `err`, `i`, `informational`.
+ ignore_above: 1024
+- name: process
+ title: Process
+ group: 2
+ type: group
+ fields:
+ - name: pid
+ level: core
+ type: long
+ format: string
+ description: Process id.
+ - name: thread.id
+ level: extended
+ type: long
+ format: string
+ description: Thread ID.
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/error/fields/fields.yml b/dev/packages/alpha/nginx/0.1.0/dataset/error/fields/fields.yml
new file mode 100644
index 00000000000..34112d2ea67
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/error/fields/fields.yml
@@ -0,0 +1,7 @@
+- name: nginx.error
+ type: group
+ fields:
+ - name: connection_id
+ type: long
+ description: |
+ Connection identifier.
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/error/fields/package-fields.yml b/dev/packages/alpha/nginx/0.1.0/dataset/error/fields/package-fields.yml
new file mode 100644
index 00000000000..1f8692738cc
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/error/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: nginx
+ type: group
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/error/manifest.yml b/dev/packages/alpha/nginx/0.1.0/dataset/error/manifest.yml
new file mode 100644
index 00000000000..c0dc1753f11
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/error/manifest.yml
@@ -0,0 +1,23 @@
+title: Nginx error logs
+type: logs
+release: beta
+streams:
+- input: logs
+ vars:
+ - name: paths
+ type: text
+ title: Paths
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - /var/log/nginx/error.log*
+ os:
+ darwin:
+ default:
+ - /usr/local/var/log/nginx/error.log*
+ windows:
+ default:
+ - c:/programdata/nginx/logs/error.log*
+ title: Nginx error logs
+ description: Collect Nginx error logs
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/agent/stream/stream.yml.hbs b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..8a1b413517e
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/agent/stream/stream.yml.hbs
@@ -0,0 +1,7 @@
+paths:
+{{#each paths}}
+ - {{this}}
+{{/each}}
+exclude_files: [".gz$"]
+processors:
+ - add_locale: ~
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/elasticsearch/ingest-pipeline/default.yml
new file mode 100644
index 00000000000..abf54fcd2ca
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/elasticsearch/ingest-pipeline/default.yml
@@ -0,0 +1,173 @@
+---
+description: Pipeline for parsing Nginx ingress controller access logs. Requires the
+ geoip and user_agent plugins.
+processors:
+- grok:
+ field: message
+ patterns:
+ - (%{NGINX_HOST} )?"?(?:%{NGINX_ADDRESS_LIST:nginx.ingress_controller.remote_ip_list}|%{NOTSPACE:source.address})
+ - (-|%{DATA:user.name}) \[%{HTTPDATE:nginx.ingress_controller.time}\] "%{DATA:nginx.ingress_controller.info}"
+ %{NUMBER:http.response.status_code:long} %{NUMBER:http.response.body.bytes:long}
+ "(-|%{DATA:http.request.referrer})" "(-|%{DATA:user_agent.original})" %{NUMBER:nginx.ingress_controller.http.request.length:long}
+ %{NUMBER:nginx.ingress_controller.http.request.time:double} \[%{DATA:nginx.ingress_controller.upstream.name}\]
+ \[%{DATA:nginx.ingress_controller.upstream.alternative_name}\] (%{UPSTREAM_ADDRESS}|-)
+ (%{NUMBER:nginx.ingress_controller.upstream.response.length:long}|-) (%{NUMBER:nginx.ingress_controller.upstream.response.time:double}|-)
+ (%{NUMBER:nginx.ingress_controller.upstream.response.status_code:long}|-) %{GREEDYDATA:nginx.ingress_controller.http.request.id}
+ pattern_definitions:
+ NGINX_HOST: (?:%{IP:destination.ip}|%{NGINX_NOTSEPARATOR:destination.domain})(:%{NUMBER:destination.port})?
+ NGINX_NOTSEPARATOR: "[^\t ,:]+"
+ NGINX_ADDRESS_LIST: (?:%{IP}|%{WORD})("?,?\s*(?:%{IP}|%{WORD}))*
+ UPSTREAM_ADDRESS: '%{IP:nginx.ingress_controller.upstream.ip}(:%{NUMBER:nginx.ingress_controller.upstream.port})?'
+ ignore_missing: true
+- grok:
+ field: nginx.ingress_controller.info
+ patterns:
+ - '%{WORD:http.request.method} %{DATA:url.original} HTTP/%{NUMBER:http.version}'
+ - ""
+ ignore_missing: true
+- remove:
+ field: nginx.ingress_controller.info
+- split:
+ field: nginx.ingress_controller.remote_ip_list
+ separator: '"?,?\s+'
+ ignore_missing: true
+- split:
+ field: nginx.ingress_controller.origin
+ separator: '"?,?\s+'
+ ignore_missing: true
+- set:
+ field: source.address
+ if: ctx.source?.address == null
+ value: ""
+- script:
+ if: ctx.nginx?.access?.remote_ip_list != null && ctx.nginx.ingress_controller.remote_ip_list.length > 0
+ lang: painless
+ source: >-
+ boolean isPrivate(def dot, def ip) {
+ try {
+ StringTokenizer tok = new StringTokenizer(ip, dot);
+ int firstByte = Integer.parseInt(tok.nextToken());
+ int secondByte = Integer.parseInt(tok.nextToken());
+ if (firstByte == 10) {
+ return true;
+ }
+ if (firstByte == 192 && secondByte == 168) {
+ return true;
+ }
+ if (firstByte == 172 && secondByte >= 16 && secondByte <= 31) {
+ return true;
+ }
+ if (firstByte == 127) {
+ return true;
+ }
+ return false;
+ }
+ catch (Exception e) {
+ return false;
+ }
+ }
+ try {
+ ctx.source.address = null;
+ if (ctx.nginx.ingress_controller.remote_ip_list == null) {
+ return;
+ }
+ def found = false;
+ for (def item : ctx.nginx.ingress_controller.remote_ip_list) {
+ if (!isPrivate(params.dot, item)) {
+ ctx.source.address = item;
+ found = true;
+ break;
+ }
+ }
+ if (!found) {
+ ctx.source.address = ctx.nginx.ingress_controller.remote_ip_list[0];
+ }
+ }
+ catch (Exception e) {
+ ctx.source.address = null;
+ }
+ params:
+ dot: .
+- remove:
+ field: source.address
+ if: ctx.source.address == null
+- grok:
+ field: source.address
+ patterns:
+ - ^%{IP:source.ip}$
+ ignore_failure: true
+- remove:
+ field: message
+- rename:
+ field: '@timestamp'
+ target_field: event.created
+- date:
+ field: nginx.ingress_controller.time
+ target_field: '@timestamp'
+ formats:
+ - dd/MMM/yyyy:H:m:s Z
+ on_failure:
+ - append:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
+- remove:
+ field: nginx.ingress_controller.time
+- user_agent:
+ field: user_agent.original
+ ignore_missing: true
+- geoip:
+ field: source.ip
+ target_field: source.geo
+ ignore_missing: true
+- geoip:
+ database_file: GeoLite2-ASN.mmdb
+ field: source.ip
+ target_field: source.as
+ properties:
+ - asn
+ - organization_name
+ ignore_missing: true
+- rename:
+ field: source.as.asn
+ target_field: source.as.number
+ ignore_missing: true
+- rename:
+ field: source.as.organization_name
+ target_field: source.as.organization.name
+ ignore_missing: true
+- set:
+ field: event.kind
+ value: event
+- append:
+ field: event.category
+ value: web
+- append:
+ field: event.type
+ value: info
+- set:
+ field: event.outcome
+ value: success
+ if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400"
+- set:
+ field: event.outcome
+ value: failure
+ if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400"
+- lowercase:
+ field: http.request.method
+ ignore_missing: true
+- append:
+ field: related.ip
+ value: "{{source.ip}}"
+ if: "ctx?.source?.ip != null"
+- append:
+ field: related.ip
+ value: "{{destination.ip}}"
+ if: "ctx?.destination?.ip != null"
+- append:
+ field: related.user
+ value: "{{user.name}}"
+ if: "ctx?.user?.name != null"
+on_failure:
+- set:
+ field: error.message
+ value: '{{ _ingest.on_failure_message }}'
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/fields/ecs.yml b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/fields/ecs.yml
new file mode 100644
index 00000000000..98ad5bf38ce
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/fields/ecs.yml
@@ -0,0 +1,133 @@
+- name: http
+ title: HTTP
+ group: 2
+ type: group
+ fields:
+ - name: request.method
+ level: extended
+ type: keyword
+ description: |-
+ HTTP request method.
+ The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS".
+ ignore_above: 1024
+ - name: request.referrer
+ level: extended
+ type: keyword
+ description: Referrer for this HTTP request.
+ ignore_above: 1024
+ - name: response.body.bytes
+ level: extended
+ type: long
+ format: bytes
+ description: Size in bytes of the response body.
+ - name: response.status_code
+ level: extended
+ type: long
+ format: string
+ description: HTTP response status code.
+ - name: version
+ level: extended
+ type: keyword
+ description: HTTP version.
+ ignore_above: 1024
+- name: source
+ title: Source
+ group: 2
+ type: group
+ fields:
+ - name: geo.city_name
+ level: core
+ type: keyword
+ description: City name.
+ ignore_above: 1024
+ - name: geo.continent_name
+ level: core
+ type: keyword
+ description: Name of the continent.
+ ignore_above: 1024
+ - name: geo.country_iso_code
+ level: core
+ type: keyword
+ description: Country ISO code.
+ ignore_above: 1024
+ - name: geo.location
+ level: core
+ type: geo_point
+ description: Longitude and latitude.
+ - name: geo.region_iso_code
+ level: core
+ type: keyword
+ description: Region ISO code.
+ ignore_above: 1024
+ - name: geo.region_name
+ level: core
+ type: keyword
+ description: Region name.
+ ignore_above: 1024
+- name: url
+ title: URL
+ group: 2
+ type: group
+ fields:
+ - name: original
+ level: extended
+ type: keyword
+ description: |-
+ Unmodified original url as seen in the event source.
+ Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path.
+ This field is meant to represent the URL as it was observed, complete or not.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ default_field: false
+- name: user
+ title: User
+ group: 2
+ type: group
+ fields:
+ - name: name
+ level: core
+ type: keyword
+ description: Short name or login of the user.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ default_field: false
+- name: user_agent
+ title: User agent
+ group: 2
+ type: group
+ fields:
+ - name: device.name
+ level: extended
+ type: keyword
+ description: Name of the device.
+ ignore_above: 1024
+ - name: name
+ level: extended
+ type: keyword
+ description: Name of the user agent.
+ ignore_above: 1024
+ - name: original
+ level: extended
+ type: keyword
+ description: Unparsed user_agent string.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ - name: os.name
+ level: extended
+ type: keyword
+ description: Operating system name, without the version.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ default_field: false
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/fields/fields.yml b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/fields/fields.yml
new file mode 100644
index 00000000000..ac486d5f62a
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/fields/fields.yml
@@ -0,0 +1,55 @@
+- name: nginx.ingress_controller
+ type: group
+ fields:
+ - name: remote_ip_list
+ type: array
+ description: |
+ An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`.
+ - name: http.request.length
+ type: long
+ format: bytes
+ description: |
+ The request length (including request line, header, and request body)
+ - name: http.request.time
+ type: double
+ format: duration
+ description: |
+ Time elapsed since the first bytes were read from the client
+ - name: upstream.name
+ type: text
+ description: |
+ The name of the upstream.
+ - name: upstream.alternative_name
+ type: text
+ description: |
+ The name of the alternative upstream.
+ - name: upstream.response.length
+ type: long
+ format: bytes
+ description: |
+ The length of the response obtained from the upstream server
+ - name: upstream.response.time
+ type: double
+ format: duration
+ description: |
+ The time spent on receiving the response from the upstream server as seconds with millisecond resolution
+ - name: upstream.response.status_code
+ type: long
+ description: |
+ The status code of the response obtained from the upstream server
+ - name: http.request.id
+ type: text
+ description: |
+ The randomly generated ID of the request
+ - name: upstream.ip
+ type: ip
+ description: |
+ The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas.
+ - name: upstream.port
+ type: long
+ description: |
+ The port of the upstream server.
+ - name: user_agent
+ type: group
+ - name: geoip
+ type: group
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/fields/package-fields.yml b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/fields/package-fields.yml
new file mode 100644
index 00000000000..1f8692738cc
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: nginx
+ type: group
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/manifest.yml b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/manifest.yml
new file mode 100644
index 00000000000..a3c059ab02a
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/ingress_controller/manifest.yml
@@ -0,0 +1,24 @@
+title: Nginx ingress_controller logs
+type: logs
+release: beta
+streams:
+- input: logs
+ enabled: false
+ vars:
+ - name: paths
+ type: text
+ title: Paths
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - /var/log/nginx/ingress.log*
+ os:
+ darwin:
+ default:
+ - /usr/local/var/log/nginx/ingress.log*
+ windows:
+ default:
+ - c:/programdata/nginx/logs/*ingress.log*
+ title: Nginx ingress controller logs
+ description: Collect Nginx ingress controller logs
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/agent/stream/stream.yml.hbs b/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..18aabf7beea
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/agent/stream/stream.yml.hbs
@@ -0,0 +1,9 @@
+metricsets: ["stubstatus"]
+hosts:
+{{#each hosts}}
+ - {{this}}
+{{/each}}
+period: {{period}}
+{{#if server_status_path}}
+server_status_path: {{server_status_path}}
+{{/if}}
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/fields/fields.yml b/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/fields/fields.yml
new file mode 100644
index 00000000000..decf65b7e79
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/fields/fields.yml
@@ -0,0 +1,44 @@
+- name: nginx.stubstatus
+ type: group
+ release: ga
+ fields:
+ - name: hostname
+ type: keyword
+ description: |
+ Nginx hostname.
+ - name: active
+ type: long
+ description: |
+ The current number of active client connections including Waiting connections.
+ - name: accepts
+ type: long
+ description: |
+ The total number of accepted client connections.
+ - name: handled
+ type: long
+ description: |
+ The total number of handled client connections.
+ - name: dropped
+ type: long
+ description: |
+ The total number of dropped client connections.
+ - name: requests
+ type: long
+ description: |
+ The total number of client requests.
+ - name: current
+ type: long
+ description: |
+ The current number of client requests.
+ - name: reading
+ type: long
+ description: |
+ The current number of connections where Nginx is reading the request header.
+ - name: writing
+ type: long
+ description: |
+ The current number of connections where Nginx is writing the response back to the client.
+ - name: waiting
+ type: long
+ description: |
+ The current number of idle client connections waiting for a request.
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/fields/package-fields.yml b/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/fields/package-fields.yml
new file mode 100644
index 00000000000..1f8692738cc
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: nginx
+ type: group
diff --git a/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/manifest.yml b/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/manifest.yml
new file mode 100644
index 00000000000..6a85c662b76
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/dataset/stubstatus/manifest.yml
@@ -0,0 +1,22 @@
+title: Nginx stubstatus metrics
+type: metrics
+release: beta
+streams:
+- input: nginx/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 10s
+ - name: server_status_path
+ type: text
+ title: Server Status Path
+ multi: false
+ required: true
+ show_user: false
+ default: /nginx_status
+ title: Nginx stub status metrics
+ description: Collect Nginx stub status metrics
diff --git a/dev/packages/alpha/nginx/0.1.0/docs/README.md b/dev/packages/alpha/nginx/0.1.0/docs/README.md
new file mode 100644
index 00000000000..c17b47ced0c
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/docs/README.md
@@ -0,0 +1,179 @@
+# Nginx Integration
+
+This integration periodically fetches metrics from [https://nginx.org/](Nginx) servers. It can parse access and error
+logs created by the HTTP server.
+
+## Compatibility
+
+The Nginx `stubstatus` metrics was tested with Nginx 1.9 and are expected to work with all version >= 1.9.
+The logs were tested with version 1.10.
+On Windows, the module was tested with Nginx installed from the Chocolatey repository.
+
+## Logs
+
+**Timezone support**
+
+This datasource parses logs that don’t contain timezone information. For these logs, the Elastic Agent reads the local
+timezone and uses it when parsing to convert the timestamp to UTC. The timezone to be used for parsing is included
+in the event in the `event.timezone` field.
+
+To disable this conversion, the event.timezone field can be removed with the drop_fields processor.
+
+If logs are originated from systems or applications with a different timezone to the local one, the `event.timezone`
+field can be overwritten with the original timezone using the add_fields processor.
