From a75c504666a67e784040361702bb8b53840ea60b Mon Sep 17 00:00:00 2001 From: Dominique Belcher Date: Wed, 19 Feb 2025 10:08:14 -0500 Subject: [PATCH 1/6] add recommended dashboards api --- package.json | 1 + .../src/default_alerts_as_data.ts | 2 +- .../rule_params/custom_threshold/index.ts | 2 +- .../rule_params/custom_threshold/v1.ts | 5 +- .../server/content_management/v3/types.ts | 4 +- .../plugins/shared/dashboard/server/index.ts | 4 +- tsconfig.base.json | 2 + .../kbn-observability-schema/README.md | 3 + .../kbn-observability-schema/index.ts | 8 + .../kbn-observability-schema/jest.config.js | 12 + .../kbn-observability-schema/kibana.jsonc | 7 + .../kbn-observability-schema/package.json | 8 + .../related_dashboards/latest.ts | 17 ++ .../get_related_dashboards/latest.ts | 12 + .../rest_specs/get_related_dashboards/v1.ts | 21 ++ .../schema/recommended_dashboard/latest.ts | 8 + .../schema/recommended_dashboard/v1.ts | 22 ++ .../schema/relevant_panel/latest.ts | 8 + .../schema/relevant_panel/v1.ts | 23 ++ .../kbn-observability-schema/tsconfig.json | 19 ++ .../plugins/observability/server/plugin.ts | 7 +- .../server/routes/alerts/route.ts | 49 ++++ ...l_observability_server_route_repository.ts | 2 + .../server/routes/register_routes.ts | 6 +- .../services/create_dashboards_client.ts | 50 ++++ .../services/investigate_alerts_client.ts | 99 +++++++ .../services/suggested_dashboards_client.ts | 273 ++++++++++++++++++ yarn.lock | 4 + 28 files changed, 669 insertions(+), 9 deletions(-) create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/README.md create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/index.ts create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/jest.config.js create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/kibana.jsonc create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/package.json create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/latest.ts create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/latest.ts create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/v1.ts create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/latest.ts create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/v1.ts create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/relevant_panel/latest.ts create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/relevant_panel/v1.ts create mode 100644 x-pack/solutions/observability/packages/kbn-observability-schema/tsconfig.json create mode 100644 x-pack/solutions/observability/plugins/observability/server/routes/alerts/route.ts create mode 100644 x-pack/solutions/observability/plugins/observability/server/services/create_dashboards_client.ts create mode 100644 x-pack/solutions/observability/plugins/observability/server/services/investigate_alerts_client.ts create mode 100644 x-pack/solutions/observability/plugins/observability/server/services/suggested_dashboards_client.ts diff --git a/package.json b/package.json index 793a76488191d..8864c416b7613 100644 --- a/package.json +++ b/package.json @@ -711,6 +711,7 @@ "@kbn/observability-logs-explorer-plugin": "link:x-pack/solutions/observability/plugins/observability_logs_explorer", "@kbn/observability-onboarding-plugin": "link:x-pack/solutions/observability/plugins/observability_onboarding", "@kbn/observability-plugin": "link:x-pack/solutions/observability/plugins/observability", + "@kbn/observability-schema": "link:x-pack/solutions/observability/packages/kbn-observability-schema", "@kbn/observability-shared-plugin": "link:x-pack/solutions/observability/plugins/observability_shared", "@kbn/observability-utils-browser": "link:x-pack/solutions/observability/packages/utils-browser", "@kbn/observability-utils-common": "link:x-pack/solutions/observability/packages/utils-common", diff --git a/src/platform/packages/shared/kbn-rule-data-utils/src/default_alerts_as_data.ts b/src/platform/packages/shared/kbn-rule-data-utils/src/default_alerts_as_data.ts index 3430680906be4..64124b8c93c8b 100644 --- a/src/platform/packages/shared/kbn-rule-data-utils/src/default_alerts_as_data.ts +++ b/src/platform/packages/shared/kbn-rule-data-utils/src/default_alerts_as_data.ts @@ -131,7 +131,7 @@ const namespaces = { ALERT_RULE_NAMESPACE, }; -const fields = { +export const fields = { ALERT_ACTION_GROUP, ALERT_CASE_IDS, ALERT_DURATION, diff --git a/src/platform/packages/shared/response-ops/rule_params/custom_threshold/index.ts b/src/platform/packages/shared/response-ops/rule_params/custom_threshold/index.ts index b0bbf12bb85fe..d64b6891138f4 100644 --- a/src/platform/packages/shared/response-ops/rule_params/custom_threshold/index.ts +++ b/src/platform/packages/shared/response-ops/rule_params/custom_threshold/index.ts @@ -7,5 +7,5 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -export { customThresholdParamsSchema } from './latest'; +export { customThresholdParamsSchema, type CustomThresholdParams } from './latest'; export { customThresholdParamsSchema as customThresholdParamsSchemaV1 } from './v1'; diff --git a/src/platform/packages/shared/response-ops/rule_params/custom_threshold/v1.ts b/src/platform/packages/shared/response-ops/rule_params/custom_threshold/v1.ts index dc7034077b1d0..1aa7caa239803 100644 --- a/src/platform/packages/shared/response-ops/rule_params/custom_threshold/v1.ts +++ b/src/platform/packages/shared/response-ops/rule_params/custom_threshold/v1.ts @@ -6,8 +6,7 @@ * your election, the "Elastic License 2.0", the "GNU Affero General Public * License v3.0 only", or the "Server Side Public License, v 1". */ - -import { schema } from '@kbn/config-schema'; +import { TypeOf, schema } from '@kbn/config-schema'; import { COMPARATORS } from '@kbn/alerting-comparators'; import { dataViewSpecSchema } from '../common'; import { oneOfLiterals, validateKQLStringFilter, LEGACY_COMPARATORS } from '../common/utils'; @@ -85,3 +84,5 @@ export const customThresholdParamsSchema = schema.object( }, { unknowns: 'allow' } ); + +export type CustomThresholdParams = TypeOf; diff --git a/src/platform/plugins/shared/dashboard/server/content_management/v3/types.ts b/src/platform/plugins/shared/dashboard/server/content_management/v3/types.ts index 0c7144569aba2..241e8ef832ff3 100644 --- a/src/platform/plugins/shared/dashboard/server/content_management/v3/types.ts +++ b/src/platform/plugins/shared/dashboard/server/content_management/v3/types.ts @@ -32,7 +32,9 @@ import { optionsSchema, } from './cm_services'; import { CONTENT_ID } from '../../../common/content_management'; -import { DashboardSavedObjectAttributes } from '../../dashboard_saved_object'; +import { type DashboardSavedObjectAttributes } from '../../dashboard_saved_object'; + +export { type DashboardSavedObjectAttributes } from '../../dashboard_saved_object'; export type DashboardOptions = TypeOf; diff --git a/src/platform/plugins/shared/dashboard/server/index.ts b/src/platform/plugins/shared/dashboard/server/index.ts index 94e7ed14378c1..3c7101e9a6fb7 100644 --- a/src/platform/plugins/shared/dashboard/server/index.ts +++ b/src/platform/plugins/shared/dashboard/server/index.ts @@ -26,7 +26,7 @@ export async function plugin(initializerContext: PluginInitializerContext) { } export type { DashboardPluginSetup, DashboardPluginStart } from './types'; -export type { DashboardAttributes } from './content_management'; -export type { DashboardSavedObjectAttributes } from './dashboard_saved_object'; +export type { DashboardAttributes, DashboardPanel } from './content_management'; +export type { DashboardSavedObjectAttributes, SavedDashboardPanel } from './dashboard_saved_object'; export { PUBLIC_API_PATH } from './api/constants'; diff --git a/tsconfig.base.json b/tsconfig.base.json index e305fba217e23..90ed5fa97d4d6 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1356,6 +1356,8 @@ "@kbn/observability-onboarding-plugin/*": ["x-pack/solutions/observability/plugins/observability_onboarding/*"], "@kbn/observability-plugin": ["x-pack/solutions/observability/plugins/observability"], "@kbn/observability-plugin/*": ["x-pack/solutions/observability/plugins/observability/*"], + "@kbn/observability-schema": ["x-pack/solutions/observability/packages/kbn-observability-schema"], + "@kbn/observability-schema/*": ["x-pack/solutions/observability/packages/kbn-observability-schema/*"], "@kbn/observability-shared-plugin": ["x-pack/solutions/observability/plugins/observability_shared"], "@kbn/observability-shared-plugin/*": ["x-pack/solutions/observability/plugins/observability_shared/*"], "@kbn/observability-synthetics-test-data": ["x-pack/solutions/observability/packages/synthetics-test-data"], diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/README.md b/x-pack/solutions/observability/packages/kbn-observability-schema/README.md new file mode 100644 index 0000000000000..07ba1ce606ce9 --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/README.md @@ -0,0 +1,3 @@ +# @kbn/observability-schema + +Provides schema for generic Observability apis diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/index.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/index.ts new file mode 100644 index 0000000000000..3095666dff351 --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './related_dashboards/latest'; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/jest.config.js b/x-pack/solutions/observability/packages/kbn-observability-schema/jest.config.js new file mode 100644 index 0000000000000..c2c392084b096 --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/jest.config.js @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../../../../..', + roots: ['/x-pack/solutions/observability/packages/kbn-observability-schema'], +}; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/kibana.jsonc b/x-pack/solutions/observability/packages/kbn-observability-schema/kibana.jsonc new file mode 100644 index 0000000000000..1fec3e3bf1fbe --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/kibana.jsonc @@ -0,0 +1,7 @@ +{ + "type": "shared-common", + "id": "@kbn/observability-schema", + "owner": "@elastic/obs-ux-management-team", + "group": "observability", + "visibility": "private", +} diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/package.json b/x-pack/solutions/observability/packages/kbn-observability-schema/package.json new file mode 100644 index 0000000000000..18a60923b51b6 --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/package.json @@ -0,0 +1,8 @@ +{ + "name": "@kbn/observability-schema", + "descriptio": "Utils to generate observability synthetics test data", + "author": "UX Management", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} \ No newline at end of file diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/latest.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/latest.ts new file mode 100644 index 0000000000000..3d5a4772591c1 --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/latest.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { type RelevantPanel, relevantPanelSchema } from './schema/relevant_panel/v1'; +export { + type RecommendedDashboard, + recommendedDashboardSchema, +} from './schema/recommended_dashboard/v1'; +export { + type GetRelatedDashboardsResponse, + getRelatedDashboardsResponseSchema, + getRelatedDashboardsParamsSchema, +} from './rest_specs/get_related_dashboards/v1'; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/latest.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/latest.ts new file mode 100644 index 0000000000000..ce210be6b0e98 --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/latest.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { + type GetRelatedDashboardsResponse, + getRelatedDashboardsResponseSchema, + getRelatedDashboardsParamsSchema, +} from './v1'; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/v1.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/v1.ts new file mode 100644 index 0000000000000..fc64b44373bb8 --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/v1.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from '@kbn/zod'; +import { recommendedDashboardSchema } from '../../schema/recommended_dashboard/v1'; + +export const getRelatedDashboardsParamsSchema = z.object({ + query: z.object({ + alertId: z.string(), + }), +}); + +export const getRelatedDashboardsResponseSchema = z.object({ + dashboards: z.array(recommendedDashboardSchema), +}); + +export type GetRelatedDashboardsResponse = z.output; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/latest.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/latest.ts new file mode 100644 index 0000000000000..838377b024bf3 --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/latest.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { type RecommendedDashboard, recommendedDashboardSchema } from './v1'; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/v1.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/v1.ts new file mode 100644 index 0000000000000..631582ee67569 --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/v1.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from '@kbn/zod'; +import { relevantPanelSchema } from '../relevant_panel/latest'; + +export const recommendedDashboardSchema = z.object({ + id: z.string(), + title: z.string(), + matchedBy: z.object({ + fields: z.array(z.string()).optional(), + index: z.array(z.string()).optional(), + }), + relevantPanelCount: z.number(), + relevantPanels: z.array(relevantPanelSchema), +}); + +export type RecommendedDashboard = z.output; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/relevant_panel/latest.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/relevant_panel/latest.ts new file mode 100644 index 0000000000000..465680b8b675f --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/relevant_panel/latest.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { type RelevantPanel, relevantPanelSchema } from './v1'; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/relevant_panel/v1.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/relevant_panel/v1.ts new file mode 100644 index 0000000000000..a682df831e03f --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/relevant_panel/v1.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from '@kbn/zod'; + +export const relevantPanelSchema = z.object({ + panel: z.object({ + panelIndex: z.string(), + type: z.string(), + embeddableConfig: z.record(z.string(), z.any()), + title: z.string().optional(), + }), + matchedBy: z.object({ + fields: z.array(z.string()).optional(), + index: z.array(z.string()).optional(), + }), +}); + +export type RelevantPanel = z.output; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/tsconfig.json b/x-pack/solutions/observability/packages/kbn-observability-schema/tsconfig.json new file mode 100644 index 0000000000000..424670ff55aee --- /dev/null +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/tsconfig.json @@ -0,0 +1,19 @@ +{ + "extends": "../../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node" + ] + }, + "include": [ + "**/*.ts", + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/zod" + ] +} diff --git a/x-pack/solutions/observability/plugins/observability/server/plugin.ts b/x-pack/solutions/observability/plugins/observability/server/plugin.ts index f064785dd0092..306a9029f3d01 100644 --- a/x-pack/solutions/observability/plugins/observability/server/plugin.ts +++ b/x-pack/solutions/observability/plugins/observability/server/plugin.ts @@ -23,7 +23,10 @@ import { DISCOVER_APP_LOCATOR, type DiscoverAppLocatorParams } from '@kbn/discov import { FeaturesPluginSetup } from '@kbn/features-plugin/server'; import type { GuidedOnboardingPluginSetup } from '@kbn/guided-onboarding-plugin/server'; import { i18n } from '@kbn/i18n'; -import { RuleRegistryPluginSetupContract } from '@kbn/rule-registry-plugin/server'; +import { + RuleRegistryPluginSetupContract, + RuleRegistryPluginStartContract, +} from '@kbn/rule-registry-plugin/server'; import { SharePluginSetup } from '@kbn/share-plugin/server'; import { SpacesPluginSetup, SpacesPluginStart } from '@kbn/spaces-plugin/server'; import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server'; @@ -70,6 +73,7 @@ interface PluginStart { alerting: AlertingServerStart; spaces?: SpacesPluginStart; dataViews: DataViewsServerPluginStart; + ruleRegistry: RuleRegistryPluginStartContract; } const alertingFeatures = OBSERVABILITY_RULE_TYPE_IDS_WITH_SUPPORTED_STACK_RULE_TYPES.map( @@ -192,6 +196,7 @@ export class ObservabilityPlugin ...plugins, core, }, + ruleRegistry: pluginStart.ruleRegistry, dataViews: pluginStart.dataViews, spaces: pluginStart.spaces, ruleDataService, diff --git a/x-pack/solutions/observability/plugins/observability/server/routes/alerts/route.ts b/x-pack/solutions/observability/plugins/observability/server/routes/alerts/route.ts new file mode 100644 index 0000000000000..067b45bfd6daf --- /dev/null +++ b/x-pack/solutions/observability/plugins/observability/server/routes/alerts/route.ts @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + getRelatedDashboardsParamsSchema, + GetRelatedDashboardsResponse, +} from '@kbn/observability-schema'; +import { createObservabilityServerRoute } from '../create_observability_server_route'; +import { createDashboardsClient } from '../../services/create_dashboards_client'; +import { SuggestedDashboardsClient } from '../../services/suggested_dashboards_client'; +import { InvestigateAlertsClient } from '../../services/investigate_alerts_client'; + +const alertsDynamicDashboardSuggestions = createObservabilityServerRoute({ + endpoint: 'GET /api/observability/alerts/related_dashboards 2023-10-31', + security: { + authz: { + enabled: false, + reason: 'TODO: This endpoint returns related dashboards requires no specific authorization', + }, + }, + options: { access: 'public' }, + params: getRelatedDashboardsParamsSchema, + handler: async (services): Promise => { + const { dependencies, params, request, context, logger } = services; + const { alertId } = params.query; + const { ruleRegistry } = dependencies; + + const alertsClient = await ruleRegistry.getRacClientWithRequest(request); + const investigateAlertsClient = new InvestigateAlertsClient(alertsClient); + + const dashboardClient = await createDashboardsClient({ request, context }); + const dashboardParser = new SuggestedDashboardsClient({ + logger, + dashboardClient, + alertId, + alertsClient: investigateAlertsClient, + }); + const { dashboards } = await dashboardParser.fetchSuggestedDashboards(); + return { + dashboards, + }; + }, +}); + +export const alertsRouteRepository = alertsDynamicDashboardSuggestions; diff --git a/x-pack/solutions/observability/plugins/observability/server/routes/get_global_observability_server_route_repository.ts b/x-pack/solutions/observability/plugins/observability/server/routes/get_global_observability_server_route_repository.ts index 1516c42f86fd1..7f272f9e053ab 100644 --- a/x-pack/solutions/observability/plugins/observability/server/routes/get_global_observability_server_route_repository.ts +++ b/x-pack/solutions/observability/plugins/observability/server/routes/get_global_observability_server_route_repository.ts @@ -9,11 +9,13 @@ import { EndpointOf } from '@kbn/server-route-repository'; import { ObservabilityConfig } from '..'; import { aiAssistantRouteRepository } from './assistant/route'; import { rulesRouteRepository } from './rules/route'; +import { alertsRouteRepository } from './alerts/route'; export function getObservabilityServerRouteRepository(config: ObservabilityConfig) { const repository = { ...aiAssistantRouteRepository, ...rulesRouteRepository, + ...alertsRouteRepository, }; return repository; } diff --git a/x-pack/solutions/observability/plugins/observability/server/routes/register_routes.ts b/x-pack/solutions/observability/plugins/observability/server/routes/register_routes.ts index fa731e8b25d0a..87fb5f89ee761 100644 --- a/x-pack/solutions/observability/plugins/observability/server/routes/register_routes.ts +++ b/x-pack/solutions/observability/plugins/observability/server/routes/register_routes.ts @@ -7,7 +7,10 @@ import { RulesClientApi } from '@kbn/alerting-plugin/server/types'; import { CoreSetup, KibanaRequest, Logger } from '@kbn/core/server'; import { DataViewsServerPluginStart } from '@kbn/data-views-plugin/server'; -import { RuleDataPluginService } from '@kbn/rule-registry-plugin/server'; +import { + RuleDataPluginService, + RuleRegistryPluginStartContract, +} from '@kbn/rule-registry-plugin/server'; import { registerRoutes as registerServerRoutes } from '@kbn/server-route-repository'; import { SpacesPluginStart } from '@kbn/spaces-plugin/server'; import { AlertDetailsContextualInsightsService } from '../services'; @@ -28,6 +31,7 @@ export interface RegisterRoutesDependencies { dataViews: DataViewsServerPluginStart; spaces?: SpacesPluginStart; ruleDataService: RuleDataPluginService; + ruleRegistry: RuleRegistryPluginStartContract; assistant: { alertDetailsContextualInsightsService: AlertDetailsContextualInsightsService; }; diff --git a/x-pack/solutions/observability/plugins/observability/server/services/create_dashboards_client.ts b/x-pack/solutions/observability/plugins/observability/server/services/create_dashboards_client.ts new file mode 100644 index 0000000000000..41084e37d3e6a --- /dev/null +++ b/x-pack/solutions/observability/plugins/observability/server/services/create_dashboards_client.ts @@ -0,0 +1,50 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SavedObject, SavedObjectsFindResult } from '@kbn/core/server'; +import type { DashboardSavedObjectAttributes } from '@kbn/dashboard-plugin/server'; +import { ObservabilityRouteHandlerResources } from '../routes/types'; + +export interface DashboardsClient { + getAllDashboards: () => Promise>>; + getDashboardsById: (ids: string[]) => Promise>>; +} + +export async function createDashboardsClient( + resources: Pick +): Promise { + const soClient = (await resources.context.core).savedObjects.client; + async function getDashboards( + page: number + ): Promise>> { + const perPage = 1000; + + const response = await soClient.find({ + type: 'dashboard', + perPage, + page, + }); + + const fetchedUntil = (page - 1) * perPage + response.saved_objects.length; + + if (response.total <= fetchedUntil) { + return response.saved_objects; + } + return [...response.saved_objects, ...