Response codes
{
"index": "logstash-*",
"query": {
"query_string": {
"analyze_wildcard": true,
"query": "type:apache_log"
}
},
"filter": []
}
{
"aggs": [
{
"id": "1",
"params": {},
"schema": "metric",
"type": "count"
},
{
"id": "2",
"params": {
"extended_bounds": {},
"field": "@timestamp",
"interval": "auto",
"min_doc_count": 1
},
"schema": "segment",
"type": "date_histogram"
},
{
"id": "3",
"params": {
"field": "response",
"order": "desc",
"orderBy": "1",
"size": 10
},
"schema": "group",
"type": "terms"
}
],
"listeners": {},
"params": {
"addLegend": true,
"addTooltip": true,
"defaultYExtents": false,
"mode": "stacked",
"shareYAxis": true
},
"type": "histogram"
}
agents
{
"index": "logstash-*",
"query": {
"query_string": {
"query": "type:apache_log",
"analyze_wildcard": true
}
},
"filter": []
}
{
"type": "pie",
"params": {
"shareYAxis": true,
"addTooltip": true,
"addLegend": true,
"isDonut": false
},
"aggs": [
{
"id": "1",
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"type": "terms",
"schema": "segment",
"params": {
"field": "agent.raw",
"size": 10,
"order": "desc",
"orderBy": "1"
}
}
],
"listeners": {}
}
country
{
"index": "logstash-*",
"query": {
"query_string": {
"analyze_wildcard": true,
"query": "type:apache_log"
}
},
"filter": []
}
{
"type": "pie",
"params": {
"addLegend": true,
"addTooltip": true,
"isDonut": false,
"shareYAxis": true
},
"aggs": [
{
"id": "1",
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"type": "terms",
"schema": "segment",
"params": {
"field": "geoip.country_name.raw",
"size": 10,
"order": "desc",
"orderBy": "1"
}
}
],
"listeners": {}
}
vhost
{
"index": "logstash-*",
"query": {
"query_string": {
"query": "type:apache_log",
"analyze_wildcard": true
}
},
"filter": []
}
{
"type": "pie",
"params": {
"shareYAxis": true,
"addTooltip": true,
"addLegend": true,
"isDonut": false
},
"aggs": [
{
"id": "1",
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"type": "terms",
"schema": "segment",
"params": {
"field": "vhost.raw",
"size": 20,
"order": "desc",
"orderBy": "1"
}
}
],
"listeners": {}
}
ISPs
{
"index": "logstash-*",
"query": {
"query_string": {
"query": "type:apache_log",
"analyze_wildcard": true
}
},
"filter": []
}
{
"type": "pie",
"params": {
"shareYAxis": true,
"addTooltip": true,
"addLegend": true,
"isDonut": false
},
"aggs": [
{
"id": "1",
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"type": "terms",
"schema": "segment",
"params": {
"field": "geoip.asn.raw",
"size": 10,
"order": "desc",
"orderBy": "1"
}
}
],
"listeners": {}
}
Dashboard
{
"filter": [
{
"query": {
"query_string": {
"analyze_wildcard": true,
"query": "*"
}
}
}
]
}
[
{
"col": 1,
"id": "Response-codes",
"row": 1,
"size_x": 12,
"size_y": 3,
"type": "visualization"
},
{
"col": 1,
"id": "agents",
"row": 4,
"size_x": 3,
"size_y": 2,
"type": "visualization"
},
{
"col": 4,
"id": "country",
"row": 4,
"size_x": 3,
"size_y": 2,
"type": "visualization"
},
{
"col": 7,
"id": "vhost",
"row": 4,
"size_x": 3,
"size_y": 2,
"type": "visualization"
},
{
"id": "ISPs",
"type": "visualization",
"size_x": 3,
"size_y": 2,
"col": 10,
"row": 4
}
]