+
+### Access Logs
+
+Access logs collects the nginx access logs.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| http.request.method | HTTP request method. The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword |
+| http.request.referrer | Referrer for this HTTP request. | keyword |
+| http.response.body.bytes | Size in bytes of the response body. | long |
+| http.response.status_code | HTTP response status code. | long |
+| http.version | HTTP version. | keyword |
+| nginx.access.remote_ip_list | An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. | array |
+| source.geo.city_name | City name. | keyword |
+| source.geo.continent_name | Name of the continent. | keyword |
+| source.geo.country_iso_code | Country ISO code. | keyword |
+| source.geo.location | Longitude and latitude. | geo_point |
+| source.geo.region_iso_code | Region ISO code. | keyword |
+| source.geo.region_name | Region name. | keyword |
+| url.original | Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. | keyword |
+| user.name | Short name or login of the user. | keyword |
+| user_agent.device.name | Name of the device. | keyword |
+| user_agent.name | Name of the user agent. | keyword |
+| user_agent.original | Unparsed user_agent string. | keyword |
+| user_agent.os.name | Operating system name, without the version. | keyword |
+
+
+### Error Logs
+
+Error logs collects the nginx error logs.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword |
+| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text |
+| nginx.error.connection_id | Connection identifier. | long |
+| process.pid | Process id. | long |
+| process.thread.id | Thread ID. | long |
+
+
+### Ingress Controller Logs
+
+Error logs collects the ingress controller logs.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| http.request.method | HTTP request method. The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword |
+| http.request.referrer | Referrer for this HTTP request. | keyword |
+| http.response.body.bytes | Size in bytes of the response body. | long |
+| http.response.status_code | HTTP response status code. | long |
+| http.version | HTTP version. | keyword |
+| nginx.ingress_controller.http.request.id | The randomly generated ID of the request | text |
+| nginx.ingress_controller.http.request.length | The request length (including request line, header, and request body) | long |
+| nginx.ingress_controller.http.request.time | Time elapsed since the first bytes were read from the client | double |
+| nginx.ingress_controller.remote_ip_list | An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. | array |
+| nginx.ingress_controller.upstream.alternative_name | The name of the alternative upstream. | text |
+| nginx.ingress_controller.upstream.ip | The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas. | ip |
+| nginx.ingress_controller.upstream.name | The name of the upstream. | text |
+| nginx.ingress_controller.upstream.port | The port of the upstream server. | long |
+| nginx.ingress_controller.upstream.response.length | The length of the response obtained from the upstream server | long |
+| nginx.ingress_controller.upstream.response.status_code | The status code of the response obtained from the upstream server | long |
+| nginx.ingress_controller.upstream.response.time | The time spent on receiving the response from the upstream server as seconds with millisecond resolution | double |
+| source.geo.city_name | City name. | keyword |
+| source.geo.continent_name | Name of the continent. | keyword |
+| source.geo.country_iso_code | Country ISO code. | keyword |
+| source.geo.location | Longitude and latitude. | geo_point |
+| source.geo.region_iso_code | Region ISO code. | keyword |
+| source.geo.region_name | Region name. | keyword |
+| url.original | Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. | keyword |
+| user.name | Short name or login of the user. | keyword |
+| user_agent.device.name | Name of the device. | keyword |
+| user_agent.name | Name of the user agent. | keyword |
+| user_agent.original | Unparsed user_agent string. | keyword |
+| user_agent.os.name | Operating system name, without the version. | keyword |
+
+
+## Metrics
+
+### Stub Status Metrics
+
+The Nginx stubstatus stream collects data from the Nginx `ngx_http_stub_status` module. It scrapes the server status
+data from the web page generated by ngx_http_stub_status.
+
+This is a default stream. If the host datasource is unconfigured, this stream is enabled by default.
+
+An example event for nginx looks as following:
+
+```$json
+{
+ "@timestamp":"2020-04-28T11:07:58.223Z",
+ "service":{
+ "type":"nginx",
+ "address":"127.0.0.1:8081"
+ },
+ "nginx":{
+ "stubstatus":{
+ "waiting":0,
+ "hostname":"127.0.0.1:8081",
+ "dropped":0,
+ "writing":1,
+ "handled":7339,
+ "requests":7411,
+ "reading":0,
+ "accepts":7339,
+ "current":10,
+ "active":1
+ }
+ },
+ "stream":{
+ "namespace":"default",
+ "type":"metrics",
+ "dataset":"nginx.stubstatus"
+ },
+ "ecs":{
+ "version":"1.5.0"
+ },
+ "agent":{
+ "type":"metricbeat",
+ "ephemeral_id":"8eb07b4f-df58-4794-8e00-60f1443f33b6",
+ "hostname":"MacBook-Elastic.local",
+ "id":"e47f6e4d-5277-46f3-801d-221c7584c604",
+ "version":"8.0.0"
+ },
+ "event":{
+ "module":"nginx",
+ "duration":1112095,
+ "dataset":"nginx.stubstatus"
+ },
+ "metricset":{
+ "period":10000,
+ "name":"stubstatus"
+ }
+}
+```
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| nginx.stubstatus.accepts | The total number of accepted client connections. | long |
+| nginx.stubstatus.active | The current number of active client connections including Waiting connections. | long |
+| nginx.stubstatus.current | The current number of client requests. | long |
+| nginx.stubstatus.dropped | The total number of dropped client connections. | long |
+| nginx.stubstatus.handled | The total number of handled client connections. | long |
+| nginx.stubstatus.hostname | Nginx hostname. | keyword |
+| nginx.stubstatus.reading | The current number of connections where Nginx is reading the request header. | long |
+| nginx.stubstatus.requests | The total number of client requests. | long |
+| nginx.stubstatus.waiting | The current number of idle client connections waiting for a request. | long |
+| nginx.stubstatus.writing | The current number of connections where Nginx is writing the response back to the client. | long |
+
diff --git a/dev/packages/alpha/nginx/0.1.0/img/kibana-nginx.png b/dev/packages/alpha/nginx/0.1.0/img/kibana-nginx.png
new file mode 100644
index 00000000000..fa7b847b705
Binary files /dev/null and b/dev/packages/alpha/nginx/0.1.0/img/kibana-nginx.png differ
diff --git a/dev/packages/alpha/nginx/0.1.0/img/logo_nginx.svg b/dev/packages/alpha/nginx/0.1.0/img/logo_nginx.svg
new file mode 100644
index 00000000000..49ac842a8e3
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/img/logo_nginx.svg
@@ -0,0 +1,6 @@
+
diff --git a/dev/packages/alpha/nginx/0.1.0/img/metricbeat-nginx.png b/dev/packages/alpha/nginx/0.1.0/img/metricbeat-nginx.png
new file mode 100644
index 00000000000..a1315ea1945
Binary files /dev/null and b/dev/packages/alpha/nginx/0.1.0/img/metricbeat-nginx.png differ
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/dashboard/023d2930-f1a5-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/dashboard/023d2930-f1a5-11e7-a9ef-93c69af7b129-ecs.json
new file mode 100644
index 00000000000..788866169e2
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/dashboard/023d2930-f1a5-11e7-a9ef-93c69af7b129-ecs.json
@@ -0,0 +1,121 @@
+{
+ "attributes": {
+ "description": "Overview dashboard for the Nginx integration (metrics)",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "optionsJSON": {
+ "darkTheme": false,
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "1",
+ "w": 24,
+ "x": 24,
+ "y": 0
+ },
+ "panelIndex": "1",
+ "panelRefName": "panel_0",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "2",
+ "w": 24,
+ "x": 24,
+ "y": 12
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_1",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "3",
+ "w": 24,
+ "x": 0,
+ "y": 12
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_2",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "4",
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_3",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "5",
+ "w": 48,
+ "x": 0,
+ "y": 24
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_4",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics Nginx] Overview ECS",
+ "version": 1
+ },
+ "id": "023d2930-f1a5-11e7-a9ef-93c69af7b129-ecs",
+ "references": [
+ {
+ "id": "555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs",
+ "name": "panel_4",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..8d667eed5cc
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,121 @@
+{
+ "attributes": {
+ "description": "Dashboard for the Nginx integration (logs)",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "optionsJSON": {
+ "darkTheme": false
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "columns": [
+ "log.level",
+ "message"
+ ],
+ "sort": [
+ "@timestamp",
+ "desc"
+ ]
+ },
+ "gridData": {
+ "h": 12,
+ "i": "11",
+ "w": 48,
+ "x": 0,
+ "y": 16
+ },
+ "panelIndex": "11",
+ "panelRefName": "panel_0",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "columns": [
+ "url.original",
+ "http.request.method",
+ "http.response.status_code",
+ "http.response.body.bytes"
+ ],
+ "sort": [
+ "@timestamp",
+ "desc"
+ ]
+ },
+ "gridData": {
+ "h": 28,
+ "i": "16",
+ "w": 48,
+ "x": 0,
+ "y": 28
+ },
+ "panelIndex": "16",
+ "panelRefName": "panel_1",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "18",
+ "w": 48,
+ "x": 0,
+ "y": 4
+ },
+ "panelIndex": "18",
+ "panelRefName": "panel_2",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 4,
+ "i": "19",
+ "w": 48,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "19",
+ "panelRefName": "panel_3",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Logs Nginx] Access and error logs ECS",
+ "version": 1
+ },
+ "id": "046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [
+ {
+ "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs",
+ "name": "panel_0",
+ "type": "search"
+ },
+ {
+ "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs",
+ "name": "panel_1",
+ "type": "search"
+ },
+ {
+ "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs",
+ "name": "panel_3",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..8a0ca1e00fd
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,204 @@
+{
+ "attributes": {
+ "description": "Dashboard for the Nginx integration (logs)",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "optionsJSON": {
+ "darkTheme": false
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "3",
+ "w": 12,
+ "x": 36,
+ "y": 44
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_0",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "vis": {
+ "legendOpen": true
+ }
+ },
+ "gridData": {
+ "h": 12,
+ "i": "4",
+ "w": 12,
+ "x": 24,
+ "y": 44
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_1",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "mapBounds": {
+ "bottom_right": {
+ "lat": -7.362466865535738,
+ "lon": 245.39062500000003
+ },
+ "top_left": {
+ "lat": 77.07878389624943,
+ "lon": -245.74218750000003
+ }
+ },
+ "mapCenter": [
+ 50.51342652633956,
+ -0.17578125
+ ],
+ "mapCollar": {
+ "bottom_right": {
+ "lat": -49.583095,
+ "lon": 180
+ },
+ "top_left": {
+ "lat": 90,
+ "lon": -180
+ },
+ "zoom": 2
+ },
+ "mapZoom": 2
+ },
+ "gridData": {
+ "h": 16,
+ "i": "8",
+ "w": 48,
+ "x": 0,
+ "y": 4
+ },
+ "panelIndex": "8",
+ "panelRefName": "panel_2",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "13",
+ "w": 48,
+ "x": 0,
+ "y": 20
+ },
+ "panelIndex": "13",
+ "panelRefName": "panel_3",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "14",
+ "w": 24,
+ "x": 24,
+ "y": 32
+ },
+ "panelIndex": "14",
+ "panelRefName": "panel_4",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "15",
+ "w": 24,
+ "x": 0,
+ "y": 32
+ },
+ "panelIndex": "15",
+ "panelRefName": "panel_5",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "16",
+ "w": 24,
+ "x": 0,
+ "y": 44
+ },
+ "panelIndex": "16",
+ "panelRefName": "panel_6",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 4,
+ "i": "17",
+ "w": 48,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "17",
+ "panelRefName": "panel_7",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Logs Nginx] Overview ECS",
+ "version": 1
+ },
+ "id": "55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [
+ {
+ "id": "Nginx-Access-Browsers-ecs",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "Nginx-Access-OSes-ecs",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "Nginx-Access-Map-ecs",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs",
+ "name": "panel_6",
+ "type": "visualization"
+ },
+ {
+ "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs",
+ "name": "panel_7",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..b8dcd34b377
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/search/6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,54 @@
+{
+ "attributes": {
+ "columns": [
+ "url.original",
+ "http.request.method",
+ "http.response.status_code",
+ "http.response.body.bytes"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlight": {
+ "fields": {
+ "*": {}
+ },
+ "fragment_size": 2147483647,
+ "post_tags": [
+ "@/kibana-highlighted-field@"
+ ],
+ "pre_tags": [
+ "@kibana-highlighted-field@"
+ ],
+ "require_field_match": false
+ },
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller) AND url.original:*"
+ },
+ "version": true
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "Nginx access logs [Logs Nginx] ECS",
+ "version": 1
+ },
+ "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..4fb749e9645
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/search/9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,52 @@
+{
+ "attributes": {
+ "columns": [
+ "log.level",
+ "message"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlight": {
+ "fields": {
+ "*": {}
+ },
+ "fragment_size": 2147483647,
+ "post_tags": [
+ "@/kibana-highlighted-field@"
+ ],
+ "pre_tags": [
+ "@kibana-highlighted-field@"
+ ],
+ "require_field_match": false
+ },
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller) AND message:*"
+ },
+ "version": true
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "Nginx error logs [Logs Nginx] ECS",
+ "version": 1
+ },
+ "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/search/Filebeat-Nginx-module-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/search/Filebeat-Nginx-module-ecs.json
new file mode 100644
index 00000000000..7a6cd0a8e85
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/search/Filebeat-Nginx-module-ecs.json
@@ -0,0 +1,55 @@
+{
+ "attributes": {
+ "columns": [
+ "url.original",
+ "http.request.method",
+ "http.response.status_code",
+ "http.request.referrer",
+ "http.response.body.bytes"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlight": {
+ "fields": {
+ "*": {}
+ },
+ "fragment_size": 2147483647,
+ "post_tags": [
+ "@/kibana-highlighted-field@"
+ ],
+ "pre_tags": [
+ "@kibana-highlighted-field@"
+ ],
+ "require_field_match": false
+ },
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": "(stream.dataset:nginx.access OR stream.dataset:nginx.error OR stream.dataset:nginx.ingress_controller)"
+ },
+ "version": true
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "Nginx logs [Logs Nginx] ECS",
+ "version": 1
+ },
+ "id": "Logs-Nginx-integration-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..2fe8d5065cc
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,70 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Data Volume [Logs Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "filter": {
+ "language": "lucene",
+ "query": "stream.dataset:nginx.access"
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "logs-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "bytes",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "http.response.body.bytes",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "sum"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_filters": [
+ {
+ "color": "#68BC00",
+ "filter": {
+ "language": "lucene",
+ "query": "http.response.status_code:[200 TO 299]"
+ },
+ "id": "7c343c20-a29e-11e7-a062-a1c3587f4874",
+ "label": "200s"
+ }
+ ],
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": null
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Data Volume [Logs Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..8144500d371
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,81 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Access logs over time [Logs Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "annotations": [
+ {
+ "color": "#F00",
+ "icon": "fa-tag",
+ "id": "970b1420-a1f3-11e7-a062-a1c3587f4874",
+ "ignore_global_filters": 1,
+ "ignore_panel_filters": 1,
+ "index_pattern": "logs-*",
+ "time_field": "@timestamp"
+ }
+ ],
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "background_color_rules": [
+ {
+ "id": "3189aa80-a1f3-11e7-a062-a1c3587f4874"
+ }
+ ],
+ "filter": {
+ "language": "lucene",
+ "query": "stream.dataset:nginx.access"
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "logs-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Access logs",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_filters": [
+ {
+ "color": "#68BC00",
+ "id": "1db649a0-a1f3-11e7-a062-a1c3587f4874"
+ }
+ ],
+ "split_mode": "everything",
+ "stacked": "none",
+ "terms_field": "url.original",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Access logs over time [Logs Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..e3aeaef66d3
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,58 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Errors over time [Logs Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "filter": {
+ "language": "lucene",
+ "query": "stream.dataset:nginx.error"
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "logs-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "bar",
+ "color": "rgba(211,49,21,1)",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "log.level",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Errors over time [Logs Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs.json
new file mode 100644
index 00000000000..5ffd7b42ee0
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs.json
@@ -0,0 +1,53 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Active connections [Metrics Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "nginx.stubstatus.active",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Active connections [Metrics Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "47a8e0f0-f1a4-11e7-a9ef-93c69af7b129-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs.json
new file mode 100644
index 00000000000..7bcbbd66c6c
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs.json
@@ -0,0 +1,60 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Request Rate [Metrics Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Request rate",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "nginx.stubstatus.requests",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "396ec980-f1a1-11e7-95d0-8ddf041d42a2",
+ "type": "derivative",
+ "unit": ""
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Request Rate [Metrics Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "555df8a0-f1a1-11e7-a9ef-93c69af7b129-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..aea12038476
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,63 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Top pages [Logs Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "bar_color_rules": [
+ {
