Capturing the Index ID
Updating Index 'PROVIDED-AFTER-VISUALIZATION-IS-CREATED'
To correctly build the visualization, we need to first create a 'sample' visualization so we can capture the correct Index ID
- Once we Create a sample visualization from the Creating Visualizations section we will need to capture the Index ID and paste that value in the kibanaSavedObjectMeta.searchSourceJSON when appropriate.
- Navigate to Management -> Saved Objects and select the tab Visualizations
Below are a number of pre-built visualizations with the relevant fields needed to create visualizations in your account. Please feel welcome to reach out to [email protected] with any questions.
AWS Cloudfront
- AWS CloudFront - Distribution of Edge Result by URI
{
"index": "PROVIDED-AFTER-VISUALIZATION-IS-CREATED",
"filter": [],
"query": {
"query": "",
"language": "lucene"
}
}
{
"title": "AWS CloudFront - Distribution of Edge Result by URI",
"type": "histogram",
"params": {
"type": "histogram",
"grid": {
"categoryLines": false,
"style": {
"color": "#eee"
}
},
"categoryAxes": [
{
"id": "CategoryAxis-1",
"type": "category",
"position": "bottom",
"show": true,
"style": {},
"scale": {
"type": "linear"
},
"labels": {
"show": true,
"truncate": 100,
"rotate": 75
},
"title": {}
}
],
"valueAxes": [
{
"id": "ValueAxis-1",
"name": "LeftAxis-1",
"type": "value",
"position": "left",
"show": true,
"style": {},
"scale": {
"type": "linear",
"mode": "normal"
},
"labels": {
"show": true,
"rotate": 0,
"filter": false,
"truncate": 100
},
"title": {
"text": "Count"
}
}
],
"seriesParams": [
{
"show": "true",
"type": "histogram",
"mode": "stacked",
"data": {
"label": "Count",
"id": "1"
},
"valueAxis": "ValueAxis-1",
"drawLinesBetweenPoints": true,
"showCircles": true
}
],
"addTooltip": true,
"addLegend": true,
"legendPosition": "right",
"times": [],
"addTimeMarker": false
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "segment",
"params": {
"field": "cs_uri_stem",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "URI Stem"
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "group",
"params": {
"field": "edge_response_result_type",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Edge Response Result Type"
}
}
]
}
AWS CloudFront - Edge Response Result Type
{
"title": "AWS CloudFront - Edge Response Result Type",
"type": "pie",
"params": {
"type": "pie",
"addTooltip": true,
"addLegend": true,
"legendPosition": "top",
"isDonut": true,
"labels": {
"show": false,
"values": true,
"last_level": true,
"truncate": 100
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "segment",
"params": {
"field": "edge_result_type",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1"
}
}
]
}
AWS CloudFront - Max Time Taken by Edge Response
{
"title": "AWS CloudFront - Max Time Taken by Edge Response",
"type": "line",
"params": {
"type": "line",
"grid": {
"categoryLines": false,
"style": {
"color": "#eee"
}
},
"categoryAxes": [
{
"id": "CategoryAxis-1",
"type": "category",
"position": "bottom",
"show": true,
"style": {},
"scale": {
"type": "linear"
},
"labels": {
"show": true,
"truncate": 100
},
"title": {}
}
],
"valueAxes": [
{
"id": "ValueAxis-1",
"name": "LeftAxis-1",
"type": "value",
"position": "left",
"show": true,
"style": {},
"scale": {
"type": "linear",
"mode": "normal"
},
"labels": {
"show": true,
"rotate": 0,
"filter": false,
"truncate": 100
},
"title": {
"text": "Max time_taken"
}
}
],
"seriesParams": [
{
"show": "true",
"type": "line",
"mode": "normal",
"data": {
"label": "Max time_taken",
"id": "1"
},
"valueAxis": "ValueAxis-1",
"drawLinesBetweenPoints": true,
"showCircles": true
}
],
"addTooltip": true,
"addLegend": true,
"legendPosition": "top",
"times": [],
"addTimeMarker": false
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "max",
"schema": "metric",
"params": {
"field": "time_taken"
}
},
{
"id": "2",
"enabled": true,
"type": "date_histogram",
"schema": "segment",
"params": {
"field": "timestamp",
"interval": "h",
"customInterval": "2h",
"min_doc_count": 1,
"extended_bounds": {},
"customLabel": "Timestamp"
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "group",
