From c45a39a1e055528de11b90a94ef09e5f8107355d Mon Sep 17 00:00:00 2001
From: Harper Carroll <harper.carroll@logrhythm.com>
Date: Fri, 5 Aug 2016 16:29:47 -0600
Subject: [PATCH 1/4] added events index

---
 scripts/setDefaultIndex.py | 44 ++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/scripts/setDefaultIndex.py b/scripts/setDefaultIndex.py
index 10ad9687a11742..3d71fb18a7458f 100644
--- a/scripts/setDefaultIndex.py
+++ b/scripts/setDefaultIndex.py
@@ -13,17 +13,24 @@
 UTIL = Utility()
 
 NM_INDEX_PATTERN='[network_]YYYY_MM_DD'
+EVENTS_INDEX_PATTERN='[events_]YYYY_MM_DD'
 DEFAULT_INDEX='"defaultIndex": \"%s\"' % NM_INDEX_PATTERN
 VERIFIED = 1
 
 FIELD_FORMAT_MAPPINGS_FILE = "/usr/local/kibana-" + esUtil.KIBANA_VERSION + "-linux-x64/resources/mappings.json"
 
-index_pattern_content = {
+network_index_pattern_content = {
     "title": "[network_]YYYY_MM_DD",
     "intervalName": "days",
     "timeFieldName": "TimeUpdated"
 }
 
+events_index_pattern_content = {
+    "title": "[events_]YYYY_MM_DD",
+    "intervalName": "days",
+    "timeFieldName": "TimeUpdated"
+}
+
 version_config_content = {
     "defaultIndex": "[network_]YYYY_MM_DD"
 }
@@ -99,7 +106,7 @@ def create_document_if_it_doesnt_exist(es_index, es_type, es_id, es_body):
         return document_created
 
 def get_field_mappings(filename):
-    global index_pattern_content
+    global network_index_pattern_content
     corrected_mappings = {}
     mappings_json = UTIL.read_json_from_file(filename)
     value = UTIL.safe_list_read(mappings_json, 'fieldFormatMap')
@@ -112,19 +119,19 @@ def get_field_mappings(filename):
 # ----------------- MAIN -----------------
 def main():
 
-    global index_pattern_content
+    global network_index_pattern_content
 
     # Add fieldFormatMap to index-pattern content
     get_field_mappings(filename=FIELD_FORMAT_MAPPINGS_FILE)
 
-    logging.info("================================== INDEX PATTERN ==================================")
+    logging.info("================================== NM INDEX PATTERN ==================================")
     index_pattern_doc_created = create_document_if_it_doesnt_exist(esUtil.KIBANA_INDEX,
                                                                    esUtil.INDEX_PATTERN_TYPE,
                                                                    NM_INDEX_PATTERN,
-                                                                   index_pattern_content)
+                                                                   network_index_pattern_content)
     index_pattern_missing_fields = verify_document_for_content(esUtil.KIBANA_INDEX,
                                                                esUtil.INDEX_PATTERN_TYPE,
-                                                               index_pattern_content)
+                                                               network_index_pattern_content)
     if len(index_pattern_missing_fields) > 0:
         logging.info("Updating Network Monitor index-pattern with missing fields: ")
         for key in index_pattern_missing_fields:
@@ -141,6 +148,31 @@ def main():
     else:
         logging.info("No missing index-pattern fields.")
 
+    logging.info("================================== EVENTS INDEX PATTERN ==================================")
+
+    index_pattern_doc_created = create_document_if_it_doesnt_exist(esUtil.KIBANA_INDEX,
+                                                                   esUtil.INDEX_PATTERN_TYPE,
+                                                                   EVENTS_INDEX_PATTERN,
+                                                                   events_index_pattern_content)
+    index_pattern_missing_fields = verify_document_for_content(esUtil.KIBANA_INDEX,
+                                                               esUtil.INDEX_PATTERN_TYPE,
+                                                               events_index_pattern_content)
+    if len(index_pattern_missing_fields) > 0:
+        logging.info("Updating Network Monitor index-pattern with missing fields: ")
+        for key in index_pattern_missing_fields:
+            logging.info("      " + key + ":    " + index_pattern_missing_fields[key])
+        updated, update_ret = esUtil.function_with_timeout(esUtil.ES_QUERY_TIMEOUT,
+                                                         esUtil.update_document,
+                                                            esUtil.KIBANA_INDEX,
+                                                            esUtil.INDEX_PATTERN_TYPE,
+                                                            EVENTS_INDEX_PATTERN,
+                                                            esUtil.format_for_update(index_pattern_missing_fields))
+        if not updated:
+            logging.error("Unable to add missing index-pattern fields:")
+            logging.error(update_ret)
+    else:
+        logging.info("No missing index-pattern fields.")
+
     logging.info("================================== " + esUtil.KIBANA_VERSION + " CONFIG ==================================")
     config_doc_created = create_document_if_it_doesnt_exist(esUtil.KIBANA_INDEX,
                                                             esUtil.CONFIG_TYPE,

From 49ab3dee63b6b47ec7f97c570d1068219eddab35 Mon Sep 17 00:00:00 2001
From: Harper Carroll <harper.carroll@logrhythm.com>
Date: Mon, 8 Aug 2016 13:56:34 -0600
Subject: [PATCH 2/4] fixed error