+ "id": "6252c320-a1f5-11e7-92ba-5d0b8663aece"
+ }
+ ],
+ "filter": {
+ "language": "lucene",
+ "query": "stream.dataset:nginx.access"
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "logs-*",
+ "interval": "auto",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "terms",
+ "stacked": "none",
+ "terms_field": "url.original",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "value_template": ""
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "top_n"
+ },
+ "title": "Top pages [Logs Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..5b8c6abd2c7
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,23 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Dashboards [Logs Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "fontSize": 12,
+ "markdown": "[Nginx logs overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) | [Nginx access and error logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)"
+ },
+ "title": "Dashboards [Logs Nginx] ECS",
+ "type": "markdown"
+ }
+ },
+ "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/Nginx-Access-Browsers-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/Nginx-Access-Browsers-ecs.json
new file mode 100644
index 00000000000..222886c078d
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/Nginx-Access-Browsers-ecs.json
@@ -0,0 +1,72 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Browsers breakdown [Logs Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "field": "user_agent.name",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "field": "user_agent.version",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": true,
+ "legendPosition": "bottom",
+ "shareYAxis": true
+ },
+ "title": "Nginx Access Browsers ECS",
+ "type": "pie"
+ }
+ },
+ "id": "Nginx-Access-Browsers-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/Nginx-Access-Map-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/Nginx-Access-Map-ecs.json
new file mode 100644
index 00000000000..58626363c69
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/Nginx-Access-Map-ecs.json
@@ -0,0 +1,80 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Access Map [Logs Nginx] ECS",
+ "uiStateJSON": {
+ "mapCenter": [
+ 12.039320557540572,
+ -0.17578125
+ ]
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "autoPrecision": true,
+ "field": "source.geo.location"
+ },
+ "schema": "segment",
+ "type": "geohash_grid"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "addTooltip": true,
+ "heatBlur": 15,
+ "heatMaxZoom": 16,
+ "heatMinOpacity": 0.1,
+ "heatNormalizeData": true,
+ "heatRadius": 25,
+ "isDesaturated": true,
+ "legendPosition": "bottomright",
+ "mapCenter": [
+ 15,
+ 5
+ ],
+ "mapType": "Scaled Circle Markers",
+ "mapZoom": 2,
+ "wms": {
+ "enabled": false,
+ "options": {
+ "attribution": "Maps provided by USGS",
+ "format": "image/png",
+ "layers": "0",
+ "styles": "",
+ "transparent": true,
+ "version": "1.3.0"
+ },
+ "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer"
+ }
+ },
+ "title": "Nginx Access Map ECS",
+ "type": "tile_map"
+ }
+ },
+ "id": "Nginx-Access-Map-ecs",
+ "references": [
+ {
+ "id": "Logs-Nginx-integration-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/Nginx-Access-OSes-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/Nginx-Access-OSes-ecs.json
new file mode 100644
index 00000000000..acb7343e0fc
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/Nginx-Access-OSes-ecs.json
@@ -0,0 +1,72 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Operating systems breakdown [Logs Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "field": "user_agent.os.name",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "field": "user_agent.os.version",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": true,
+ "legendPosition": "bottom",
+ "shareYAxis": true
+ },
+ "title": "Nginx Access OSes ECS",
+ "type": "pie"
+ }
+ },
+ "id": "Nginx-Access-OSes-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs.json
new file mode 100644
index 00000000000..610b47de687
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs.json
@@ -0,0 +1,99 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Accepts and Handled Rate [Metrics Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "annotations": [
+ {
+ "color": "#F00",
+ "icon": "fa-tag",
+ "id": "8644f980-f1a3-11e7-95d0-8ddf041d42a2",
+ "ignore_global_filters": 1,
+ "ignore_panel_filters": 1,
+ "index_pattern": "*",
+ "time_field": "@timestamp"
+ }
+ ],
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": "0.5",
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Accepts rate",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "nginx.stubstatus.accepts",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "396ec980-f1a1-11e7-95d0-8ddf041d42a2",
+ "type": "derivative",
+ "unit": ""
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_color_mode": "gradient",
+ "split_mode": "everything",
+ "stacked": "none"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(0,156,224,1)",
+ "fill": "0.9",
+ "formatter": "number",
+ "id": "56dd33b0-f1a3-11e7-95d0-8ddf041d42a2",
+ "label": "Handled rate",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "nginx.stubstatus.handled",
+ "id": "56dd33b1-f1a3-11e7-95d0-8ddf041d42a2",
+ "type": "avg"
+ },
+ {
+ "field": "56dd33b1-f1a3-11e7-95d0-8ddf041d42a2",
+ "id": "56dd33b2-f1a3-11e7-95d0-8ddf041d42a2",
+ "type": "derivative",
+ "unit": ""
+ }
+ ],
+ "point_size": "3",
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Accepts and Handled Rate [Metrics Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "a1d92240-f1a1-11e7-a9ef-93c69af7b129-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
new file mode 100644
index 00000000000..c3d0e8498f4
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs.json
@@ -0,0 +1,97 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Response codes over time [Logs Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "filter": {
+ "language": "lucene",
+ "query": "stream.dataset:nginx.access"
+ },
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "logs-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "bar",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "",
+ "line_width": 1,
+ "metrics": [
+ {
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "count"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_filters": [
+ {
+ "color": "#68BC00",
+ "filter": {
+ "language": "lucene",
+ "query": "http.response.status_code:[200 TO 299]"
+ },
+ "id": "5acdc750-a29d-11e7-a062-a1c3587f4874",
+ "label": "200s"
+ },
+ {
+ "color": "rgba(252,196,0,1)",
+ "filter": {
+ "language": "lucene",
+ "query": "http.response.status_code:[300 TO 399]"
+ },
+ "id": "6efd2ae0-a29d-11e7-a062-a1c3587f4874",
+ "label": "300s"
+ },
+ {
+ "color": "rgba(211,49,21,1)",
+ "filter": {
+ "language": "lucene",
+ "query": "http.response.status_code:[400 TO 499]"
+ },
+ "id": "76089a90-a29d-11e7-a062-a1c3587f4874",
+ "label": "400s"
+ },
+ {
+ "color": "rgba(171,20,158,1)",
+ "filter": {
+ "language": "lucene",
+ "query": "http.response.status_code:[500 TO 599]"
+ },
+ "id": "7c7929d0-a29d-11e7-a062-a1c3587f4874",
+ "label": "500s"
+ }
+ ],
+ "split_mode": "filters",
+ "stacked": "stacked",
+ "terms_field": "http.response.status_code",
+ "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Response codes over time [Logs Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs.json
new file mode 100644
index 00000000000..d4545756241
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs.json
@@ -0,0 +1,60 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Drops Rate [Metrics Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(188,0,65,1)",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Drops rate",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "nginx.stubstatus.dropped",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ },
+ {
+ "field": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "id": "396ec980-f1a1-11e7-95d0-8ddf041d42a2",
+ "type": "derivative",
+ "unit": ""
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Drops Rate [Metrics Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "d763a570-f1a1-11e7-a9ef-93c69af7b129-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/kibana/visualization/dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs.json b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs.json
new file mode 100644
index 00000000000..6e6dd5ea57d
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/kibana/visualization/dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs.json
@@ -0,0 +1,96 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {}
+ },
+ "title": "Reading / Writing / Waiting Rates [Metrics Nginx] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "axis_formatter": "number",
+ "axis_position": "left",
+ "id": "61ca57f0-469d-11e7-af02-69e470af7417",
+ "index_pattern": "metrics-*",
+ "interval": "auto",
+ "legend_position": "bottom",
+ "series": [
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "#68BC00",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "61ca57f1-469d-11e7-af02-69e470af7417",
+ "label": "Reading",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "nginx.stubstatus.reading",
+ "id": "61ca57f2-469d-11e7-af02-69e470af7417",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(0,156,224,1)",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "b1773680-f1a4-11e7-95d0-8ddf041d42a2",
+ "label": "Writing",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "nginx.stubstatus.writing",
+ "id": "b1773681-f1a4-11e7-95d0-8ddf041d42a2",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none"
+ },
+ {
+ "axis_position": "right",
+ "chart_type": "line",
+ "color": "rgba(252,220,0,1)",
+ "fill": 0.5,
+ "formatter": "number",
+ "id": "b68aa6c0-f1a4-11e7-95d0-8ddf041d42a2",
+ "label": "Waiting",
+ "line_width": 1,
+ "metrics": [
+ {
+ "field": "nginx.stubstatus.waiting",
+ "id": "b68aa6c1-f1a4-11e7-95d0-8ddf041d42a2",
+ "type": "avg"
+ }
+ ],
+ "point_size": 1,
+ "seperate_axis": 0,
+ "split_mode": "everything",
+ "stacked": "none"
+ }
+ ],
+ "show_grid": 1,
+ "show_legend": 1,
+ "time_field": "@timestamp",
+ "type": "timeseries"
+ },
+ "title": "Reading / Writing / Waiting Rates [Metrics Nginx] ECS",
+ "type": "metrics"
+ }
+ },
+ "id": "dcbffe30-f1a4-11e7-a9ef-93c69af7b129-ecs",
+ "references": [],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/nginx/0.1.0/manifest.yml b/dev/packages/alpha/nginx/0.1.0/manifest.yml
new file mode 100644
index 00000000000..4f7353e9608
--- /dev/null
+++ b/dev/packages/alpha/nginx/0.1.0/manifest.yml
@@ -0,0 +1,51 @@
+format_version: 1.0.0
+name: nginx
+title: Nginx
+version: 0.1.0
+license: basic
+description: Nginx Integration
+type: integration
+categories:
+- logs
+- metrics
+release: beta
+removable: true
+requirement:
+ kibana:
+ versions: '>=7.3.0 <8.0.0'
+ elasticsearch:
+ versions: '>7.0.1'
+screenshots:
+- src: /img/kibana-nginx.png
+ title: kibana nginx
+ size: 1218x1266
+ type: image/png
+- src: /img/metricbeat-nginx.png
+ title: metricbeat nginx
+ size: 2560x2100
+ type: image/png
+icons:
+- src: /img/logo_nginx.svg
+ title: logo nginx
+ size: 32x32
+ type: image/svg+xml
+datasources:
+- name: nginx
+ title: Nginx logs and metrics
+ description: Collect logs and metrics from Nginx instances
+ inputs:
+ - type: logs
+ title: Collect logs from Nginx instances
+ description: Collecting Nginx access, error and ingress controller logs
+ - type: nginx/metrics
+ vars:
+ - name: hosts
+ type: text
+ title: Hosts
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - http://127.0.0.1
+ title: Collect metrics from Nginx instances
+ description: Collecting Nginx stub status metrics
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/info/agent/stream/stream.yml.hbs b/dev/packages/alpha/redis/0.1.0/dataset/info/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..b278d082375
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/info/agent/stream/stream.yml.hbs
@@ -0,0 +1,18 @@
+metricsets: ["info"]
+hosts:
+{{#each hosts}}
+ - {{this}}
+{{/each}}
+{{#if idle_timeout}}
+idle_timeout: {{idle_timeout}}
+{{/if}}
+{{#if maxconn}}
+maxconn: {{maxconn}}
+{{/if}}
+{{#if network}}
+network: {{network}}
+{{/if}}
+{{#if password}}
+password: {{password}}
+{{/if}}
+period: {{period}}
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/info/fields/ecs.yml b/dev/packages/alpha/redis/0.1.0/dataset/info/fields/ecs.yml
new file mode 100644
index 00000000000..aba10287214
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/info/fields/ecs.yml
@@ -0,0 +1,37 @@
+- name: os
+ title: Operating System
+ group: 2
+ type: group
+ fields:
+ - name: full
+ level: extended
+ type: keyword
+ description: Operating system name, including the version or code name.
+ ignore_above: 1024
+ multi_fields:
+ - name: text
+ type: text
+ norms: false
+ default_field: false
+- name: process
+ title: Process
+ group: 2
+ type: group
+ fields:
+ - name: pid
+ level: core
+ type: long
+ format: string
+ description: Process id.
+- name: service
+ title: Service
+ group: 2
+ type: group
+ fields:
+ - name: version
+ level: core
+ type: keyword
+ description: |-
+ Version of the service the data was collected from.
+ This allows to look at a data set only for a specific version of a service.
+ ignore_above: 1024
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/info/fields/fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/info/fields/fields.yml
new file mode 100644
index 00000000000..50f87a110be
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/info/fields/fields.yml
@@ -0,0 +1,452 @@
+- name: redis.info
+ type: group
+ release: ga
+ fields:
+ - name: clients
+ type: group
+ fields:
+ - name: connected
+ type: long
+ description: |
+ Number of client connections (excluding connections from slaves).
+ - name: longest_output_list
+ type: long
+ description: |
+ Longest output list among current client connections (replaced by max_output_buffer).
+ - name: max_output_buffer
+ type: long
+ description: |
+ Longest output list among current client connections.
+ - name: biggest_input_buf
+ type: long
+ description: |
+ Biggest input buffer among current client connections (replaced by max_input_buffer).
+ - name: max_input_buffer
+ type: long
+ description: |
+ Biggest input buffer among current client connections (on redis 5.0).
+ - name: blocked
+ type: long
+ description: |
+ Number of clients pending on a blocking call (BLPOP, BRPOP, BRPOPLPUSH).
+ - name: cluster
+ type: group
+ fields:
+ - name: enabled
+ type: boolean
+ description: |
+ Indicates that the Redis cluster is enabled.
+ - name: cpu
+ type: group
+ fields:
+ - name: used.sys
+ type: scaled_float
+ description: |
+ System CPU consumed by the Redis server.
+ - name: used.sys_children
+ type: scaled_float
+ description: |
+ User CPU consumed by the Redis server.
+ - name: used.user
+ type: scaled_float
+ description: |
+ System CPU consumed by the background processes.
+ - name: used.user_children
+ type: scaled_float
+ description: |
+ User CPU consumed by the background processes.
+ - name: memory
+ type: group
+ fields:
+ - name: used.value
+ type: long
+ format: bytes
+ description: |
+ Total number of bytes allocated by Redis.
+ - name: used.rss
+ type: long
+ format: bytes
+ description: |
+ Number of bytes that Redis allocated as seen by the operating system (a.k.a resident set size).
+ - name: used.peak
+ type: long
+ format: bytes
+ description: |
+ Peak memory consumed by Redis.
+ - name: used.lua
+ type: long
+ format: bytes
+ description: "Used memory by the Lua engine. \n"
+ - name: used.dataset
+ type: long
+ format: bytes
+ description: "The size in bytes of the dataset \n"
+ - name: max.value
+ type: long
+ format: bytes
+ description: |
+ Memory limit.
+ - name: max.policy
+ type: keyword
+ description: |
+ Eviction policy to use when memory limit is reached.
+ - name: fragmentation.ratio
+ type: float
+ description: |
+ Ratio between used_memory_rss and used_memory
+ - name: fragmentation.bytes
+ type: long
+ format: bytes
+ description: |
+ Bytes between used_memory_rss and used_memory
+ - name: active_defrag.is_running
+ type: boolean
+ description: |
+ Flag indicating if active defragmentation is active
+ - name: allocator
+ type: keyword
+ description: |
+ Memory allocator.
+ - name: allocator_stats
+ type: group
+ fields:
+ - name: allocated
+ type: long
+ format: bytes
+ description: |
+ Allocated memory
+ - name: active
+ type: long
+ format: bytes
+ description: |
+ Active memeory
+ - name: resident
+ type: long
+ format: bytes
+ description: |
+ Resident memory
+ - name: fragmentation.ratio
+ type: float
+ description: |
+ Fragmentation ratio
+ - name: fragmentation.bytes
+ type: long
+ format: bytes
+ description: |
+ Fragmented bytes
+ - name: rss.ratio
+ type: float
+ description: |
+ Resident ratio
+ - name: rss.bytes
+ type: long
+ format: bytes
+ description: |
+ Resident bytes
+ - name: persistence
+ type: group
+ fields:
+ - name: loading
+ type: boolean
+ description: |
+ Flag indicating if the load of a dump file is on-going
+ - name: rdb
+ type: group
+ fields:
+ - name: last_save.changes_since
+ type: long
+ description: |
+ Number of changes since the last dump
+ - name: last_save.time
+ type: long
+ description: |
+ Epoch-based timestamp of last successful RDB save
+ - name: bgsave.in_progress
+ type: boolean
+ description: |
+ Flag indicating a RDB save is on-going
+ - name: bgsave.last_status
+ type: keyword
+ description: |
+ Status of the last RDB save operation
+ - name: bgsave.last_time.sec
+ type: long
+ format: duration
+ description: |
+ Duration of the last RDB save operation in seconds
+ - name: bgsave.current_time.sec
+ type: long
+ format: duration
+ description: |
+ Duration of the on-going RDB save operation if any
+ - name: copy_on_write.last_size
+ type: long
+ format: bytes
+ description: "The size in bytes of copy-on-write allocations during the last
+ RBD save operation \n"
+ - name: aof
+ type: group
+ fields:
+ - name: enabled
+ type: boolean
+ description: |
+ Flag indicating AOF logging is activated
+ - name: rewrite.in_progress
+ type: boolean
+ description: |
+ Flag indicating a AOF rewrite operation is on-going
+ - name: rewrite.scheduled
+ type: boolean
+ description: |
+ Flag indicating an AOF rewrite operation will be scheduled once the on-going RDB save is complete.
+ - name: rewrite.last_time.sec
+ type: long
+ format: duration
+ description: |
+ Duration of the last AOF rewrite operation in seconds
+ - name: rewrite.current_time.sec
+ type: long
+ format: duration
+ description: |
+ Duration of the on-going AOF rewrite operation if any
+ - name: rewrite.buffer.size
+ type: long
+ format: bytes
+ description: |
+ Size of the AOF rewrite buffer
+ - name: bgrewrite.last_status
+ type: keyword
+ description: |
+ Status of the last AOF rewrite operatio
+ - name: write.last_status
+ type: keyword
+ description: |
+ Status of the last write operation to the AOF
+ - name: copy_on_write.last_size
+ type: long
+ format: bytes
+ description: |
+ The size in bytes of copy-on-write allocations during the last RBD save operation
+ - name: buffer.size
+ type: long
+ format: bytes
+ description: |
+ Size of the AOF buffer
+ - name: size.current
+ type: long
+ format: bytes
+ description: "AOF current file size \n"
+ - name: size.base
+ type: long
+ format: bytes
+ description: |
+ AOF file size on latest startup or rewrite
+ - name: fsync.pending
+ type: long
+ description: |
+ Number of fsync pending jobs in background I/O queue
+ - name: fsync.delayed
+ type: long
+ description: |
+ Delayed fsync counter
+ - name: replication
+ type: group
+ fields:
+ - name: role
+ type: keyword
+ description: |
+ Role of the instance (can be "master", or "slave").