"params": {
"field": "edge_response_result_type",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Edge Response Result Type"
}
}
]
}
AWS CloudFront - Per Protocol
{
"title": "AWS CloudFront - Per Protocol",
"type": "pie",
"params": {
"type": "pie",
"addTooltip": true,
"addLegend": true,
"legendPosition": "top",
"isDonut": true,
"labels": {
"show": false,
"values": true,
"last_level": true,
"truncate": 100
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "segment",
"params": {
"field": "cs_protocol_version",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1"
}
}
]
}
AWS CloudFront - Request by Day
{
"title": "AWS CloudFront - Request by Day",
"type": "histogram",
"params": {
"type": "histogram",
"grid": {
"categoryLines": false,
"style": {
"color": "#eee"
}
},
"categoryAxes": [
{
"id": "CategoryAxis-1",
"type": "category",
"position": "bottom",
"show": true,
"style": {},
"scale": {
"type": "linear"
},
"labels": {
"show": true,
"truncate": 100
},
"title": {}
}
],
"valueAxes": [
{
"id": "ValueAxis-1",
"name": "LeftAxis-1",
"type": "value",
"position": "left",
"show": true,
"style": {},
"scale": {
"type": "linear",
"mode": "normal"
},
"labels": {
"show": true,
"rotate": 0,
"filter": false,
"truncate": 100
},
"title": {
"text": "Count"
}
}
],
"seriesParams": [
{
"show": "true",
"type": "histogram",
"mode": "stacked",
"data": {
"label": "Count",
"id": "1"
},
"valueAxis": "ValueAxis-1",
"drawLinesBetweenPoints": true,
"showCircles": true
}
],
"addTooltip": true,
"addLegend": true,
"legendPosition": "top",
"times": [],
"addTimeMarker": false
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "date_histogram",
"schema": "segment",
"params": {
"field": "timestamp",
"interval": "auto",
"customInterval": "2h",
"min_doc_count": 1,
"extended_bounds": {},
"customLabel": "Timestamp 3 Hour Interval"
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "group",
"params": {
"field": "cs_method",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Method"
}
}
]
}
AWS CloudFront - Top 10 Edge Locations
{
"title": "AWS CloudFront - Top 10 Edge Locations",
"type": "pie",
"params": {
"type": "pie",
"addTooltip": true,
"addLegend": true,
"legendPosition": "right",
"isDonut": true,
"labels": {
"show": false,
"values": true,
"last_level": true,
"truncate": 100
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "segment",
"params": {
"field": "edge_location",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 10,
"order": "desc",
"orderBy": "1"
}
}
]
}
AWS CloudFront - Top IP by Edge Results
{
"vis": {
"params": {
"sort": {
"columnIndex": 2,
"direction": "asc"
}
}
}
}
{
"title": "AWS CloudFront - Top IP by Edge Results",
"type": "table",
"params": {
"perPage": 10,
"showPartialRows": false,
"showMeticsAtAllLevels": false,
"sort": {
"columnIndex": 2,
"direction": "asc"
},
"showTotal": true,
"totalFunc": "sum"
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "c_ip",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 10,
"order": "desc",
"orderBy": "1",
"customLabel": "IP Address"
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "edge_result_type",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Edge Result Type"
}
}
]
}
AWS Cloudtrail
CloudTrail - Error Codes
{
"index": "PROVIDED-AFTER-VISUALIZATION-IS-CREATED",
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"index": "PROVIDED-AFTER-VISUALIZATION-IS-CREATED",
"key": "Records.errorCode",
"negate": true,
"params": {
"query": "",
"type": "phrase"
},
"type": "phrase",
"value": ""
},
"query": {
"match": {
"Records.errorCode": {
"query": "",
"type": "phrase"
}
}
}
}
],
"query": {
"language": "lucene",
"query": ""
}
}
{
"aggs": [
{
"enabled": true,
"id": "1",
"params": {},
"schema": "metric",
"type": "count"
},
{
"enabled": true,
"id": "2",
"params": {
"field": "Records.errorCode",
"missingBucket": false,
"missingBucketLabel": "Missing",
"order": "desc",
"orderBy": "1",
"otherBucket": false,
"otherBucketLabel": "Other",
"size": 5
},
"schema": "segment",
"type": "terms"
}
],
"params": {
"addLegend": true,
"addTooltip": true,
"isDonut": true,
"labels": {