---
 scripts/setDefaultIndex.py |   2 +-
 scripts/util.pyc           | Bin 0 -> 9277 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 scripts/util.pyc

diff --git a/scripts/setDefaultIndex.py b/scripts/setDefaultIndex.py
index 3d71fb18a7458f..2272deb022ef34 100644
--- a/scripts/setDefaultIndex.py
+++ b/scripts/setDefaultIndex.py
@@ -114,7 +114,7 @@ def get_field_mappings(filename):
     #   for proper Elasticsearch insertion
     escaped_mappings = replace_all_char(str=json.dumps(value), to_replace='"', new_char='\"')
     corrected_mappings['fieldFormatMap'] = escaped_mappings
-    index_pattern_content.update(corrected_mappings)
+    network_index_pattern_content.update(corrected_mappings)
 
 # ----------------- MAIN -----------------
 def main():
diff --git a/scripts/util.pyc b/scripts/util.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..3c57751790357a14350393b7c70d44fe3cd11823
GIT binary patch
literal 9277
zcmd5?TW=gm6|SD~ZEWY}T$f$4vy05mE?GN!fo08taGbGY)){AO#+$?}^me9u>`rE;
zCtWp3%q9royn$E=ArMa>@q!Q%4@f*B@qok+;1!7{{s2D!zVB4eCC-Lj#eTr{)Kph@
zojP?c-#K;K`F|gpH1;=F>ni)n<NKTVm;g<PKTkE4+U)l|wdwW7b80iELi|mrFs~je
zwX4+i&AbXnR9H~qXnzRTV=A0f;dp;&l$5KbDXbFz2R{`%hVELjwH2k0Fmr*-te}a&
zhAhoR!3Nd=10bDOo1iwLHnGO2+8kGrtoIPlOsFWYB0P_U@o+)uYH5N5-#{~43QXO`
zt>|SlH(P3%sBT_9|3+AxEj6P%QL`QJ&O#B_t;m>Q3s>eC=UtzlZOzZ(!AlFXmltNM
zrijt`J3%_%Ot$7bX>uc)e>c7nw1cV*Qrqp!VLYD1L$Ol7R`Do$^&FbsX9<0C2+e&@
z-B-#NX;(`gMk><UljvSvT&?(P>nr}1#o8tRVtILSW35&q4LgFyM9qff=CGLGh?`Lf
zeI<=KkKX)t(u(G{gR~Q+^OxkyRBgA>n7<{w&YOA~cdVK3+PFE_*%4a4AGc%c`$s^)
za4F^0X(HT00UzP~HagG<tOcg>0D5tKkNx|3byJK4`?`r+7(oXL8d3K#KFTfcsu7RR
zjjEetavRUN&Nwy42@`79%RRsx%pXyW988B>t%&Uir`$1BX33f;P%NsEq^-c(ak3cL
zsL`_WbSt=bVaG<s(g1G+^;_M}QqpbP5;rAJLyB8*d&?drIoF@t4%%TeN_(?RTwhAs
zjd)8_Q=+3xD^%0UYGuV=E5Bb}lNI}OkK<XL*uaANGMK*Ph}tt4ADZs#_1a>s>|eNE
zD_5U%b7_5}QY&%CTI_(k$+qbmn_AkOlK?L@Z_9?#Y<)lDYQLuP90=D%6x}rPu^~T=
zY&UKDndD}0-<(3DylMOv<af*)_h!(W_DbY4vp4F{_l0xcZzW;3$x8~YZ~x2d`toAU
zuhz6ZF+6?|@>;$uH$)@)Fz#x)tR@4RUZTmxV7pK69vXBM&C1Y1#=N25+;rY@)p9d1
zHm;i}NbB1h@TxwrQDYZ4_n&B@$AJyd1s4Hg0oVX<05-rIoB{9#tQ{kg!7(-`RWzk;
zP745I1ebX@Q*QH+3a8ZOVHHlR%_Ay2qc)F8J0tCJX-}x|5Yc$^q>Aw5VMV+=rNSdJ
zcv^)=rE^Aw$E5R&3TLGAITaq4&a)~!A)V(`cv3o_SK%q?oK@jz={!%weFmG1i5fB0
z6`zB*7^<e3)Pv@BV(h}(ub)3}D9kyBMFNI#JB;qV+JW~*X<MAxnV6yU-kf`F?oIJt
zxH7FRjUy9_ACeAXJ?Yxdgv{nyOqjQ=&io?^tEE9bB68PBmFzP@3E+K*4p9kzfI0ve
zpbp6G5$dvWD8f@-b}>S1V;_oiPmB}NpxSUmfDMC~Tp%QJ8j!RqUR^OX{Ak#Y<}CTr
z#3?Nyg`9~4Irrv`t;nuPBo&`BxMDyPWV~3uu(6^E=bCow?6m6F^x{%kg3I#iTG^6F
zxhg1D*5X0pkU<z`XjS5>4s-ZyWPD*O6?*-vgMt?d0lV;fgauZj^bHPAqfx+-<K9U@
zmVRI*hoY@2I{m<ECBi~;kTW#mJ9Xq3n|77@KrVg68Qkir4C5X`0t1zs1I<xEG>eK0
z7>q@X%oLsggZ=_W1ZzYqn(<q|ghpZuu^_fP61F#Lt7{U(MVdN~X9n=}RDoM??rWf9
zXdem)JL5g;O?rLF5C@ldpN0?fwP4HHu51yzJPk8FT@@u)3>ExQ@x?HyzqnA8B%t^}
zZdo$RFhhbjP0|(%3%jk38SF?l49B$*qAQ-;Pewve&B7VJ{BDP_PIi)|CPW5$DK{?T
z3+P~ba8tUUs2LlED(Q#FKO{kc6C$ZV7J{8W7-cqff7Im|q*sw$2^fhxK@Ps%=|q-m
z#-VKfMiTD0FnkV!`c<yV+ek3Tj$>4wtfk$k#4+bQG#ps9qfX$WiIX^2=8aI#p=Sw~