+ - name: connected_slaves
+ type: long
+ description: |
+ Number of connected slaves
+ - name: master_offset
+ type: long
+ description: |
+ The server's current replication offset
+ - name: backlog.active
+ type: long
+ description: |
+ Flag indicating replication backlog is active
+ - name: backlog.size
+ type: long
+ format: bytes
+ description: |
+ Total size in bytes of the replication backlog buffer
+ - name: backlog.first_byte_offset
+ type: long
+ description: "The master offset of the replication backlog buffer \n"
+ - name: backlog.histlen
+ type: long
+ description: |
+ Size in bytes of the data in the replication backlog buffer
+ - name: master.offset
+ type: long
+ description: |
+ The server's current replication offset
+ - name: master.second_offset
+ type: long
+ description: |
+ The offset up to which replication IDs are accepted
+ - name: master.link_status
+ type: keyword
+ description: |
+ Status of the link (up/down)
+ - name: master.last_io_seconds_ago
+ type: long
+ format: duration
+ description: |
+ Number of seconds since the last interaction with master
+ - name: master.sync.in_progress
+ type: boolean
+ description: |
+ Indicate the master is syncing to the slave
+ - name: master.sync.left_bytes
+ type: long
+ format: bytes
+ description: |
+ Number of bytes left before syncing is complete
+ - name: master.sync.last_io_seconds_ago
+ type: long
+ format: duration
+ description: |
+ Number of seconds since last transfer I/O during a SYNC operation
+ - name: slave.offset
+ type: long
+ description: |
+ The replication offset of the slave instance
+ - name: slave.priority
+ type: long
+ description: |
+ The priority of the instance as a candidate for failover
+ - name: slave.is_readonly
+ type: boolean
+ description: |
+ Flag indicating if the slave is read-only
+ - name: server
+ type: group
+ fields:
+ - name: git_sha1
+ type: keyword
+ - name: git_dirty
+ type: keyword
+ - name: build_id
+ type: keyword
+ - name: mode
+ type: keyword
+ - name: arch_bits
+ type: keyword
+ - name: multiplexing_api
+ type: keyword
+ - name: gcc_version
+ type: keyword
+ - name: run_id
+ type: keyword
+ - name: tcp_port
+ type: long
+ - name: uptime
+ type: long
+ - name: hz
+ type: long
+ - name: lru_clock
+ type: long
+ - name: config_file
+ type: keyword
+ - name: stats
+ type: group
+ fields:
+ - name: connections.received
+ type: long
+ description: Total number of connections received.
+ - name: connections.rejected
+ type: long
+ description: Total number of connections rejected.
+ - name: commands_processed
+ type: long
+ description: Total number of commands processed.
+ - name: net.input.bytes
+ type: long
+ description: Total network input in bytes.
+ - name: net.output.bytes
+ type: long
+ description: Total network output in bytes.
+ - name: instantaneous.ops_per_sec
+ type: long
+ description: |
+ Number of commands processed per second
+ - name: instantaneous.input_kbps
+ type: scaled_float
+ description: |
+ The network's read rate per second in KB/sec
+ - name: instantaneous.output_kbps
+ type: scaled_float
+ description: |
+ The network's write rate per second in KB/sec
+ - name: sync.full
+ type: long
+ description: |
+ The number of full resyncs with slaves
+ - name: sync.partial.ok
+ type: long
+ description: |
+ The number of accepted partial resync requests
+ - name: sync.partial.err
+ type: long
+ description: |
+ The number of denied partial resync requests
+ - name: keys.expired
+ type: long
+ description: |
+ Total number of key expiration events
+ - name: keys.evicted
+ type: long
+ description: |
+ Number of evicted keys due to maxmemory limit
+ - name: keyspace.hits
+ type: long
+ description: |
+ Number of successful lookup of keys in the main dictionary
+ - name: keyspace.misses
+ type: long
+ description: |
+ Number of failed lookup of keys in the main dictionary
+ - name: pubsub.channels
+ type: long
+ description: |
+ Global number of pub/sub channels with client subscriptions
+ - name: pubsub.patterns
+ type: long
+ description: |
+ Global number of pub/sub pattern with client subscriptions
+ - name: latest_fork_usec
+ type: long
+ description: |
+ Duration of the latest fork operation in microseconds
+ - name: migrate_cached_sockets
+ type: long
+ description: |
+ The number of sockets open for MIGRATE purposes
+ - name: slave_expires_tracked_keys
+ type: long
+ description: |
+ The number of keys tracked for expiry purposes (applicable only to writable slaves)
+ - name: active_defrag.hits
+ type: long
+ description: |
+ Number of value reallocations performed by active the defragmentation process
+ - name: active_defrag.misses
+ type: long
+ description: |
+ Number of aborted value reallocations started by the active defragmentation process
+ - name: active_defrag.key_hits
+ type: long
+ description: |
+ Number of keys that were actively defragmented
+ - name: active_defrag.key_misses
+ type: long
+ description: |
+ Number of keys that were skipped by the active defragmentation process
+ - name: slowlog.count
+ type: long
+ description: |
+ Count of slow operations
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/info/fields/package-fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/info/fields/package-fields.yml
new file mode 100644
index 00000000000..372f2b7bc9a
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/info/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: redis
+ type: group
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/info/manifest.yml b/dev/packages/alpha/redis/0.1.0/dataset/info/manifest.yml
new file mode 100644
index 00000000000..ca0455230f4
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/info/manifest.yml
@@ -0,0 +1,15 @@
+title: Redis info metrics
+type: metrics
+release: beta
+streams:
+- input: redis/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 10s
+ title: Redis info metrics
+ description: Collect Redis info metrics
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/key/agent/stream/stream.yml.hbs b/dev/packages/alpha/redis/0.1.0/dataset/key/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..71b20346c95
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/key/agent/stream/stream.yml.hbs
@@ -0,0 +1,21 @@
+metricsets: ["key"]
+hosts:
+{{#each hosts}}
+ - {{this}}
+{{/each}}
+{{#if idle_timeout}}
+idle_timeout: {{idle_timeout}}
+{{/if}}
+{{#if key.patterns}}
+key.patterns: {{key.patterns}}
+{{/if}}
+{{#if maxconn}}
+maxconn: {{maxconn}}
+{{/if}}
+{{#if network}}
+network: {{network}}
+{{/if}}
+{{#if password}}
+password: {{password}}
+{{/if}}
+period: {{period}}
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/key/fields/fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/key/fields/fields.yml
new file mode 100644
index 00000000000..ae99a943b68
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/key/fields/fields.yml
@@ -0,0 +1,24 @@
+- name: redis.key
+ type: group
+ release: ga
+ fields:
+ - name: name
+ type: keyword
+ description: |
+ Key name.
+ - name: id
+ type: keyword
+ description: |
+ Unique id for this key (With the form :).
+ - name: type
+ type: keyword
+ description: |
+ Key type as shown by `TYPE` command.
+ - name: length
+ type: long
+ description: |
+ Length of the key (Number of elements for lists, length for strings, cardinality for sets).
+ - name: expire.ttl
+ type: long
+ description: |
+ Seconds to expire.
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/key/fields/package-fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/key/fields/package-fields.yml
new file mode 100644
index 00000000000..372f2b7bc9a
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/key/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: redis
+ type: group
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/key/manifest.yml b/dev/packages/alpha/redis/0.1.0/dataset/key/manifest.yml
new file mode 100644
index 00000000000..f91b8dc44b5
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/key/manifest.yml
@@ -0,0 +1,24 @@
+title: Redis key metrics
+type: metrics
+release: beta
+streams:
+- input: redis/metrics
+ vars:
+ - name: key.patterns
+ type: yaml
+ title: Key Patterns
+ multi: false
+ required: true
+ show_user: true
+ default: |
+ - limit: 20
+ pattern: '*'
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 10s
+ title: Redis key metrics
+ description: Collect Redis key metrics
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/keyspace/agent/stream/stream.yml.hbs b/dev/packages/alpha/redis/0.1.0/dataset/keyspace/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..3301bfd4cef
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/keyspace/agent/stream/stream.yml.hbs
@@ -0,0 +1,18 @@
+metricsets: ["keyspace"]
+hosts:
+{{#each hosts}}
+ - {{this}}
+{{/each}}
+{{#if idle_timeout}}
+idle_timeout: {{idle_timeout}}
+{{/if}}
+{{#if maxconn}}
+maxconn: {{maxconn}}
+{{/if}}
+{{#if network}}
+network: {{network}}
+{{/if}}
+{{#if password}}
+password: {{password}}
+{{/if}}
+period: {{period}}
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/keyspace/fields/fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/keyspace/fields/fields.yml
new file mode 100644
index 00000000000..2f5c15d8b12
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/keyspace/fields/fields.yml
@@ -0,0 +1,18 @@
+- name: redis.keyspace
+ type: group
+ release: ga
+ fields:
+ - name: id
+ type: keyword
+ description: |
+ Keyspace identifier.
+ - name: avg_ttl
+ type: long
+ description: |
+ Average ttl.
+ - name: keys
+ type: long
+ description: |
+ Number of keys in the keyspace.
+ - name: expires
+ type: long
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/keyspace/fields/package-fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/keyspace/fields/package-fields.yml
new file mode 100644
index 00000000000..372f2b7bc9a
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/keyspace/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: redis
+ type: group
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/keyspace/manifest.yml b/dev/packages/alpha/redis/0.1.0/dataset/keyspace/manifest.yml
new file mode 100644
index 00000000000..fa1106beea3
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/keyspace/manifest.yml
@@ -0,0 +1,15 @@
+title: Redis keyspace metrics
+type: metrics
+release: beta
+streams:
+- input: redis/metrics
+ vars:
+ - name: period
+ type: text
+ title: Period
+ multi: false
+ required: true
+ show_user: true
+ default: 10s
+ title: Redis keyspace metrics
+ description: Collect Redis keyspace metrics
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/log/agent/stream/stream.yml.hbs b/dev/packages/alpha/redis/0.1.0/dataset/log/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..257c36b1080
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/log/agent/stream/stream.yml.hbs
@@ -0,0 +1,6 @@
+paths:
+{{#each paths as |path i|}}
+ - {{path}}
+{{/each}}
+exclude_files: [".gz$"]
+exclude_lines: ["^\\s+[\\-`('.|_]"] # drop asciiart lines\n
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/log/elasticsearch/ingest-pipeline/default.json b/dev/packages/alpha/redis/0.1.0/dataset/log/elasticsearch/ingest-pipeline/default.json
new file mode 100644
index 00000000000..c9ec2d3371b
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/log/elasticsearch/ingest-pipeline/default.json
@@ -0,0 +1,85 @@
+{
+ "description": "Pipeline for parsing redis logs",
+ "processors": [
+ {
+ "grok": {
+ "field": "message",
+ "patterns": [
+ "(%{POSINT:process.pid:long}:%{CHAR:redis.log.role} )?(%{REDISTIMESTAMP1:redis.log.timestamp}||%{REDISTIMESTAMP2:redis.log.timestamp}) %{REDISLEVEL:log.level} %{GREEDYDATA:message}",
+ "%{POSINT:process.pid:long}:signal-handler \\(%{POSINT:redis.log.timestamp}\\) %{GREEDYDATA:message}"
+ ],
+ "pattern_definitions": {
+ "CHAR": "[a-zA-Z]",
+ "REDISLEVEL": "[.\\-*#]",
+ "REDISTIMESTAMP1": "%{MONTHDAY} %{MONTH} %{TIME}",
+ "REDISTIMESTAMP2": "%{MONTHDAY} %{MONTH} %{YEAR} %{TIME}"
+ }
+ }
+ },
+ {
+ "script": {
+ "lang": "painless",
+ "source": "if (ctx.log.level == params.dot) {\n ctx.log.level = params.debug;\n } else if (ctx.log.level == params.dash) {\n ctx.log.level = params.verbose;\n } else if (ctx.log.level == params.asterisk) {\n ctx.log.level = params.notice;\n } else if (ctx.log.level == params.hash) {\n ctx.log.level = params.warning;\n }",
+ "params": {
+ "dot": ".",
+ "debug": "debug",
+ "dash": "-",
+ "verbose": "verbose",
+ "asterisk": "*",
+ "notice": "notice",
+ "hash": "#",
+ "warning": "warning"
+ }
+ }
+ },
+ {
+ "script": {
+ "lang": "painless",
+ "source": "if (ctx.redis.log.role == params.master_abbrev) {\n ctx.redis.log.role = params.master;\n } else if (ctx.redis.log.role == params.slave_abbrev) {\n ctx.redis.log.role = params.slave;\n } else if (ctx.redis.log.role == params.child_abbrev) {\n ctx.redis.log.role = params.child;\n } else if (ctx.redis.log.role == params.sentinel_abbrev) {\n ctx.redis.log.role = params.sentinel;\n }\n ",
+ "params": {
+ "master_abbrev": "M",
+ "master": "master",
+ "slave_abbrev": "S",
+ "slave": "slave",
+ "child_abbrev": "C",
+ "child": "child",
+ "sentinel_abbrev": "X",
+ "sentinel": "sentinel"
+ }
+ }
+ },
+ {
+ "rename": {
+ "field": "@timestamp",
+ "target_field": "event.created"
+ }
+ },
+ {
+ "date": {
+ "field": "redis.log.timestamp",
+ "target_field": "@timestamp",
+ "formats": [
+ "dd MMM yyyy H:m:s.SSS",
+ "dd MMM H:m:s.SSS",
+ "dd MMM H:m:s",
+ "UNIX"
+ ],
+ "ignore_failure": true
+ }
+ },
+ {
+ "remove": {
+ "field": "redis.log.timestamp",
+ "ignore_failure": true
+ }
+ }
+ ],
+ "on_failure": [
+ {
+ "set": {
+ "field": "error.message",
+ "value": "{{ _ingest.on_failure_message }}"
+ }
+ }
+ ]
+}
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/log/fields/ecs.yml b/dev/packages/alpha/redis/0.1.0/dataset/log/fields/ecs.yml
new file mode 100644
index 00000000000..0e62d1c053c
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/log/fields/ecs.yml
@@ -0,0 +1,30 @@
+- name: message
+ level: core
+ type: text
+ description: |-
+ For log events the message field contains the log message, optimized for viewing in a log viewer.
+ For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event.
+ If multiple messages exist, they can be combined into one message.
+- name: log
+ title: Log
+ group: 2
+ type: group
+ fields:
+ - name: level
+ level: core
+ type: keyword
+ description: |-
+ Original log level of the log event.
+ If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).
+ Some examples are `warn`, `err`, `i`, `informational`.
+ ignore_above: 1024
+- name: process
+ title: Process
+ group: 2
+ type: group
+ fields:
+ - name: pid
+ level: core
+ type: long
+ format: string
+ description: Process id.
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/log/fields/fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/log/fields/fields.yml
new file mode 100644
index 00000000000..7b418fa8570
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/log/fields/fields.yml
@@ -0,0 +1,7 @@
+- name: redis.log
+ type: group
+ fields:
+ - name: role
+ type: keyword
+ description: |
+ The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`.
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/log/fields/package-fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/log/fields/package-fields.yml
new file mode 100644
index 00000000000..372f2b7bc9a
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/log/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: redis
+ type: group
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/log/manifest.yml b/dev/packages/alpha/redis/0.1.0/dataset/log/manifest.yml
new file mode 100644
index 00000000000..4de3ff952fc
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/log/manifest.yml
@@ -0,0 +1,24 @@
+title: Redis application logs
+type: logs
+release: beta
+streams:
+- input: logs
+ vars:
+ - name: paths
+ type: text
+ title: Paths
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - /var/log/redis/redis-server.log*
+ os:
+ darwin:
+ default:
+ - /usr/local/var/log/redis/redis-server.log*
+ - /usr/local/var/db/redis/redis-server.log*
+ windows:
+ default:
+ - c:/program files/Redis/logs/redis.log*
+ title: Redis application logs
+ description: Collect Redis application logs
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/slowlog/agent/stream/stream.yml.hbs b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..e322f9c5c8a
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/agent/stream/stream.yml.hbs
@@ -0,0 +1,5 @@
+hosts:
+{{#each hosts as |host i|}}
+ - {{host}}
+{{/each}}
+password: {{password}}
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/slowlog/elasticsearch/ingest-pipeline/default.json b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/elasticsearch/ingest-pipeline/default.json
new file mode 100644
index 00000000000..688cbbf59fa
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/elasticsearch/ingest-pipeline/default.json
@@ -0,0 +1,11 @@
+{
+ "description": "Pipeline for parsing redis slowlog logs",
+ "processors": [
+ ],
+ "on_failure" : [{
+ "set" : {
+ "field" : "error.message",
+ "value" : "{{ _ingest.on_failure_message }}"
+ }
+ }]
+}
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/slowlog/fields/fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/fields/fields.yml
new file mode 100644
index 00000000000..ea1a6cb8323
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/fields/fields.yml
@@ -0,0 +1,23 @@
+- name: redis.slowlog
+ type: group
+ fields:
+ - name: cmd
+ type: keyword
+ description: |
+ The command executed.
+ - name: duration.us
+ type: long
+ description: |
+ How long it took to execute the command in microseconds.
+ - name: id
+ type: long
+ description: |
+ The ID of the query.
+ - name: key
+ type: keyword
+ description: |
+ The key on which the command was executed.
+ - name: args
+ type: keyword
+ description: |
+ The arguments with which the command was called.
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/slowlog/fields/package-fields.yml b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/fields/package-fields.yml
new file mode 100644
index 00000000000..372f2b7bc9a
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/fields/package-fields.yml
@@ -0,0 +1,2 @@
+- name: redis
+ type: group
diff --git a/dev/packages/alpha/redis/0.1.0/dataset/slowlog/manifest.yml b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/manifest.yml
new file mode 100644
index 00000000000..3d5ac47f16d
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/dataset/slowlog/manifest.yml
@@ -0,0 +1,23 @@
+title: Redis slow logs
+type: logs
+release: beta
+streams:
+- input: logs
+ vars:
+ - name: hosts
+ type: text
+ title: Hosts
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - localhost:6379
+ - name: password
+ type: password
+ title: Password
+ multi: false
+ required: false
+ show_user: false
+ default: ""
+ title: Redis slow logs
+ description: Collect Redis slow logs
diff --git a/dev/packages/alpha/redis/0.1.0/docs/README.md b/dev/packages/alpha/redis/0.1.0/docs/README.md
new file mode 100644
index 00000000000..1dd844d2d44
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/docs/README.md
@@ -0,0 +1,226 @@
+# Redis Integration
+
+This integration periodically fetches logs and metrics from [https://redis.io/](Redis) servers.