(await getDashboards(page + 1))]; + } + + return { + getDashboardsById: async (ids: string[]) => { + const response = await soClient.bulkGet(ids.map((id) => ({ type: 'dashboard', id }))); + + return response.saved_objects as Array>; + }, + getAllDashboards: async () => { + return await getDashboards(1); + }, + }; +} diff --git a/x-pack/solutions/observability/plugins/observability/server/services/investigate_alerts_client.ts b/x-pack/solutions/observability/plugins/observability/server/services/investigate_alerts_client.ts new file mode 100644 index 0000000000000..3bcdd058d7dfc --- /dev/null +++ b/x-pack/solutions/observability/plugins/observability/server/services/investigate_alerts_client.ts @@ -0,0 +1,99 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { omit } from 'lodash'; +import { OBSERVABILITY_RULE_TYPE_IDS } from '@kbn/rule-data-utils'; +import { CustomThresholdParams } from '@kbn/response-ops-rule-params/custom_threshold'; +import { AlertsClient } from '@kbn/rule-registry-plugin/server'; +import { + ALERT_RULE_PARAMETERS, + ALERT_RULE_TYPE_ID, + OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, + fields as TECHNICAL_ALERT_FIELDS, +} from '@kbn/rule-data-utils'; + +export type AlertData = Awaited>; + +export class InvestigateAlertsClient { + private alertsClient: AlertsClient; + + constructor(alertsClient: AlertsClient) { + this.alertsClient = alertsClient; + } + + async getAlertById(alertId: string): Promise { + const indices = (await this.getAlertsIndices()) || []; + if (!indices.length) { + throw new Error('No alert indices exist'); + } + return await this.alertsClient.get({ + id: alertId, + index: indices.join(','), + }); + } + + async getAlertsIndices() { + return await this.alertsClient.getAuthorizedAlertsIndices(OBSERVABILITY_RULE_TYPE_IDS); + } + + getRuleParameters(alert: AlertData) { + const ruleParameters = alert[ALERT_RULE_PARAMETERS]; + return ruleParameters; + } + + getRelevantRuleFields(alert: AlertData): Set { + const ruleParameters = this.getRuleParameters(alert); + const relevantFields = new Set(); + if (!ruleParameters) { + throw new Error('No rule parameters found'); + } + switch (this.getRuleTypeId(alert)) { + case OBSERVABILITY_THRESHOLD_RULE_TYPE_ID: + const customThresholdParams = ruleParameters as CustomThresholdParams; + const metrics = customThresholdParams.criteria[0].metrics; + metrics.forEach((metric) => { + relevantFields.add(metric.field); + }); + return relevantFields; + default: + return relevantFields; + } + } + + getRelevantAADFields(alert: AlertData): string[] { + const ignoredFields = ['_index']; + const allKibanaFields = Object.keys(alert).filter((field) => field.startsWith('kibana.')); + const nonTechnicalFields = omit(alert, [ + ...Object.values(TECHNICAL_ALERT_FIELDS), + ...allKibanaFields, + ...ignoredFields, + ]); + return Object.keys(nonTechnicalFields); + } + + getAlertTags(alert: AlertData): string[] { + return alert.tags || []; + } + + getRuleQueryIndex(alert: AlertData) { + const ruleParameters = this.getRuleParameters(alert); + const ruleTypeId = this.getRuleTypeId(alert); + if (!ruleParameters) { + throw new Error('No rule parameters found'); + } + switch (ruleTypeId) { + case OBSERVABILITY_THRESHOLD_RULE_TYPE_ID: + const customThresholdParams = ruleParameters as CustomThresholdParams; + return customThresholdParams.searchConfiguration.index; + default: + return ''; + } + } + + getRuleTypeId(alert: AlertData) { + return alert[ALERT_RULE_TYPE_ID]; + } +} diff --git a/x-pack/solutions/observability/plugins/observability/server/services/suggested_dashboards_client.ts b/x-pack/solutions/observability/plugins/observability/server/services/suggested_dashboards_client.ts new file mode 100644 index 0000000000000..954211242239e --- /dev/null +++ b/x-pack/solutions/observability/plugins/observability/server/services/suggested_dashboards_client.ts @@ -0,0 +1,273 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SavedObjectsFindResult } from '@kbn/core/server'; +import type { + FieldBasedIndexPatternColumn, + GenericIndexPatternColumn, +} from '@kbn/lens-plugin/public'; +import type { Logger } from '@kbn/core/server'; +import type { LensAttributes } from '@kbn/lens-embeddable-utils'; +import type { RelevantPanel, RecommendedDashboard } from '@kbn/observability-schema'; +import type { + DashboardSavedObjectAttributes, + SavedDashboardPanel, +} from '@kbn/dashboard-plugin/server'; +import type { InvestigateAlertsClient, AlertData } from './investigate_alerts_client'; +import type { DashboardsClient } from './create_dashboards_client'; + +type Dashboard = SavedObjectsFindResult; +type ParsedDashboard = SavedObjectsFindResult & { + attributes: { panels: SavedDashboardPanel[] }; +}; + +export class SuggestedDashboardsClient { + private logger: Logger; + private dashboardsById = new Map(); + private dashboardClient: DashboardsClient; + private alertsClient: InvestigateAlertsClient; + private alertId: string; + + constructor({ + logger, + dashboardClient, + alertsClient, + alertId, + }: { + logger: Logger; + dashboardClient: DashboardsClient; + alertsClient: InvestigateAlertsClient; + alertId: string; + }) { + this.logger = logger; + this.dashboardClient = dashboardClient; + this.alertsClient = alertsClient; + this.alertId = alertId; + } + + async fetchSuggestedDashboards(): Promise<{ dashboards: RecommendedDashboard[] }> { + const allRelatedDashboards = new Set(); + const relevantDashboardsById = new Map(); + const [alert] = await Promise.all([ + this.alertsClient.getAlertById(this.alertId), + this.fetchDashboards(), + ]); + const index = await this.getRuleQueryIndex(alert); + const relevantRuleFields = this.alertsClient.getRelevantRuleFields(alert); + const relevantAlertFields = this.alertsClient.getRelevantAADFields(alert); + const allRelevantFields = new Set([...relevantRuleFields, ...relevantAlertFields]); + + if (index) { + const { dashboards } = this.getDashboardsByIndex(index); + dashboards.forEach((dashboard) => allRelatedDashboards.add(dashboard)); + } + if (allRelevantFields.size > 0) { + const { dashboards } = this.getDashboardsByField(Array.from(allRelevantFields)); + dashboards.forEach((dashboard) => allRelatedDashboards.add(dashboard)); + } + allRelatedDashboards.forEach((dashboard) => { + const dedupedPanels = this.dedupePanels([ + ...(relevantDashboardsById.get(dashboard.id)?.relevantPanels || []), + ...dashboard.relevantPanels, + ]); + const relevantPanelCount = dedupedPanels.length; + relevantDashboardsById.set(dashboard.id, { + ...dashboard, + matchedBy: { + ...relevantDashboardsById.get(dashboard.id)?.matchedBy, + ...dashboard.matchedBy, + }, + relevantPanelCount, + relevantPanels: dedupedPanels, + }); + }); + return { dashboards: Array.from(relevantDashboardsById.values()) }; + } + + async fetchDashboards() { + const dashboards = await this.dashboardClient.getAllDashboards(); + dashboards.forEach((dashboard: SavedObjectsFindResult) => { + this.dashboardsById.set(dashboard.id, this.parseDashboardPanels(dashboard)); + }); + } + + getDashboardsByIndex(index: string): { + dashboards: RecommendedDashboard[]; + } { + const relevantDashboards: RecommendedDashboard[] = []; + this.dashboardsById.forEach((d) => { + const panels = d.attributes.panels; + const matchingPanels = this.getPanelsByIndex(index, panels); + if (matchingPanels.length > 0) { + this.logger.info( + () => `Found ${matchingPanels.length} panel(s) in dashboard ${d.id} using index ${index}` + ); + relevantDashboards.push({ + id: d.id, + title: d.attributes.title, + matchedBy: { index: [index] }, + relevantPanelCount: matchingPanels.length, + relevantPanels: matchingPanels.map((p) => ({ + panel: p, + matchedBy: { index: [index] }, + })), + }); + } + }); + return { dashboards: relevantDashboards }; + } + + dedupePanels(panels: RelevantPanel[]): RelevantPanel[] { + const uniquePanels = new Map(); + panels.forEach((p) => { + uniquePanels.set(p.panel.panelIndex, { + ...p, + matchedBy: { ...uniquePanels.get(p.panel.panelIndex)?.matchedBy, ...p.matchedBy }, + }); + }); + return Array.from(uniquePanels.values()); + } + + getDashboardsByField(fields: string[]): { + dashboards: RecommendedDashboard[]; + } { + const relevantDashboards: RecommendedDashboard[] = []; + this.dashboardsById.forEach((d) => { + const panels = d.attributes.panels; + const matchingPanels = this.getPanelsByField(fields, panels); + const allMatchingFields = new Set( + matchingPanels.map((p) => Array.from(p.matchingFields)).flat() + ); + if (matchingPanels.length > 0) { + this.logger.info( + () => + `Found ${matchingPanels.length} panel(s) in dashboard ${ + d.id + } using field(s) ${Array.from(allMatchingFields).toString()}` + ); + relevantDashboards.push({ + id: d.id, + title: d.attributes.title, + matchedBy: { fields: Array.from(allMatchingFields) }, + relevantPanelCount: matchingPanels.length, + relevantPanels: matchingPanels.map((p) => ({ + panel: p.panel, + matchedBy: { fields: Array.from(p.matchingFields) }, + })), + }); + } + }); + return { dashboards: relevantDashboards }; + } + + getPanelsByIndex(index: string, panels: SavedDashboardPanel[]): SavedDashboardPanel[] { + const panelsByIndex = panels.filter((p) => { + const panelIndices = this.getPanelIndices(p); + return panelIndices.has(index); + }); + return panelsByIndex; + } + + getPanelsByField( + fields: string[], + panels: SavedDashboardPanel[] + ): Array<{ matchingFields: Set; panel: SavedDashboardPanel }> { + const panelsByField = panels.reduce((acc, p) => { + const panelFields = this.getPanelFields(p); + const matchingFields = fields.filter((f) => panelFields.has(f)); + if (matchingFields.length) { + acc.push({ matchingFields: new Set(matchingFields), panel: p }); + } + return acc; + }, [] as Array<{ matchingFields: Set; panel: SavedDashboardPanel }>); + return panelsByField; + } + + getPanelIndices(panel: SavedDashboardPanel): Set { + const indices = new Set(); + switch (panel.type) { + case 'lens': + const lensAttr = panel.embeddableConfig.attributes as unknown as LensAttributes; + if (!lensAttr) { + return indices; + } + const lensIndices = this.getLensVizIndices(lensAttr); + return lensIndices; + default: + return indices; + } + } + + getPanelFields(panel: SavedDashboardPanel): Set { + const fields = new Set(); + switch (panel.type) { + case 'lens': + const lensAttr = panel.embeddableConfig.attributes as unknown as LensAttributes; + const lensFields = this.getLensVizFields(lensAttr); + return lensFields; + default: + return fields; + } + } + + async getRuleQueryIndex(alert: AlertData): Promise { + const index = this.alertsClient.getRuleQueryIndex(alert); + return typeof index === 'string' ? index : index.id || ''; + } + + getLensVizIndices(lensAttr: LensAttributes): Set { + const indices = new Set( + lensAttr.references + .filter((r) => r.name.match(`indexpattern`)) + .map((reference) => reference.id) + ); + if (indices.size === 0) { + throw new Error('No index patterns found in lens visualization'); + } + return indices; + } + + getLensVizFields(lensAttr: LensAttributes): Set { + const fields = new Set(); + const dataSourceLayers = lensAttr.state.datasourceStates.formBased?.layers || {}; + Object.values(dataSourceLayers).forEach((ds) => { + const columns = ds.columns; + Object.values(columns).forEach((col) => { + const hasSourceField = ( + c: FieldBasedIndexPatternColumn | GenericIndexPatternColumn + ): c is FieldBasedIndexPatternColumn => + (c as FieldBasedIndexPatternColumn).sourceField !== undefined; + if (hasSourceField(col)) { + fields.add(col.sourceField); + } + }); + }); + return fields; + } + + parseDashboardPanels(dashboard: Dashboard): ParsedDashboard { + try { + const panels = JSON.parse(dashboard.attributes.panelsJSON); + return { + ...dashboard, + attributes: { + ...dashboard.attributes, + panels, + }, + }; + } catch (e) { + this.logger.error(`Failed to parse dashboard panels for ${dashboard.id}`); + return { + ...dashboard, + attributes: { + ...dashboard.attributes, + panels: [], + }, + }; + } + } +} diff --git a/yarn.lock b/yarn.lock index 61ac573bf1e21..743d619e4c9c6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6559,6 +6559,10 @@ version "0.0.0" uid "" +"@kbn/observability-schema@link:x-pack/solutions/observability/packages/kbn-observability-schema": + version "0.0.0" + uid "" + "@kbn/observability-shared-plugin@link:x-pack/solutions/observability/plugins/observability_shared": version "0.0.0" uid "" From aab44f1f5b73c645c794742b69528a44fe23a523 Mon Sep 17 00:00:00 2001 From: Dominique Belcher Date: Thu, 6 Mar 2025 16:55:28 -0500 Subject: [PATCH 2/6] utilize official dashboard client --- .../related_dashboards/latest.ts | 8 +- .../get_related_dashboards/latest.ts | 6 +- .../rest_specs/get_related_dashboards/v1.ts | 13 +-- .../schema/recommended_dashboard/latest.ts | 2 +- .../schema/recommended_dashboard/v1.ts | 4 +- .../common/errors/alert_not_found_error.ts | 13 +++ .../plugins/observability/server/plugin.ts | 8 +- .../server/routes/alerts/route.ts | 46 +++++++--- .../server/routes/register_routes.ts | 2 + .../observability/server/routes/types.ts | 3 +- .../services/create_dashboards_client.ts | 50 ----------- .../services/investigate_alerts_client.ts | 16 +++- .../services/suggested_dashboards_client.ts | 89 ++++++++----------- 13 files changed, 125 insertions(+), 135 deletions(-) create mode 100644 x-pack/solutions/observability/plugins/observability/server/common/errors/alert_not_found_error.ts delete mode 100644 x-pack/solutions/observability/plugins/observability/server/services/create_dashboards_client.ts diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/latest.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/latest.ts index 3d5a4772591c1..ad764e17a928c 100644 --- a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/latest.ts +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/latest.ts @@ -8,10 +8,10 @@ export { type RelevantPanel, relevantPanelSchema } from './schema/relevant_panel/v1'; export { type RecommendedDashboard, - recommendedDashboardSchema, + relatedDashboardSchema, } from './schema/recommended_dashboard/v1'; export { - type GetRelatedDashboardsResponse, - getRelatedDashboardsResponseSchema, - getRelatedDashboardsParamsSchema, + type GetRecommendedDashboardsResponse, + getRecommendedDashboardsResponseSchema, + getRecommendedDashboardsParamsSchema, } from './rest_specs/get_related_dashboards/v1'; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/latest.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/latest.ts index ce210be6b0e98..fe25ec9523489 100644 --- a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/latest.ts +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/latest.ts @@ -6,7 +6,7 @@ */ export { - type GetRelatedDashboardsResponse, - getRelatedDashboardsResponseSchema, - getRelatedDashboardsParamsSchema, + type GetRecommendedDashboardsResponse, + getRecommendedDashboardsResponseSchema, + getRecommendedDashboardsParamsSchema, } from './v1'; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/v1.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/v1.ts index fc64b44373bb8..542da7f3a6278 100644 --- a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/v1.ts +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/rest_specs/get_related_dashboards/v1.ts @@ -6,16 +6,19 @@ */ import { z } from '@kbn/zod'; -import { recommendedDashboardSchema } from '../../schema/recommended_dashboard/v1'; +import { relatedDashboardSchema } from '../../schema/recommended_dashboard/v1'; -export const getRelatedDashboardsParamsSchema = z.object({ +export const getRecommendedDashboardsParamsSchema = z.object({ query: z.object({ alertId: z.string(), }), }); -export const getRelatedDashboardsResponseSchema = z.object({ - dashboards: z.array(recommendedDashboardSchema), +export const getRecommendedDashboardsResponseSchema = z.object({ + suggestedDashboards: z.array(relatedDashboardSchema), + linkedDashboards: z.array(relatedDashboardSchema), }); -export type GetRelatedDashboardsResponse = z.output; +export type GetRecommendedDashboardsResponse = z.output< + typeof getRecommendedDashboardsResponseSchema +>; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/latest.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/latest.ts index 838377b024bf3..0c46ea1e7422e 100644 --- a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/latest.ts +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/latest.ts @@ -5,4 +5,4 @@ * 2.0. */ -export { type RecommendedDashboard, recommendedDashboardSchema } from './v1'; +export { type RecommendedDashboard, relatedDashboardSchema } from './v1'; diff --git a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/v1.ts b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/v1.ts index 631582ee67569..8ade0bad3a6ba 100644 --- a/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/v1.ts +++ b/x-pack/solutions/observability/packages/kbn-observability-schema/related_dashboards/schema/recommended_dashboard/v1.ts @@ -8,7 +8,7 @@ import { z } from '@kbn/zod'; import { relevantPanelSchema } from '../relevant_panel/latest'; -export const recommendedDashboardSchema = z.object({ +export const relatedDashboardSchema = z.object({ id: z.string(), title: z.string(), matchedBy: z.object({ @@ -19,4 +19,4 @@ export const recommendedDashboardSchema = z.object({ relevantPanels: z.array(relevantPanelSchema), }); -export type RecommendedDashboard = z.output; +export type RecommendedDashboard = z.output; diff --git a/x-pack/solutions/observability/plugins/observability/server/common/errors/alert_not_found_error.ts b/x-pack/solutions/observability/plugins/observability/server/common/errors/alert_not_found_error.ts new file mode 100644 index 0000000000000..1172da6faed16 --- /dev/null +++ b/x-pack/solutions/observability/plugins/observability/server/common/errors/alert_not_found_error.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export class AlertNotFoundError extends Error { + constructor(message: string) { + super(message); + this.name = 'AlertNotFoundError'; + } +} diff --git a/x-pack/solutions/observability/plugins/observability/server/plugin.ts b/x-pack/solutions/observability/plugins/observability/server/plugin.ts index 306a9029f3d01..bdaa84faa7758 100644 --- a/x-pack/solutions/observability/plugins/observability/server/plugin.ts +++ b/x-pack/solutions/observability/plugins/observability/server/plugin.ts @@ -5,7 +5,9 @@ * 2.0. */ -import { AlertingServerSetup, AlertingServerStart } from '@kbn/alerting-plugin/server'; +import type { AlertingServerSetup, AlertingServerStart } from '@kbn/alerting-plugin/server'; +import type { ContentManagementServerSetup } from '@kbn/content-management-plugin/server'; +import type { DashboardPluginStart } from '@kbn/dashboard-plugin/server'; import { createUICapabilities as createCasesUICapabilities, getApiTags as getCasesApiTags, @@ -67,6 +69,7 @@ interface PluginSetup { spaces?: SpacesPluginSetup; usageCollection?: UsageCollectionSetup; cloud?: CloudSetup; + contentManagement: ContentManagementServerSetup; } interface PluginStart { @@ -74,6 +77,7 @@ interface PluginStart { spaces?: SpacesPluginStart; dataViews: DataViewsServerPluginStart; ruleRegistry: RuleRegistryPluginStartContract; + dashboard: DashboardPluginStart; } const alertingFeatures = OBSERVABILITY_RULE_TYPE_IDS_WITH_SUPPORTED_STACK_RULE_TYPES.map( @@ -189,6 +193,7 @@ export class ObservabilityPlugin }); void core.getStartServices().then(([coreStart, pluginStart]) => { + console.log('pluginStart', pluginStart); registerRoutes({ core, dependencies: { @@ -196,6 +201,7 @@ export class ObservabilityPlugin ...plugins, core, }, + dashboard: pluginStart.dashboard, ruleRegistry: pluginStart.ruleRegistry, dataViews: pluginStart.dataViews, spaces: pluginStart.spaces, diff --git a/x-pack/solutions/observability/plugins/observability/server/routes/alerts/route.ts b/x-pack/solutions/observability/plugins/observability/server/routes/alerts/route.ts index 067b45bfd6daf..a2a1a8731c234 100644 --- a/x-pack/solutions/observability/plugins/observability/server/routes/alerts/route.ts +++ b/x-pack/solutions/observability/plugins/observability/server/routes/alerts/route.ts @@ -6,43 +6,61 @@ */ import { - getRelatedDashboardsParamsSchema, - GetRelatedDashboardsResponse, + getRecommendedDashboardsParamsSchema, + GetRecommendedDashboardsResponse, } from '@kbn/observability-schema'; +import { IKibanaResponse } from '@kbn/core-http-server'; +import type { SavedObjectsFindResult } from '@kbn/core/server'; +import type { DashboardAttributes } from '@kbn/dashboard-plugin/server/content_management/v3'; import { createObservabilityServerRoute } from '../create_observability_server_route'; -import { createDashboardsClient } from '../../services/create_dashboards_client'; import { SuggestedDashboardsClient } from '../../services/suggested_dashboards_client'; import { InvestigateAlertsClient } from '../../services/investigate_alerts_client'; +import { AlertNotFoundError } from '../../common/errors/alert_not_found_error'; const alertsDynamicDashboardSuggestions = createObservabilityServerRoute({ - endpoint: 'GET /api/observability/alerts/related_dashboards 2023-10-31', + endpoint: 'GET /internal/observability/alerts/suggested_dashboards', security: { authz: { enabled: false, reason: 'TODO: This endpoint returns related dashboards requires no specific authorization', }, }, - options: { access: 'public' }, - params: getRelatedDashboardsParamsSchema, - handler: async (services): Promise => { - const { dependencies, params, request, context, logger } = services; + options: { access: 'internal' }, + params: getRecommendedDashboardsParamsSchema, + handler: async (services): Promise => { + const { dependencies, params, request, response, context, logger } = services; const { alertId } = params.query; - const { ruleRegistry } = dependencies; + const { ruleRegistry, dashboard } = dependencies; + const { contentClient } = dashboard; + const dashboardClient = contentClient!.getForRequest< + SavedObjectsFindResult + >({ + requestHandlerContext: context, + request, + version: 3, + }); const alertsClient = await ruleRegistry.getRacClientWithRequest(request); const investigateAlertsClient = new InvestigateAlertsClient(alertsClient); - const dashboardClient = await createDashboardsClient({ request, context }); const dashboardParser = new SuggestedDashboardsClient({ logger, dashboardClient, alertId, alertsClient: investigateAlertsClient, }); - const { dashboards } = await dashboardParser.fetchSuggestedDashboards(); - return { - dashboards, - }; + try { + const { suggestedDashboards } = await dashboardParser.fetchSuggestedDashboards(); + return { + suggestedDashboards, + linkedDashboards: [], + }; + } catch (e) { + if (e instanceof AlertNotFoundError) { + return response.badRequest({ body: { message: e.message } }); + } + throw e; + } }, }); diff --git a/x-pack/solutions/observability/plugins/observability/server/routes/register_routes.ts b/x-pack/solutions/observability/plugins/observability/server/routes/register_routes.ts index 87fb5f89ee761..f74c459128d69 100644 --- a/x-pack/solutions/observability/plugins/observability/server/routes/register_routes.ts +++ b/x-pack/solutions/observability/plugins/observability/server/routes/register_routes.ts @@ -7,6 +7,7 @@ import { RulesClientApi } from '@kbn/alerting-plugin/server/types'; import { CoreSetup, KibanaRequest, Logger } from '@kbn/core/server'; import { DataViewsServerPluginStart } from '@kbn/data-views-plugin/server'; +import type { DashboardPluginStart } from '@kbn/dashboard-plugin/server'; import { RuleDataPluginService, RuleRegistryPluginStartContract, @@ -32,6 +33,7 @@ export interface RegisterRoutesDependencies { spaces?: SpacesPluginStart; ruleDataService: RuleDataPluginService; ruleRegistry: RuleRegistryPluginStartContract; + dashboard: DashboardPluginStart; assistant: { alertDetailsContextualInsightsService: AlertDetailsContextualInsightsService; }; diff --git a/x-pack/solutions/observability/plugins/observability/server/routes/types.ts b/x-pack/solutions/observability/plugins/observability/server/routes/types.ts index 1b189e1233b49..95609c5b68f8b 100644 --- a/x-pack/solutions/observability/plugins/observability/server/routes/types.ts +++ b/x-pack/solutions/observability/plugins/observability/server/routes/types.ts @@ -5,7 +5,7 @@ * 2.0. */ import type { EndpointOf, ReturnOf, ServerRouteRepository } from '@kbn/server-route-repository'; -import { KibanaRequest, Logger } from '@kbn/core/server'; +import { KibanaRequest, KibanaResponseFactory, Logger } from '@kbn/core/server'; import { ObservabilityServerRouteRepository, @@ -21,6 +21,7 @@ export interface ObservabilityRouteHandlerResources { dependencies: RegisterRoutesDependencies; logger: Logger; request: KibanaRequest; + response: KibanaResponseFactory; } export interface ObservabilityRouteCreateOptions { diff --git a/x-pack/solutions/observability/plugins/observability/server/services/create_dashboards_client.ts b/x-pack/solutions/observability/plugins/observability/server/services/create_dashboards_client.ts deleted file mode 100644 index 41084e37d3e6a..0000000000000 --- a/x-pack/solutions/observability/plugins/observability/server/services/create_dashboards_client.