zjta5PPlLPrl_en{qlg`KTTst3hBBKuBk^oHSEp*pBtIh2JLr6>M0Zu5LWRhQZypji
zPJu)5k}~G4F?ADOg$OsQc5~{1%lO<NaB@rr$C(z~A9vcId@7o`tbUDL&;f6YfGNMW
z6#;L@)`;{ha-62Pr|v67zsY$NzYEHi=&@S4SgzEvRE=_PCP8TQD}0o4H$fxvo3Vk|
zqaf5@!H^`M&SBrerT!|P<<#5VDBY24#Vvp-rjxWyM3qUlvUgnkhAu|NeYql7WRJDG
zts7D5Ck>ys_p9?E!eVifsnOgjT#@lWdDJ{}vLnFLlU|*hqVD@1wS|jM)qmfknBe!V
z0Iub%01Af{JVD{mcF+CxC|tjewKY*+f1O<Lb{#sgQRo!%33_(-^&%%R;}W%MTJk69
zP``~ELKnVAr?xzmq3_7h_w3Bx5mB1{7D?i>AAF-vW-Il4@;ZiwG&9hRcqX+&DTrr&
z2^|U>f0C8#K{@y&{Sdg99iZsiL+&Kfb#cA#CDA>Yy>TYbwf3026BkXxJxKW+gbaF{
z_Z`_f7BJ*ic`uB}zUjgJeK&CNS@w+(kKF^2910D9$elZ-h5#T+uh9ZBArXC?xWax;
zHb5W|nfQGJhsV%?O<#Cn)QoK8z(-7vVPRl@B2}5Z95l^PP|$ry8IrH@K~6w~hd5Xy
zFNqchB5&c;?};52)QbZz01r-jlP(VYKS^CPs~Zw{9+yaa|F^XD1}AYFPc~%ZgUqm?
zd3g|mW~d>po|IEuXVJDVW$uFdC5tP(|82xLfF>Om85&C^jGjngfSxes2RIX=oly5)
zk+TMhD3ZMNA7;{;SJUYg4`$3(0GQ_xI0LL4QI^@>h&qjLZ|4+~BGg!ZEU7T4gY?z*
z@6-tV0LPPClPdj}@*Wi2$wvGJ2v0%<b#v0u8gsPV2u`WDa?1QYdjOR}T&Dk!J&mi|
zuX=71?G-FBCG^iBU6>rEUm)2b#wTUHY_Tb~SVqND*AP9@C7}vIfUgNj9k5Tx>@5iG
z_Dkw2p2o>oib#a_iX0ma<z7i_aVN6HwA+?oYttS7Zfv*x>^!+pT*PU#)nV<14;5W}
zF3KsSm^6xwZW|><1pIeEZ7Jw(ZQJ4_$G0Mmm2IR1sV%2zk`|+T^$6sW_CgWGLfbXP
zr6i1yXOpwJqQ=2?2aC<k&BecjEyO=VV_q5%--_B%8rSzM(x*CSXi}s{^BX2-W-+jw
zv0LQ+!Xi%0#kf(7ZE*{Nu-maIHiERosSd3O!hBR5$z@1#io_7kdd7!Hd=PObQ9c~E
z8;NFMa)EUCAS=1mqtcM`yb&?@b%?>8LwgdEVzG1Fv!uwhq$h7l{epDMNJe)niaO+_
z%>o|76KJMZlqhGG7-tr$o3l|EquBe@B*u%-%xjWi?z@i4tgFZ8Bi8gia>n#tA?KRT
zDo7>ote5vr;mr1ecQ#+h6_AM?#n`0WpY#rU{Rl{uSRxH(LoNcc?VWYt`_7wpM|rRX
zhVXDB5WyCindD*cuHIQzkg)|~lH{NOpv&)Vl&dwrwtBg|zERU3;NBjHeIlF+LW{T$
z;Iwia3kxns$gq)#!`6t&zre6qHtULGkXs(os+5Xk^E4Y4RbBGeMo(&=*cLXWulF`(
znRQibi@LUPr9Z}md~JPcaqZH2wI(+8?&^ib%A(K1!Zi_(^jM3pm376hUB6Nmn_610
zEU&J(Yn~pmdGD8Xb#=X>Kg5vu!XvdNIhSaLa{VG7pzBnUcI3(kG*wqYc!fQBzpG`=
zv&WOZUS+e+hUEu+jg2Ua+SDC1gFHccPghxB!Qgp(3=cs=70=9e$GkJS{%CG2SD2Wd
zDC7$hg{i`1VI1ERh0p7kF}045{P2*>+{o;ri5@S6x;H#1V*<d@BHW?HTOE1r^AHtF
zls!k(LrlcmC3)erImNRhM^G1)_f0H^PRI!AoCWEiC^{*fqw;oWN{XMySgR!LN+^i#
z5v1p6Wm3B|McnzcmpuIv3jsu2lkSZG&NwW7={xU~atrnhzl6*B@>T?8r*KeLl5`uB
z-Eo!g6Htj`@p@2D8WdR$tZejKERdzzM+OC>{%*KFb_0lE3*LJLqaK3r$-MwU9Xr^j
zFa~z`R3<1Pp%vVU#Q%Q}g1y&LT!zcjca}JwiT-hBALM%MBN1@=K=se_sv^*e94<>F
zvu7s)Btw-?hCX1MaDsRxB`%30G#Wp-adW?Wr7?DR=G^gJ+3OG77dhiO{c&TXdY}^I
z?`$Po#Qt!m$#xcVrfkxMyEJLtigt{^4LbvalA$oJ@B27M2&^Za9iPN}F7ii=^mNwK
z7r#YkUq)wVhU_DBJ>%XVR<E|7Q=Zo=rn|E(>XS?hk^NS$iPw-s#V|3bB*=y$7PN|S
zyU4;#5z<2+uM-xEFx*TAE=%Dt@@|kaRd70|9Z3m5N<PUA31MJdj%s&;ChB)Wg3VKz
zuv8!Z#Mw-&6k^t-H-Ywqi|kY{c@TL}d<^2AI)k+Q)<{28V_XgKOSF(AM-*4@rm3)v
zcO&~{_Pe0`XHq9m${8JH-A_Kgh>JeLeSAXEy9D0AH*<@tP|tf#N61}KG3RVyGwDQa
zaWT1K)otKhnmck<ig%<3QSf96!2+Ih*9L4~-je?X!vn-4Z@teF@6g9HmlCiTIFsJR
zE%$bwHk3x4CSJ@8cHqj4crS$<l<9;`kXp8qJNq>s$yXdDKWH}nI$r7j74&-wBKx!<
zt|?ofPf<ZV{y#4A#eAkCI2ztUNfhEMkeufY>5HT)k_6u!0>vL;bf7kt`yDWH(E-jo
z1v2@@fuPg12k{>X4iDotQu#!b_cxHwlsALCkEOXm-Y4l8veqjbHTPm>k+*4sdWQ|u
z??Eti8P!J|`#zf=vZ4GmJwX42%}?3<9L>O~r1x|%z(nX*_y}l?4H74BEH^!Zw22?4
zPx#)mp3Aw<k(=+Z`H&4hN;5%|3~SGfr{YlD?;ZCJ{u{IfDOd0X{&ep6nd3kBFS4?5
A-~a#s