+
+## Compatibility
+
+The `log` and `slowlog` datasets were tested with logs from Redis versions 1.2.6, 2.4.6, and 3.0.2, so we expect
+compatibility with any version 1.x, 2.x, or 3.x.
+
+The `info`, `key` and `keyspace` datasets were tested with Redis 3.2.12, 4.0.11 and 5.0-rc4, and are expected to work
+with all versions >= 3.0.
+
+## Logs
+
+### log
+
+The `log` dataset collects the Redis standard logs.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword |
+| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text |
+| process.pid | Process id. | long |
+| redis.log.role | The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`. | keyword |
+
+
+### slowlog
+
+The `slowlog` dataset collects the Redis slow logs.
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword |
+| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | text |
+| process.pid | Process id. | long |
+| redis.log.role | The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), or `sentinel`. | keyword |
+
+
+## Metrics
+
+### info
+
+The `info` dataset collects information and statistics from Redis by running the `INFO` command and parsing the returned
+result.
+
+An example event for `info` looks as following:
+
+```$json
+TODO
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| os.full | Operating system name, including the version or code name. | keyword |
+| process.pid | Process id. | long |
+| redis.info.clients.biggest_input_buf | Biggest input buffer among current client connections (replaced by max_input_buffer). | long |
+| redis.info.clients.blocked | Number of clients pending on a blocking call (BLPOP, BRPOP, BRPOPLPUSH). | long |
+| redis.info.clients.connected | Number of client connections (excluding connections from slaves). | long |
+| redis.info.clients.longest_output_list | Longest output list among current client connections (replaced by max_output_buffer). | long |
+| redis.info.clients.max_input_buffer | Biggest input buffer among current client connections (on redis 5.0). | long |
+| redis.info.clients.max_output_buffer | Longest output list among current client connections. | long |
+| redis.info.cluster.enabled | Indicates that the Redis cluster is enabled. | boolean |
+| redis.info.cpu.used.sys | System CPU consumed by the Redis server. | scaled_float |
+| redis.info.cpu.used.sys_children | User CPU consumed by the Redis server. | scaled_float |
+| redis.info.cpu.used.user | System CPU consumed by the background processes. | scaled_float |
+| redis.info.cpu.used.user_children | User CPU consumed by the background processes. | scaled_float |
+| redis.info.memory.active_defrag.is_running | Flag indicating if active defragmentation is active | boolean |
+| redis.info.memory.allocator | Memory allocator. | keyword |
+| redis.info.memory.allocator_stats.active | Active memeory | long |
+| redis.info.memory.allocator_stats.allocated | Allocated memory | long |
+| redis.info.memory.allocator_stats.fragmentation.bytes | Fragmented bytes | long |
+| redis.info.memory.allocator_stats.fragmentation.ratio | Fragmentation ratio | float |
+| redis.info.memory.allocator_stats.resident | Resident memory | long |
+| redis.info.memory.allocator_stats.rss.bytes | Resident bytes | long |
+| redis.info.memory.allocator_stats.rss.ratio | Resident ratio | float |
+| redis.info.memory.fragmentation.bytes | Bytes between used_memory_rss and used_memory | long |
+| redis.info.memory.fragmentation.ratio | Ratio between used_memory_rss and used_memory | float |
+| redis.info.memory.max.policy | Eviction policy to use when memory limit is reached. | keyword |
+| redis.info.memory.max.value | Memory limit. | long |
+| redis.info.memory.used.dataset | The size in bytes of the dataset | long |
+| redis.info.memory.used.lua | Used memory by the Lua engine. | long |
+| redis.info.memory.used.peak | Peak memory consumed by Redis. | long |
+| redis.info.memory.used.rss | Number of bytes that Redis allocated as seen by the operating system (a.k.a resident set size). | long |
+| redis.info.memory.used.value | Total number of bytes allocated by Redis. | long |
+| redis.info.persistence.aof.bgrewrite.last_status | Status of the last AOF rewrite operatio | keyword |
+| redis.info.persistence.aof.buffer.size | Size of the AOF buffer | long |
+| redis.info.persistence.aof.copy_on_write.last_size | The size in bytes of copy-on-write allocations during the last RBD save operation | long |
+| redis.info.persistence.aof.enabled | Flag indicating AOF logging is activated | boolean |
+| redis.info.persistence.aof.fsync.delayed | Delayed fsync counter | long |
+| redis.info.persistence.aof.fsync.pending | Number of fsync pending jobs in background I/O queue | long |
+| redis.info.persistence.aof.rewrite.buffer.size | Size of the AOF rewrite buffer | long |
+| redis.info.persistence.aof.rewrite.current_time.sec | Duration of the on-going AOF rewrite operation if any | long |
+| redis.info.persistence.aof.rewrite.in_progress | Flag indicating a AOF rewrite operation is on-going | boolean |
+| redis.info.persistence.aof.rewrite.last_time.sec | Duration of the last AOF rewrite operation in seconds | long |
+| redis.info.persistence.aof.rewrite.scheduled | Flag indicating an AOF rewrite operation will be scheduled once the on-going RDB save is complete. | boolean |
+| redis.info.persistence.aof.size.base | AOF file size on latest startup or rewrite | long |
+| redis.info.persistence.aof.size.current | AOF current file size | long |
+| redis.info.persistence.aof.write.last_status | Status of the last write operation to the AOF | keyword |
+| redis.info.persistence.loading | Flag indicating if the load of a dump file is on-going | boolean |
+| redis.info.persistence.rdb.bgsave.current_time.sec | Duration of the on-going RDB save operation if any | long |
+| redis.info.persistence.rdb.bgsave.in_progress | Flag indicating a RDB save is on-going | boolean |
+| redis.info.persistence.rdb.bgsave.last_status | Status of the last RDB save operation | keyword |
+| redis.info.persistence.rdb.bgsave.last_time.sec | Duration of the last RDB save operation in seconds | long |
+| redis.info.persistence.rdb.copy_on_write.last_size | The size in bytes of copy-on-write allocations during the last RBD save operation | long |
+| redis.info.persistence.rdb.last_save.changes_since | Number of changes since the last dump | long |
+| redis.info.persistence.rdb.last_save.time | Epoch-based timestamp of last successful RDB save | long |
+| redis.info.replication.backlog.active | Flag indicating replication backlog is active | long |
+| redis.info.replication.backlog.first_byte_offset | The master offset of the replication backlog buffer | long |
+| redis.info.replication.backlog.histlen | Size in bytes of the data in the replication backlog buffer | long |
+| redis.info.replication.backlog.size | Total size in bytes of the replication backlog buffer | long |
+| redis.info.replication.connected_slaves | Number of connected slaves | long |
+| redis.info.replication.master.last_io_seconds_ago | Number of seconds since the last interaction with master | long |
+| redis.info.replication.master.link_status | Status of the link (up/down) | keyword |
+| redis.info.replication.master.offset | The server's current replication offset | long |
+| redis.info.replication.master.second_offset | The offset up to which replication IDs are accepted | long |
+| redis.info.replication.master.sync.in_progress | Indicate the master is syncing to the slave | boolean |
+| redis.info.replication.master.sync.last_io_seconds_ago | Number of seconds since last transfer I/O during a SYNC operation | long |
+| redis.info.replication.master.sync.left_bytes | Number of bytes left before syncing is complete | long |
+| redis.info.replication.master_offset | The server's current replication offset | long |
+| redis.info.replication.role | Role of the instance (can be "master", or "slave"). | keyword |
+| redis.info.replication.slave.is_readonly | Flag indicating if the slave is read-only | boolean |
+| redis.info.replication.slave.offset | The replication offset of the slave instance | long |
+| redis.info.replication.slave.priority | The priority of the instance as a candidate for failover | long |
+| redis.info.server.arch_bits | | keyword |
+| redis.info.server.build_id | | keyword |
+| redis.info.server.config_file | | keyword |
+| redis.info.server.gcc_version | | keyword |
+| redis.info.server.git_dirty | | keyword |
+| redis.info.server.git_sha1 | | keyword |
+| redis.info.server.hz | | long |
+| redis.info.server.lru_clock | | long |
+| redis.info.server.mode | | keyword |
+| redis.info.server.multiplexing_api | | keyword |
+| redis.info.server.run_id | | keyword |
+| redis.info.server.tcp_port | | long |
+| redis.info.server.uptime | | long |
+| redis.info.slowlog.count | Count of slow operations | long |
+| redis.info.stats.active_defrag.hits | Number of value reallocations performed by active the defragmentation process | long |
+| redis.info.stats.active_defrag.key_hits | Number of keys that were actively defragmented | long |
+| redis.info.stats.active_defrag.key_misses | Number of keys that were skipped by the active defragmentation process | long |
+| redis.info.stats.active_defrag.misses | Number of aborted value reallocations started by the active defragmentation process | long |
+| redis.info.stats.commands_processed | Total number of commands processed. | long |
+| redis.info.stats.connections.received | Total number of connections received. | long |
+| redis.info.stats.connections.rejected | Total number of connections rejected. | long |
+| redis.info.stats.instantaneous.input_kbps | The network's read rate per second in KB/sec | scaled_float |
+| redis.info.stats.instantaneous.ops_per_sec | Number of commands processed per second | long |
+| redis.info.stats.instantaneous.output_kbps | The network's write rate per second in KB/sec | scaled_float |
+| redis.info.stats.keys.evicted | Number of evicted keys due to maxmemory limit | long |
+| redis.info.stats.keys.expired | Total number of key expiration events | long |
+| redis.info.stats.keyspace.hits | Number of successful lookup of keys in the main dictionary | long |
+| redis.info.stats.keyspace.misses | Number of failed lookup of keys in the main dictionary | long |
+| redis.info.stats.latest_fork_usec | Duration of the latest fork operation in microseconds | long |
+| redis.info.stats.migrate_cached_sockets | The number of sockets open for MIGRATE purposes | long |
+| redis.info.stats.net.input.bytes | Total network input in bytes. | long |
+| redis.info.stats.net.output.bytes | Total network output in bytes. | long |
+| redis.info.stats.pubsub.channels | Global number of pub/sub channels with client subscriptions | long |
+| redis.info.stats.pubsub.patterns | Global number of pub/sub pattern with client subscriptions | long |
+| redis.info.stats.slave_expires_tracked_keys | The number of keys tracked for expiry purposes (applicable only to writable slaves) | long |
+| redis.info.stats.sync.full | The number of full resyncs with slaves | long |
+| redis.info.stats.sync.partial.err | The number of denied partial resync requests | long |
+| redis.info.stats.sync.partial.ok | The number of accepted partial resync requests | long |
+| service.version | Version of the service the data was collected from. This allows to look at a data set only for a specific version of a service. | keyword |
+
+
+### key
+
+The `key` dataset collects information about Redis keys.
+
+For each key matching one of the configured patterns, an event is sent to Elasticsearch with information about this key,
+what includes the type, its length when available, and its TTL.
+
+Patterns are configured as a list containing these fields:
+
+* `pattern` (required): pattern for key names, as accepted by the Redis KEYS or SCAN commands.
+* `limit` (optional): safeguard when using patterns with wildcards to avoid collecting too many keys (Default: 0, no limit)
+* `keyspace` (optional): Identifier of the database to use to look for the keys (Default: 0)
+
+An example event for `key` looks as following:
+
+```$json
+TODO
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| redis.key.expire.ttl | Seconds to expire. | long |
+| redis.key.id | Unique id for this key (With the form :). | keyword |
+| redis.key.length | Length of the key (Number of elements for lists, length for strings, cardinality for sets). | long |
+| redis.key.name | Key name. | keyword |
+| redis.key.type | Key type as shown by `TYPE` command. | keyword |
+
+
+### keyspace
+
+The `keyspace` dataset collects information about the Redis keyspaces. For each keyspace, an event is sent to
+Elasticsearch. The keyspace information is fetched from the `INFO` command.
+
+An example event for `keyspace` looks as following:
+
+```$json
+TODO
+```
+
+The fields reported are:
+
+**Exported fields**
+
+| Field | Description | Type |
+|---|---|---|
+| redis.keyspace.avg_ttl | Average ttl. | long |
+| redis.keyspace.expires | | long |
+| redis.keyspace.id | Keyspace identifier. | keyword |
+| redis.keyspace.keys | Number of keys in the keyspace. | long |
+
diff --git a/dev/packages/alpha/redis/0.1.0/img/kibana-redis.png b/dev/packages/alpha/redis/0.1.0/img/kibana-redis.png
new file mode 100644
index 00000000000..8fa104c91bd
Binary files /dev/null and b/dev/packages/alpha/redis/0.1.0/img/kibana-redis.png differ
diff --git a/dev/packages/alpha/redis/0.1.0/img/logo_redis.svg b/dev/packages/alpha/redis/0.1.0/img/logo_redis.svg
new file mode 100644
index 00000000000..1163d1ea52f
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/img/logo_redis.svg
@@ -0,0 +1 @@
+
diff --git a/dev/packages/alpha/redis/0.1.0/img/metricbeat_redis_key_dashboard.png b/dev/packages/alpha/redis/0.1.0/img/metricbeat_redis_key_dashboard.png
new file mode 100644
index 00000000000..76d414b86c4
Binary files /dev/null and b/dev/packages/alpha/redis/0.1.0/img/metricbeat_redis_key_dashboard.png differ
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/dashboard/28969190-0511-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/dashboard/28969190-0511-11e9-9c60-d582a238e2c5-ecs.json
new file mode 100644
index 00000000000..633cb57a43d
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/dashboard/28969190-0511-11e9-9c60-d582a238e2c5-ecs.json
@@ -0,0 +1,170 @@
+{
+ "attributes": {
+ "description": "Redis keys metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "controlledBy": "1545388837304",
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "redis.keyspace.id",
+ "negate": false,
+ "params": [
+ "db0",
+ "db1"
+ ],
+ "type": "phrases",
+ "value": "db0, db1"
+ },
+ "query": {
+ "bool": {
+ "minimum_should_match": 1,
+ "should": [
+ {
+ "match_phrase": {
+ "redis.keyspace.id": "db0"
+ }
+ },
+ {
+ "match_phrase": {
+ "redis.keyspace.id": "db1"
+ }
+ }
+ ]
+ }
+ }
+ }
+ ],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "optionsJSON": {
+ "darkTheme": false,
+ "hidePanelTitles": false,
+ "useMargins": true
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 5,
+ "i": "1",
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "1",
+ "panelRefName": "panel_0",
+ "title": "Keyspace selector",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 15,
+ "i": "2",
+ "w": 36,
+ "x": 12,
+ "y": 0
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_1",
+ "title": "Lists length",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "vis": {
+ "legendOpen": false
+ }
+ },
+ "gridData": {
+ "h": 10,
+ "i": "3",
+ "w": 12,
+ "x": 0,
+ "y": 5
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_2",
+ "title": "Keys by type",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 15,
+ "i": "4",
+ "w": 24,
+ "x": 0,
+ "y": 15
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_3",
+ "title": "Average size of string keys",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 15,
+ "i": "5",
+ "w": 24,
+ "x": 24,
+ "y": 15
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_4",
+ "title": "Average keys TTL",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics Redis] Keys ECS",
+ "version": 1
+ },
+ "id": "28969190-0511-11e9-9c60-d582a238e2c5-ecs",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "00d39210-050d-11e9-9c60-d582a238e2c5-ecs",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "4435ac40-050e-11e9-9c60-d582a238e2c5-ecs",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs",
+ "name": "panel_4",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/dashboard/7fea2930-478e-11e7-b1f0-cb29bac6bf8b-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/dashboard/7fea2930-478e-11e7-b1f0-cb29bac6bf8b-ecs.json
new file mode 100644
index 00000000000..b906692d5c7
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/dashboard/7fea2930-478e-11e7-b1f0-cb29bac6bf8b-ecs.json
@@ -0,0 +1,145 @@
+{
+ "attributes": {
+ "description": "Overview dashboard for the Redis integration (logs)",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "optionsJSON": {
+ "darkTheme": false
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "2",
+ "w": 12,
+ "x": 0,
+ "y": 16
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_0",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "3",
+ "w": 36,
+ "x": 12,
+ "y": 16
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_1",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "columns": [
+ "host.name",
+ "log.level",
+ "redis.log.role",
+ "message"
+ ],
+ "sort": [
+ "@timestamp",
+ "desc"
+ ]
+ },
+ "gridData": {
+ "h": 16,
+ "i": "4",
+ "w": 48,
+ "x": 0,
+ "y": 28
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_2",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "vis": {
+ "legendOpen": false
+ }
+ },
+ "gridData": {
+ "h": 16,
+ "i": "5",
+ "w": 24,
+ "x": 24,
+ "y": 0
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_3",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "columns": [
+ "host.name",
+ "message",
+ "redis.slowlog.duration.us",
+ "redis.slowlog.key"
+ ],
+ "sort": [
+ "@timestamp",
+ "desc"
+ ]
+ },
+ "gridData": {
+ "h": 16,
+ "i": "6",
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "6",
+ "panelRefName": "panel_4",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Logs Redis] Overview ECS",
+ "version": 1
+ },
+ "id": "7fea2930-478e-11e7-b1f0-cb29bac6bf8b-ecs",
+ "references": [
+ {
+ "id": "78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "d2864600-478f-11e7-be88-2ddb32f3df97-ecs",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "73613570-4791-11e7-be88-2ddb32f3df97-ecs",
+ "name": "panel_2",
+ "type": "search"
+ },
+ {
+ "id": "dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs",
+ "name": "panel_4",
+ "type": "search"
+ }
+ ],
+ "type": "dashboard"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/dashboard/AV4YjZ5pux-M-tCAunxK-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/dashboard/AV4YjZ5pux-M-tCAunxK-ecs.json
new file mode 100644
index 00000000000..0e2d54741b3
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/dashboard/AV4YjZ5pux-M-tCAunxK-ecs.json
@@ -0,0 +1,174 @@
+{
+ "attributes": {
+ "description": "Overview of Redis server metrics",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "optionsJSON": {
+ "darkTheme": false
+ },
+ "panelsJSON": [
+ {
+ "embeddableConfig": {
+ "vis": {
+ "defaultColors": {
+ "0 - 100": "rgb(0,104,55)"
+ }
+ }
+ },
+ "gridData": {
+ "h": 12,
+ "i": "2",
+ "w": 12,
+ "x": 0,
+ "y": 0
+ },
+ "panelIndex": "2",
+ "panelRefName": "panel_0",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "1",
+ "w": 20,
+ "x": 12,
+ "y": 0
+ },
+ "panelIndex": "1",
+ "panelRefName": "panel_1",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "vis": {
+ "params": {
+ "sort": {
+ "columnIndex": null,
+ "direction": null
+ }
+ }
+ }
+ },
+ "gridData": {
+ "h": 8,
+ "i": "3",
+ "w": 48,
+ "x": 0,
+ "y": 12
+ },
+ "panelIndex": "3",
+ "panelRefName": "panel_2",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {
+ "vis": {
+ "legendOpen": true
+ }
+ },
+ "gridData": {
+ "h": 8,
+ "i": "4",
+ "w": 16,
+ "x": 0,
+ "y": 20
+ },
+ "panelIndex": "4",
+ "panelRefName": "panel_3",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 8,
+ "i": "5",
+ "w": 16,
+ "x": 16,
+ "y": 20
+ },
+ "panelIndex": "5",
+ "panelRefName": "panel_4",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 8,
+ "i": "6",
+ "w": 12,
+ "x": 32,
+ "y": 20
+ },
+ "panelIndex": "6",
+ "panelRefName": "panel_5",
+ "version": "7.3.0"
+ },
+ {
+ "embeddableConfig": {},
+ "gridData": {
+ "h": 12,
+ "i": "7",
+ "w": 16,
+ "x": 32,
+ "y": 0
+ },
+ "panelIndex": "7",
+ "panelRefName": "panel_6",
+ "version": "7.3.0"
+ }
+ ],
+ "timeRestore": false,
+ "title": "[Metrics Redis] Overview ECS",
+ "version": 1
+ },
+ "id": "AV4YjZ5pux-M-tCAunxK-ecs",
+ "references": [
+ {
+ "id": "Redis-Clients-Metrics-ecs",
+ "name": "panel_0",
+ "type": "visualization"
+ },
+ {
+ "id": "Redis-Connected-clients-ecs",
+ "name": "panel_1",
+ "type": "visualization"
+ },
+ {
+ "id": "Redis-hosts-ecs",
+ "name": "panel_2",
+ "type": "visualization"
+ },
+ {
+ "id": "Redis-Server-Versions-ecs",
+ "name": "panel_3",
+ "type": "visualization"
+ },
+ {
+ "id": "Redis-server-mode-ecs",
+ "name": "panel_4",
+ "type": "visualization"
+ },
+ {
+ "id": "Redis-multiplexing-API-ecs",
+ "name": "panel_5",
+ "type": "visualization"
+ },
+ {
+ "id": "Redis-Keyspaces-ecs",
+ "name": "panel_6",
+ "type": "visualization"
+ }
+ ],
+ "type": "dashboard"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json
new file mode 100644
index 00000000000..ee678bb7715
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/search/0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs.json
@@ -0,0 +1,41 @@
+{
+ "attributes": {
+ "columns": [
+ "host.name",
+ "message",
+ "redis.slowlog.duration.us",
+ "redis.slowlog.key"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": "stream.dataset:redis.slowlog"
+ },
+ "version": true
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "Slow logs [Logs Redis] ECS",
+ "version": 1
+ },
+ "id": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json
new file mode 100644
index 00000000000..221ef9da2f1
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/search/73613570-4791-11e7-be88-2ddb32f3df97-ecs.json
@@ -0,0 +1,99 @@
+{
+ "attributes": {
+ "columns": [
+ "host.name",
+ "log.level",
+ "redis.log.role",
+ "message"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "query",
+ "negate": false,
+ "type": "custom",
+ "value": "{\"match_phrase_prefix\":{\"stream.dataset\":{\"query\":\"redis.\"}}}"
+ },
+ "query": {
+ "match_phrase_prefix": {
+ "stream.dataset": {
+ "query": "redis."