"last_level": true,
"show": false,
"truncate": 100,
"values": true
},
"legendPosition": "right",
"type": "pie"
},
"title": "CloudTrail - Error Codes",
"type": "pie"
}
CloudTrail - Error Message
{
"vis": {
"params": {
"sort": {
"columnIndex": null,
"direction": null
}
}
}
}
{
"title": "CloudTrail - Error Message",
"type": "table",
"params": {
"perPage": 10,
"showPartialRows": false,
"showMeticsAtAllLevels": false,
"sort": {
"columnIndex": null,
"direction": null
},
"showTotal": false,
"totalFunc": "sum"
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "Records.errorMessage",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Error Message"
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "Records.eventSource",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Event Source"
}
},
{
"id": "4",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "Records.errorCode",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Error Code"
}
}
]
}
CloudTrail - Events by User
{
"index": "PROVIDED-AFTER-VISUALIZATION-IS-CREATED",
"filter": [
{
"meta": {
"index": "PROVIDED-AFTER-VISUALIZATION-IS-CREATED",
"negate": true,
"type": "phrase",
"key": "Records.userIdentity.userName",
"value": "",
"params": {
"query": "",
"type": "phrase"
},
"disabled": false,
"alias": null,
"apply": true
},
"query": {
"match": {
"Records.userIdentity.userName": {
"query": "",
"type": "phrase"
}
}
},
"$state": {
"store": "appState"
}
}
],
"query": {
"query": "",
"language": "lucene"
}
}
{
"vis": {
"params": {
"sort": {
"columnIndex": 3,
"direction": "desc"
}
}
}
}
{
"title": "CloudTrail - Events by User",
"type": "table",
"params": {
"perPage": 5,
"showMeticsAtAllLevels": false,
"showPartialRows": false,
"showTotal": true,
"sort": {
"columnIndex": 3,
"direction": "desc"
},
"totalFunc": "sum"
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {
"customLabel": "Count"
}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "Records.userIdentity.type",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "User Type"
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "Records.userIdentity.userName",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "User Name"
}
},
{
"id": "4",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "Records.eventName",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Event Name"
}
}
]
}
CloudTrail - Events Over Time
{
"title": "CloudTrail - Events Over Time",
"type": "histogram",
"params": {
"type": "histogram",
"grid": {
"categoryLines": false,
"style": {
"color": "#eee"
}
},
"categoryAxes": [
{
"id": "CategoryAxis-1",
"type": "category",
"position": "bottom",
"show": true,
"style": {},
"scale": {
"type": "linear"
},
"labels": {
"show": true,
"truncate": 100
},
"title": {}
}
],
"valueAxes": [
{
"id": "ValueAxis-1",
"name": "LeftAxis-1",
"type": "value",
"position": "left",
"show": true,
"style": {},
"scale": {
"type": "linear",
"mode": "normal"
},
"labels": {
"show": true,
"rotate": 0,
"filter": false,
"truncate": 100
},
"title": {
"text": "Count"
}
}
],
"seriesParams": [
{
"show": "true",
"type": "histogram",
"mode": "stacked",
"data": {
"label": "Count",
"id": "1"
},
"valueAxis": "ValueAxis-1",
"drawLinesBetweenPoints": true,
"showCircles": true
}
],
"addTooltip": true,
"addLegend": true,
"legendPosition": "right",
"times": [],
"addTimeMarker": false
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "date_histogram",
"schema": "segment",
"params": {
"field": "Records.eventTime",
"interval": "auto",
"customInterval": "2h",
"min_doc_count": 1,
"extended_bounds": {},
"customLabel": "Events Over Time"
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "group",
"params": {
"field": "Records.eventName",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Event Name"
}
}
]
}
CloudTrail - Top IAM Users
{
"index": "PROVIDED-AFTER-VISUALIZATION-IS-CREATED",
"filter": [
{
"meta": {
"index": "PROVIDED-AFTER-VISUALIZATION-IS-CREATED",
"negate": true,
"type": "phrase",
"key": "Records.userIdentity.userName",
"value": "",
"params": {
"query": "",
"type": "phrase"
},
"disabled": false,
"alias": null
},
"query": {
"match": {