literal 0
HcmV?d00001


From d7407003923bf55dd5f73c89e2d67b26f6a3c9d9 Mon Sep 17 00:00:00 2001
From: Harper Carroll <harper.carroll@logrhythm.com>
Date: Wed, 10 Aug 2016 11:38:26 -0600
Subject: [PATCH 3/4] craig comments, util.pyc deleted

---
 scripts/setDefaultIndex.py |  51 +++++++++++++++++++------------------
 scripts/util.pyc           | Bin 9277 -> 0 bytes
 2 files changed, 26 insertions(+), 25 deletions(-)
 delete mode 100644 scripts/util.pyc

diff --git a/scripts/setDefaultIndex.py b/scripts/setDefaultIndex.py
index 2272deb022ef34..50eb2045293d5b 100644
--- a/scripts/setDefaultIndex.py
+++ b/scripts/setDefaultIndex.py
@@ -124,54 +124,55 @@ def main():
     # Add fieldFormatMap to index-pattern content
     get_field_mappings(filename=FIELD_FORMAT_MAPPINGS_FILE)
 
-    logging.info("================================== NM INDEX PATTERN ==================================")
-    index_pattern_doc_created = create_document_if_it_doesnt_exist(esUtil.KIBANA_INDEX,
+    logging.info("================================== METADATA INDEX PATTERN ==================================")
+    network_index_pattern_doc_created = create_document_if_it_doesnt_exist(esUtil.KIBANA_INDEX,
                                                                    esUtil.INDEX_PATTERN_TYPE,
                                                                    NM_INDEX_PATTERN,
                                                                    network_index_pattern_content)
-    index_pattern_missing_fields = verify_document_for_content(esUtil.KIBANA_INDEX,
+    network_index_pattern_missing_fields = verify_document_for_content(esUtil.KIBANA_INDEX,
                                                                esUtil.INDEX_PATTERN_TYPE,
                                                                network_index_pattern_content)
-    if len(index_pattern_missing_fields) > 0:
-        logging.info("Updating Network Monitor index-pattern with missing fields: ")
-        for key in index_pattern_missing_fields:
-            logging.info("      " + key + ":    " + index_pattern_missing_fields[key])
-        updated, update_ret = esUtil.function_with_timeout(esUtil.ES_QUERY_TIMEOUT,
+    if len(network_index_pattern_missing_fields) > 0:
+        logging.info("Updating Network Monitor network index-pattern with missing fields: ")
+        for key in network_index_pattern_missing_fields:
+            logging.info("      " + key + ":    " + network_index_pattern_missing_fields[key])
+        network_updated, network_update_ret = esUtil.function_with_timeout(esUtil.ES_QUERY_TIMEOUT,
                                                          esUtil.update_document,
                                                             esUtil.KIBANA_INDEX,
                                                             esUtil.INDEX_PATTERN_TYPE,
                                                             NM_INDEX_PATTERN,
-                                                            esUtil.format_for_update(index_pattern_missing_fields))
-        if not updated:
-            logging.error("Unable to add missing index-pattern fields:")
-            logging.error(update_ret)
+                                                            esUtil.format_for_update(network_index_pattern_missing_fields))
+        if not network_updated:
+            logging.error("Unable to add missing network index-pattern fields:")
+            logging.error(network_update_ret)
     else:
-        logging.info("No missing index-pattern fields.")
+        logging.info("No missing network index-pattern fields.")
 