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SavedObject, SavedObjectsFindResult } from '@kbn/core/server'; -import type { DashboardSavedObjectAttributes } from '@kbn/dashboard-plugin/server'; -import { ObservabilityRouteHandlerResources } from '../routes/types'; - -export interface DashboardsClient { - getAllDashboards: () => Promise>>; - getDashboardsById: (ids: string[]) => Promise>>; -} - -export async function createDashboardsClient( - resources: Pick -): Promise { - const soClient = (await resources.context.core).savedObjects.client; - async function getDashboards( - page: number - ): Promise>> { - const perPage = 1000; - - const response = await soClient.find({ - type: 'dashboard', - perPage, - page, - }); - - const fetchedUntil = (page - 1) * perPage + response.saved_objects.length; - - if (response.total <= fetchedUntil) { - return response.saved_objects; - } - return [...response.saved_objects, ...(await getDashboards(page + 1))]; - } - - return { - getDashboardsById: async (ids: string[]) => { - const response = await soClient.bulkGet(ids.map((id) => ({ type: 'dashboard', id }))); - - return response.saved_objects as Array>; - }, - getAllDashboards: async () => { - return await getDashboards(1); - }, - }; -} diff --git a/x-pack/solutions/observability/plugins/observability/server/services/investigate_alerts_client.ts b/x-pack/solutions/observability/plugins/observability/server/services/investigate_alerts_client.ts index 3bcdd058d7dfc..78b3f3d2a8370 100644 --- a/x-pack/solutions/observability/plugins/observability/server/services/investigate_alerts_client.ts +++ b/x-pack/solutions/observability/plugins/observability/server/services/investigate_alerts_client.ts @@ -14,6 +14,7 @@ import { OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, fields as TECHNICAL_ALERT_FIELDS, } from '@kbn/rule-data-utils'; +import { AlertNotFoundError } from '../common/errors/alert_not_found_error'; export type AlertData = Awaited>; @@ -29,10 +30,17 @@ export class InvestigateAlertsClient { if (!indices.length) { throw new Error('No alert indices exist'); } - return await this.alertsClient.get({ - id: alertId, - index: indices.join(','), - }); + try { + return await this.alertsClient.get({ + id: alertId, + index: indices.join(','), + }); + } catch (e) { + if (e.output.payload.statusCode === 404) { + throw new AlertNotFoundError(`Alert with id ${alertId} not found`); + } + throw e; + } } async getAlertsIndices() { diff --git a/x-pack/solutions/observability/plugins/observability/server/services/suggested_dashboards_client.ts b/x-pack/solutions/observability/plugins/observability/server/services/suggested_dashboards_client.ts index 954211242239e..2e21ee74316f2 100644 --- a/x-pack/solutions/observability/plugins/observability/server/services/suggested_dashboards_client.ts +++ b/x-pack/solutions/observability/plugins/observability/server/services/suggested_dashboards_client.ts @@ -5,7 +5,9 @@ * 2.0. */ +import { v4 as uuidv4 } from 'uuid'; import type { SavedObjectsFindResult } from '@kbn/core/server'; +import { IContentClient } from '@kbn/content-management-plugin/server/types'; import type { FieldBasedIndexPatternColumn, GenericIndexPatternColumn, @@ -13,22 +15,15 @@ import type { import type { Logger } from '@kbn/core/server'; import type { LensAttributes } from '@kbn/lens-embeddable-utils'; import type { RelevantPanel, RecommendedDashboard } from '@kbn/observability-schema'; -import type { - DashboardSavedObjectAttributes, - SavedDashboardPanel, -} from '@kbn/dashboard-plugin/server'; +import type { DashboardPanel } from '@kbn/dashboard-plugin/server'; +import type { DashboardAttributes } from '@kbn/dashboard-plugin/server/content_management/v3'; import type { InvestigateAlertsClient, AlertData } from './investigate_alerts_client'; -import type { DashboardsClient } from './create_dashboards_client'; - -type Dashboard = SavedObjectsFindResult; -type ParsedDashboard = SavedObjectsFindResult & { - attributes: { panels: SavedDashboardPanel[] }; -}; +type Dashboard = SavedObjectsFindResult; export class SuggestedDashboardsClient { private logger: Logger; - private dashboardsById = new Map(); - private dashboardClient: DashboardsClient; + private dashboardsById = new Map(); + private dashboardClient: IContentClient; private alertsClient: InvestigateAlertsClient; private alertId: string; @@ -39,7 +34,7 @@ export class SuggestedDashboardsClient { alertId, }: { logger: Logger; - dashboardClient: DashboardsClient; + dashboardClient: IContentClient; alertsClient: InvestigateAlertsClient; alertId: string; }) { @@ -49,13 +44,16 @@ export class SuggestedDashboardsClient { this.alertId = alertId; } - async fetchSuggestedDashboards(): Promise<{ dashboards: RecommendedDashboard[] }> { + async fetchSuggestedDashboards(): Promise<{ suggestedDashboards: RecommendedDashboard[] }> { const allRelatedDashboards = new Set(); const relevantDashboardsById = new Map(); const [alert] = await Promise.all([ this.alertsClient.getAlertById(this.alertId), this.fetchDashboards(), ]); + if (!alert) { + return { suggestedDashboards: [] }; + } const index = await this.getRuleQueryIndex(alert); const relevantRuleFields = this.alertsClient.getRelevantRuleFields(alert); const relevantAlertFields = this.alertsClient.getRelevantAADFields(alert); @@ -85,13 +83,16 @@ export class SuggestedDashboardsClient { relevantPanels: dedupedPanels, }); }); - return { dashboards: Array.from(relevantDashboardsById.values()) }; + return { suggestedDashboards: Array.from(relevantDashboardsById.values()) }; } async fetchDashboards() { - const dashboards = await this.dashboardClient.getAllDashboards(); - dashboards.forEach((dashboard: SavedObjectsFindResult) => { - this.dashboardsById.set(dashboard.id, this.parseDashboardPanels(dashboard)); + const dashboards = await this.dashboardClient.search({}, { spaces: ['*'] }); + const { + result: { hits }, + } = dashboards; + hits.forEach((dashboard: Dashboard) => { + this.dashboardsById.set(dashboard.id, dashboard); }); } @@ -112,7 +113,12 @@ export class SuggestedDashboardsClient { matchedBy: { index: [index] }, relevantPanelCount: matchingPanels.length, relevantPanels: matchingPanels.map((p) => ({ - panel: p, + panel: { + panelIndex: p.panelIndex || uuidv4(), + type: p.type, + embeddableConfig: p.panelConfig, + title: p.title, + }, matchedBy: { index: [index] }, })), }); @@ -155,7 +161,12 @@ export class SuggestedDashboardsClient { matchedBy: { fields: Array.from(allMatchingFields) }, relevantPanelCount: matchingPanels.length, relevantPanels: matchingPanels.map((p) => ({ - panel: p.panel, + panel: { + panelIndex: p.panel.panelIndex || uuidv4(), + type: p.panel.type, + embeddableConfig: p.panel.panelConfig, + title: p.panel.title, + }, matchedBy: { fields: Array.from(p.matchingFields) }, })), }); @@ -164,7 +175,7 @@ export class SuggestedDashboardsClient { return { dashboards: relevantDashboards }; } - getPanelsByIndex(index: string, panels: SavedDashboardPanel[]): SavedDashboardPanel[] { + getPanelsByIndex(index: string, panels: DashboardPanel[]): DashboardPanel[] { const panelsByIndex = panels.filter((p) => { const panelIndices = this.getPanelIndices(p); return panelIndices.has(index); @@ -174,8 +185,8 @@ export class SuggestedDashboardsClient { getPanelsByField( fields: string[], - panels: SavedDashboardPanel[] - ): Array<{ matchingFields: Set; panel: SavedDashboardPanel }> { + panels: DashboardPanel[] + ): Array<{ matchingFields: Set; panel: DashboardPanel }> { const panelsByField = panels.reduce((acc, p) => { const panelFields = this.getPanelFields(p); const matchingFields = fields.filter((f) => panelFields.has(f)); @@ -183,15 +194,15 @@ export class SuggestedDashboardsClient { acc.push({ matchingFields: new Set(matchingFields), panel: p }); } return acc; - }, [] as Array<{ matchingFields: Set; panel: SavedDashboardPanel }>); + }, [] as Array<{ matchingFields: Set; panel: DashboardPanel }>); return panelsByField; } - getPanelIndices(panel: SavedDashboardPanel): Set { + getPanelIndices(panel: DashboardPanel): Set { const indices = new Set(); switch (panel.type) { case 'lens': - const lensAttr = panel.embeddableConfig.attributes as unknown as LensAttributes; + const lensAttr = panel.panelConfig.attributes as unknown as LensAttributes; if (!lensAttr) { return indices; } @@ -202,11 +213,11 @@ export class SuggestedDashboardsClient { } } - getPanelFields(panel: SavedDashboardPanel): Set { + getPanelFields(panel: DashboardPanel): Set { const fields = new Set(); switch (panel.type) { case 'lens': - const lensAttr = panel.embeddableConfig.attributes as unknown as LensAttributes; + const lensAttr = panel.panelConfig.attributes as unknown as LensAttributes; const lensFields = this.getLensVizFields(lensAttr); return lensFields; default: @@ -248,26 +259,4 @@ export class SuggestedDashboardsClient { }); return fields; } - - parseDashboardPanels(dashboard: Dashboard): ParsedDashboard { - try { - const panels = JSON.parse(dashboard.attributes.panelsJSON); - return { - ...dashboard, - attributes: { - ...dashboard.attributes, - panels, - }, - }; - } catch (e) { - this.logger.error(`Failed to parse dashboard panels for ${dashboard.id}`); - return { - ...dashboard, - attributes: { - ...dashboard.attributes, - panels: [], - }, - }; - } - } } From f9791383abbfe072598016453b2647578e562c24 Mon Sep 17 00:00:00 2001 From: Dominique Belcher Date: Thu, 6 Mar 2025 16:59:10 -0500 Subject: [PATCH 3/6] add tests --- .../fixtures/dashboards_default_space.ndjson | 19 + .../fixtures/dashboards_test_space.ndjson | 2 + .../suggested_dashboards.ts | 1216 +++++++++++++++++ .../configs/serverless/oblt.index.ts | 1 + .../configs/stateful/oblt.index.ts | 1 + 5 files changed, 1239 insertions(+) create mode 100644 x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/fixtures/dashboards_default_space.ndjson create mode 100644 x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/fixtures/dashboards_test_space.ndjson create mode 100644 x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/suggested_dashboards.ts diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/fixtures/dashboards_default_space.ndjson b/x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/fixtures/dashboards_default_space.ndjson new file mode 100644 index 0000000000000..fd303ba58c450 --- /dev/null +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/fixtures/dashboards_default_space.ndjson @@ -0,0 +1,19 @@ +{"attributes":{"fieldAttrs":"{\"http.response.status_code\":{\"customLabel\":\"Status Code\",\"count\":1},\"log.level\":{\"customLabel\":\"Level\",\"count\":1},\"url.path\":{\"customLabel\":\"Path\",\"count\":1},\"message\":{\"customLabel\":\"Message\",\"count\":1},\"user.id\":{\"count\":2},\"user.name\":{\"count\":2}}","fieldFormatMap":"{\"log.level\":{\"id\":\"color\",\"params\":{\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/vfh/app/home\",\"basePath\":\"/vfh\"},\"fieldType\":\"string\",\"colors\":[{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERROR\",\"text\":\"#c1371c\",\"background\":\"#ffffff\"}]}}}","fields":"[]","name":"Admin Console","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"kbn-data-forge-fake_stack.admin-console-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.421Z","id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2025-03-05T03:26:14.532Z","version":"WzI0MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Good vs Bad","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Good vs Bad\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"b4683a55-1bfb-44d9-9cfa-e71994cef82d\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"time_range_mode\":\"entire_time_range\",\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"#68BC00\",\"fill\":\"1\",\"formatter\":\"percent\",\"id\":\"bb3fce02-bab6-45ae-b278-bd4e566f5817\",\"label\":\"Total Docs\",\"line_width\":1,\"metrics\":[{\"id\":\"1b8a2247-92f3-4408-a7e6-49deef54dec5\",\"type\":\"count\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_mode\":\"filters\",\"stacked\":\"percent\",\"split_filters\":[{\"filter\":{\"query\":\"http.response.status_code < 500\",\"language\":\"kuery\"},\"label\":\"Good\",\"color\":\"#68BC00\",\"id\":\"a7ecec50-d8ac-11ed-9125-3dbd53b6d6b6\"},{\"filter\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"label\":\"Bad\",\"color\":\"rgba(231,102,76,1)\",\"id\":\"ae1946a0-d8ac-11ed-9125-3dbd53b6d6b6\"}]}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":true,\"index_pattern_ref_name\":\"metrics_0_index_pattern\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.375Z","id":"18b3ece0-d8ad-11ed-ab9f-e9e3125870b6","managed":false,"references":[{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"metrics_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2025-03-04T22:14:37.375Z","version":"WzE5OCwxXQ=="} +{"attributes":{"color":"#9cb3ef","description":"","name":"admin-console"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.375Z","id":"2caefa00-d8ad-11ed-ab9f-e9e3125870b6","managed":false,"references":[],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2025-03-04T22:14:37.375Z","version":"WzI1NjcsMV0="} +{"attributes":{"fieldAttrs":"{\"kibana.alert.reason\":{\"count\":2},\"kibana.alert.rule.category\":{\"count\":1},\"kibana.alert.status\":{\"count\":2},\"kibana.alert.rule.name\":{\"count\":1}}","fieldFormatMap":"{}","fields":"[]","name":"Alerts as Data for SLO","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":".alerts-observability.slo.alerts-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.375Z","id":"54a5a414-f8ce-4f5c-ac15-a3554693b51f","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2025-03-05T03:26:08.543Z","version":"WzI0MSwxXQ=="} +{"attributes":{"columns":["log.level","url.path","http.response.status_code","message"],"description":"","grid":{"columns":{"http.response.status_code":{"width":105},"log.level":{"width":73},"url.path":{"width":158}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Admin Console - Bad Events","usesAdHocDataView":false},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.375Z","id":"b5653a60-d8af-11ed-ab9f-e9e3125870b6","managed":false,"references":[{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"10.5.0","updated_at":"2025-03-04T22:14:37.375Z","version":"WzIwMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":10,\"i\":\"a97a85b0-b83a-4d28-a3ca-d82e1d1add0f\"},\"panelIndex\":\"a97a85b0-b83a-4d28-a3ca-d82e1d1add0f\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"85f614fc-7263-4080-bbf5-85ca83a0fb1d\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"cde9ac28-cda5-4335-92aa-c13d59712cb4\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"971753f5-76d8-4203-97cb-39cca2a83427\",\"type\":\"count\"},{\"id\":\"4149f0a0-d8ad-11ed-9125-3dbd53b6d6b6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"44332de0-d8ad-11ed-9125-3dbd53b6d6b6\",\"name\":\"count\",\"field\":\"971753f5-76d8-4203-97cb-39cca2a83427\"}],\"script\":\"(params.count / (params._interval / 1000) * 60)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0,0[.0]\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Events Per Minute (5m)\",\"value_template\":\"{{value}}\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"7fb96600-d8cf-11ed-a45b-63b4c7e0f089\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"7fb96601-d8cf-11ed-a45b-63b4c7e0f089\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Total Events:\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"background_color_rules\":[{\"id\":\"3e8e7a20-d8ad-11ed-9125-3dbd53b6d6b6\"}],\"isModelInvalid\":false,\"index_pattern_ref_name\":\"metrics_a97a85b0-b83a-4d28-a3ca-d82e1d1add0f_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{},\"timeRange\":{\"from\":\"now-5m\",\"to\":\"now\"},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":0,\"w\":9,\"h\":5,\"i\":\"c67c9c1f-719a-44b8-bfeb-fafc5243ae1c\"},\"panelIndex\":\"c67c9c1f-719a-44b8-bfeb-fafc5243ae1c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate (5m)\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9f8b0f0-d93f-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9f8b0f1-d93f-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":1,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gt\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":1,\"id\":\"9e5ed4a0-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(109,179,84,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lte\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_c67c9c1f-719a-44b8-bfeb-fafc5243ae1c_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-5m\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"version\":\"8.9.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":10,\"i\":\"f839754d-d5aa-40be-93bb-abda520aaa29\"},\"panelIndex\":\"f839754d-d5aa-40be-93bb-abda520aaa29\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f839754d-d5aa-40be-93bb-abda520aaa29\"},{\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":5,\"w\":9,\"h\":5,\"i\":\"359d89d1-aac0-4320-98fc-983b10831ec1\"},\"panelIndex\":\"359d89d1-aac0-4320-98fc-983b10831ec1\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"Burn Rate\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate (1h)\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"14da2b50-d940-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"14da2b51-d940-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":1,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gt\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":1,\"id\":\"bf283b90-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(109,179,84,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lte\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_359d89d1-aac0-4320-98fc-983b10831ec1_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-1h\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":48,\"h\":7,\"i\":\"91c24a19-7f44-449f-a1bc-298556562140\"},\"panelIndex\":\"91c24a19-7f44-449f-a1bc-298556562140\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"73fba04a-4060-41d9-a9f0-ca7caeafe812\",\"type\":\"timeseries\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"1f35b985-f6c6-4d8a-bc2b-d706b97d3d64\",\"color\":\"#68BC00\",\"split_mode\":\"filters\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"2dfbd2e2-11b0-4393-9b33-5270fd64906d\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"stacked\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"split_filters\":[{\"filter\":{\"query\":\"http.response.status_code < 500\",\"language\":\"kuery\"},\"label\":\"Good\",\"color\":\"#68BC00\",\"id\":\"868ca080-d944-11ed-9afd-11cb5b035fae\"},{\"filter\":{\"query\":\"not (http.response.status_code < 500)\",\"language\":\"kuery\"},\"label\":\"Bad\",\"color\":\"rgba(231,102,76,1)\",\"id\":\"91e8a5a0-d944-11ed-9afd-11cb5b035fae\"}],\"label\":\"\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":0,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"annotations\":[{\"id\":\"bc850aa0-eab1-11ed-b121-11fb7ba70a20\",\"color\":\"#F00\",\"time_field\":\"kibana.alert.start\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":1,\"ignore_panel_filters\":1,\"fields\":\"kibana.alert.reason\",\"template\":\"{{kibana.alert.reason}}\",\"index_pattern_ref_name\":\"metrics_91c24a19-7f44-449f-a1bc-298556562140_1_index_pattern\"}],\"index_pattern_ref_name\":\"metrics_91c24a19-7f44-449f-a1bc-298556562140_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{},\"timeRange\":{\"from\":\"now-24h/h\",\"to\":\"now\"},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"version\":\"8.9.