+ }
+ }
+ }
+ },
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "key": "fileset.name",
+ "negate": false,
+ "params": {
+ "query": "log",
+ "type": "phrase"
+ },
+ "type": "phrase",
+ "value": "log"
+ },
+ "query": {
+ "match": {
+ "fileset.name": {
+ "query": "log",
+ "type": "phrase"
+ }
+ }
+ }
+ }
+ ],
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ },
+ "version": true
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "Logs [Logs Redis] ECS",
+ "version": 1
+ },
+ "id": "73613570-4791-11e7-be88-2ddb32f3df97-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/search/Metricbeat-Redis-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/search/Metricbeat-Redis-ecs.json
new file mode 100644
index 00000000000..14808e072b1
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/search/Metricbeat-Redis-ecs.json
@@ -0,0 +1,49 @@
+{
+ "attributes": {
+ "columns": [
+ "_source"
+ ],
+ "description": "",
+ "hits": 0,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlight": {
+ "fields": {
+ "*": {}
+ },
+ "fragment_size": 2147483647,
+ "post_tags": [
+ "@/kibana-highlighted-field@"
+ ],
+ "pre_tags": [
+ "@kibana-highlighted-field@"
+ ],
+ "require_field_match": false
+ },
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": "(stream.dataset:redis.info OR stream.dataset:redis.key OR stream.dataset:redis.keyspace)"
+ }
+ }
+ },
+ "sort": [
+ [
+ "@timestamp",
+ "desc"
+ ]
+ ],
+ "title": "Metrics Redis ECS",
+ "version": 1
+ },
+ "id": "Metrics-Redis-ecs",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "search"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/00d39210-050d-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/00d39210-050d-11e9-9c60-d582a238e2c5-ecs.json
new file mode 100644
index 00000000000..1564a4fda10
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/00d39210-050d-11e9-9c60-d582a238e2c5-ecs.json
@@ -0,0 +1,53 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Keyspace selector [Metrics Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [],
+ "params": {
+ "controls": [
+ {
+ "fieldName": "redis.keyspace.id",
+ "id": "1545388837304",
+ "indexPatternRefName": "control_0_index_pattern",
+ "label": "Keyspace",
+ "options": {
+ "dynamicOptions": true,
+ "multiselect": true,
+ "order": "desc",
+ "size": 5,
+ "type": "terms"
+ },
+ "parent": "",
+ "type": "list"
+ }
+ ],
+ "pinFilters": false,
+ "updateFiltersOnChange": true,
+ "useTimeFilter": false
+ },
+ "title": "Keyspace selector [Metrics Redis] ECS",
+ "type": "input_control_vis"
+ }
+ },
+ "id": "00d39210-050d-11e9-9c60-d582a238e2c5-ecs",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "control_0_index_pattern",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/1e525190-7074-11ea-9bc8-6b38f4d29a16.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/4435ac40-050e-11e9-9c60-d582a238e2c5-ecs.json
similarity index 53%
rename from dev/packages/alpha/endpoint/1.0.0/kibana/visualization/1e525190-7074-11ea-9bc8-6b38f4d29a16.json
rename to dev/packages/alpha/redis/0.1.0/kibana/visualization/4435ac40-050e-11e9-9c60-d582a238e2c5-ecs.json
index d89f76715e5..c72b427d370 100644
--- a/dev/packages/alpha/endpoint/1.0.0/kibana/visualization/1e525190-7074-11ea-9bc8-6b38f4d29a16.json
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/4435ac40-050e-11e9-9c60-d582a238e2c5-ecs.json
@@ -3,22 +3,71 @@
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": {
- "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index"
+ "filter": [],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
}
},
- "title": "[Endpoint] Event Count by Category",
+ "title": "Keys by type [Metrics Redis] ECS",
"uiStateJSON": {
"vis": {
- "legendOpen": false,
- "colors": {
- "Event Count": "#614D93"
- }
+ "legendOpen": false
}
},
"version": 1,
"visState": {
- "title": "[Endpoint] Event Count by Category",
- "type": "horizontal_bar",
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Number of keys",
+ "field": "redis.key.id"
+ },
+ "schema": "metric",
+ "type": "cardinality"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Key type",
+ "field": "redis.key.type",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "group",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "",
+ "drop_partials": false,
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1,
+ "timeRange": {
+ "from": "now-15m",
+ "mode": "quick",
+ "to": "now"
+ },
+ "useNormalizedEsInterval": true
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ }
+ ],
"params": {
"addLegend": true,
"addTimeMarker": false,
@@ -27,12 +76,10 @@
{
"id": "CategoryAxis-1",
"labels": {
- "filter": false,
- "rotate": 0,
"show": true,
- "truncate": 200
+ "truncate": 100
},
- "position": "left",
+ "position": "bottom",
"scale": {
"type": "linear"
},
@@ -42,80 +89,40 @@
"type": "category"
}
],
- "dimensions": {
- "x": {
- "accessor": 0,
- "format": {
- "id": "terms",
- "params": {
- "id": "string",
- "otherBucketLabel": "Other",
- "missingBucketLabel": "Missing",
- "parsedUrl": {
- "origin": "https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243",
- "pathname": "/app/kibana",
- "basePath": ""
- }
- }
- },
- "params": {},
- "label": "Event Category",
- "aggType": "terms"
- },
- "y": [
- {
- "accessor": 1,
- "format": {
- "id": "number"
- },
- "params": {},
- "label": "Event Count",
- "aggType": "count"
- }
- ]
- },
"grid": {
- "categoryLines": false
- },
- "labels": {
- "show": false
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
},
"legendPosition": "right",
"seriesParams": [
{
"data": {
"id": "1",
- "label": "Event Count"
+ "label": "Number of keys"
},
"drawLinesBetweenPoints": true,
- "lineWidth": 2,
"mode": "normal",
- "show": true,
+ "show": "true",
"showCircles": true,
- "type": "histogram",
+ "type": "line",
"valueAxis": "ValueAxis-1"
}
],
- "thresholdLine": {
- "color": "#E7664C",
- "show": false,
- "style": "full",
- "value": 10,
- "width": 1
- },
"times": [],
- "type": "histogram",
+ "type": "line",
"valueAxes": [
{
"id": "ValueAxis-1",
"labels": {
- "filter": true,
+ "filter": false,
"rotate": 0,
"show": true,
"truncate": 100
},
"name": "LeftAxis-1",
- "position": "bottom",
+ "position": "left",
"scale": {
"mode": "normal",
"type": "linear"
@@ -123,54 +130,23 @@
"show": true,
"style": {},
"title": {
- "text": "Event Count"
+ "text": "Number of keys"
},
"type": "value"
}
]
},
- "aggs": [
- {
- "id": "1",
- "enabled": true,
- "type": "count",
- "schema": "metric",
- "params": {
- "customLabel": "Event Count"
- }
- },
- {
- "id": "2",
- "enabled": true,
- "type": "terms",
- "schema": "segment",
- "params": {
- "field": "event.category",
- "orderBy": "1",
- "order": "desc",
- "size": 20,
- "otherBucket": false,
- "otherBucketLabel": "Other",
- "missingBucket": false,
- "missingBucketLabel": "Missing",
- "customLabel": "Event Category"
- }
- }
- ]
+ "title": "Keys by type [Metrics Redis] ECS",
+ "type": "line"
}
},
- "id": "1e525190-7074-11ea-9bc8-6b38f4d29a16",
- "migrationVersion": {
- "visualization": "7.4.2"
- },
+ "id": "4435ac40-050e-11e9-9c60-d582a238e2c5-ecs",
"references": [
{
- "id": "events-*",
+ "id": "metrics-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern"
}
],
- "type": "visualization",
- "updated_at": "2020-04-01T16:09:31.699Z",
- "version": "WzIzMSwxXQ=="
-}
\ No newline at end of file
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs.json
new file mode 100644
index 00000000000..1e3b267cb3d
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs.json
@@ -0,0 +1,194 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "redis.key.expire.ttl",
+ "negate": false,
+ "params": {
+ "gte": 0,
+ "lt": null
+ },
+ "type": "range",
+ "value": "0 to +∞"
+ },
+ "range": {
+ "redis.key.expire.ttl": {
+ "gte": 0,
+ "lt": null
+ }
+ }
+ }
+ ],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Average keys TTL [Metrics Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Average TTL",
+ "field": "redis.key.expire.ttl"
+ },
+ "schema": "metric",
+ "type": "avg"
+ },
+ {
+ "enabled": true,
+ "id": "4",
+ "params": {
+ "customLabel": "Keyspace",
+ "field": "redis.keyspace.id",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "group",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Key type",
+ "field": "redis.key.type",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "group",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "drop_partials": false,
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1,
+ "timeRange": {
+ "from": "now-15m",
+ "mode": "quick",
+ "to": "now"
+ },
+ "useNormalizedEsInterval": true
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {},
+ "type": "category"
+ }
+ ],
+ "grid": {
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
+ },
+ "legendPosition": "right",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Average TTL"
+ },
+ "drawLinesBetweenPoints": true,
+ "mode": "normal",
+ "show": "true",
+ "showCircles": true,
+ "type": "line",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "times": [],
+ "type": "line",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Average TTL"
+ },
+ "type": "value"
+ }
+ ]
+ },
+ "title": "Average keys TTL [Metrics Redis] ECS",
+ "type": "line"
+ }
+ },
+ "id": "517a5fd0-0514-11e9-9c60-d582a238e2c5-ecs",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json
new file mode 100644
index 00000000000..95db1ab9692
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs.json
@@ -0,0 +1,74 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": "stream.dataset:redis.log"
+ },
+ "version": true
+ }
+ },
+ "title": "Log levels and roles breakdown [Logs Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "field": "redis.log.role",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Log level",
+ "field": "log.level",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": false,
+ "legendPosition": "bottom",
+ "type": "pie"
+ },
+ "title": "Log levels and roles breakdown [Logs Redis] ECS",
+ "type": "pie"
+ }
+ },
+ "id": "78b9afe0-478f-11e7-b1f0-cb29bac6bf8b-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs.json
new file mode 100644
index 00000000000..e4fcbd8a836
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs.json
@@ -0,0 +1,197 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "redis.key.type",
+ "negate": false,
+ "params": {
+ "query": "list",
+ "type": "phrase"
+ },
+ "type": "phrase",
+ "value": "list"
+ },
+ "query": {
+ "match": {
+ "redis.key.type": {
+ "query": "list",
+ "type": "phrase"
+ }
+ }
+ }
+ }
+ ],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Lists length [Metrics Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Number of elements",
+ "field": "redis.key.length"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "Keyspace",
+ "field": "redis.keyspace.id",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 16
+ },
+ "schema": "group",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Key name",
+ "field": "redis.key.name",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": true,
+ "otherBucketLabel": "Other",
+ "size": 20
+ },
+ "schema": "group",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "4",
+ "params": {
+ "drop_partials": false,
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1,
+ "timeRange": {
+ "from": "now-15m",
+ "mode": "quick",
+ "to": "now"
+ },
+ "useNormalizedEsInterval": true
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {},
+ "type": "category"
+ }
+ ],
+ "grid": {
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
+ },
+ "legendPosition": "right",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Number of elements"
+ },
+ "drawLinesBetweenPoints": true,
+ "interpolate": "linear",
+ "mode": "normal",
+ "show": "true",
+ "showCircles": true,
+ "type": "line",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "times": [],
+ "type": "line",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Number of elements"
+ },
+ "type": "value"
+ }
+ ]
+ },
+ "title": "Lists length [Metrics Redis] ECS",
+ "type": "line"
+ }
+ },
+ "id": "7f4bc7d0-050c-11e9-9c60-d582a238e2c5-ecs",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs.json
new file mode 100644
index 00000000000..edccc66ee76
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs.json
@@ -0,0 +1,179 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [
+ {
+ "$state": {
+ "store": "appState"
+ },
+ "meta": {
+ "alias": null,
+ "disabled": false,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "key": "redis.key.type",
+ "negate": false,
+ "params": {
+ "query": "string",
+ "type": "phrase"
+ },
+ "type": "phrase",
+ "value": "string"
+ },
+ "query": {
+ "match": {
+ "redis.key.type": {
+ "query": "string",
+ "type": "phrase"
+ }
+ }
+ }
+ }
+ ],
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": ""
+ }
+ }
+ },
+ "title": "Average string key size [Metrics Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Average key size",
+ "field": "redis.key.length"
+ },
+ "schema": "metric",
+ "type": "avg"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "Keyspace",
+ "field": "redis.keyspace.id",
+ "missingBucket": false,
+ "missingBucketLabel": "Missing",
+ "order": "desc",
+ "orderBy": "1",
+ "otherBucket": false,
+ "otherBucketLabel": "Other",
+ "size": 5
+ },
+ "schema": "group",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "drop_partials": false,
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1,
+ "timeRange": {
+ "from": "now-15m",
+ "mode": "quick",
+ "to": "now"
+ },
+ "useNormalizedEsInterval": true
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {},
+ "type": "category"
+ }
+ ],
+ "grid": {
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
+ },
+ "legendPosition": "right",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Average key size"
+ },
+ "drawLinesBetweenPoints": true,
+ "mode": "normal",
+ "show": "true",
+ "showCircles": true,
+ "type": "line",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "times": [],
+ "type": "line",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Average key size"
+ },
+ "type": "value"
+ }
+ ]
+ },
+ "title": "Average string key size [Metrics Redis] ECS",
+ "type": "line"
+ }
+ },
+ "id": "8541a4a0-0513-11e9-9c60-d582a238e2c5-ecs",
+ "references": [
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ },
+ {
+ "id": "metrics-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Clients-Metrics-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Clients-Metrics-ecs.json
new file mode 100644
index 00000000000..31d91c262d8
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Clients-Metrics-ecs.json
@@ -0,0 +1,89 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Clients [Metrics Redis] ECS",
+ "uiStateJSON": {
+ "vis": {
+ "defaultColors": {
+ "0 - 100": "rgb(0,104,55)"
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Connected clients",
+ "field": "redis.info.clients.connected"
+ },
+ "schema": "metric",
+ "type": "max"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "addLegend": false,
+ "addTooltip": true,
+ "fontSize": 60,
+ "gauge": {
+ "autoExtend": false,
+ "backStyle": "Full",
+ "colorSchema": "Green to Red",
+ "colorsRange": [
+ {
+ "from": 0,
+ "to": 100
+ }
+ ],
+ "gaugeColorMode": "None",
+ "gaugeStyle": "Full",
+ "gaugeType": "Metric",
+ "invertColors": false,
+ "labels": {
+ "color": "black",
+ "show": true
+ },
+ "orientation": "vertical",
+ "percentageMode": false,
+ "scale": {
+ "color": "#333",
+ "labels": false,
+ "show": false,
+ "width": 2
+ },
+ "style": {
+ "bgColor": false,
+ "fontSize": 60,
+ "labelColor": false,
+ "subText": ""
+ },
+ "type": "simple",
+ "useRange": false,
+ "verticalSplit": false
+ },
+ "handleNoResults": true,
+ "type": "gauge"
+ },
+ "title": "Clients [Metrics Redis] ECS",
+ "type": "metric"
+ }
+ },
+ "id": "Redis-Clients-Metrics-ecs",
+ "references": [
+ {
+ "id": "Metrics-Redis-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Connected-clients-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Connected-clients-ecs.json
new file mode 100644
index 00000000000..184b24ec65a
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Connected-clients-ecs.json
@@ -0,0 +1,141 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Connected clients [Metrics Redis] ECS",
+ "uiStateJSON": {
+ "vis": {
+ "colors": {
+ "Blocked": "#C15C17"
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Connected",
+ "field": "redis.info.clients.connected"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "Blocked",
+ "field": "redis.info.clients.blocked"
+ },
+ "schema": "metric",
+ "type": "max"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {},
+ "type": "category"
+ }
+ ],
+ "defaultYExtents": false,
+ "grid": {
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
+ },
+ "legendPosition": "right",
+ "mode": "grouped",
+ "scale": "linear",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Count"
+ },
+ "drawLinesBetweenPoints": true,
+ "mode": "stacked",
+ "show": "true",
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "setYExtents": false,
+ "shareYAxis": true,
+ "times": [],
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Count"
+ },
+ "type": "value"
+ }
+ ],
+ "yAxis": {}
+ },
+ "title": "Connected clients [Metrics Redis] ECS",
+ "type": "histogram"
+ }
+ },
+ "id": "Redis-Connected-clients-ecs",
+ "references": [
+ {
+ "id": "Metrics-Redis-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Keyspaces-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Keyspaces-ecs.json
new file mode 100644
index 00000000000..e9854795c71
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Keyspaces-ecs.json
@@ -0,0 +1,141 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Keyspaces [Metrics Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Number of keys",
+ "field": "redis.keyspace.keys"
+ },
+ "schema": "metric",
+ "type": "avg"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "Keyspaces",
+ "field": "redis.keyspace.id",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "group",
+ "type": "terms"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {},
+ "type": "category"
+ }
+ ],
+ "defaultYExtents": false,
+ "grid": {
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
+ },
+ "interpolate": "linear",
+ "legendPosition": "right",
+ "mode": "stacked",
+ "scale": "linear",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Count"
+ },
+ "drawLinesBetweenPoints": true,
+ "interpolate": "linear",
+ "mode": "stacked",
+ "show": "true",
+ "showCircles": true,
+ "type": "area",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "setYExtents": false,
+ "shareYAxis": true,
+ "smoothLines": false,
+ "times": [],
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Count"
+ },
+ "type": "value"
+ }
+ ],
+ "yAxis": {}
+ },
+ "title": "Keyspaces [Metrics Redis] ECS",
+ "type": "area"
+ }
+ },
+ "id": "Redis-Keyspaces-ecs",
+ "references": [
+ {
+ "id": "Metrics-Redis-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Server-Versions-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Server-Versions-ecs.json
new file mode 100644
index 00000000000..6a00c7b01a9
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-Server-Versions-ecs.json
@@ -0,0 +1,60 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Server Versions [Metrics Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Hosts",
+ "field": "service.address"
+ },
+ "schema": "metric",
+ "type": "cardinality"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Multiplexing API",
+ "field": "service.version",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": false,
+ "legendPosition": "right",
+ "shareYAxis": true
+ },
+ "title": "Server Versions [Metrics Redis] ECS",
+ "type": "pie"
+ }
+ },
+ "id": "Redis-Server-Versions-ecs",
+ "references": [
+ {
+ "id": "Metrics-Redis-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-hosts-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-hosts-ecs.json
new file mode 100644
index 00000000000..f9e8c274874
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-hosts-ecs.json
@@ -0,0 +1,112 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Hosts [Metrics Redis] ECS",
+ "uiStateJSON": {
+ "vis": {
+ "params": {
+ "sort": {
+ "columnIndex": null,
+ "direction": null
+ }
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "field": "service.address",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "bucket",
+ "type": "terms"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "customLabel": "Uptime (s)",
+ "field": "redis.info.server.uptime"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "6",
+ "params": {
+ "customLabel": "PID",
+ "field": "process.pid"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Memory",
+ "field": "redis.info.memory.used.peak"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "4",
+ "params": {
+ "customLabel": "CPU used (user)",
+ "field": "redis.info.cpu.used.user"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "5",
+ "params": {
+ "customLabel": "CPU used (system)",
+ "field": "redis.info.cpu.used.sys"
+ },
+ "schema": "metric",
+ "type": "max"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "perPage": 10,
+ "showMeticsAtAllLevels": false,
+ "showPartialRows": false,
+ "showTotal": false,
+ "sort": {
+ "columnIndex": null,
+ "direction": null
+ },
+ "totalFunc": "sum"
+ },
+ "title": "Hosts [Metrics Redis] ECS",
+ "type": "table"
+ }
+ },
+ "id": "Redis-hosts-ecs",
+ "references": [
+ {
+ "id": "Metrics-Redis-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-multiplexing-API-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-multiplexing-API-ecs.json
new file mode 100644
index 00000000000..24dffd40189
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-multiplexing-API-ecs.json
@@ -0,0 +1,60 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Multiplexing API [Metrics Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Hosts",
+ "field": "service.address"
+ },
+ "schema": "metric",
+ "type": "cardinality"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Multiplexing API",
+ "field": "redis.info.server.multiplexing_api",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": false,
+ "legendPosition": "right",
+ "shareYAxis": true
+ },
+ "title": "Multiplexing API [Metrics Redis] ECS",
+ "type": "pie"
+ }
+ },
+ "id": "Redis-multiplexing-API-ecs",
+ "references": [
+ {
+ "id": "Metrics-Redis-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-server-mode-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-server-mode-ecs.json
new file mode 100644
index 00000000000..8790b58be0f
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/Redis-server-mode-ecs.json