     logging.info("================================== EVENTS INDEX PATTERN ==================================")
 
-    index_pattern_doc_created = create_document_if_it_doesnt_exist(esUtil.KIBANA_INDEX,
+    events_index_pattern_doc_created = create_document_if_it_doesnt_exist(esUtil.KIBANA_INDEX,
                                                                    esUtil.INDEX_PATTERN_TYPE,
                                                                    EVENTS_INDEX_PATTERN,
                                                                    events_index_pattern_content)
-    index_pattern_missing_fields = verify_document_for_content(esUtil.KIBANA_INDEX,
+    events_index_pattern_missing_fields = verify_document_for_content(esUtil.KIBANA_INDEX,
                                                                esUtil.INDEX_PATTERN_TYPE,
                                                                events_index_pattern_content)
-    if len(index_pattern_missing_fields) > 0:
-        logging.info("Updating Network Monitor index-pattern with missing fields: ")
-        for key in index_pattern_missing_fields:
-            logging.info("      " + key + ":    " + index_pattern_missing_fields[key])
-        updated, update_ret = esUtil.function_with_timeout(esUtil.ES_QUERY_TIMEOUT,
+    if len(events_index_pattern_missing_fields) > 0:
+        logging.info("Updating Network Monitor events index-pattern with missing fields: ")
+        for key in events_index_pattern_missing_fields:
+            logging.info("      " + key + ":    " + events_index_pattern_missing_fields[key])
+        events_updated, events_update_ret = esUtil.function_with_timeout(esUtil.ES_QUERY_TIMEOUT,
                                                          esUtil.update_document,
                                                             esUtil.KIBANA_INDEX,
                                                             esUtil.INDEX_PATTERN_TYPE,
                                                             EVENTS_INDEX_PATTERN,
-                                                            esUtil.format_for_update(index_pattern_missing_fields))
-        if not updated:
-            logging.error("Unable to add missing index-pattern fields:")
-            logging.error(update_ret)
+                                                            esUtil.format_for_update(events_index_pattern_missing_fields))
+        if not events_updated:
+            logging.error("Unable to add missing events index-pattern fields:")
+            logging.error(events_update_ret)
     else:
-        logging.info("No missing index-pattern fields.")
+        logging.info("No missing events index-pattern fields.")
+
 