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":28,\"i\":\"c0701f1b-377b-4950-a3f9-cacfd232300a\"},\"panelIndex\":\"c0701f1b-377b-4950-a3f9-cacfd232300a\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"timeRange\":{\"from\":\"now-24h/h\",\"to\":\"now\"}},\"panelRefName\":\"panel_c0701f1b-377b-4950-a3f9-cacfd232300a\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-7d","timeRestore":true,"timeTo":"now","title":"Admin Console – Good vs Bad","version":1},"coreMigrationVersion":"8.8.0","created_at":"2025-03-05T03:04:13.102Z","created_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","id":"2db9b340-d8ad-11ed-ab9f-e9e3125870b6","managed":false,"references":[{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"a97a85b0-b83a-4d28-a3ca-d82e1d1add0f:metrics_a97a85b0-b83a-4d28-a3ca-d82e1d1add0f_0_index_pattern","type":"index-pattern"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"c67c9c1f-719a-44b8-bfeb-fafc5243ae1c:metrics_c67c9c1f-719a-44b8-bfeb-fafc5243ae1c_0_index_pattern","type":"index-pattern"},{"id":"18b3ece0-d8ad-11ed-ab9f-e9e3125870b6","name":"f839754d-d5aa-40be-93bb-abda520aaa29:panel_f839754d-d5aa-40be-93bb-abda520aaa29","type":"visualization"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"359d89d1-aac0-4320-98fc-983b10831ec1:metrics_359d89d1-aac0-4320-98fc-983b10831ec1_0_index_pattern","type":"index-pattern"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"91c24a19-7f44-449f-a1bc-298556562140:metrics_91c24a19-7f44-449f-a1bc-298556562140_0_index_pattern","type":"index-pattern"},{"id":"54a5a414-f8ce-4f5c-ac15-a3554693b51f","name":"91c24a19-7f44-449f-a1bc-298556562140:metrics_91c24a19-7f44-449f-a1bc-298556562140_1_index_pattern","type":"index-pattern"},{"id":"b5653a60-d8af-11ed-ab9f-e9e3125870b6","name":"c0701f1b-377b-4950-a3f9-cacfd232300a:panel_c0701f1b-377b-4950-a3f9-cacfd232300a","type":"search"},{"id":"2caefa00-d8ad-11ed-ab9f-e9e3125870b6","name":"tag-ref-2caefa00-d8ad-11ed-ab9f-e9e3125870b6","type":"tag"}],"sort":[1741143853102,101],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2025-03-05T03:04:13.102Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzIxMCwxXQ=="} +{"attributes":{"fieldAttrs":"{\"processor.ratio\":{\"customLabel\":\"Ratio\",\"count\":2},\"host.name\":{\"count\":1},\"log.level\":{\"count\":1},\"log.logger\":{\"count\":2},\"message\":{\"count\":1},\"processor.accepted\":{\"customLabel\":\"Ack\",\"count\":3},\"processor.processed\":{\"customLabel\":\"Proc\",\"count\":1}}","fieldFormatMap":"{\"processor.ratio\":{\"id\":\"percent\",\"params\":{\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/observability/slos/create\",\"basePath\":\"\"},\"pattern\":\"0,0[.00]%\",\"fractional\":true}}}","fields":"[]","name":"Message Processor","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"kbn-data-forge-fake_stack.message_processor-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.421Z","id":"593f894a-3378-42cc-bafc-61b4877b64b0","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2025-03-05T03:25:58.471Z","version":"WzIzOSwxXQ=="} +{"attributes":{"columns":["log.level","host.name","message","processor.processed","processor.accepted"],"description":"","grid":{"columns":{"host.name":{"width":203},"log.level":{"width":58},"log.logger":{"width":129},"message":{"width":256},"processor.accepted":{"width":66},"processor.processed":{"width":64},"processor.ratio":{"width":78}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"processor.processed < 1\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Message Processor Logs - Bad Events","usesAdHocDataView":false},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.328Z","id":"fe7a49f0-f03a-11ed-bdc6-f382ac874aa0","managed":false,"references":[{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"10.5.0","updated_at":"2025-03-04T22:14:37.328Z","version":"WzE4OSwxXQ=="} +{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"62767b08-1f24-46fc-a99f-ec0fd86bbb02\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"20c35b9c-fac5-43fe-bcd0-db1bf5046f4d\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"73e31900-ab14-4567-8594-c0d8bf12a144\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"87d15b00-f039-11ed-9b23-edcb0937fd3c\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"90e8ee60-f039-11ed-9b23-edcb0937fd3c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"93337aa0-f039-11ed-9b23-edcb0937fd3c\",\"name\":\"processed\",\"field\":\"73e31900-ab14-4567-8594-c0d8bf12a144\"},{\"id\":\"9765b2a0-f039-11ed-9b23-edcb0937fd3c\",\"name\":\"accepted\",\"field\":\"87d15b00-f039-11ed-9b23-edcb0937fd3c\"}],\"script\":\"params.processed / params.accepted\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Processing Success Rate\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"a0159370-f04d-11ed-9bd8-bd6b849694ef\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"a0159371-f04d-11ed-9bd8-bd6b849694ef\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"a0159373-f04d-11ed-9bd8-bd6b849694ef\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"a0159375-f04d-11ed-9bd8-bd6b849694ef\",\"type\":\"calculation\",\"variables\":[{\"id\":\"a0159372-f04d-11ed-9bd8-bd6b849694ef\",\"name\":\"processed\",\"field\":\"a0159371-f04d-11ed-9bd8-bd6b849694ef\"},{\"id\":\"a0159374-f04d-11ed-9bd8-bd6b849694ef\",\"name\":\"accepted\",\"field\":\"a0159373-f04d-11ed-9bd8-bd6b849694ef\"}],\"script\":\"1- (params.processed / params.accepted)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Rate: \"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"background_color_rules\":[{\"id\":\"7e6ae450-f039-11ed-9b23-edcb0937fd3c\"}],\"isModelInvalid\":false,\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"df781501-2c15-49de-bf0c-71dc780f24a3\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"df781501-2c15-49de-bf0c-71dc780f24a3\"}},{\"type\":\"visualization\",\"title\":\"Processed vs Rejected\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"821a66d3-d8d2-49ac-9eae-63ccb20e9035\",\"type\":\"timeseries\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"7c1a9416-6a47-4c47-b475-ad45fe9fa411\",\"color\":\"rgba(231,102,76,1)\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"d471c284-9b07-4f20-b213-3f2bba75e270\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"877d4ef0-f036-11ed-9b23-edcb0937fd3c\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"8c9ca610-f036-11ed-9b23-edcb0937fd3c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"8ecca570-f036-11ed-9b23-edcb0937fd3c\",\"name\":\"processed\",\"field\":\"877d4ef0-f036-11ed-9b23-edcb0937fd3c\"},{\"id\":\"97257cb0-f036-11ed-9b23-edcb0937fd3c\",\"name\":\"accepted\",\"field\":\"d471c284-9b07-4f20-b213-3f2bba75e270\"}],\"script\":\"params.accepted - params.processed\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"1\",\"stacked\":\"stacked\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Rejected\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"c1e935e0-f036-11ed-9b23-edcb0937fd3c\",\"color\":\"rgba(84,179,153,1)\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"c1e935e3-f036-11ed-9b23-edcb0937fd3c\",\"type\":\"sum\",\"field\":\"processor.processed\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"1\",\"stacked\":\"stacked\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Processed\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"f84c26fa-e640-4ac2-82a5-25ce6df5d5e4\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":13,\"i\":\"f84c26fa-e640-4ac2-82a5-25ce6df5d5e4\"}},{\"type\":\"visualization\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"5d3d2c7d-e789-43a1-a129-18b4145e0ce8\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"0c19da24-c42e-4e55-a27c-b58578faa7ad\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"d498066f-67a4-4de3-959f-aadcb4d6e0de\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"0a88abf0-f037-11ed-9b23-edcb0937fd3c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"0d5ed660-f037-11ed-9b23-edcb0937fd3c\",\"name\":\"processed\",\"field\":\"d498066f-67a4-4de3-959f-aadcb4d6e0de\"}],\"script\":\"params.processed / (params._interval / 1000 / 60)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0,0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Processing Rate\",\"value_template\":\"{{value}}/m\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"96bb05a0-f037-11ed-9b23-edcb0937fd3c\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"96bb05a1-f037-11ed-9b23-edcb0937fd3c\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"96bb2cb1-f037-11ed-9b23-edcb0937fd3c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"96bb2cb0-f037-11ed-9b23-edcb0937fd3c\",\"name\":\"processed\",\"field\":\"96bb05a1-f037-11ed-9b23-edcb0937fd3c\"}],\"script\":\"params.processed / (params._interval / 1000 / 60)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0,0a\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Accepted\",\"value_template\":\"{{value}}/m\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"background_color_rules\":[{\"id\":\"f93da3a0-f036-11ed-9b23-edcb0937fd3c\"}],\"isModelInvalid\":false,\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"cf81e9ee-63aa-446f-8e98-2f86a6613075\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":6,\"i\":\"cf81e9ee-63aa-446f-8e98-2f86a6613075\"}},{\"type\":\"visualization\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"timeRange\":{\"from\":\"now-5m\",\"to\":\"now\"},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"d225eadd-405b-4e9a-9af2-c4ce19639479\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"b1406011-1cea-43db-9971-a365998f4de6\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"c1bcd5eb-d76d-4036-b9d8-3a4804f3ecc4\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"ebebdc70-f04b-11ed-a0c0-052ee7bd178f\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"f16eb050-f04b-11ed-a0c0-052ee7bd178f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f404eb90-f04b-11ed-a0c0-052ee7bd178f\",\"name\":\"processed\",\"field\":\"ebebdc70-f04b-11ed-a0c0-052ee7bd178f\"},{\"id\":\"f924b7e0-f04b-11ed-a0c0-052ee7bd178f\",\"name\":\"accepted\",\"field\":\"c1bcd5eb-d76d-4036-b9d8-3a4804f3ecc4\"}],\"script\":\"(1 - (params.processed / params.accepted)) / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Burn Rate (5m)\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"145be1a0-f04c-11ed-a0c0-052ee7bd178f\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"145be1a1-f04c-11ed-a0c0-052ee7bd178f\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"145be1a3-f04c-11ed-a0c0-052ee7bd178f\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"145be1a5-f04c-11ed-a0c0-052ee7bd178f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"145be1a4-f04c-11ed-a0c0-052ee7bd178f\",\"name\":\"processed\",\"field\":\"145be1a3-f04c-11ed-a0c0-052ee7bd178f\"},{\"id\":\"145be1a2-f04c-11ed-a0c0-052ee7bd178f\",\"name\":\"accepted\",\"field\":\"145be1a1-f04c-11ed-a0c0-052ee7bd178f\"}],\"script\":\"(1 - (params.processed / params.accepted))\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio: \"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"background_color_rules\":[{\"value\":1,\"id\":\"e6c866a0-f04b-11ed-a0c0-052ee7bd178f\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lt\"},{\"value\":1,\"id\":\"3840b960-f04c-11ed-a0c0-052ee7bd178f\",\"background_color\":\"rgba(231,102,76,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gte\"}],\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"34c3d3c4-1586-4196-833c-399e7d20c3ef\",\"gridData\":{\"x\":0,\"y\":13,\"w\":8,\"h\":6,\"i\":\"34c3d3c4-1586-4196-833c-399e7d20c3ef\"}},{\"type\":\"visualization\",\"title\":\"Host Share of Processing\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"f6ab0001-64aa-4a2f-ba05-e44d15ec1dee\",\"interval\":\">=1m\",\"isModelInvalid\":false,\"max_lines_legend\":1,\"series\":[{\"time_range_mode\":\"entire_time_range\",\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"1\",\"formatter\":\"percent\",\"id\":\"072ac77b-43b6-4b1c-9dec-aa8444af8e0c\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"50c91871-91ef-43c8-a57f-7065f96c66a9\",\"type\":\"sum\",\"field\":\"processor.processed\"}],\"override_index_pattern\":0,\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":\"0\",\"separate_axis\":0,\"series_drop_last_bucket\":0,\"split_mode\":\"terms\",\"stacked\":\"percent\",\"terms_field\":\"host.name\",\"steps\":1,\"label\":\"\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"truncate_legend\":1,\"type\":\"timeseries\",\"use_kibana_indexes\":true,\"legend_position\":\"bottom\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"c94a208e-e4b7-4ea6-9f90-30d125ec6b0e\",\"gridData\":{\"x\":8,\"y\":13,\"w\":40,\"h\":12,\"i\":\"c94a208e-e4b7-4ea6-9f90-30d125ec6b0e\"}},{\"type\":\"visualization\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"timeRange\":{\"from\":\"now-1h\",\"to\":\"now\"},\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"d225eadd-405b-4e9a-9af2-c4ce19639479\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"b1406011-1cea-43db-9971-a365998f4de6\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"c1bcd5eb-d76d-4036-b9d8-3a4804f3ecc4\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"ebebdc70-f04b-11ed-a0c0-052ee7bd178f\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"f16eb050-f04b-11ed-a0c0-052ee7bd178f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f404eb90-f04b-11ed-a0c0-052ee7bd178f\",\"name\":\"processed\",\"field\":\"ebebdc70-f04b-11ed-a0c0-052ee7bd178f\"},{\"id\":\"f924b7e0-f04b-11ed-a0c0-052ee7bd178f\",\"name\":\"accepted\",\"field\":\"c1bcd5eb-d76d-4036-b9d8-3a4804f3ecc4\"}],\"script\":\"(1 - (params.processed / params.accepted)) / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Burn Rate (5m)\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"145be1a0-f04c-11ed-a0c0-052ee7bd178f\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"145be1a1-f04c-11ed-a0c0-052ee7bd178f\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"145be1a3-f04c-11ed-a0c0-052ee7bd178f\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"145be1a5-f04c-11ed-a0c0-052ee7bd178f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"145be1a4-f04c-11ed-a0c0-052ee7bd178f\",\"name\":\"processed\",\"field\":\"145be1a3-f04c-11ed-a0c0-052ee7bd178f\"},{\"id\":\"145be1a2-f04c-11ed-a0c0-052ee7bd178f\",\"name\":\"accepted\",\"field\":\"145be1a1-f04c-11ed-a0c0-052ee7bd178f\"}],\"script\":\"(1 - (params.processed / params.accepted))\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio: \"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"background_color_rules\":[{\"value\":1,\"id\":\"e6c866a0-f04b-11ed-a0c0-052ee7bd178f\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lt\"},{\"value\":1,\"id\":\"3840b960-f04c-11ed-a0c0-052ee7bd178f\",\"background_color\":\"rgba(231,102,76,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gte\"}],\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"82e98f71-f93e-410f-9d42-ddb80cdcf687\",\"gridData\":{\"x\":0,\"y\":19,\"w\":8,\"h\":6,\"i\":\"82e98f71-f93e-410f-9d42-ddb80cdcf687\"}},{\"type\":\"search\",\"title\":\"Message Processor Logs - Bad Events\",\"panelRefName\":\"panel_741b3361-e1dc-4abc-a607-a154babe5e37\",\"embeddableConfig\":{\"description\":\"\",\"enhancements\":{\"dynamicActions\":{\"events\":[]}}},\"panelIndex\":\"741b3361-e1dc-4abc-a607-a154babe5e37\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"741b3361-e1dc-4abc-a607-a154babe5e37\"}},{\"type\":\"visualization\",\"title\":\"Stats by Host\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"d1acb6a1-709b-4674-a060-4b35de367181\",\"type\":\"table\",\"series\":[{\"id\":\"7433c540-f03b-11ed-9b23-edcb0937fd3c\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"7433c541-f03b-11ed-9b23-edcb0937fd3c\",\"type\":\"sum\",\"field\":\"processor.accepted\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Accepted\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e165ff37-2879-44b0-81f9-f3042969d28b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"784d4467-adec-4b51-b982-406f50e72ebf\",\"type\":\"sum\",\"field\":\"processor.processed\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Processed\"},{\"id\":\"437e70d0-f03b-11ed-9b23-edcb0937fd3c\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"437e70d1-f03b-11ed-9b23-edcb0937fd3c\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"4eb89610-f03b-11ed-9b23-edcb0937fd3c\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"55fca1f0-f03b-11ed-9b23-edcb0937fd3c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"58c1b560-f03b-11ed-9b23-edcb0937fd3c\",\"name\":\"processed\",\"field\":\"4eb89610-f03b-11ed-9b23-edcb0937fd3c\"},{\"id\":\"5f3aa910-f03b-11ed-9b23-edcb0937fd3c\",\"name\":\"accepted\",\"field\":\"437e70d1-f03b-11ed-9b23-edcb0937fd3c\"}],\"script\":\"params.accepted - params.processed\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Rejected\"},{\"id\":\"89caa810-f03b-11ed-9b23-edcb0937fd3c\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"89caa811-f03b-11ed-9b23-edcb0937fd3c\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"89caa813-f03b-11ed-9b23-edcb0937fd3c\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"89caa815-f03b-11ed-9b23-edcb0937fd3c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"89caa814-f03b-11ed-9b23-edcb0937fd3c\",\"name\":\"processed\",\"field\":\"89caa813-f03b-11ed-9b23-edcb0937fd3c\"},{\"id\":\"89caa812-f03b-11ed-9b23-edcb0937fd3c\",\"name\":\"accepted\",\"field\":\"89caa811-f03b-11ed-9b23-edcb0937fd3c\"}],\"script\":\"params.processed / params.accepted\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Success Rate\",\"color_rules\":[{\"id\":\"9945f970-f03b-11ed-9b23-edcb0937fd3c\"}]}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"bar_color_rules\":[{\"id\":\"280e83d0-f03b-11ed-9b23-edcb0937fd3c\"}],\"isModelInvalid\":false,\"pivot_id\":\"host.name\",\"pivot_type\":\"string\",\"pivot_label\":\"Host\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{\"table\":{\"sort\":{\"column\":\"_default_\",\"order\":\"asc\"}}},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"188aefee-4cd4-49e6-99f4-4f8db4807c7c\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"188aefee-4cd4-49e6-99f4-4f8db4807c7c\"}},{\"type\":\"lens\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"593f894a-3378-42cc-bafc-61b4877b64b0\",\"name\":\"indexpattern-datasource-layer-9ad575bb-1de0-4b4c-a42f-bd9117f7c123\"},{\"type\":\"index-pattern\",\"id\":\"593f894a-3378-42cc-bafc-61b4877b64b0\",\"name\":\"indexpattern-datasource-layer-3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"9ad575bb-1de0-4b4c-a42f-bd9117f7c123\",\"accessors\":[\"5c829b86-8e00-4dec-ae77-409d14f1e9c6\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"default\",\"colorMode\":{\"type\":\"categorical\"}},\"xAccessor\":\"ee21691a-428f-4ad1-8ae2-349459564af4\"},{\"layerId\":\"3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1\",\"layerType\":\"data\",\"accessors\":[\"d6aa9f6b-57b7-46dc-afb2-0e60712da597\"],\"seriesType\":\"bar_stacked\",\"xAccessor\":\"79c23309-891f-48be-8290-ab6141ea8761\",\"yConfig\":[{\"forAccessor\":\"d6aa9f6b-57b7-46dc-afb2-0e60712da597\",\"color\":\"#f6726a\"}]}],\"yTitle\":\"Processed vs Rejected\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9ad575bb-1de0-4b4c-a42f-bd9117f7c123\":{\"columns\":{\"ee21691a-428f-4ad1-8ae2-349459564af4\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"5c829b86-8e00-4dec-ae77-409d14f1e9c6X0\":{\"label\":\"Part of sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.processed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"5c829b86-8e00-4dec-ae77-409d14f1e9c6\":{\"label\":\"Processed\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"sum(processor.processed)\",\"isFormulaBroken\":false},\"references\":[\"5c829b86-8e00-4dec-ae77-409d14f1e9c6X0\"],\"customLabel\":true}},\"columnOrder\":[\"ee21691a-428f-4ad1-8ae2-349459564af4\",\"5c829b86-8e00-4dec-ae77-409d14f1e9c6\",\"5c829b86-8e00-4dec-ae77-409d14f1e9c6X0\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}},\"3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1\":{\"linkToLayers\":[],\"columns\":{\"79c23309-891f-48be-8290-ab6141ea8761\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X0\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.accepted\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X1\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.processed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X2\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"subtract\",\"args\":[\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X0\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X1\"],\"location\":{\"min\":0,\"max\":50},\"text\":\"sum(processor.accepted) - sum(processor.processed)\"}},\"references\":[\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X0\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X1\"],\"customLabel\":true},\"d6aa9f6b-57b7-46dc-afb2-0e60712da597\":{\"label\":\"Rejected\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"sum(processor.accepted) - sum(processor.processed)\",\"isFormulaBroken\":false},\"references\":[\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X2\"],\"customLabel\":true}},\"columnOrder\":[\"79c23309-891f-48be-8290-ab6141ea8761\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X0\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X1\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X2\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"04857532-a5b3-4de0-a79f-75d8d0b5c8c7\",\"gridData\":{\"x\":0,\"y\":41,\"w\":24,\"h\":15,\"i\":\"04857532-a5b3-4de0-a79f-75d8d0b5c8c7\"}},{\"type\":\"lens\",\"title\":\"\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"593f894a-3378-42cc-bafc-61b4877b64b0\",\"name\":\"indexpattern-datasource-layer-3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1\",\"layerType\":\"data\",\"accessors\":[\"d6aa9f6b-57b7-46dc-afb2-0e60712da597\"],\"seriesType\":\"bar_stacked\",\"xAccessor\":\"79c23309-891f-48be-8290-ab6141ea8761\",\"yConfig\":[{\"forAccessor\":\"d6aa9f6b-57b7-46dc-afb2-0e60712da597\",\"color\":\"#f6726a\"}],\"splitAccessor\":\"0fac59b3-04e0-4d9c-84a8-75227c7db151\"}],\"yTitle\":\"Processed vs Rejected\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1\":{\"linkToLayers\":[],\"columns\":{\"79c23309-891f-48be-8290-ab6141ea8761\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X0\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.accepted\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X1\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.processed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X2\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"subtract\",\"args\":[\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X0\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X1\"],\"location\":{\"min\":0,\"max\":50},\"text\":\"sum(processor.accepted) - sum(processor.processed)\"}},\"references\":[\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X0\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X1\"],\"customLabel\":true},\"d6aa9f6b-57b7-46dc-afb2-0e60712da597\":{\"label\":\"Rejected\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"sum(processor.accepted) - sum(processor.processed)\",\"isFormulaBroken\":false},\"references\":[\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X2\"],\"customLabel\":true},\"0fac59b3-04e0-4d9c-84a8-75227c7db151\":{\"label\":\"Top 