@@ -0,0 +1,60 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Server mode [Metrics Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Hosts",
+ "field": "service.address"
+ },
+ "schema": "metric",
+ "type": "cardinality"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Server mode",
+ "field": "redis.info.server.mode",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "listeners": {},
+ "params": {
+ "addLegend": true,
+ "addTooltip": true,
+ "isDonut": false,
+ "legendPosition": "right",
+ "shareYAxis": true
+ },
+ "title": "Server mode [Metrics Redis] ECS",
+ "type": "pie"
+ }
+ },
+ "id": "Redis-server-mode-ecs",
+ "references": [
+ {
+ "id": "Metrics-Redis-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json
new file mode 100644
index 00000000000..31b2b59ba79
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/d2864600-478f-11e7-be88-2ddb32f3df97-ecs.json
@@ -0,0 +1,150 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": [],
+ "highlightAll": true,
+ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "query": {
+ "language": "kuery",
+ "query": "stream.dataset:redis.log"
+ },
+ "version": true
+ }
+ },
+ "title": "Logs over time [Logs Redis] ECS",
+ "uiStateJSON": {
+ "vis": {
+ "colors": {
+ "notice": "#629E51",
+ "warning": "#EF843C"
+ }
+ }
+ },
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {},
+ "schema": "metric",
+ "type": "count"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "extended_bounds": {},
+ "field": "@timestamp",
+ "interval": "auto",
+ "min_doc_count": 1
+ },
+ "schema": "segment",
+ "type": "date_histogram"
+ },
+ {
+ "enabled": true,
+ "id": "3",
+ "params": {
+ "field": "log.level",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "group",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "show": true,
+ "truncate": 100
+ },
+ "position": "bottom",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "@timestamp per month"
+ },
+ "type": "category"
+ }
+ ],
+ "defaultYExtents": false,
+ "drawLinesBetweenPoints": true,
+ "grid": {
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
+ },
+ "interpolate": "linear",
+ "legendPosition": "right",
+ "radiusRatio": 9,
+ "scale": "linear",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Count"
+ },
+ "drawLinesBetweenPoints": true,
+ "mode": "stacked",
+ "show": "true",
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "setYExtents": false,
+ "showCircles": true,
+ "times": [],
+ "type": "histogram",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "left",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Count"
+ },
+ "type": "value"
+ }
+ ]
+ },
+ "title": "Logs over time [Logs Redis] ECS",
+ "type": "histogram"
+ }
+ },
+ "id": "d2864600-478f-11e7-be88-2ddb32f3df97-ecs",
+ "references": [
+ {
+ "id": "logs-*",
+ "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+ "type": "index-pattern"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/kibana/visualization/dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs.json b/dev/packages/alpha/redis/0.1.0/kibana/visualization/dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs.json
new file mode 100644
index 00000000000..f2d2c8d2997
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/kibana/visualization/dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs.json
@@ -0,0 +1,131 @@
+{
+ "attributes": {
+ "description": "",
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON": {
+ "filter": []
+ }
+ },
+ "savedSearchRefName": "search_0",
+ "title": "Top slowest commands [Logs Redis] ECS",
+ "uiStateJSON": {},
+ "version": 1,
+ "visState": {
+ "aggs": [
+ {
+ "enabled": true,
+ "id": "1",
+ "params": {
+ "customLabel": "Command",
+ "field": "redis.slowlog.duration.us"
+ },
+ "schema": "metric",
+ "type": "max"
+ },
+ {
+ "enabled": true,
+ "id": "2",
+ "params": {
+ "customLabel": "Duration (microseconds)",
+ "field": "redis.slowlog.cmd",
+ "order": "desc",
+ "orderBy": "1",
+ "size": 5
+ },
+ "schema": "segment",
+ "type": "terms"
+ }
+ ],
+ "params": {
+ "addLegend": true,
+ "addTimeMarker": false,
+ "addTooltip": true,
+ "categoryAxes": [
+ {
+ "id": "CategoryAxis-1",
+ "labels": {
+ "filter": false,
+ "rotate": 0,
+ "show": true,
+ "truncate": 200
+ },
+ "position": "left",
+ "scale": {
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Duration (microseconds)"
+ },
+ "type": "category"
+ }
+ ],
+ "defaultYExtents": false,
+ "drawLinesBetweenPoints": true,
+ "grid": {
+ "categoryLines": false,
+ "style": {
+ "color": "#eee"
+ }
+ },
+ "interpolate": "linear",
+ "legendPosition": "right",
+ "radiusRatio": 9,
+ "scale": "linear",
+ "seriesParams": [
+ {
+ "data": {
+ "id": "1",
+ "label": "Command"
+ },
+ "drawLinesBetweenPoints": true,
+ "mode": "normal",
+ "show": true,
+ "showCircles": true,
+ "type": "histogram",
+ "valueAxis": "ValueAxis-1"
+ }
+ ],
+ "setYExtents": false,
+ "showCircles": true,
+ "times": [],
+ "type": "histogram",
+ "valueAxes": [
+ {
+ "id": "ValueAxis-1",
+ "labels": {
+ "filter": true,
+ "rotate": 75,
+ "show": true,
+ "truncate": 100
+ },
+ "name": "LeftAxis-1",
+ "position": "bottom",
+ "scale": {
+ "mode": "normal",
+ "type": "linear"
+ },
+ "show": true,
+ "style": {},
+ "title": {
+ "text": "Command"
+ },
+ "type": "value"
+ }
+ ]
+ },
+ "title": "Top slowest commands [Logs Redis] ECS",
+ "type": "histogram"
+ }
+ },
+ "id": "dcccaa80-4791-11e7-be88-2ddb32f3df97-ecs",
+ "references": [
+ {
+ "id": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b-ecs",
+ "name": "search_0",
+ "type": "search"
+ }
+ ],
+ "type": "visualization"
+}
diff --git a/dev/packages/alpha/redis/0.1.0/manifest.yml b/dev/packages/alpha/redis/0.1.0/manifest.yml
new file mode 100644
index 00000000000..9e714760623
--- /dev/null
+++ b/dev/packages/alpha/redis/0.1.0/manifest.yml
@@ -0,0 +1,79 @@
+format_version: 1.0.0
+name: redis
+title: Redis
+version: 0.1.0
+license: basic
+description: Redis Integration
+type: integration
+categories:
+- logs
+- metrics
+release: beta
+removable: true
+requirement:
+ kibana:
+ versions: '>=7.3.0 <8.0.0'
+ elasticsearch:
+ versions: '>7.0.1'
+screenshots:
+- src: /img/kibana-redis.png
+ title: kibana redis
+ size: 1124x1079
+ type: image/png
+- src: /img/metricbeat_redis_key_dashboard.png
+ title: metricbeat redis key dashboard
+ size: 1855x949
+ type: image/png
+icons:
+- src: /img/logo_redis.svg
+ title: logo redis
+ size: 32x32
+ type: image/svg+xml
+datasources:
+- name: redis
+ title: Redis logs and metrics
+ description: Collect logs and metrics from Redis instances
+ inputs:
+ - type: logs
+ title: Collect logs from Redis instances
+ description: Collecting Redis log and slowlog logs
+ - type: redis/metrics
+ vars:
+ - name: hosts
+ type: text
+ title: Hosts
+ multi: true
+ required: true
+ show_user: true
+ default:
+ - 127.0.0.1:6379
+ - name: idle_timeout
+ type: text
+ title: Idle Timeout
+ multi: false
+ required: false
+ show_user: false
+ default: 20s
+ - name: maxconn
+ type: integer
+ title: Maxconn
+ multi: false
+ required: false
+ show_user: false
+ default: 10
+ - name: network
+ type: text
+ title: Network
+ multi: false
+ required: false
+ show_user: false
+ default: tcp
+ - name: password
+ type: password
+ title: Password
+ multi: false
+ required: false
+ show_user: false
+ default: ""
+ title: Collect metrics from Redis instances
+ description: Collecting Redis info, key and keyspace metrics
diff --git a/dev/packages/alpha/system/0.0.3/dataset/auth/agent/stream/log.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/auth/agent/stream/log.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/auth/agent/stream/log.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/auth/agent/stream/log.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/auth/elasticsearch/ingest-pipeline/default.json b/dev/packages/alpha/system/0.1.0/dataset/auth/elasticsearch/ingest-pipeline/default.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/auth/elasticsearch/ingest-pipeline/default.json
rename to dev/packages/alpha/system/0.1.0/dataset/auth/elasticsearch/ingest-pipeline/default.json
diff --git a/dev/packages/alpha/system/0.0.3/dataset/auth/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/system/0.1.0/dataset/auth/elasticsearch/ingest-pipeline/default.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/auth/elasticsearch/ingest-pipeline/default.yml
rename to dev/packages/alpha/system/0.1.0/dataset/auth/elasticsearch/ingest-pipeline/default.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/auth/fields/ecs.yml b/dev/packages/alpha/system/0.1.0/dataset/auth/fields/ecs.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/auth/fields/ecs.yml
rename to dev/packages/alpha/system/0.1.0/dataset/auth/fields/ecs.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/auth/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/auth/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/auth/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/auth/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/auth/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/auth/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/auth/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/auth/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/auth/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/auth/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/auth/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/auth/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/core/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/core/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/core/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/core/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/core/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/core/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/core/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/core/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/core/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/core/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/core/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/core/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/core/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/core/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/core/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/core/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/cpu/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/cpu/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/cpu/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/cpu/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/cpu/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/cpu/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/cpu/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/cpu/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/cpu/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/cpu/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/cpu/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/cpu/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/cpu/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/cpu/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/cpu/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/cpu/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/diskio/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/diskio/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/diskio/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/diskio/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/diskio/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/diskio/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/diskio/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/diskio/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/diskio/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/diskio/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/diskio/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/diskio/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/diskio/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/diskio/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/diskio/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/diskio/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/entropy/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/entropy/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/entropy/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/entropy/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/entropy/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/entropy/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/entropy/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/entropy/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/entropy/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/entropy/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/entropy/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/entropy/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/entropy/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/entropy/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/entropy/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/entropy/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/filesystem/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/filesystem/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/filesystem/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/filesystem/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/filesystem/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/filesystem/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/filesystem/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/filesystem/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/filesystem/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/filesystem/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/filesystem/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/filesystem/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/filesystem/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/filesystem/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/filesystem/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/filesystem/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/fsstat/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/fsstat/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/fsstat/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/fsstat/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/fsstat/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/fsstat/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/fsstat/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/fsstat/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/fsstat/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/fsstat/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/fsstat/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/fsstat/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/fsstat/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/fsstat/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/fsstat/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/fsstat/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/load/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/load/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/load/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/load/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/load/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/load/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/load/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/load/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/load/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/load/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/load/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/load/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/load/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/load/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/load/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/load/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/memory/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/memory/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/memory/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/memory/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/memory/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/memory/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/memory/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/memory/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/memory/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/memory/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/memory/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/memory/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/memory/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/memory/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/memory/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/memory/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/network/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/network/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/network/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/network/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/network/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/network/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/network/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/network/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/network/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/network/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/network/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/network/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/network/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/network/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/network/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/network/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/network_summary/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/network_summary/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/network_summary/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/network_summary/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/network_summary/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/network_summary/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/network_summary/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/network_summary/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/network_summary/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/network_summary/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/network_summary/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/network_summary/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/network_summary/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/network_summary/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/network_summary/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/network_summary/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/process/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/process/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/process/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/process/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/process/fields/ecs.yml b/dev/packages/alpha/system/0.1.0/dataset/process/fields/ecs.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/process/fields/ecs.yml
rename to dev/packages/alpha/system/0.1.0/dataset/process/fields/ecs.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/process/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/process/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/process/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/process/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/process/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/process/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/process/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/process/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/process/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/process/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/process/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/process/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/process_summary/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/process_summary/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/process_summary/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/process_summary/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/process_summary/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/process_summary/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/process_summary/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/process_summary/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/process_summary/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/process_summary/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/process_summary/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/process_summary/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/process_summary/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/process_summary/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/process_summary/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/process_summary/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/raid/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/raid/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/raid/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/raid/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/raid/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/raid/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/raid/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/raid/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/raid/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/raid/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/raid/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/raid/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/raid/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/raid/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/raid/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/raid/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/service/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/service/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/service/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/service/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/service/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/service/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/service/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/service/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/service/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/service/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/service/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/service/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/service/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/service/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/service/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/service/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/socket/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/socket/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/socket/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/socket/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/socket/fields/ecs.yml b/dev/packages/alpha/system/0.1.0/dataset/socket/fields/ecs.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/socket/fields/ecs.yml