     logging.info("================================== " + esUtil.KIBANA_VERSION + " CONFIG ==================================")
     config_doc_created = create_document_if_it_doesnt_exist(esUtil.KIBANA_INDEX,
diff --git a/scripts/util.pyc b/scripts/util.pyc
deleted file mode 100644
index 3c57751790357a14350393b7c70d44fe3cd11823..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 9277
zcmd5?TW=gm6|SD~ZEWY}T$f$4vy05mE?GN!fo08taGbGY)){AO#+$?}^me9u>`rE;
zCtWp3%q9royn$E=ArMa>@q!Q%4@f*B@qok+;1!7{{s2D!zVB4eCC-Lj#eTr{)Kph@
zojP?c-#K;K`F|gpH1;=F>ni)n<NKTVm;g<PKTkE4+U)l|wdwW7b80iELi|mrFs~je
zwX4+i&AbXnR9H~qXnzRTV=A0f;dp;&l$5KbDXbFz2R{`%hVELjwH2k0Fmr*-te}a&
zhAhoR!3Nd=10bDOo1iwLHnGO2+8kGrtoIPlOsFWYB0P_U@o+)uYH5N5-#{~43QXO`
zt>|SlH(P3%sBT_9|3+AxEj6P%QL`QJ&O#B_t;m>Q3s>eC=UtzlZOzZ(!AlFXmltNM
zrijt`J3%_%Ot$7bX>uc)e>c7nw1cV*Qrqp!VLYD1L$Ol7R`Do$^&FbsX9<0C2+e&@
z-B-#NX;(`gMk><UljvSvT&?(P>nr}1#o8tRVtILSW35&q4LgFyM9qff=CGLGh?`Lf
zeI<=KkKX)t(u(G{gR~Q+^OxkyRBgA>n7<{w&YOA~cdVK3+PFE_*%4a4AGc%c`$s^)
za4F^0X(HT00UzP~HagG<tOcg>0D5tKkNx|3byJK4`?`r+7(oXL8d3K#KFTfcsu7RR
zjjEetavRUN&Nwy42@`79%RRsx%pXyW988B>t%&Uir`$1BX33f;P%NsEq^-c(ak3cL
zsL`_WbSt=bVaG<s(g1G+^;_M}QqpbP5;rAJLyB8*d&?drIoF@t4%%TeN_(?RTwhAs
zjd)8_Q=+3xD^%0UYGuV=E5Bb}lNI}OkK<XL*uaANGMK*Ph}tt4ADZs#_1a>s>|eNE
zD_5U%b7_5}QY&%CTI_(k$+qbmn_AkOlK?L@Z_9?#Y<)lDYQLuP90=D%6x}rPu^~T=
zY&UKDndD}0-<(3DylMOv<af*)_h!(W_DbY4vp4F{_l0xcZzW;3$x8~YZ~x2d`toAU
zuhz6ZF+6?|@>;$uH$)@)Fz#x)tR@4RUZTmxV7pK69vXBM&C1Y1#=N25+;rY@)p9d1
zHm;i}NbB1h@TxwrQDYZ4_n&B@$AJyd1s4Hg0oVX<05-rIoB{9#tQ{kg!7(-`RWzk;
zP745I1ebX@Q*QH+3a8ZOVHHlR%_Ay2qc)F8J0tCJX-}x|5Yc$^q>Aw5VMV+=rNSdJ
zcv^)=rE^Aw$E5R&3TLGAITaq4&a)~!A)V(`cv3o_SK%q?oK@jz={!%weFmG1i5fB0
z6`zB*7^<e3)Pv@BV(h}(ub)3}D9kyBMFNI#JB;qV+JW~*X<MAxnV6yU-kf`F?oIJt
zxH7FRjUy9_ACeAXJ?Yxdgv{nyOqjQ=&io?^tEE9bB68PBmFzP@3E+K*4p9kzfI0ve
zpbp6G5$dvWD8f@-b}>S1V;_oiPmB}NpxSUmfDMC~Tp%QJ8j!RqUR^OX{Ak#Y<}CTr
z#3?Nyg`9~4Irrv`t;nuPBo&`BxMDyPWV~3uu(6^E=bCow?6m6F^x{%kg3I#iTG^6F
zxhg1D*5X0pkU<z`XjS5>4s-ZyWPD*O6?*-vgMt?d0lV;fgauZj^bHPAqfx+-<K9U@
zmVRI*hoY@2I{m<ECBi~;kTW#mJ9Xq3n|77@KrVg68Qkir4C5X`0t1zs1I<xEG>eK0
z7>q@X%oLsggZ=_W1ZzYqn(<q|ghpZuu^_fP61F#Lt7{U(MVdN~X9n=}RDoM??rWf9
zXdem)JL5g;O?rLF5C@ldpN0?fwP4HHu51yzJPk8FT@@u)3>ExQ@x?HyzqnA8B%t^}
zZdo$RFhhbjP0|(%3%jk38SF?l49B$*qAQ-;Pewve&B7VJ{BDP_PIi)|CPW5$DK{?T
z3+P~ba8tUUs2LlED(Q#FKO{kc6C$ZV7J{8W7-cqff7Im|q*sw$2^fhxK@Ps%=|q-m
z#-VKfMiTD0FnkV!`c<yV+ek3Tj$>4wtfk$k#4+bQG#ps9qfX$WiIX^2=8aI#p=Sw~
zjta5PPlLPrl_en{qlg`KTTst3hBBKuBk^oHSEp*pBtIh2JLr6>M0Zu5LWRhQZypji
zPJu)5k}~G4F?ADOg$OsQc5~{1%lO<NaB@rr$C(z~A9vcId@7o`tbUDL&;f6YfGNMW
z6#;L@)`;{ha-62Pr|v67zsY$NzYEHi=&@S4SgzEvRE=_PCP8TQD}0o4H$fxvo3Vk|
zqaf5@!H^`M&SBrerT!|P<<#5VDBY24#Vvp-rjxWyM3qUlvUgnkhAu|NeYql7WRJDG