10 values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"0fac59b3-04e0-4d9c-84a8-75227c7db151\",\"79c23309-891f-48be-8290-ab6141ea8761\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X0\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X1\",\"d6aa9f6b-57b7-46dc-afb2-0e60712da597X2\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"593f894a-3378-42cc-bafc-61b4877b64b0\"}},\"currentIndexPatternId\":\"593f894a-3378-42cc-bafc-61b4877b64b0\"},\"indexpattern\":{\"layers\":{},\"currentIndexPatternId\":\"593f894a-3378-42cc-bafc-61b4877b64b0\"},\"textBased\":{\"layers\":{},\"indexPatternRefs\":[{\"id\":\"593f894a-3378-42cc-bafc-61b4877b64b0\",\"title\":\"kbn-data-forge-fake_stack.message_processor-*\",\"timeField\":\"@timestamp\"}]}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"8db7a201-95c8-4211-89b5-1288e18c8f2e\",\"gridData\":{\"x\":24,\"y\":41,\"w\":24,\"h\":15,\"i\":\"8db7a201-95c8-4211-89b5-1288e18c8f2e\"}}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-7d/d","timeRestore":true,"timeTo":"now","title":"Message Processor Operations","version":3},"coreMigrationVersion":"8.8.0","created_at":"2025-03-05T03:04:13.102Z","created_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","id":"48089ec0-f039-11ed-bdc6-f382ac874aa0","managed":false,"references":[{"id":"fe7a49f0-f03a-11ed-bdc6-f382ac874aa0","name":"741b3361-e1dc-4abc-a607-a154babe5e37:panel_741b3361-e1dc-4abc-a607-a154babe5e37","type":"search"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"df781501-2c15-49de-bf0c-71dc780f24a3:metrics_0_index_pattern","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"f84c26fa-e640-4ac2-82a5-25ce6df5d5e4:metrics_0_index_pattern","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"cf81e9ee-63aa-446f-8e98-2f86a6613075:metrics_0_index_pattern","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"34c3d3c4-1586-4196-833c-399e7d20c3ef:metrics_0_index_pattern","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"c94a208e-e4b7-4ea6-9f90-30d125ec6b0e:metrics_0_index_pattern","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"82e98f71-f93e-410f-9d42-ddb80cdcf687:metrics_0_index_pattern","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"188aefee-4cd4-49e6-99f4-4f8db4807c7c:metrics_0_index_pattern","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"04857532-a5b3-4de0-a79f-75d8d0b5c8c7:indexpattern-datasource-layer-9ad575bb-1de0-4b4c-a42f-bd9117f7c123","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"04857532-a5b3-4de0-a79f-75d8d0b5c8c7:indexpattern-datasource-layer-3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"8db7a201-95c8-4211-89b5-1288e18c8f2e:indexpattern-datasource-layer-3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1","type":"index-pattern"}],"sort":[1741143853102,81],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2025-03-05T03:04:13.102Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzIwOCwxXQ=="} +{"attributes":{"columns":["kibana.alert.rule.name","kibana.alert.status","kibana.alert.reason"],"description":"","grid":{"columns":{"kibana.alert.rule.name":{"width":220},"kibana.alert.status":{"width":59}}},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Alerts As Data","usesAdHocDataView":false},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.375Z","id":"da1bd030-0163-11ee-b87b-0b224545e697","managed":false,"references":[{"id":"54a5a414-f8ce-4f5c-ac15-a3554693b51f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"10.5.0","updated_at":"2025-03-04T22:14:37.375Z","version":"WzE5NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":48,\"h\":11,\"i\":\"be43a6f5-4438-4699-b497-7ac362d8f989\"},\"panelIndex\":\"be43a6f5-4438-4699-b497-7ac362d8f989\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"e7744dbe-a7a4-457b-83aa-539e9c88764c\",\"name\":\"indexpattern-datasource-layer-574e719b-bb48-42e3-9dca-b05331790843\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"bottom\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"574e719b-bb48-42e3-9dca-b05331790843\",\"accessors\":[\"5b021746-2d36-48a6-8a3c-21f88362e0f7\",\"c775f615-cfa4-431c-9855-23babf1653b9\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"d9b27856-dd00-47b5-84f0-20244e1ea0cf\",\"yConfig\":[{\"forAccessor\":\"5b021746-2d36-48a6-8a3c-21f88362e0f7\",\"color\":\"#54b399\"},{\"forAccessor\":\"c775f615-cfa4-431c-9855-23babf1653b9\",\"color\":\"#e7664c\"}]}],\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"574e719b-bb48-42e3-9dca-b05331790843\":{\"columns\":{\"d9b27856-dd00-47b5-84f0-20244e1ea0cf\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"5b021746-2d36-48a6-8a3c-21f88362e0f7X0\":{\"label\":\"Part of count(kql='http.response.status_code < 500')\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"http.response.status_code < 500\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"5b021746-2d36-48a6-8a3c-21f88362e0f7\":{\"label\":\"Good Events\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"count(kql='http.response.status_code < 500')\",\"isFormulaBroken\":false},\"references\":[\"5b021746-2d36-48a6-8a3c-21f88362e0f7X0\"],\"customLabel\":true},\"c775f615-cfa4-431c-9855-23babf1653b9X0\":{\"label\":\"Part of count(kql='http.response.status_code >= 500')\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"http.response.status_code >= 500\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"c775f615-cfa4-431c-9855-23babf1653b9\":{\"label\":\"Bad\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"count(kql='http.response.status_code >= 500')\",\"isFormulaBroken\":false},\"references\":[\"c775f615-cfa4-431c-9855-23babf1653b9X0\"],\"customLabel\":true}},\"columnOrder\":[\"d9b27856-dd00-47b5-84f0-20244e1ea0cf\",\"5b021746-2d36-48a6-8a3c-21f88362e0f7\",\"5b021746-2d36-48a6-8a3c-21f88362e0f7X0\",\"c775f615-cfa4-431c-9855-23babf1653b9\",\"c775f615-cfa4-431c-9855-23babf1653b9X0\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Good vs Bad Events over Time\",\"version\":\"8.9.0\"},{\"version\":\"8.9.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":22,\"i\":\"a133e6ca-b6d3-405a-bd15-88f7cd9a66fa\"},\"panelIndex\":\"a133e6ca-b6d3-405a-bd15-88f7cd9a66fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a133e6ca-b6d3-405a-bd15-88f7cd9a66fa\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":0,\"w\":11,\"h\":6,\"i\":\"37a95bea-b571-42bd-a02b-68031bf91d38\"},\"panelIndex\":\"37a95bea-b571-42bd-a02b-68031bf91d38\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9f8b0f0-d93f-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9f8b0f1-d93f-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":1,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gt\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":1,\"id\":\"9e5ed4a0-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lte\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_37a95bea-b571-42bd-a02b-68031bf91d38_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-360m\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":6,\"w\":11,\"h\":6,\"i\":\"ca563a0f-a89f-45bd-adc2-84b67e01aa88\"},\"panelIndex\":\"ca563a0f-a89f-45bd-adc2-84b67e01aa88\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9f8b0f0-d93f-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9f8b0f1-d93f-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":1,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gt\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":1,\"id\":\"9e5ed4a0-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lte\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_ca563a0f-a89f-45bd-adc2-84b67e01aa88_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-3d\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":0,\"w\":12,\"h\":6,\"i\":\"2d4f4207-220c-465e-8965-95a78b1a1dae\"},\"panelIndex\":\"2d4f4207-220c-465e-8965-95a78b1a1dae\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9f8b0f0-d93f-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9f8b0f1-d93f-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":3,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gte\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":3,\"id\":\"9e5ed4a0-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lt\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_2d4f4207-220c-465e-8965-95a78b1a1dae_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-120m\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":6,\"w\":12,\"h\":6,\"i\":\"f7d17f5d-fc86-498c-9c1b-0b679ba75aa8\"},\"panelIndex\":\"f7d17f5d-fc86-498c-9c1b-0b679ba75aa8\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9f8b0f0-d93f-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9f8b0f1-d93f-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":3,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gte\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":3,\"id\":\"9e5ed4a0-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lt\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_f7d17f5d-fc86-498c-9c1b-0b679ba75aa8_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-1d\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":12,\"h\":6,\"i\":\"2f0bec4a-e528-44d5-b988-b470b7d4ad07\"},\"panelIndex\":\"2f0bec4a-e528-44d5-b988-b470b7d4ad07\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9f8b0f0-d93f-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9f8b0f1-d93f-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":6,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gte\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":6,\"id\":\"9e5ed4a0-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lt\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_2f0bec4a-e528-44d5-b988-b470b7d4ad07_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-30m\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":6,\"w\":12,\"h\":6,\"i\":\"4cce8769-1da8-4638-bea3-c6be98d8600b\"},\"panelIndex\":\"4cce8769-1da8-4638-bea3-c6be98d8600b\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9f8b0f0-d93f-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9f8b0f1-d93f-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":6,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gte\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":6,\"id\":\"9e5ed4a0-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lt\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_4cce8769-1da8-4638-bea3-c6be98d8600b_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-6h\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":6,\"i\":\"b7996a74-f86b-4006-847c-1fb482ccda64\"},\"panelIndex\":\"b7996a74-f86b-4006-847c-1fb482ccda64\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9f8b0f0-d93f-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9f8b0f1-d93f-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":14.4,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gte\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":14.4,\"id\":\"9e5ed4a0-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lt\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_b7996a74-f86b-4006-847c-1fb482ccda64_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-5m\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":6,\"w\":13,\"h\":6,\"i\":\"e15a9cb8-54d0-4be9-93e6-92f054b14160\"},\"panelIndex\":\"e15a9cb8-54d0-4be9-93e6-92f054b14160\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"ff7b9f58-19cd-4700-8bb6-0655089ed462\",\"type\":\"metric\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"4863ef5f-2d5c-41a7-9507-7d42bebbd037\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"4b04e408-7543-4771-8c36-e6c1feb89477\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}},{\"id\":\"8a8f4130-d93d-11ed-bdca-eb80b799acd6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aa4144b0-d93d-11ed-bdca-eb80b799acd6\",\"name\":\"bad\",\"field\":\"4b04e408-7543-4771-8c36-e6c1feb89477\"}],\"script\":\"params.bad / (1 - 0.95)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Burn Rate\",\"value_template\":\"{{value}}x\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9f8b0f0-d93f-11ed-bdca-eb80b799acd6\",\"color\":\"#68BC00\",\"split_mode\":\"filter\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9f8b0f1-d93f-11ed-bdca-eb80b799acd6\",\"type\":\"filter_ratio\",\"numerator\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"denominator\":{\"query\":\"http.response.status_code : * \",\"language\":\"kuery\"}}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Error Ratio:\",\"value_template\":\"{{value}}\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"background_color_rules\":[{\"value\":14.4,\"id\":\"3327b9a0-d93c-11ed-bdca-eb80b799acd6\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"gte\",\"background_color\":\"rgba(231,102,76,1)\"},{\"value\":14.4,\"id\":\"9e5ed4a0-da05-11ed-8012-4b83da923c92\",\"background_color\":\"rgba(84,179,153,1)\",\"color\":\"rgba(255,255,255,1)\",\"operator\":\"lt\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"index_pattern_ref_name\":\"metrics_e15a9cb8-54d0-4be9-93e6-92f054b14160_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"timeRange\":{\"from\":\"now-1h\",\"to\":\"now\"},\"enhancements\":{},\"type\":\"visualization\"},\"version\":\"8.9.0\"}]","timeRestore":false,"title":"Admin Console: Burn Rates","version":1},"coreMigrationVersion":"8.8.0","created_at":"2025-03-05T03:04:13.102Z","created_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","id":"52de57b0-0162-11ee-b87b-0b224545e697","managed":false,"references":[{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"be43a6f5-4438-4699-b497-7ac362d8f989:indexpattern-datasource-layer-574e719b-bb48-42e3-9dca-b05331790843","type":"index-pattern"},{"id":"da1bd030-0163-11ee-b87b-0b224545e697","name":"a133e6ca-b6d3-405a-bd15-88f7cd9a66fa:panel_a133e6ca-b6d3-405a-bd15-88f7cd9a66fa","type":"search"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"37a95bea-b571-42bd-a02b-68031bf91d38:metrics_37a95bea-b571-42bd-a02b-68031bf91d38_0_index_pattern","type":"index-pattern"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"ca563a0f-a89f-45bd-adc2-84b67e01aa88:metrics_ca563a0f-a89f-45bd-adc2-84b67e01aa88_0_index_pattern","type":"index-pattern"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"2d4f4207-220c-465e-8965-95a78b1a1dae:metrics_2d4f4207-220c-465e-8965-95a78b1a1dae_0_index_pattern","type":"index-pattern"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"f7d17f5d-fc86-498c-9c1b-0b679ba75aa8:metrics_f7d17f5d-fc86-498c-9c1b-0b679ba75aa8_0_index_pattern","type":"index-pattern"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"2f0bec4a-e528-44d5-b988-b470b7d4ad07:metrics_2f0bec4a-e528-44d5-b988-b470b7d4ad07_0_index_pattern","type":"index-pattern"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"4cce8769-1da8-4638-bea3-c6be98d8600b:metrics_4cce8769-1da8-4638-bea3-c6be98d8600b_0_index_pattern","type":"index-pattern"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"b7996a74-f86b-4006-847c-1fb482ccda64:metrics_b7996a74-f86b-4006-847c-1fb482ccda64_0_index_pattern","type":"index-pattern"},{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"e15a9cb8-54d0-4be9-93e6-92f054b14160:metrics_e15a9cb8-54d0-4be9-93e6-92f054b14160_0_index_pattern","type":"index-pattern"}],"sort":[1741143853102,92],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2025-03-05T03:04:13.102Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzIwOSwxXQ=="} +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"Ngnix Proxy Logs","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"kbn-data-forge-fake_stack.nginx_proxy-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.421Z","id":"a3696044-a05a-4d05-af22-2a97265c62f6","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2025-03-05T03:26:24.232Z","version":"WzI0NCwxXQ=="} +{"attributes":{"fieldAttrs":"{\"message\":{\"count\":1}}","fieldFormatMap":"{}","fields":"[]","name":"MongoDB Logs","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"kbn-data-forge-fake_stack.mongodb-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T22:14:37.421Z","id":"ab1c55e6-5258-41ab-bcb9-810260c1a957","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2025-03-05T03:26:20.492Z","version":"WzI0MywxXQ=="} +{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"title\":\"Admin Console Log Rate\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"3aa8633c-bf11-4a8d-9b5a-9d13fb5e604b\",\"type\":\"timeseries\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"0ac82a88-7680-4244-97ee-1af47e8a0628\",\"color\":\"#68BC00\",\"split_mode\":\"filters\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"8382c617-6f51-425a-812d-4a9f389599f6\",\"type\":\"count\"},{\"id\":\"ba2bb600-f5a1-11ed-8a19-b73e13394ec6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"bcd4dd00-f5a1-11ed-8a19-b73e13394ec6\",\"name\":\"count\",\"field\":\"8382c617-6f51-425a-812d-4a9f389599f6\"}],\"script\":\"params.count / ((params._interval / 1000) / 60)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"stacked\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Log Rate\",\"value_template\":\"{{value}} tpm\",\"split_filters\":[{\"filter\":{\"query\":\"http.response.status_code < 500\",\"language\":\"kuery\"},\"label\":\"Good\",\"color\":\"#68BC00\",\"id\":\"e351c4c0-f5a1-11ed-8a19-b73e13394ec6\"},{\"filter\":{\"query\":\"not http.response.status_code < 500\",\"language\":\"kuery\"},\"label\":\"Bad\",\"color\":\"rgba(231,102,76,1)\",\"id\":\"edafbad0-f5a1-11ed-8a19-b73e13394ec6\"}]}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"ffc2d8c6-73a5-4927-9c33-03cbf4b5b2bf\",\"gridData\":{\"x\":0,\"y\":10,\"w\":48,\"h\":10,\"i\":\"ffc2d8c6-73a5-4927-9c33-03cbf4b5b2bf\"}},{\"type\":\"visualization\",\"title\":\"Ngnix Proxy Request Rate\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"384ea574-6aa4-4f71-a6cb-c09a0dcad996\",\"type\":\"timeseries\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"98b6f02d-7b7a-4432-b517-c0322e86bae6\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"1f8cb6ee-a83a-45bf-a467-4302815e57f8\",\"type\":\"count\"},{\"id\":\"eab8a8a0-fa88-11ed-a192-7bca01fcf33d\",\"type\":\"calculation\",\"variables\":[{\"id\":\"ece74870-fa88-11ed-a192-7bca01fcf33d\",\"name\":\"count\",\"field\":\"1f8cb6ee-a83a-45bf-a467-4302815e57f8\"}],\"script\":\"params.count / ((params._interval / 1000) / 60)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Requests\",\"value_template\":\"{{value}} tpm\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"b02f45a3-8e50-4cb4-89d5-6dbc7ac96692\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":10,\"i\":\"b02f45a3-8e50-4cb4-89d5-6dbc7ac96692\"}},{\"type\":\"visualization\",\"title\":\"MongoDB Log Rate\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"6a893e6e-e63c-4ecb-81a5-fb9fd97dc0be\",\"type\":\"timeseries\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"b15f4440-123f-4c98-8744-c3fc77763de1\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"1fca665c-77c1-4959-9049-92affea7feda\",\"type\":\"count\"},{\"id\":\"4b0f89d0-f5a2-11ed-8a19-b73e13394ec6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4d5693a0-f5a2-11ed-8a19-b73e13394ec6\",\"name\":\"count\",\"field\":\"1fca665c-77c1-4959-9049-92affea7feda\"}],\"script\":\"params.count / ((params._interval / 1000) / 60)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Log Rate\",\"value_template\":\"{{value}} tpm\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"087dc7fc-0f12-4275-8846-13fea0472723\",\"gridData\":{\"x\":0,\"y\":20,\"w\":48,\"h\":10,\"i\":\"087dc7fc-0f12-4275-8846-13fea0472723\"}},{\"type\":\"visualization\",\"title\":\"Message Processing Rate\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"99eb8524-5b7d-41f5-b1e8-f1a0847b4ee1\",\"type\":\"timeseries\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"e9c51db0-f5a2-11ed-8a19-b73e13394ec6\",\"color\":\"rgba(104,188,0,1)\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"e9c51db1-f5a2-11ed-8a19-b73e13394ec6\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"223a16a0-f5a3-11ed-8a19-b73e13394ec6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"26c73fe0-f5a3-11ed-8a19-b73e13394ec6\",\"name\":\"processed\",\"field\":\"e9c51db1-f5a2-11ed-8a19-b73e13394ec6\"}],\"script\":\"params.processed / ((params._interval / 1000) / 60)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"stacked\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Process Rate\",\"value_template\":\"{{value}} tpm\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"cc582b6b-2c7c-46de-b2d4-60340c92ea8c\",\"color\":\"rgba(231,102,76,1)\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"68445e87-8d3d-4f6b-a549-d997f600d4b8\",\"type\":\"sum\",\"field\":\"processor.processed\"},{\"id\":\"c4aad330-f5a2-11ed-8a19-b73e13394ec6\",\"type\":\"sum\",\"field\":\"processor.accepted\"},{\"id\":\"d17d4bb0-f5a2-11ed-8a19-b73e13394ec6\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d3fe5140-f5a2-11ed-8a19-b73e13394ec6\",\"name\":\"processed\",\"field\":\"68445e87-8d3d-4f6b-a549-d997f600d4b8\"},{\"id\":\"d9df4ab0-f5a2-11ed-8a19-b73e13394ec6\",\"name\":\"accepted\",\"field\":\"c4aad330-f5a2-11ed-8a19-b73e13394ec6\"}],\"script\":\"(params.accepted - params.processed) / ((params._interval / 1000) / 60)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"stacked\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"Rejected Rate\",\"value_template\":\"{{value}} tpm\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"legend_position\":\"bottom\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}},\"panelIndex\":\"5593ea6d-c932-42b5-8764-5168da80e4dd\",\"gridData\":{\"x\":0,\"y\":30,\"w\":48,\"h\":9,\"i\":\"5593ea6d-c932-42b5-8764-5168da80e4dd\"}},{\"type\":\"lens\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"593f894a-3378-42cc-bafc-61b4877b64b0\",\"name\":\"indexpattern-datasource-layer-04450f23-63ae-4570-87d9-8c5c89b53bce\"},{\"type\":\"index-pattern\",\"id\":\"593f894a-3378-42cc-bafc-61b4877b64b0\",\"name\":\"indexpattern-datasource-layer-73aa5801-eb35-4e4f-8b94-adef5fca8c16\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"04450f23-63ae-4570-87d9-8c5c89b53bce\",\"accessors\":[\"9659b670-1b65-4f38-8098-8c04d28a3d66\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"default\",\"colorMode\":{\"type\":\"categorical\"}},\"xAccessor\":\"78f5b4c0-bcf5-4dc1-8fb2-c766f0975d59\"},{\"layerId\":\"73aa5801-eb35-4e4f-8b94-adef5fca8c16\",\"layerType\":\"data\",\"accessors\":[\"1b14c449-f51f-4fd7-8431-de62a8c24f3f\"],\"seriesType\":\"bar_stacked\",\"xAccessor\":\"89e414d1-0045-46df-9555-7d265a9f5960\",\"yConfig\":[{\"forAccessor\":\"1b14c449-f51f-4fd7-8431-de62a8c24f3f\",\"color\":\"#f6726a\"}]}],\"labelsOrientation\":{\"x\":0,\"yLeft\":-90,\"yRight\":0},\"yTitle\":\"Message