rename to dev/packages/alpha/system/0.1.0/dataset/socket/fields/ecs.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/socket/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/socket/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/socket/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/socket/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/socket/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/socket/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/socket/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/socket/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/socket/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/socket/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/socket/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/socket/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/socket_summary/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/socket_summary/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/socket_summary/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/socket_summary/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/socket_summary/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/socket_summary/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/socket_summary/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/socket_summary/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/socket_summary/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/socket_summary/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/socket_summary/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/socket_summary/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/socket_summary/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/socket_summary/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/socket_summary/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/socket_summary/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/syslog/agent/stream/log.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/syslog/agent/stream/log.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/syslog/agent/stream/log.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/syslog/agent/stream/log.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/syslog/elasticsearch/ingest-pipeline/default.json b/dev/packages/alpha/system/0.1.0/dataset/syslog/elasticsearch/ingest-pipeline/default.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/syslog/elasticsearch/ingest-pipeline/default.json
rename to dev/packages/alpha/system/0.1.0/dataset/syslog/elasticsearch/ingest-pipeline/default.json
diff --git a/dev/packages/alpha/system/0.0.3/dataset/syslog/elasticsearch/ingest-pipeline/default.yml b/dev/packages/alpha/system/0.1.0/dataset/syslog/elasticsearch/ingest-pipeline/default.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/syslog/elasticsearch/ingest-pipeline/default.yml
rename to dev/packages/alpha/system/0.1.0/dataset/syslog/elasticsearch/ingest-pipeline/default.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/syslog/fields/ecs.yml b/dev/packages/alpha/system/0.1.0/dataset/syslog/fields/ecs.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/syslog/fields/ecs.yml
rename to dev/packages/alpha/system/0.1.0/dataset/syslog/fields/ecs.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/syslog/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/syslog/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/syslog/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/syslog/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/syslog/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/syslog/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/syslog/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/syslog/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/syslog/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/syslog/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/syslog/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/syslog/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/uptime/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/uptime/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/uptime/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/uptime/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/uptime/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/uptime/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/uptime/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/uptime/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/uptime/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/uptime/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/uptime/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/uptime/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/uptime/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/uptime/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/uptime/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/uptime/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/users/agent/stream/stream.yml.hbs b/dev/packages/alpha/system/0.1.0/dataset/users/agent/stream/stream.yml.hbs
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/users/agent/stream/stream.yml.hbs
rename to dev/packages/alpha/system/0.1.0/dataset/users/agent/stream/stream.yml.hbs
diff --git a/dev/packages/alpha/system/0.0.3/dataset/users/fields/fields.yml b/dev/packages/alpha/system/0.1.0/dataset/users/fields/fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/users/fields/fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/users/fields/fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/users/fields/package-fields.yml b/dev/packages/alpha/system/0.1.0/dataset/users/fields/package-fields.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/users/fields/package-fields.yml
rename to dev/packages/alpha/system/0.1.0/dataset/users/fields/package-fields.yml
diff --git a/dev/packages/alpha/system/0.0.3/dataset/users/manifest.yml b/dev/packages/alpha/system/0.1.0/dataset/users/manifest.yml
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/dataset/users/manifest.yml
rename to dev/packages/alpha/system/0.1.0/dataset/users/manifest.yml
diff --git a/dev/packages/alpha/system/0.0.3/docs/README.md b/dev/packages/alpha/system/0.1.0/docs/README.md
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/docs/README.md
rename to dev/packages/alpha/system/0.1.0/docs/README.md
diff --git a/dev/packages/alpha/system/0.0.3/img/kibana-system.png b/dev/packages/alpha/system/0.1.0/img/kibana-system.png
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/img/kibana-system.png
rename to dev/packages/alpha/system/0.1.0/img/kibana-system.png
diff --git a/dev/packages/alpha/system/0.0.3/img/metricbeat-services-host.png b/dev/packages/alpha/system/0.1.0/img/metricbeat-services-host.png
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/img/metricbeat-services-host.png
rename to dev/packages/alpha/system/0.1.0/img/metricbeat-services-host.png
diff --git a/dev/packages/alpha/system/0.0.3/img/metricbeat_system_dashboard.png b/dev/packages/alpha/system/0.1.0/img/metricbeat_system_dashboard.png
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/img/metricbeat_system_dashboard.png
rename to dev/packages/alpha/system/0.1.0/img/metricbeat_system_dashboard.png
diff --git a/dev/packages/alpha/system/0.0.3/img/system.svg b/dev/packages/alpha/system/0.1.0/img/system.svg
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/img/system.svg
rename to dev/packages/alpha/system/0.1.0/img/system.svg
diff --git a/dev/packages/alpha/system/0.0.3/kibana/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/dashboard/CPU-slash-Memory-per-container-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/dashboard/CPU-slash-Memory-per-container-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/dashboard/CPU-slash-Memory-per-container-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/dashboard/CPU-slash-Memory-per-container-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/dashboard/Filebeat-syslog-dashboard-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/dashboard/Filebeat-syslog-dashboard-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/dashboard/Filebeat-syslog-dashboard-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/dashboard/Filebeat-syslog-dashboard-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/dashboard/Metricbeat-system-overview-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/dashboard/Metricbeat-system-overview-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/dashboard/Metricbeat-system-overview-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/dashboard/Metricbeat-system-overview-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/dashboard/c431f410-f9ac-11e9-90e8-1fb18e796788.json b/dev/packages/alpha/system/0.1.0/kibana/dashboard/c431f410-f9ac-11e9-90e8-1fb18e796788.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/dashboard/c431f410-f9ac-11e9-90e8-1fb18e796788.json
rename to dev/packages/alpha/system/0.1.0/kibana/dashboard/c431f410-f9ac-11e9-90e8-1fb18e796788.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/search/62439dc0-f9c9-11e6-a747-6121780e0414-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/search/Syslog-system-logs-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/search/Syslog-system-logs-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/search/Syslog-system-logs-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/search/Syslog-system-logs-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/089b85d0-1b16-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/089b85d0-1b16-11e7-b09e-037021c4f8df-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/089b85d0-1b16-11e7-b09e-037021c4f8df-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/089b85d0-1b16-11e7-b09e-037021c4f8df-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/12667040-fa80-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/12667040-fa80-11e6-a1df-a78bd7504d38-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/12667040-fa80-11e6-a1df-a78bd7504d38-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/12667040-fa80-11e6-a1df-a78bd7504d38-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/1aae9140-1b93-11e7-8ada-3df93aab833e-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/1aae9140-1b93-11e7-8ada-3df93aab833e-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/1aae9140-1b93-11e7-8ada-3df93aab833e-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/1aae9140-1b93-11e7-8ada-3df93aab833e-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/26732e20-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/26732e20-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/26732e20-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/26732e20-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/2e224660-1b19-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/2e224660-1b19-11e7-b09e-037021c4f8df-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/2e224660-1b19-11e7-b09e-037021c4f8df-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/2e224660-1b19-11e7-b09e-037021c4f8df-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/327417e0-8462-11e7-bab8-bd2f0fb42c54-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/34f97ee0-1b96-11e7-8ada-3df93aab833e-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/34f97ee0-1b96-11e7-8ada-3df93aab833e-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/34f97ee0-1b96-11e7-8ada-3df93aab833e-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/34f97ee0-1b96-11e7-8ada-3df93aab833e-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/3d65d450-a9c3-11e7-af20-67db8aecb295-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/3d65d450-a9c3-11e7-af20-67db8aecb295-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/3d65d450-a9c3-11e7-af20-67db8aecb295-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/3d65d450-a9c3-11e7-af20-67db8aecb295-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/4b254630-f998-11e9-90e8-1fb18e796788.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/4b254630-f998-11e9-90e8-1fb18e796788.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/4b254630-f998-11e9-90e8-1fb18e796788.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/4b254630-f998-11e9-90e8-1fb18e796788.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/4d546850-1b15-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/4d546850-1b15-11e7-b09e-037021c4f8df-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/4d546850-1b15-11e7-b09e-037021c4f8df-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/4d546850-1b15-11e7-b09e-037021c4f8df-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/590a60f0-5d87-11e7-8884-1bb4c3b890e4-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/590a60f0-5d87-11e7-8884-1bb4c3b890e4-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/590a60f0-5d87-11e7-8884-1bb4c3b890e4-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/590a60f0-5d87-11e7-8884-1bb4c3b890e4-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/855899e0-1b1c-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/855899e0-1b1c-11e7-b09e-037021c4f8df-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/855899e0-1b1c-11e7-b09e-037021c4f8df-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/855899e0-1b1c-11e7-b09e-037021c4f8df-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/8c071e20-f999-11e9-90e8-1fb18e796788.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/8c071e20-f999-11e9-90e8-1fb18e796788.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/8c071e20-f999-11e9-90e8-1fb18e796788.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/8c071e20-f999-11e9-90e8-1fb18e796788.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/96976150-4d5d-11e7-aa29-87a97a796de6-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/96976150-4d5d-11e7-aa29-87a97a796de6-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/96976150-4d5d-11e7-aa29-87a97a796de6-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/96976150-4d5d-11e7-aa29-87a97a796de6-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/9c69cad0-f9b0-11e9-90e8-1fb18e796788.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/9c69cad0-f9b0-11e9-90e8-1fb18e796788.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/9c69cad0-f9b0-11e9-90e8-1fb18e796788.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/9c69cad0-f9b0-11e9-90e8-1fb18e796788.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/Container-Block-IO-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/Container-Block-IO-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/Container-Block-IO-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/Container-Block-IO-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/Container-CPU-usage-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/Container-CPU-usage-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/Container-CPU-usage-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/Container-CPU-usage-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/Container-Memory-stats-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/Container-Memory-stats-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/Container-Memory-stats-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/Container-Memory-stats-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/Syslog-events-by-hostname-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/Syslog-events-by-hostname-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/Syslog-events-by-hostname-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/Syslog-events-by-hostname-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/Syslog-hostnames-and-processes-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/Syslog-hostnames-and-processes-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/Syslog-hostnames-and-processes-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/Syslog-hostnames-and-processes-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/System-Navigation-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/System-Navigation-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/System-Navigation-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/System-Navigation-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/a30871f0-f98f-11e9-90e8-1fb18e796788.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/a30871f0-f98f-11e9-90e8-1fb18e796788.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/a30871f0-f98f-11e9-90e8-1fb18e796788.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/a30871f0-f98f-11e9-90e8-1fb18e796788.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/bb3a8720-f991-11e9-90e8-1fb18e796788.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/bb3a8720-f991-11e9-90e8-1fb18e796788.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/bb3a8720-f991-11e9-90e8-1fb18e796788.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/bb3a8720-f991-11e9-90e8-1fb18e796788.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/d3f51850-f9b6-11e9-90e8-1fb18e796788.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/d3f51850-f9b6-11e9-90e8-1fb18e796788.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/d3f51850-f9b6-11e9-90e8-1fb18e796788.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/d3f51850-f9b6-11e9-90e8-1fb18e796788.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/e0f001c0-1b18-11e7-b09e-037021c4f8df-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/e0f001c0-1b18-11e7-b09e-037021c4f8df-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/e0f001c0-1b18-11e7-b09e-037021c4f8df-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/e0f001c0-1b18-11e7-b09e-037021c4f8df-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/e6e639e0-f992-11e9-90e8-1fb18e796788.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/e6e639e0-f992-11e9-90e8-1fb18e796788.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/e6e639e0-f992-11e9-90e8-1fb18e796788.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/e6e639e0-f992-11e9-90e8-1fb18e796788.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/kibana/visualization/fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs.json b/dev/packages/alpha/system/0.1.0/kibana/visualization/fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs.json
similarity index 100%
rename from dev/packages/alpha/system/0.0.3/kibana/visualization/fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs.json
rename to dev/packages/alpha/system/0.1.0/kibana/visualization/fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs.json
diff --git a/dev/packages/alpha/system/0.0.3/manifest.yml b/dev/packages/alpha/system/0.1.0/manifest.yml
similarity index 98%
rename from dev/packages/alpha/system/0.0.3/manifest.yml
rename to dev/packages/alpha/system/0.1.0/manifest.yml
index bebbf22bae5..4073974439a 100644
--- a/dev/packages/alpha/system/0.0.3/manifest.yml
+++ b/dev/packages/alpha/system/0.1.0/manifest.yml
@@ -1,7 +1,7 @@
format_version: 1.0.0
name: system
title: System
-version: 0.0.3
+version: 0.1.0
license: basic
description: System Integration
type: integration
diff --git a/magefile.go b/magefile.go
index 9f181023dd9..fd31fc43c29 100644
--- a/magefile.go
+++ b/magefile.go
@@ -30,10 +30,11 @@ var (
// GoLicenserImportPath controls the import path used to install go-licenser.
GoLicenserImportPath = "github.com/elastic/go-licenser"
- publicDir = "./public"
- buildDir = "./build"
- packagePaths = []string{"./dev/packages/alpha/", "./dev/packages/example/", "./dev/packages/beats/"}
- tarGz = true
+ publicDir = "./public"
+ buildDir = "./build"
+ storageRepoDir = filepath.Join(buildDir, "package-storage")
+ packagePaths = []string{filepath.Join(storageRepoDir, "packages"), "./dev/packages/beats/"}
+ tarGz = true
)
func Build() error {
@@ -42,6 +43,11 @@ func Build() error {
return err
}
+ err = fetchPatchStorage()
+ if err != nil {
+ return err
+ }
+
for _, p := range packagePaths {
err := sh.Run("go", "run", "github.com/elastic/package-registry/dev/generator/", "-sourceDir="+p, "-publicDir="+publicDir, "-tarGz="+strconv.FormatBool(tarGz))
if err != nil {
@@ -74,6 +80,29 @@ func BuildPublicDirectory() error {
return nil
}
+func fetchPatchStorage() error {
+ _, err := os.Stat(storageRepoDir)
+ if err == nil {
+ return nil // package storage has been already fetched
+ }
+
+ err = sh.Run("git", "clone", "https://github.com/elastic/package-storage.git", storageRepoDir)
+ if err != nil {
+ return err
+ }
+
+ packageStorageRevision := os.Getenv("PACKAGE_STORAGE_REVISION")
+ if packageStorageRevision == "" {
+ packageStorageRevision = "master"
+ }
+
+ return sh.Run("git",
+ "--git-dir", filepath.Join(storageRepoDir, ".git"),
+ "--work-tree", storageRepoDir,
+ "checkout",
+ packageStorageRevision)
+}
+
func ImportBeats() error {
args := []string{"run", "./dev/import-beats/"}
if os.Getenv("SKIP_KIBANA") == "true" {
@@ -216,12 +245,7 @@ func Clean() error {
return err
}
- err = os.RemoveAll(publicDir)
- if err != nil {
- return err
- }
-
- return os.Remove("package-registry")
+ return os.RemoveAll(publicDir)
}
func Vendor() error {