zts7D5Ck>ys_p9?E!eVifsnOgjT#@lWdDJ{}vLnFLlU|*hqVD@1wS|jM)qmfknBe!V
z0Iub%01Af{JVD{mcF+CxC|tjewKY*+f1O<Lb{#sgQRo!%33_(-^&%%R;}W%MTJk69
zP``~ELKnVAr?xzmq3_7h_w3Bx5mB1{7D?i>AAF-vW-Il4@;ZiwG&9hRcqX+&DTrr&
z2^|U>f0C8#K{@y&{Sdg99iZsiL+&Kfb#cA#CDA>Yy>TYbwf3026BkXxJxKW+gbaF{
z_Z`_f7BJ*ic`uB}zUjgJeK&CNS@w+(kKF^2910D9$elZ-h5#T+uh9ZBArXC?xWax;
zHb5W|nfQGJhsV%?O<#Cn)QoK8z(-7vVPRl@B2}5Z95l^PP|$ry8IrH@K~6w~hd5Xy
zFNqchB5&c;?};52)QbZz01r-jlP(VYKS^CPs~Zw{9+yaa|F^XD1}AYFPc~%ZgUqm?
zd3g|mW~d>po|IEuXVJDVW$uFdC5tP(|82xLfF>Om85&C^jGjngfSxes2RIX=oly5)
zk+TMhD3ZMNA7;{;SJUYg4`$3(0GQ_xI0LL4QI^@>h&qjLZ|4+~BGg!ZEU7T4gY?z*
z@6-tV0LPPClPdj}@*Wi2$wvGJ2v0%<b#v0u8gsPV2u`WDa?1QYdjOR}T&Dk!J&mi|
zuX=71?G-FBCG^iBU6>rEUm)2b#wTUHY_Tb~SVqND*AP9@C7}vIfUgNj9k5Tx>@5iG
z_Dkw2p2o>oib#a_iX0ma<z7i_aVN6HwA+?oYttS7Zfv*x>^!+pT*PU#)nV<14;5W}
zF3KsSm^6xwZW|><1pIeEZ7Jw(ZQJ4_$G0Mmm2IR1sV%2zk`|+T^$6sW_CgWGLfbXP
zr6i1yXOpwJqQ=2?2aC<k&BecjEyO=VV_q5%--_B%8rSzM(x*CSXi}s{^BX2-W-+jw
zv0LQ+!Xi%0#kf(7ZE*{Nu-maIHiERosSd3O!hBR5$z@1#io_7kdd7!Hd=PObQ9c~E
z8;NFMa)EUCAS=1mqtcM`yb&?@b%?>8LwgdEVzG1Fv!uwhq$h7l{epDMNJe)niaO+_
z%>o|76KJMZlqhGG7-tr$o3l|EquBe@B*u%-%xjWi?z@i4tgFZ8Bi8gia>n#tA?KRT
zDo7>ote5vr;mr1ecQ#+h6_AM?#n`0WpY#rU{Rl{uSRxH(LoNcc?VWYt`_7wpM|rRX
zhVXDB5WyCindD*cuHIQzkg)|~lH{NOpv&)Vl&dwrwtBg|zERU3;NBjHeIlF+LW{T$
z;Iwia3kxns$gq)#!`6t&zre6qHtULGkXs(os+5Xk^E4Y4RbBGeMo(&=*cLXWulF`(
znRQibi@LUPr9Z}md~JPcaqZH2wI(+8?&^ib%A(K1!Zi_(^jM3pm376hUB6Nmn_610
zEU&J(Yn~pmdGD8Xb#=X>Kg5vu!XvdNIhSaLa{VG7pzBnUcI3(kG*wqYc!fQBzpG`=
zv&WOZUS+e+hUEu+jg2Ua+SDC1gFHccPghxB!Qgp(3=cs=70=9e$GkJS{%CG2SD2Wd
zDC7$hg{i`1VI1ERh0p7kF}045{P2*>+{o;ri5@S6x;H#1V*<d@BHW?HTOE1r^AHtF
zls!k(LrlcmC3)erImNRhM^G1)_f0H^PRI!AoCWEiC^{*fqw;oWN{XMySgR!LN+^i#
z5v1p6Wm3B|McnzcmpuIv3jsu2lkSZG&NwW7={xU~atrnhzl6*B@>T?8r*KeLl5`uB
z-Eo!g6Htj`@p@2D8WdR$tZejKERdzzM+OC>{%*KFb_0lE3*LJLqaK3r$-MwU9Xr^j
zFa~z`R3<1Pp%vVU#Q%Q}g1y&LT!zcjca}JwiT-hBALM%MBN1@=K=se_sv^*e94<>F
zvu7s)Btw-?hCX1MaDsRxB`%30G#Wp-adW?Wr7?DR=G^gJ+3OG77dhiO{c&TXdY}^I
z?`$Po#Qt!m$#xcVrfkxMyEJLtigt{^4LbvalA$oJ@B27M2&^Za9iPN}F7ii=^mNwK
z7r#YkUq)wVhU_DBJ>%XVR<E|7Q=Zo=rn|E(>XS?hk^NS$iPw-s#V|3bB*=y$7PN|S
zyU4;#5z<2+uM-xEFx*TAE=%Dt@@|kaRd70|9Z3m5N<PUA31MJdj%s&;ChB)Wg3VKz
zuv8!Z#Mw-&6k^t-H-Ywqi|kY{c@TL}d<^2AI)k+Q)<{28V_XgKOSF(AM-*4@rm3)v
zcO&~{_Pe0`XHq9m${8JH-A_Kgh>JeLeSAXEy9D0AH*<@tP|tf#N61}KG3RVyGwDQa
zaWT1K)otKhnmck<ig%<3QSf96!2+Ih*9L4~-je?X!vn-4Z@teF@6g9HmlCiTIFsJR
zE%$bwHk3x4CSJ@8cHqj4crS$<l<9;`kXp8qJNq>s$yXdDKWH}nI$r7j74&-wBKx!<
zt|?ofPf<ZV{y#4A#eAkCI2ztUNfhEMkeufY>5HT)k_6u!0>vL;bf7kt`yDWH(E-jo
z1v2@@fuPg12k{>X4iDotQu#!b_cxHwlsALCkEOXm-Y4l8veqjbHTPm>k+*4sdWQ|u
z??Eti8P!J|`#zf=vZ4GmJwX42%}?3<9L>O~r1x|%z(nX*_y}l?4H74BEH^!Zw22?4
zPx#)mp3Aw<k(=+Z`H&4hN;5%|3~SGfr{YlD?;ZCJ{u{IfDOd0X{&ep6nd3kBFS4?5
A-~a#s