Rate\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"04450f23-63ae-4570-87d9-8c5c89b53bce\":{\"columns\":{\"78f5b4c0-bcf5-4dc1-8fb2-c766f0975d59\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"9659b670-1b65-4f38-8098-8c04d28a3d66X0\":{\"label\":\"Part of sum(processor.processed) / ((interval() / 1000) / 60)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.processed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"9659b670-1b65-4f38-8098-8c04d28a3d66X1\":{\"label\":\"Part of sum(processor.processed) / ((interval() / 1000) / 60)\",\"dataType\":\"number\",\"operationType\":\"interval\",\"isBucketed\":false,\"scale\":\"ratio\",\"references\":[],\"customLabel\":true},\"9659b670-1b65-4f38-8098-8c04d28a3d66X2\":{\"label\":\"Part of sum(processor.processed) / ((interval() / 1000) / 60)\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"9659b670-1b65-4f38-8098-8c04d28a3d66X0\",{\"type\":\"function\",\"name\":\"divide\",\"args\":[{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"9659b670-1b65-4f38-8098-8c04d28a3d66X1\",1000],\"location\":{\"min\":29,\"max\":46},\"text\":\"interval() / 1000\"},60],\"location\":{\"min\":28,\"max\":52},\"text\":\"(interval() / 1000) / 60\"}],\"location\":{\"min\":0,\"max\":53},\"text\":\"sum(processor.processed) / ((interval() / 1000) / 60)\"}},\"references\":[\"9659b670-1b65-4f38-8098-8c04d28a3d66X0\",\"9659b670-1b65-4f38-8098-8c04d28a3d66X1\"],\"customLabel\":true},\"9659b670-1b65-4f38-8098-8c04d28a3d66\":{\"label\":\"Processed Rate\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"sum(processor.processed) / ((interval() / 1000) / 60)\",\"isFormulaBroken\":false},\"references\":[\"9659b670-1b65-4f38-8098-8c04d28a3d66X2\"],\"customLabel\":true}},\"columnOrder\":[\"78f5b4c0-bcf5-4dc1-8fb2-c766f0975d59\",\"9659b670-1b65-4f38-8098-8c04d28a3d66\",\"9659b670-1b65-4f38-8098-8c04d28a3d66X0\",\"9659b670-1b65-4f38-8098-8c04d28a3d66X1\",\"9659b670-1b65-4f38-8098-8c04d28a3d66X2\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}},\"73aa5801-eb35-4e4f-8b94-adef5fca8c16\":{\"linkToLayers\":[],\"columns\":{\"89e414d1-0045-46df-9555-7d265a9f5960\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX0\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.accepted\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX1\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.processed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX2\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)\",\"dataType\":\"number\",\"operationType\":\"interval\",\"isBucketed\":false,\"scale\":\"ratio\",\"references\":[],\"customLabel\":true},\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX3\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"subtract\",\"args\":[\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX0\",{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX1\",{\"type\":\"function\",\"name\":\"divide\",\"args\":[{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX2\",1000],\"location\":{\"min\":55,\"max\":72},\"text\":\"interval() / 1000\"},60],\"location\":{\"min\":54,\"max\":78},\"text\":\"(interval() / 1000) / 60\"}],\"location\":{\"min\":25,\"max\":79},\"text\":\" sum(processor.processed) / ((interval() / 1000) / 60)\"}],\"location\":{\"min\":0,\"max\":79},\"text\":\"sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)\"}},\"references\":[\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX0\",\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX1\",\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX2\"],\"customLabel\":true},\"1b14c449-f51f-4fd7-8431-de62a8c24f3f\":{\"label\":\"Reject Rate\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)\",\"isFormulaBroken\":false},\"references\":[\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX3\"],\"customLabel\":true}},\"columnOrder\":[\"89e414d1-0045-46df-9555-7d265a9f5960\",\"1b14c449-f51f-4fd7-8431-de62a8c24f3f\",\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX0\",\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX1\",\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX2\",\"1b14c449-f51f-4fd7-8431-de62a8c24f3fX3\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"f7d97f37-6684-4ab6-8da9-4b9f4f809a22\",\"gridData\":{\"x\":0,\"y\":39,\"w\":24,\"h\":15,\"i\":\"f7d97f37-6684-4ab6-8da9-4b9f4f809a22\"}}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-7d/d","timeRestore":true,"timeTo":"now","title":"Transaction Rates","version":3},"coreMigrationVersion":"8.8.0","created_at":"2025-03-05T03:04:13.102Z","created_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","id":"b6fc0f00-f5a3-11ed-9275-13469aefbc4f","managed":false,"references":[{"id":"e7744dbe-a7a4-457b-83aa-539e9c88764c","name":"ffc2d8c6-73a5-4927-9c33-03cbf4b5b2bf:metrics_0_index_pattern","type":"index-pattern"},{"id":"a3696044-a05a-4d05-af22-2a97265c62f6","name":"b02f45a3-8e50-4cb4-89d5-6dbc7ac96692:metrics_0_index_pattern","type":"index-pattern"},{"id":"ab1c55e6-5258-41ab-bcb9-810260c1a957","name":"087dc7fc-0f12-4275-8846-13fea0472723:metrics_0_index_pattern","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"5593ea6d-c932-42b5-8764-5168da80e4dd:metrics_0_index_pattern","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"f7d97f37-6684-4ab6-8da9-4b9f4f809a22:indexpattern-datasource-layer-04450f23-63ae-4570-87d9-8c5c89b53bce","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"f7d97f37-6684-4ab6-8da9-4b9f4f809a22:indexpattern-datasource-layer-73aa5801-eb35-4e4f-8b94-adef5fca8c16","type":"index-pattern"}],"sort":[1741143853102,69],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2025-03-05T03:04:13.102Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzIwNywxXQ=="} +{"attributes":{"color":"#FFFFFF","description":"","name":"Managed"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T17:01:02.827Z","id":"fleet-managed-default","managed":true,"references":[],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2025-03-04T17:01:02.827Z","version":"WzE3MjQsMV0="} +{"attributes":{"allowNoIndex":true,"name":".kibana-event-log-*","timeFieldName":"@timestamp","title":".kibana-event-log-*"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T17:01:02.827Z","id":"kibana-event-log-data-view","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2025-03-04T17:01:02.827Z","version":"WzMxLDFd"} +{"attributes":{"color":"#D36086","description":"","name":"Security Solution"},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T17:01:02.827Z","id":"security-solution-default","managed":true,"references":[],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2025-03-04T17:01:02.827Z","version":"WzE3MjUsMV0="} +{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"0c2b3354-f4a0-4f90-b1d1-56f053869463\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"timeSlider\",\"explicitInput\":{\"title\":\"Time slider\",\"id\":\"0c2b3354-f4a0-4f90-b1d1-56f053869463\",\"timesliceStartAsPercentageOfTimeRange\":-0.0005311111111111111,\"timesliceEndAsPercentageOfTimeRange\":1.00058,\"enhancements\":{}}},\"c9c507d9-a157-40b4-aec4-0a2e204c559c\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"c9c507d9-a157-40b4-aec4-0a2e204c559c\",\"fieldName\":\"rule.category\",\"title\":\"Rule type\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"8b3b697c-2abf-4801-8a08-a1a29d483571\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"8b3b697c-2abf-4801-8a08-a1a29d483571\",\"fieldName\":\"kibana.space_ids\",\"title\":\"Kibana space\",\"grow\":true,\"width\":\"small\",\"selectedOptions\":[],\"enhancements\":{}}}}"},"description":"This dashboard helps you monitor the health and performance of detection rules.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.9.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"35a9ff89-705a-45b7-ae86-67037fc66f15\"},\"panelIndex\":\"35a9ff89-705a-45b7-ae86-67037fc66f15\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"This dashboard helps you monitor the health and performance of detection rules.\\n- You need at least `read` privileges for the `.kibana-event-log-*` index to access the necessary data.\\n- This Kibana-managed dashboard can not be customized. To make a custom version, clone it or edit and save it as a new dashboard.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":10,\"h\":8,\"i\":\"52ec5ce0-3ea9-42ee-91f2-0f664d6cb74d\"},\"panelIndex\":\"52ec5ce0-3ea9-42ee-91f2-0f664d6cb74d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Enabled rules\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-66195a85-b71e-45f5-a5ea-4388416cf5f7\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"874e1b4c-a64b-426a-b43e-d4ee226610a9\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"66195a85-b71e-45f5-a5ea-4388416cf5f7\",\"accessor\":\"9449b851-8169-44e9-8418-bd0e586bbf94\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"alerting\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"alerting\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"execute\"}},\"meta\":{\"index\":\"kibana-event-log-data-view\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"execute\"},\"disabled\":false,\"alias\":null}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.category\",\"field\":\"event.category\",\"params\":{\"query\":\"siem\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.category\":\"siem\"}}}],\"index\":\"874e1b4c-a64b-426a-b43e-d4ee226610a9\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"66195a85-b71e-45f5-a5ea-4388416cf5f7\":{\"columns\":{\"9449b851-8169-44e9-8418-bd0e586bbf94\":{\"label\":\"Enabled rules\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"rule.id\",\"isBucketed\":false,\"customLabel\":true}},\"columnOrder\":[\"9449b851-8169-44e9-8418-bd0e586bbf94\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false,\"description\":\"Number of rules that were executed during the selected timeframe.\"}},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":7,\"w\":11,\"h\":8,\"i\":\"91a23437-071d-4739-b57e-2881caa980eb\"},\"panelIndex\":\"91a23437-071d-4739-b57e-2881caa980eb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-17c4f52b-ef17-43d7-8282-91e48cbe11e7\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"37539143-7ea2-4353-ae4e-78ec772d1508\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"17c4f52b-ef17-43d7-8282-91e48cbe11e7\",\"accessor\":\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"alerting\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"alerting\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"execute\"}},\"meta\":{\"index\":\"kibana-event-log-data-view\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"execute\"},\"disabled\":false,\"alias\":null}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.category\",\"field\":\"event.category\",\"params\":{\"query\":\"siem\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.category\":\"siem\"}}}],\"index\":\"37539143-7ea2-4353-ae4e-78ec772d1508\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"17c4f52b-ef17-43d7-8282-91e48cbe11e7\":{\"columns\":{\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\":{\"label\":\"Rule executions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false,\"description\":\"Number of rule executions within the selected timeframe.\"},\"title\":\"Rule executions\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":21,\"y\":7,\"w\":9,\"h\":8,\"i\":\"9770096c-3ba7-42e4-9783-5042ff08896d\"},\"panelIndex\":\"9770096c-3ba7-42e4-9783-5042ff08896d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-17c4f52b-ef17-43d7-8282-91e48cbe11e7\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"32816692-7d96-4a12-abe3-3016e8a3844c\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"17c4f52b-ef17-43d7-8282-91e48cbe11e7\",\"accessor\":\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":12}],\"colorStops\":[{\"color\":\"#209280\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"status-change\"}},\"meta\":{\"index\":\"kibana-event-log-data-view\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"status-change\"},\"disabled\":false,\"alias\":null}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"kibana.alert.rule.execution.status\",\"field\":\"kibana.alert.rule.execution.status\",\"params\":{\"query\":\"succeeded\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"kibana.alert.rule.execution.status\":\"succeeded\"}}}],\"index\":\"32816692-7d96-4a12-abe3-3016e8a3844c\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"17c4f52b-ef17-43d7-8282-91e48cbe11e7\":{\"columns\":{\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\":{\"label\":\"Succeeded\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false,\"description\":\"Number of rule executions with a succeeded status (outcome of the rule execution) within the selected timeframe.\"},\"title\":\"\\\"Succeeded\\\" statuses\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":7,\"w\":9,\"h\":8,\"i\":\"12011f8d-0d0d-40d6-8ef5-0d50bfe570f8\"},\"panelIndex\":\"12011f8d-0d0d-40d6-8ef5-0d50bfe570f8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-17c4f52b-ef17-43d7-8282-91e48cbe11e7\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"9acb5e9e-8c72-4ba6-a4f5-7f2901353c16\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"17c4f52b-ef17-43d7-8282-91e48cbe11e7\",\"accessor\":\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#d6bf57\",\"stop\":4104}],\"colorStops\":[{\"color\":\"#d6bf57\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"status-change\"}},\"meta\":{\"index\":\"kibana-event-log-data-view\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"status-change\"},\"disabled\":false,\"alias\":null}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"kibana.alert.rule.execution.status\",\"field\":\"kibana.alert.rule.execution.status\",\"params\":{\"query\":\"partial failure\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"kibana.alert.rule.execution.status\":\"partial failure\"}}}],\"index\":\"9acb5e9e-8c72-4ba6-a4f5-7f2901353c16\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"17c4f52b-ef17-43d7-8282-91e48cbe11e7\":{\"columns\":{\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\":{\"label\":\"Warning\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false,\"description\":\"Number of rule executions with a warning status (outcome of the rule execution) within the selected timeframe.\"},\"title\":\"\\\"Warning\\\" statuses\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":8,\"i\":\"b3b0743e-9a2c-4173-babc-dc93204cc0f2\"},\"panelIndex\":\"b3b0743e-9a2c-4173-babc-dc93204cc0f2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-17c4f52b-ef17-43d7-8282-91e48cbe11e7\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"9adf5837-270f-43bf-92d8-af2d74022292\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"17c4f52b-ef17-43d7-8282-91e48cbe11e7\",\"accessor\":\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"xl\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#cc5642\",\"stop\":94}],\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"status-change\"}},\"meta\":{\"index\":\"kibana-event-log-data-view\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"status-change\"},\"disabled\":false,\"alias\":null}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"kibana.alert.rule.execution.status\",\"field\":\"kibana.alert.rule.execution.status\",\"params\":{\"query\":\"failed\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"kibana.alert.rule.execution.status\":\"failed\"}}}],\"index\":\"9adf5837-270f-43bf-92d8-af2d74022292\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"17c4f52b-ef17-43d7-8282-91e48cbe11e7\":{\"columns\":{\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\":{\"label\":\"Failed\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"53cbc7e3-a396-4c55-8a28-f068d2eb3c5d\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false,\"description\":\"Number of rule executions with a failed status (outcome of the rule execution) within the selected timeframe.\"},\"title\":\"\\\"Failed\\\" statuses\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":21,\"h\":13,\"i\":\"78c659aa-a001-4c30-9452-e9c7d0c0ec5d\"},\"panelIndex\":\"78c659aa-a001-4c30-9452-e9c7d0c0ec5d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-4eaf036b-c9f5-4206-bcfe-8033bec44a21\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"abcc85f3-00cd-48bd-a313-de50207ab1b6\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"top\",\"isInside\":false,\"showSingleSeries\":false,\"shouldTruncate\":false,\"verticalAlignment\":\"top\",\"horizontalAlignment\":\"left\",\"legendSize\":\"auto\",\"legendStats\":[\"currentAndLastValue\"]},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"4eaf036b-c9f5-4206-bcfe-8033bec44a21\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"44be5a39-e31d-4242-9778-58ee5ffefbb8\",\"splitAccessor\":\"124a76f1-8df0-4410-87b0-25b9cb2398d9\",\"accessors\":[\"cb5d803d-fa0a-4062-a595-2cec9118bd31\"],\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"alerting\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"alerting\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"execute\"}},\"meta\":{\"index\":\"kibana-event-log-data-view\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"execute\"},\"disabled\":false,\"alias\":null}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.category\",\"field\":\"event.category\",\"params\":{\"query\":\"siem\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.category\":\"siem\"}}}],\"index\":\"abcc85f3-00cd-48bd-a313-de50207ab1b6\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"4eaf036b-c9f5-4206-bcfe-8033bec44a21\":{\"columns\":{\"44be5a39-e31d-4242-9778-58ee5ffefbb8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"cb5d803d-fa0a-4062-a595-2cec9118bd31\":{\"label\":\"Number of executions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"124a76f1-8df0-4410-87b0-25b9cb2398d9\":{\"label\":\"Rule type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.category\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cb5d803d-fa0a-4062-a595-2cec9118bd31\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[]},\"customLabel\":true}},\"columnOrder\":[\"124a76f1-8df0-4410-87b0-25b9cb2398d9\",\"44be5a39-e31d-4242-9778-58ee5ffefbb8\",\"cb5d803d-fa0a-4062-a595-2cec9118bd31\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"Histogram where each column shows a number of rule executions broken down by rule type.\"},\"title\":\"Executions by rule type\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":21,\"y\":15,\"w\":27,\"h\":13,\"i\":\"b3dd29a9-c051-46ab-b1fa-facf899f7af9\"},\"panelIndex\":\"b3dd29a9-c051-46ab-b1fa-facf899f7af9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-4eaf036b-c9f5-4206-bcfe-8033bec44a21\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"0ccd359c-35a9-42ee-9b53-e0061755ffef\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"top\",\"isInside\":false,\"showSingleSeries\":false,\"shouldTruncate\":false,\"verticalAlignment\":\"top\",\"horizontalAlignment\":\"left\",\"legendSize\":\"auto\",\"legendStats\":[\"currentAndLastValue\"]},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"4eaf036b-c9f5-4206-bcfe-8033bec44a21\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"44be5a39-e31d-4242-9778-58ee5ffefbb8\",\"splitAccessor\":\"124a76f1-8df0-4410-87b0-25b9cb2398d9\",\"accessors\":[\"cb5d803d-fa0a-4062-a595-2cec9118bd31\"],\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\"}}]},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"status-change\"}},\"meta\":{\"index\":\"kibana-event-log-data-view\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"status-change\"},\"disabled\":false,\"alias\":null}},{\"meta\":{\"disabled\":false,\"negate\":true,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"kibana.alert.rule.execution.status\",\"field\":\"kibana.alert.rule.execution.status\",\"params\":{\"query\":\"running\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"kibana.alert.rule.execution.status\":\"running\"}}}],\"index\":\"0ccd359c-35a9-42ee-9b53-e0061755ffef\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"4eaf036b-c9f5-4206-bcfe-8033bec44a21\":{\"columns\":{\"44be5a39-e31d-4242-9778-58ee5ffefbb8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"cb5d803d-fa0a-4062-a595-2cec9118bd31\":{\"label\":\"Number of executions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"124a76f1-8df0-4410-87b0-25b9cb2398d9\":{\"label\":\"Statuses\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"Succeeded\",\"input\":{\"query\":\"kibana.alert.rule.execution.status: \\\"succeeded\\\" \",\"language\":\"kuery\"}},{\"input\":{\"query\":\"kibana.alert.rule.execution.status: \\\"partial failure\\\" \",\"language\":\"kuery\"},\"label\":\"Warning\"},{\"input\":{\"query\":\"kibana.alert.rule.execution.status: \\\"failed\\\"\",\"language\":\"kuery\"},\"label\":\"Failed\"}]},\"customLabel\":true}},\"columnOrder\":[\"124a76f1-8df0-4410-87b0-25b9cb2398d9\",\"44be5a39-e31d-4242-9778-58ee5ffefbb8\",\"cb5d803d-fa0a-4062-a595-2cec9118bd31\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"Histogram where each column shows a number of rule executions broken down by rule status (outcome of the rule execution).\"},\"title\":\"Executions by status\"},{\"version\":\"8.9.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":4,\"i\":\"e2b4b41a-2fd5-4733-a297-c67571b8bb57\"},\"panelIndex\":\"e2b4b41a-2fd5-4733-a297-c67571b8bb57\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"**Total rule execution duration** shows how much time it took for a rule to run from the very start to the very end.