"Records.userIdentity.userName": {
"query": "",
"type": "phrase"
}
}
},
"$state": {
"store": "appState"
}
}
],
"query": {
"query": "",
"language": "lucene"
}
}
{
"title": "CloudTrail - Top IAM Users",
"type": "pie",
"params": {
"addLegend": true,
"addTooltip": true,
"isDonut": true,
"labels": {
"last_level": true,
"show": false,
"truncate": 100,
"values": true
},
"legendPosition": "right",
"type": "pie"
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "segment",
"params": {
"field": "Records.userIdentity.userName",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 10,
"order": "desc",
"orderBy": "1"
}
}
]
}
CloudTrail - Top Request Sources
{
"title": "CloudTrail - Top Request Sources",
"type": "pie",
"params": {
"type": "pie",
"addTooltip": true,
"addLegend": true,
"legendPosition": "right",
"isDonut": true,
"labels": {
"show": false,
"values": true,
"last_level": true,
"truncate": 100
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "segment",
"params": {
"field": "Records.eventSource",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 10,
"order": "desc",
"orderBy": "1"
}
}
]
}
AWS ELB Logs
ELB Logs - Backend Response Codes (non 200)
{
"index": "PROVIDED-AFTER-VISUALIZATION-IS-CREATED",
"filter": [
{
"meta": {
"index": "PROVIDED-AFTER-VISUALIZATION-IS-CREATED",
"negate": true,
"type": "phrase",
"key": "backend_status_code",
"value": "200",
"params": {
"query": 200,
"type": "phrase"
},
"disabled": false,
"alias": null
},
"query": {
"match": {
"backend_status_code": {
"query": 200,
"type": "phrase"
}
}
},
"$state": {
"store": "globalState"
}
}
],
"query": {
"query": "",
"language": "lucene"
}
}
{
"title": "ELB Logs - Backend Response Codes (non 200)",
"type": "pie",
"params": {
"addLegend": true,
"addTooltip": true,
"isDonut": true,
"labels": {
"last_level": true,
"show": false,
"truncate": 100,
"values": true
},
"legendPosition": "top",
"type": "pie"
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "segment",
"params": {
"field": "backend_status_code",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1"
}
}
]
}
ELB Logs - Method Count
{
"vis": {
"params": {
"sort": {
"columnIndex": null,
"direction": null
}
}
}
}
{
"title": "ELB Logs - Method Count",
"type": "table",
"params": {
"perPage": 10,
"showPartialRows": false,
"showMeticsAtAllLevels": false,
"sort": {
"columnIndex": null,
"direction": null
},
"showTotal": false,
"totalFunc": "sum"
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "cs_method",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Method"
}
}
]
}
ELB Logs - Methods by Day
{
"title": "ELB Logs - Methods by Day",
"type": "horizontal_bar",
"params": {
"type": "histogram",
"grid": {
"categoryLines": false,
"style": {
"color": "#eee"
}
},
"categoryAxes": [
{
"id": "CategoryAxis-1",
"type": "category",
"position": "bottom",
"show": true,
"style": {},
"scale": {
"type": "linear"
},
"labels": {
"show": true,
"rotate": 75,
"filter": false,
"truncate": 200
},
"title": {}
}
],
"valueAxes": [
{
"id": "ValueAxis-1",
"name": "LeftAxis-2",
"type": "value",
"position": "left",
"show": true,
"style": {},
"scale": {
"type": "linear",
"mode": "normal"
},
"labels": {
"show": true,
"rotate": 75,
"filter": true,
"truncate": 100
},
"title": {
"text": "Count"
}
}
],
"seriesParams": [
{
"show": true,
"type": "histogram",
"mode": "stacked",
"data": {
"label": "Count",
"id": "1"
},
"valueAxis": "ValueAxis-1",
"drawLinesBetweenPoints": true,
"showCircles": true
}
],
"addTooltip": true,
"addLegend": true,
"legendPosition": "top",
"times": [],
"addTimeMarker": false
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "date_histogram",
"schema": "segment",
"params": {
"field": "timestamp",
"interval": "auto",
"customInterval": "4h",
"min_doc_count": 1,
"extended_bounds": {}
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "group",
"params": {
"field": "cs_method",
"otherBucket": false,
"otherBucketLabel": "Other",
"missingBucket": false,
"missingBucketLabel": "Missing",
"size": 5,
"order": "desc",
"orderBy": "1",
"customLabel": "Method"
}
}
]
}
AWS Cloudfront Dashboard
AWS Cloudfront Dashboard
Updated 6 months ago