From 586eefb030de26d3f17268191aeeec490f37ef2b Mon Sep 17 00:00:00 2001
From: Harper Carroll <harper.carroll@logrhythm.com>
Date: Wed, 10 Aug 2016 13:27:30 -0600
Subject: [PATCH 4/4] updated dashboard

---
 resources/dashboards/Alarms-Dashboard.json    | 11 ++++++++++
 resources/searches/Alarms-Table.json          | 20 +++++++++++++++++++
 ...otal-Alarms-Fired-by-Name-(Bar-Chart).json |  9 +++++++++
 ...ary-of-Total-Alarms-Fired-(Pie-Chart).json |  9 +++++++++
 .../Total-Alarms-Fired-(Count).json           |  9 +++++++++
 5 files changed, 58 insertions(+)
 create mode 100644 resources/dashboards/Alarms-Dashboard.json
 create mode 100644 resources/searches/Alarms-Table.json
 create mode 100644 resources/visualizations/Count-of-Total-Alarms-Fired-by-Name-(Bar-Chart).json
 create mode 100644 resources/visualizations/Summary-of-Total-Alarms-Fired-(Pie-Chart).json
 create mode 100644 resources/visualizations/Total-Alarms-Fired-(Count).json

diff --git a/resources/dashboards/Alarms-Dashboard.json b/resources/dashboards/Alarms-Dashboard.json
new file mode 100644
index 00000000000000..7b208db7a3761e
--- /dev/null
+++ b/resources/dashboards/Alarms-Dashboard.json
@@ -0,0 +1,11 @@
+{
+   "hits": 0, 
+   "timeRestore": false, 
+   "description": "", 
+   "title": "Alarms Dashboard", 
+   "panelsJSON": "[{\"col\":1,\"id\":\"Total-Alarms-Fired-(Count)\",\"row\":5,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"RuleName\",\"RuleSeverity\",\"Application\",\"Session\",\"TotalBytes\",\"Captured\"],\"id\":\"Alarms-Table\",\"row\":8,\"size_x\":12,\"size_y\":5,\"sort\":[\"TimeUpdated\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"Count-of-Total-Alarms-Fired-by-Name-(Bar-Chart)\",\"row\":1,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"id\":\"Summary-of-Total-Alarms-Fired-(Pie-Chart)\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":1}]", 
+   "version": 1, 
+   "kibanaSavedObjectMeta": {
+      "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
+   }
+}
\ No newline at end of file
diff --git a/resources/searches/Alarms-Table.json b/resources/searches/Alarms-Table.json
new file mode 100644
index 00000000000000..30ba6fa41e53d8
--- /dev/null
+++ b/resources/searches/Alarms-Table.json
@@ -0,0 +1,20 @@
+{
+   "sort": [
+      "TimeUpdated", 
+      "desc"
+   ], 
+   "hits": 0, 
+   "description": "", 
+   "title": "Alarms Table", 
+   "version": 1, 
+   "kibanaSavedObjectMeta": {
+      "searchSourceJSON": "{\"index\":\"[events_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}"
+   }, 
+   "columns": [
+      "RuleName", 
+      "RuleSeverity", 
+      "Application", 
+      "Session", 
+      "TotalBytes"
+   ]
+}
\ No newline at end of file
diff --git a/resources/visualizations/Count-of-Total-Alarms-Fired-by-Name-(Bar-Chart).json b/resources/visualizations/Count-of-Total-Alarms-Fired-by-Name-(Bar-Chart).json
new file mode 100644
index 00000000000000..aee4cbc8a3037f
--- /dev/null
+++ b/resources/visualizations/Count-of-Total-Alarms-Fired-by-Name-(Bar-Chart).json
@@ -0,0 +1,9 @@
+{
+   "visState": "{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"RuleName.raw\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", 
+   "kibanaSavedObjectMeta": {
+      "searchSourceJSON": "{\"index\":\"[events_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+   }, 
+   "version": 1, 
+   "description": "", 
+   "title": "Count of Total Alarms Fired by Name (Bar Chart)"
+}
\ No newline at end of file
diff --git a/resources/visualizations/Summary-of-Total-Alarms-Fired-(Pie-Chart).json b/resources/visualizations/Summary-of-Total-Alarms-Fired-(Pie-Chart).json
new file mode 100644
index 00000000000000..f0060bd267924f
--- /dev/null
+++ b/resources/visualizations/Summary-of-Total-Alarms-Fired-(Pie-Chart).json
@@ -0,0 +1,9 @@
+{
+   "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"RuleSeverity\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"RuleName.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", 
+   "kibanaSavedObjectMeta": {
+      "searchSourceJSON": "{\"index\":\"[events_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+   }, 
+   "version": 1, 
+   "description": "", 
+   "title": "Summary of Total Alarms Fired (Pie Chart)"
+}
\ No newline at end of file
diff --git a/resources/visualizations/Total-Alarms-Fired-(Count).json b/resources/visualizations/Total-Alarms-Fired-(Count).json
new file mode 100644
index 00000000000000..653a6f12b899e7
--- /dev/null
+++ b/resources/visualizations/Total-Alarms-Fired-(Count).json
@@ -0,0 +1,9 @@
+{
+   "visState": "{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Application\"}},{\"id\":\"6\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"RuleSeverity\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"3\",\"json\":\"\\\"high\\\"\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"RuleName.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"SrcIP\"}},{\"id\":\"5\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"DestIP\"}},{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}", 
+   "kibanaSavedObjectMeta": {
+      "searchSourceJSON": "{\"index\":\"[events_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+   }, 
+   "version": 1, 
+   "description": "", 
+   "title": "Total Alarms Fired (Count)"
+}
\ No newline at end of file