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":32,\"w\":21,\"h\":15,\"i\":\"ad5995be-bf0f-48ba-8dc8-7313ca3bfbae\"},\"panelIndex\":\"ad5995be-bf0f-48ba-8dc8-7313ca3bfbae\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"2720edea-b96b-47d7-bf57-ff3a4c91ab9d\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\",\"maxLines\":1},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"accessors\":[\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"f623346f-da47-4819-b485-d3527bd4506e\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"yConfig\":[{\"forAccessor\":\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"color\":\"#d36086\",\"axisMode\":\"left\"},{\"forAccessor\":\"f623346f-da47-4819-b485-d3527bd4506e\",\"axisMode\":\"left\",\"color\":\"#9170b8\"},{\"forAccessor\":\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\",\"axisMode\":\"left\",\"color\":\"#6092c0\"}]}],\"curveType\":\"CURVE_MONOTONE_X\",\"yTitle\":\"Total execution duration, ms\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"alerting\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"alerting\"}}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.action\",\"field\":\"event.action\",\"params\":{\"query\":\"execute\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.action\":\"execute\"}}},{\"query\":{\"match_phrase\":{\"event.category\":\"siem\"}},\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"siem\"},\"index\":\"kibana-event-log-data-view\",\"disabled\":false,\"alias\":null}}],\"index\":\"2720edea-b96b-47d7-bf57-ff3a4c91ab9d\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\":{\"columns\":{\"2e39ea80-4360-44ef-b24b-91adba3184f8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\":{\"label\":\"99th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_run_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":99},\"customLabel\":true},\"f623346f-da47-4819-b485-d3527bd4506e\":{\"label\":\"95th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_run_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":95},\"customLabel\":true},\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\":{\"label\":\"50th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_run_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":50},\"customLabel\":true}},\"columnOrder\":[\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"f623346f-da47-4819-b485-d3527bd4506e\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"This chart aggregates this metric across all rules and shows how a few important percentiles of the metric were changing over time. 99th percentile means that 99% of rule executions had a total duration less than the percentile's value.\"},\"title\":\"Total rule execution duration, percentiles\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":21,\"y\":32,\"w\":27,\"h\":15,\"i\":\"2eac0a4e-9ec7-433e-89bc-e8edc1dadae7\"},\"panelIndex\":\"2eac0a4e-9ec7-433e-89bc-e8edc1dadae7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"0b7e01b1-974a-4de9-867d-46fc000c63e3\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"accessors\":[\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"xAccessor\":\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"splitAccessor\":\"3a521678-3e76-49b6-a379-eb75ef03604b\"}],\"yTitle\":\"Total execution duration, ms\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"alerting\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"alerting\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"execute\"}},\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"execute\"},\"index\":\"kibana-event-log-data-view\",\"disabled\":false,\"alias\":null}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.category\",\"field\":\"event.category\",\"params\":{\"query\":\"siem\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.category\":\"siem\"}}}],\"index\":\"0b7e01b1-974a-4de9-867d-46fc000c63e3\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\":{\"columns\":{\"2e39ea80-4360-44ef-b24b-91adba3184f8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"3a521678-3e76-49b6-a379-eb75ef03604b\":{\"label\":\"Top 5 values of rule.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"secondaryFields\":[],\"parentFormat\":{\"id\":\"terms\"}}},\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\":{\"label\":\"Total execution duration\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_run_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"customLabel\":true}},\"columnOrder\":[\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"3a521678-3e76-49b6-a379-eb75ef03604b\",\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Total rule execution duration, top 5 rules per @timestamp\"},{\"version\":\"8.9.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":5,\"i\":\"a0f62bb1-a9c3-4c46-b0fb-137c7f2b4a0c\"},\"panelIndex\":\"a0f62bb1-a9c3-4c46-b0fb-137c7f2b4a0c\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"**Rule schedule delay** shows the difference between the planned rule start time (according to its schedule) and the time when it actually started. Normally, it should be about 3 seconds or less. When the cluster is overloaded, it can be way more than 3 seconds. This is when you'd want to scale your cluster according to the load or reduce it by disabling or optimizing the rules.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":52,\"w\":21,\"h\":15,\"i\":\"d2e87680-4d92-4067-9f27-7749854dedce\"},\"panelIndex\":\"d2e87680-4d92-4067-9f27-7749854dedce\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"4101bdcb-5ba8-406f-8893-07356a98d49b\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\",\"maxLines\":1},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\",\"niceValues\":true},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"accessors\":[\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"f623346f-da47-4819-b485-d3527bd4506e\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"yConfig\":[{\"forAccessor\":\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"color\":\"#d36086\",\"axisMode\":\"left\"},{\"forAccessor\":\"f623346f-da47-4819-b485-d3527bd4506e\",\"axisMode\":\"left\",\"color\":\"#9170b8\"},{\"forAccessor\":\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\",\"axisMode\":\"left\",\"color\":\"#6092c0\"}]}],\"curveType\":\"CURVE_MONOTONE_X\",\"yTitle\":\"Schedule delay, ms\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"alerting\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"alerting\"}}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.action\",\"field\":\"event.action\",\"params\":{\"query\":\"execute\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.action\":\"execute\"}}},{\"query\":{\"match_phrase\":{\"event.category\":\"siem\"}},\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"siem\"},\"index\":\"kibana-event-log-data-view\",\"disabled\":false,\"alias\":null}}],\"index\":\"4101bdcb-5ba8-406f-8893-07356a98d49b\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\":{\"columns\":{\"2e39ea80-4360-44ef-b24b-91adba3184f8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"44728b87-025d-4b13-b3b9-35bfd5cc7d26X0\":{\"label\":\"Part of 99th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.task.schedule_delay\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":99},\"customLabel\":true},\"44728b87-025d-4b13-b3b9-35bfd5cc7d26X1\":{\"label\":\"Part of 99th percentile\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"44728b87-025d-4b13-b3b9-35bfd5cc7d26X0\",1000000],\"location\":{\"min\":0,\"max\":63},\"text\":\"percentile(kibana.task.schedule_delay, percentile=99) / 1000000\"}},\"references\":[\"44728b87-025d-4b13-b3b9-35bfd5cc7d26X0\"],\"customLabel\":true},\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\":{\"label\":\"99th percentile\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"percentile(kibana.task.schedule_delay, percentile=99) / 1000000\",\"isFormulaBroken\":false},\"references\":[\"44728b87-025d-4b13-b3b9-35bfd5cc7d26X1\"],\"customLabel\":true},\"f623346f-da47-4819-b485-d3527bd4506eX0\":{\"label\":\"Part of 95th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.task.schedule_delay\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":95},\"customLabel\":true},\"f623346f-da47-4819-b485-d3527bd4506eX1\":{\"label\":\"Part of 95th percentile\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"f623346f-da47-4819-b485-d3527bd4506eX0\",1000000],\"location\":{\"min\":0,\"max\":63},\"text\":\"percentile(kibana.task.schedule_delay, percentile=95) / 1000000\"}},\"references\":[\"f623346f-da47-4819-b485-d3527bd4506eX0\"],\"customLabel\":true},\"f623346f-da47-4819-b485-d3527bd4506e\":{\"label\":\"95th percentile\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"percentile(kibana.task.schedule_delay, percentile=95) / 1000000\",\"isFormulaBroken\":false},\"references\":[\"f623346f-da47-4819-b485-d3527bd4506eX1\"],\"customLabel\":true},\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9eX0\":{\"label\":\"Part of 50th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.task.schedule_delay\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":50},\"customLabel\":true},\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9eX1\":{\"label\":\"Part of 50th percentile\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9eX0\",1000000],\"location\":{\"min\":0,\"max\":63},\"text\":\"percentile(kibana.task.schedule_delay, percentile=50) / 1000000\"}},\"references\":[\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9eX0\"],\"customLabel\":true},\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\":{\"label\":\"50th percentile\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"percentile(kibana.task.schedule_delay, percentile=50) / 1000000\",\"isFormulaBroken\":false},\"references\":[\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9eX1\"],\"customLabel\":true}},\"columnOrder\":[\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"f623346f-da47-4819-b485-d3527bd4506e\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\",\"44728b87-025d-4b13-b3b9-35bfd5cc7d26X0\",\"44728b87-025d-4b13-b3b9-35bfd5cc7d26X1\",\"f623346f-da47-4819-b485-d3527bd4506eX0\",\"f623346f-da47-4819-b485-d3527bd4506eX1\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9eX0\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9eX1\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"This chart aggregates this metric across all rules and shows how a few important percentiles of the metric were changing over time. 99th percentile means that 99% of rule executions had a schedule delay less than the percentile's value.\"},\"title\":\"Rule scheduling delay, percentiles\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":21,\"y\":52,\"w\":27,\"h\":15,\"i\":\"2372c630-207e-4859-83a9-de5a7bc638dc\"},\"panelIndex\":\"2372c630-207e-4859-83a9-de5a7bc638dc\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"adafccc0-9c17-4249-89e1-e61a8d00079b\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"accessors\":[\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"xAccessor\":\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"splitAccessor\":\"3a521678-3e76-49b6-a379-eb75ef03604b\"}],\"yTitle\":\"Rule schedule delay, ms\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"alerting\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"alerting\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"execute\"}},\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"execute\"},\"index\":\"kibana-event-log-data-view\",\"disabled\":false,\"alias\":null}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.category\",\"field\":\"event.category\",\"params\":{\"query\":\"siem\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.category\":\"siem\"}}}],\"index\":\"adafccc0-9c17-4249-89e1-e61a8d00079b\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\":{\"columns\":{\"2e39ea80-4360-44ef-b24b-91adba3184f8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"3a521678-3e76-49b6-a379-eb75ef03604b\":{\"label\":\"Top 5 values of rule.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"custom\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"secondaryFields\":[],\"parentFormat\":{\"id\":\"terms\"},\"orderAgg\":{\"label\":\"Maximum of kibana.task.schedule_delay\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"kibana.task.schedule_delay\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}}},\"707ff766-8ef2-47ca-9559-d7ace1bc0a4bX0\":{\"label\":\"Part of Rule schedule delay\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"kibana.task.schedule_delay\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"707ff766-8ef2-47ca-9559-d7ace1bc0a4bX1\":{\"label\":\"Part of Rule schedule delay\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"707ff766-8ef2-47ca-9559-d7ace1bc0a4bX0\",1000000],\"location\":{\"min\":0,\"max\":41},\"text\":\"max(kibana.task.schedule_delay) / 1000000\"}},\"references\":[\"707ff766-8ef2-47ca-9559-d7ace1bc0a4bX0\"],\"customLabel\":true},\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\":{\"label\":\"Rule schedule delay\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"max(kibana.task.schedule_delay) / 1000000\",\"isFormulaBroken\":false},\"references\":[\"707ff766-8ef2-47ca-9559-d7ace1bc0a4bX1\"],\"customLabel\":true}},\"columnOrder\":[\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"3a521678-3e76-49b6-a379-eb75ef03604b\",\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\",\"707ff766-8ef2-47ca-9559-d7ace1bc0a4bX0\",\"707ff766-8ef2-47ca-9559-d7ace1bc0a4bX1\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Rule scheduling delay, top 5 rules per @timestamp\"},{\"version\":\"8.9.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":4,\"i\":\"054eb35b-90a8-4b45-9821-7c0eefb22a85\"},\"panelIndex\":\"054eb35b-90a8-4b45-9821-7c0eefb22a85\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"**Search/query duration** metric shows how much time it took for a rule when it was executing to query source indices (or data views) to find source events matching the rule's criteria.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":71,\"w\":21,\"h\":15,\"i\":\"e2504c27-3027-4c13-85c0-a66416c53bd4\"},\"panelIndex\":\"e2504c27-3027-4c13-85c0-a66416c53bd4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"edb4ad7f-1ef2-477f-980c-c6fe47d6470d\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\",\"maxLines\":1},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"accessors\":[\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"f623346f-da47-4819-b485-d3527bd4506e\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"yConfig\":[{\"forAccessor\":\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"color\":\"#d36086\",\"axisMode\":\"left\"},{\"forAccessor\":\"f623346f-da47-4819-b485-d3527bd4506e\",\"axisMode\":\"left\",\"color\":\"#9170b8\"},{\"forAccessor\":\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\",\"axisMode\":\"left\",\"color\":\"#6092c0\"}]}],\"curveType\":\"CURVE_MONOTONE_X\",\"yTitle\":\"Search duration, ms\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.action\",\"field\":\"event.action\",\"params\":{\"query\":\"execution-metrics\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.action\":\"execution-metrics\"}}}],\"index\":\"edb4ad7f-1ef2-477f-980c-c6fe47d6470d\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\":{\"columns\":{\"2e39ea80-4360-44ef-b24b-91adba3184f8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\":{\"label\":\"99th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_search_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":99},\"customLabel\":true},\"f623346f-da47-4819-b485-d3527bd4506e\":{\"label\":\"95th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_search_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":95},\"customLabel\":true},\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\":{\"label\":\"50th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_search_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"kibana.alert.rule.execution.metrics.total_run_duration_ms: *\",\"language\":\"kuery\"},\"params\":{\"percentile\":50},\"customLabel\":true}},\"columnOrder\":[\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"f623346f-da47-4819-b485-d3527bd4506e\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"This chart aggregates this metric across all rules and shows how a few important percentiles of the metric were changing over time. 99th percentile means that 99% of rule executions had a search/query duration less than the percentile's value.\"},\"title\":\"Search/query duration, percentiles\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":21,\"y\":71,\"w\":27,\"h\":15,\"i\":\"fe382f90-aa03-47e0-a8a0-d6a8de877467\"},\"panelIndex\":\"fe382f90-aa03-47e0-a8a0-d6a8de877467\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"505272a2-f4fb-4778-9fdf-11415f36cc51\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"accessors\":[\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"xAccessor\":\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"splitAccessor\":\"3a521678-3e76-49b6-a379-eb75ef03604b\"}],\"yTitle\":\"Search duration, ms\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"execution-metrics\"}},\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"execution-metrics\"},\"index\":\"kibana-event-log-data-view\",\"disabled\":false,\"alias\":null}}],\"index\":\"505272a2-f4fb-4778-9fdf-11415f36cc51\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\":{\"columns\":{\"2e39ea80-4360-44ef-b24b-91adba3184f8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"3a521678-3e76-49b6-a379-eb75ef03604b\":{\"label\":\"Top 5 values of rule.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"secondaryFields\":[],\"parentFormat\":{\"id\":\"terms\"}}},\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\":{\"label\":\"Search duration\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_search_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"3a521678-3e76-49b6-a379-eb75ef03604b\",\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Search/query duration, top 5 rules per @timestamp\"},{\"version\":\"8.9.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":86,\"w\":48,\"h\":4,\"i\":\"267d2068-2d64-4e8e-bccb-efc580f90762\"},\"panelIndex\":\"267d2068-2d64-4e8e-bccb-efc580f90762\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"**Indexing duration** metric shows how much time it took for a rule when it was executing to write generated alerts to the `.alerts-security.alerts-*` index.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":90,\"w\":21,\"h\":15,\"i\":\"0b6f467f-f784-457e-9351-839874bef66e\"},\"panelIndex\":\"0b6f467f-f784-457e-9351-839874bef66e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"e0a238a9-104e-46c0-890a-c7b3e1c08018\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\",\"maxLines\":1},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"accessors\":[\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"f623346f-da47-4819-b485-d3527bd4506e\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"yConfig\":[{\"forAccessor\":\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"color\":\"#d36086\",\"axisMode\":\"left\"},{\"forAccessor\":\"f623346f-da47-4819-b485-d3527bd4506e\",\"axisMode\":\"left\",\"color\":\"#9170b8\"},{\"forAccessor\":\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\",\"axisMode\":\"left\",\"color\":\"#6092c0\"}]}],\"curveType\":\"CURVE_MONOTONE_X\",\"yTitle\":\"Indexing duration, ms\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.action\",\"field\":\"event.action\",\"params\":{\"query\":\"execution-metrics\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.action\":\"execution-metrics\"}}}],\"index\":\"e0a238a9-104e-46c0-890a-c7b3e1c08018\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\":{\"columns\":{\"2e39ea80-4360-44ef-b24b-91adba3184f8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\":{\"label\":\"99th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_indexing_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":99},\"customLabel\":true},\"f623346f-da47-4819-b485-d3527bd4506e\":{\"label\":\"95th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_indexing_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":95},\"customLabel\":true},\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\":{\"label\":\"50th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_indexing_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"kibana.alert.rule.execution.metrics.total_run_duration_ms: *\",\"language\":\"kuery\"},\"params\":{\"percentile\":50},\"customLabel\":true}},\"columnOrder\":[\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"44728b87-025d-4b13-b3b9-35bfd5cc7d26\",\"f623346f-da47-4819-b485-d3527bd4506e\",\"861f06ed-3ef1-4e60-93fe-ddf176e5aa9e\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"This chart aggregates this metric across all rules and shows how a few important percentiles of the metric were changing over time. 99th percentile means that 99% of rule executions had an indexing duration less than the percentile's value.\"},\"title\":\"Indexing duration, percentiles\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":21,\"y\":90,\"w\":27,\"h\":15,\"i\":\"2ad1eb6c-c19b-41b1-897e-2d1d192cedae\"},\"panelIndex\":\"2ad1eb6c-c19b-41b1-897e-2d1d192cedae\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"5f5acf46-a12a-43cf-8d4a-b1ef1a971771\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\",\"accessors\":[\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"xAccessor\":\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"splitAccessor\":\"3a521678-3e76-49b6-a379-eb75ef03604b\"}],\"yTitle\":\"Indexing duration, ms\"},\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}}},{\"query\":{\"match_phrase\":{\"event.action\":\"execution-metrics\"}},\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"execution-metrics\"},\"index\":\"kibana-event-log-data-view\",\"disabled\":false,\"alias\":null}}],\"index\":\"5f5acf46-a12a-43cf-8d4a-b1ef1a971771\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8\":{\"columns\":{\"2e39ea80-4360-44ef-b24b-91adba3184f8\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"3a521678-3e76-49b6-a379-eb75ef03604b\":{\"label\":\"Top 5 values of rule.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"secondaryFields\":[],\"parentFormat\":{\"id\":\"terms\"}}},\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\":{\"label\":\"Indexing duration\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_indexing_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"2e39ea80-4360-44ef-b24b-91adba3184f8\",\"3a521678-3e76-49b6-a379-eb75ef03604b\",\"707ff766-8ef2-47ca-9559-d7ace1bc0a4b\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Indexing duration, top 5 rules per @timestamp\"},{\"version\":\"8.9.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":105,\"w\":48,\"h\":4,\"i\":\"0fcc0476-eb8c-4c41-8325-2a9084a12e59\"},\"panelIndex\":\"0fcc0476-eb8c-4c41-8325-2a9084a12e59\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Top 10 rules by various criteria.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":109,\"w\":24,\"h\":16,\"i\":\"6ce283f7-115a-4a0f-9184-71e141149183\"},\"panelIndex\":\"6ce283f7-115a-4a0f-9184-71e141149183\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-dd23be91-5d0e-41d8-8907-ae3c9a577e2e\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"a1fed0ee-76a2-476e-8614-9fe8e71128b3\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\",\"isTransposed\":false},{\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\",\"isTransposed\":false,\"width\":135},{\"columnId\":\"75b295c8-00ac-4f62-8952-e4cb44b5f183\",\"isTransposed\":false,\"width\":153.66666666666669},{\"columnId\":\"2fe7ca3c-5c52-4d5e-9892-afb9141d6319\",\"isTransposed\":false,\"width\":86.16666666666663}],\"layerId\":\"dd23be91-5d0e-41d8-8907-ae3c9a577e2e\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"query\":{\"match_phrase\":{\"event.provider\":\"alerting\"}},\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"alerting\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null}},{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.action\",\"field\":\"event.action\",\"params\":{\"query\":\"execute\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.action\":\"execute\"}}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.category\",\"field\":\"event.category\",\"params\":{\"query\":\"siem\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.category\":\"siem\"}}}],\"index\":\"a1fed0ee-76a2-476e-8614-9fe8e71128b3\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd23be91-5d0e-41d8-8907-ae3c9a577e2e\":{\"columns\":{\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\":{\"label\":\"Duration, ms\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"kibana.alert.rule.execution.metrics.total_run_duration_ms\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"75b295c8-00ac-4f62-8952-e4cb44b5f183\":{\"label\":\"Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.category\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2fe7ca3c-5c52-4d5e-9892-afb9141d6319\":{\"label\":\"ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"2fe7ca3c-5c52-4d5e-9892-afb9141d6319\",\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\",\"75b295c8-00ac-4f62-8952-e4cb44b5f183\",\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 10 slowest rules by total execution duration\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":109,\"w\":24,\"h\":16,\"i\":\"f5d7a9c8-839c-408c-b798-68d019483bc7\"},\"panelIndex\":\"f5d7a9c8-839c-408c-b798-68d019483bc7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-dd23be91-5d0e-41d8-8907-ae3c9a577e2e\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"ee506497-3313-49d4-9cc9-353e55305547\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\",\"isTransposed\":false},{\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\",\"isTransposed\":false,\"width\":130},{\"columnId\":\"75b295c8-00ac-4f62-8952-e4cb44b5f183\",\"isTransposed\":false,\"width\":163.66666666666669},{\"columnId\":\"2fe7ca3c-5c52-4d5e-9892-afb9141d6319\",\"isTransposed\":false,\"width\":84.16666666666663}],\"layerId\":\"dd23be91-5d0e-41d8-8907-ae3c9a577e2e\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"query\":{\"match_phrase\":{\"event.provider\":\"alerting\"}},\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"alerting\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null}},{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.action\",\"field\":\"event.action\",\"params\":{\"query\":\"execute\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.action\":\"execute\"}}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.category\",\"field\":\"event.category\",\"params\":{\"query\":\"siem\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.category\":\"siem\"}}}],\"index\":\"ee506497-3313-49d4-9cc9-353e55305547\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd23be91-5d0e-41d8-8907-ae3c9a577e2e\":{\"columns\":{\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"ce86886d-db33-4d81-a0c4-b2d5499cf2efX0\":{\"label\":\"Part of Schedule delay, ms\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"kibana.task.schedule_delay\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"ce86886d-db33-4d81-a0c4-b2d5499cf2efX1\":{\"label\":\"Part of Schedule delay, ms\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"ce86886d-db33-4d81-a0c4-b2d5499cf2efX0\",1000000],\"location\":{\"min\":0,\"max\":41},\"text\":\"max(kibana.task.schedule_delay) / 1000000\"}},\"references\":[\"ce86886d-db33-4d81-a0c4-b2d5499cf2efX0\"],\"customLabel\":true},\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\":{\"label\":\"Delay, ms\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"max(kibana.task.schedule_delay) / 1000000\",\"isFormulaBroken\":false},\"references\":[\"ce86886d-db33-4d81-a0c4-b2d5499cf2efX1\"],\"customLabel\":true},\"75b295c8-00ac-4f62-8952-e4cb44b5f183\":{\"label\":\"Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.category\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2fe7ca3c-5c52-4d5e-9892-afb9141d6319\":{\"label\":\"ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"custom\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"orderAgg\":{\"label\":\"Maximum of kibana.task.schedule_delay\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"kibana.task.schedule_delay\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}},\"customLabel\":true}},\"columnOrder\":[\"2fe7ca3c-5c52-4d5e-9892-afb9141d6319\",\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\",\"75b295c8-00ac-4f62-8952-e4cb44b5f183\",\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\",\"ce86886d-db33-4d81-a0c4-b2d5499cf2efX0\",\"ce86886d-db33-4d81-a0c4-b2d5499cf2efX1\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 10 slowest rules by schedule delay\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":125,\"w\":24,\"h\":16,\"i\":\"2168b471-9a51-4ead-a51e-15e52ba85d86\"},\"panelIndex\":\"2168b471-9a51-4ead-a51e-15e52ba85d86\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-dd23be91-5d0e-41d8-8907-ae3c9a577e2e\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"c5902ca2-58ae-4b1c-b420-5208b7cb16c4\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\",\"isTransposed\":false},{\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\",\"isTransposed\":false,\"width\":122.08333333333331},{\"columnId\":\"729ee95a-5bf6-4f18-9350-dce536b55dea\",\"isTransposed\":false,\"width\":164.75},{\"columnId\":\"fa6462ca-54c3-470e-a9c3-66ff58c37536\",\"isTransposed\":false,\"width\":82.08333333333334}],\"layerId\":\"dd23be91-5d0e-41d8-8907-ae3c9a577e2e\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}},\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null}},{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.action\",\"field\":\"event.action\",\"params\":{\"query\":\"status-change\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.action\":\"status-change\"}}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"kibana.alert.rule.execution.status\",\"field\":\"kibana.alert.rule.execution.status\",\"params\":{\"query\":\"failed\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"kibana.alert.rule.execution.status\":\"failed\"}}}],\"index\":\"c5902ca2-58ae-4b1c-b420-5208b7cb16c4\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd23be91-5d0e-41d8-8907-ae3c9a577e2e\":{\"columns\":{\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\":{\"label\":\"# \\\"Failed\\\"\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"kibana.alert.rule.execution.uuid\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"729ee95a-5bf6-4f18-9350-dce536b55dea\":{\"label\":\"Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.category\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"fa6462ca-54c3-470e-a9c3-66ff58c37536\":{\"label\":\"ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"fa6462ca-54c3-470e-a9c3-66ff58c37536\",\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\",\"729ee95a-5bf6-4f18-9350-dce536b55dea\",\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 10 rules by status \\\"Failed\\\"\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":125,\"w\":24,\"h\":16,\"i\":\"075d7dff-442b-4091-bfe2-3844e7e7e3f4\"},\"panelIndex\":\"075d7dff-442b-4091-bfe2-3844e7e7e3f4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"kibana-event-log-data-view\",\"name\":\"indexpattern-datasource-layer-dd23be91-5d0e-41d8-8907-ae3c9a577e2e\",\"type\":\"index-pattern\"},{\"id\":\"kibana-event-log-data-view\",\"name\":\"64b1a767-a32b-4a59-9fae-de5f08d38208\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\",\"isTransposed\":false},{\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\",\"isTransposed\":false,\"width\":126.25},{\"columnId\":\"7ea81631-0dff-4ec6-929f-592e29101149\",\"isTransposed\":false,\"width\":165.375},{\"columnId\":\"9f1d7602-e75b-427f-b740-c2b8167fed33\",\"isTransposed\":false,\"width\":82}],\"layerId\":\"dd23be91-5d0e-41d8-8907-ae3c9a577e2e\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"type\":\"combined\",\"relation\":\"AND\",\"params\":[{\"query\":{\"match_phrase\":{\"event.provider\":\"securitySolution.ruleExecution\"}},\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.provider\",\"field\":\"event.provider\",\"params\":{\"query\":\"securitySolution.ruleExecution\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null}},{\"meta\":{\"negate\":false,\"index\":\"kibana-event-log-data-view\",\"key\":\"event.action\",\"field\":\"event.action\",\"params\":{\"query\":\"status-change\"},\"type\":\"phrase\",\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"event.action\":\"status-change\"}}},{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"kibana-event-log-data-view\",\"key\":\"kibana.alert.rule.execution.status\",\"field\":\"kibana.alert.rule.execution.status\",\"params\":{\"query\":\"partial failure\"},\"type\":\"phrase\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"kibana.alert.rule.execution.status\":\"partial failure\"}}}],\"index\":\"64b1a767-a32b-4a59-9fae-de5f08d38208\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd23be91-5d0e-41d8-8907-ae3c9a577e2e\":{\"columns\":{\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\":{\"label\":\"# \\\"Warning\\\"\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"kibana.alert.rule.execution.uuid\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"7ea81631-0dff-4ec6-929f-592e29101149\":{\"label\":\"Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.category\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"9f1d7602-e75b-427f-b740-c2b8167fed33\":{\"label\":\"ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"9f1d7602-e75b-427f-b740-c2b8167fed33\",\"29b3609c-9891-4c1c-94ee-17bc4410cbbb\",\"7ea81631-0dff-4ec6-929f-592e29101149\",\"ce86886d-db33-4d81-a0c4-b2d5499cf2ef\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 10 rules by status \\\"Warning\\\"\"}]","timeRestore":false,"title":"[Elastic Security] Detection rule monitoring","version":1},"coreMigrationVersion":"8.8.0","created_at":"2025-03-04T17:01:02.827Z","id":"security-detection-rule-monitoring-default","managed":true,"references":[{"id":"kibana-event-log-data-view","name":"52ec5ce0-3ea9-42ee-91f2-0f664d6cb74d:indexpattern-datasource-layer-66195a85-b71e-45f5-a5ea-4388416cf5f7","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"52ec5ce0-3ea9-42ee-91f2-0f664d6cb74d:874e1b4c-a64b-426a-b43e-d4ee226610a9","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"91a23437-071d-4739-b57e-2881caa980eb:indexpattern-datasource-layer-17c4f52b-ef17-43d7-8282-91e48cbe11e7","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"91a23437-071d-4739-b57e-2881caa980eb:37539143-7ea2-4353-ae4e-78ec772d1508","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"9770096c-3ba7-42e4-9783-5042ff08896d:indexpattern-datasource-layer-17c4f52b-ef17-43d7-8282-91e48cbe11e7","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"9770096c-3ba7-42e4-9783-5042ff08896d:32816692-7d96-4a12-abe3-3016e8a3844c","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"12011f8d-0d0d-40d6-8ef5-0d50bfe570f8:indexpattern-datasource-layer-17c4f52b-ef17-43d7-8282-91e48cbe11e7","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"12011f8d-0d0d-40d6-8ef5-0d50bfe570f8:9acb5e9e-8c72-4ba6-a4f5-7f2901353c16","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"b3b0743e-9a2c-4173-babc-dc93204cc0f2:indexpattern-datasource-layer-17c4f52b-ef17-43d7-8282-91e48cbe11e7","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"b3b0743e-9a2c-4173-babc-dc93204cc0f2:9adf5837-270f-43bf-92d8-af2d74022292","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"78c659aa-a001-4c30-9452-e9c7d0c0ec5d:indexpattern-datasource-layer-4eaf036b-c9f5-4206-bcfe-8033bec44a21","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"78c659aa-a001-4c30-9452-e9c7d0c0ec5d:abcc85f3-00cd-48bd-a313-de50207ab1b6","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"b3dd29a9-c051-46ab-b1fa-facf899f7af9:indexpattern-datasource-layer-4eaf036b-c9f5-4206-bcfe-8033bec44a21","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"b3dd29a9-c051-46ab-b1fa-facf899f7af9:0ccd359c-35a9-42ee-9b53-e0061755ffef","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"ad5995be-bf0f-48ba-8dc8-7313ca3bfbae:indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"ad5995be-bf0f-48ba-8dc8-7313ca3bfbae:2720edea-b96b-47d7-bf57-ff3a4c91ab9d","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"2eac0a4e-9ec7-433e-89bc-e8edc1dadae7:indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"2eac0a4e-9ec7-433e-89bc-e8edc1dadae7:0b7e01b1-974a-4de9-867d-46fc000c63e3","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"d2e87680-4d92-4067-9f27-7749854dedce:indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"d2e87680-4d92-4067-9f27-7749854dedce:4101bdcb-5ba8-406f-8893-07356a98d49b","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"2372c630-207e-4859-83a9-de5a7bc638dc:indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"2372c630-207e-4859-83a9-de5a7bc638dc:adafccc0-9c17-4249-89e1-e61a8d00079b","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"e2504c27-3027-4c13-85c0-a66416c53bd4:indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"e2504c27-3027-4c13-85c0-a66416c53bd4:edb4ad7f-1ef2-477f-980c-c6fe47d6470d","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"fe382f90-aa03-47e0-a8a0-d6a8de877467:indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"fe382f90-aa03-47e0-a8a0-d6a8de877467:505272a2-f4fb-4778-9fdf-11415f36cc51","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"0b6f467f-f784-457e-9351-839874bef66e:indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"0b6f467f-f784-457e-9351-839874bef66e:e0a238a9-104e-46c0-890a-c7b3e1c08018","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"2ad1eb6c-c19b-41b1-897e-2d1d192cedae:indexpattern-datasource-layer-59ae5f24-20ed-4c11-bf5c-229d2dbb3cc8","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"2ad1eb6c-c19b-41b1-897e-2d1d192cedae:5f5acf46-a12a-43cf-8d4a-b1ef1a971771","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"6ce283f7-115a-4a0f-9184-71e141149183:indexpattern-datasource-layer-dd23be91-5d0e-41d8-8907-ae3c9a577e2e","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"6ce283f7-115a-4a0f-9184-71e141149183:a1fed0ee-76a2-476e-8614-9fe8e71128b3","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"f5d7a9c8-839c-408c-b798-68d019483bc7:indexpattern-datasource-layer-dd23be91-5d0e-41d8-8907-ae3c9a577e2e","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"f5d7a9c8-839c-408c-b798-68d019483bc7:ee506497-3313-49d4-9cc9-353e55305547","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"2168b471-9a51-4ead-a51e-15e52ba85d86:indexpattern-datasource-layer-dd23be91-5d0e-41d8-8907-ae3c9a577e2e","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"2168b471-9a51-4ead-a51e-15e52ba85d86:c5902ca2-58ae-4b1c-b420-5208b7cb16c4","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"075d7dff-442b-4091-bfe2-3844e7e7e3f4:indexpattern-datasource-layer-dd23be91-5d0e-41d8-8907-ae3c9a577e2e","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"075d7dff-442b-4091-bfe2-3844e7e7e3f4:64b1a767-a32b-4a59-9fae-de5f08d38208","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"controlGroup_c9c507d9-a157-40b4-aec4-0a2e204c559c:optionsListDataView","type":"index-pattern"},{"id":"kibana-event-log-data-view","name":"controlGroup_8b3b697c-2abf-4801-8a08-a1a29d483571:optionsListDataView","type":"index-pattern"},{"id":"fleet-managed-default","name":"tag-ref-fleet-managed","type":"tag"},{"id":"security-solution-default","name":"tag-ref-security-solution","type":"tag"}],"sort":[1741107662827,43],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2025-03-04T17:01:02.827Z","version":"WzMyLDFd"} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":18,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/fixtures/dashboards_test_space.ndjson b/x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/fixtures/dashboards_test_space.ndjson new file mode 100644 index 0000000000000..1323195796bb1 --- /dev/null +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/fixtures/dashboards_test_space.ndjson @@ -0,0 +1,2 @@ +{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"593f894a-3378-42cc-bafc-61b4877b64b0\",\"name\":\"indexpattern-datasource-layer-62d3121e-b476-4660-ab15-c16580e22003\"},{\"type\":\"index-pattern\",\"id\":\"593f894a-3378-42cc-bafc-61b4877b64b0\",\"name\":\"indexpattern-datasource-layer-82ae8318-02fd-4afc-8957-59d25c9d0758\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"62d3121e-b476-4660-ab15-c16580e22003\",\"accessors\":[\"a889b058-082b-47ac-a5e9-a649617f3992\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"default\",\"colorMode\":{\"type\":\"categorical\"}},\"xAccessor\":\"a4185ce7-4e0d-46eb-afa2-8b973e4d4f02\"},{\"layerId\":\"82ae8318-02fd-4afc-8957-59d25c9d0758\",\"layerType\":\"data\",\"accessors\":[\"cd468e18-c44c-494f-9628-841167d75405\"],\"seriesType\":\"bar_stacked\",\"xAccessor\":\"732b0cd4-c146-4f7f-83e2-9993eda8217e\",\"yConfig\":[{\"forAccessor\":\"cd468e18-c44c-494f-9628-841167d75405\",\"color\":\"#f6726a\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"62d3121e-b476-4660-ab15-c16580e22003\":{\"columns\":{\"a4185ce7-4e0d-46eb-afa2-8b973e4d4f02\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"a889b058-082b-47ac-a5e9-a649617f3992\":{\"label\":\"Processed\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.processed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"a4185ce7-4e0d-46eb-afa2-8b973e4d4f02\",\"a889b058-082b-47ac-a5e9-a649617f3992\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}},\"82ae8318-02fd-4afc-8957-59d25c9d0758\":{\"linkToLayers\":[],\"columns\":{\"732b0cd4-c146-4f7f-83e2-9993eda8217e\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"cd468e18-c44c-494f-9628-841167d75405X0\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.accepted\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"cd468e18-c44c-494f-9628-841167d75405X1\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"processor.processed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"cd468e18-c44c-494f-9628-841167d75405X2\":{\"label\":\"Part of sum(processor.accepted) - sum(processor.processed)\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"subtract\",\"args\":[\"cd468e18-c44c-494f-9628-841167d75405X0\",\"cd468e18-c44c-494f-9628-841167d75405X1\"],\"location\":{\"min\":0,\"max\":50},\"text\":\"sum(processor.accepted) - sum(processor.processed)\"}},\"references\":[\"cd468e18-c44c-494f-9628-841167d75405X0\",\"cd468e18-c44c-494f-9628-841167d75405X1\"],\"customLabel\":true},\"cd468e18-c44c-494f-9628-841167d75405\":{\"label\":\"Rejected\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"sum(processor.accepted) - sum(processor.processed)\",\"isFormulaBroken\":false},\"references\":[\"cd468e18-c44c-494f-9628-841167d75405X2\"],\"customLabel\":true}},\"columnOrder\":[\"732b0cd4-c146-4f7f-83e2-9993eda8217e\",\"cd468e18-c44c-494f-9628-841167d75405\",\"cd468e18-c44c-494f-9628-841167d75405X0\",\"cd468e18-c44c-494f-9628-841167d75405X1\",\"cd468e18-c44c-494f-9628-841167d75405X2\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"26355e5f-5a67-4ed1-84b2-da09b5f69b14\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"26355e5f-5a67-4ed1-84b2-da09b5f69b14\"}}]","timeRestore":false,"title":"Message Processor Events Processed vs Rejected","version":3},"coreMigrationVersion":"8.8.0","created_at":"2025-03-05T03:29:00.784Z","created_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","id":"121a2498-8e27-4eb8-a7ab-9cb43a9295fc","managed":false,"references":[{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"26355e5f-5a67-4ed1-84b2-da09b5f69b14:indexpattern-datasource-layer-62d3121e-b476-4660-ab15-c16580e22003","type":"index-pattern"},{"id":"593f894a-3378-42cc-bafc-61b4877b64b0","name":"26355e5f-5a67-4ed1-84b2-da09b5f69b14:indexpattern-datasource-layer-82ae8318-02fd-4afc-8957-59d25c9d0758","type":"index-pattern"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2025-03-05T03:29:00.784Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzI1MSwxXQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":1,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/suggested_dashboards.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/suggested_dashboards.ts new file mode 100644 index 0000000000000..87a124266a994 --- /dev/null +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/incident_management/suggested_dashboards.ts @@ -0,0 +1,1216 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import rawExpect from 'expect'; +import expect from '@kbn/expect'; +import { join } from 'path'; +import { cleanup, generate, Dataset, PartialConfig } from '@kbn/data-forge'; +import type { RoleCredentials } from '@kbn/ftr-common-functional-services'; +import { Aggregators } from '@kbn/observability-plugin/common/custom_threshold_rule/types'; +import { COMPARATORS } from '@kbn/alerting-comparators'; +import { OBSERVABILITY_THRESHOLD_RULE_TYPE_ID } from '@kbn/rule-data-utils'; +import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context'; + +export default function ({ getService }: DeploymentAgnosticFtrProviderContext) { + const CUSTOM_THRESHOLD_RULE_ALERT_INDEX = '.alerts-observability.threshold.alerts-default'; + const esClient = getService('es'); + const supertestWithoutAuth = getService('supertestWithoutAuth'); + const supertestWithAuth = getService('supertest'); + const kibanaServer = getService('kibanaServer'); + const esDeleteAllIndices = getService('esDeleteAllIndices'); + const logger = getService('log'); + const alertingApi = getService('alertingApi'); + const samlAuth = getService('samlAuth'); + const spacesService = getService('spaces'); + const config = getService('config'); + const isServerless = config.get('serverless'); + const expectedConsumer = isServerless ? 'observability' : 'logs'; + const scheduleInterval = isServerless ? '1m' : '10s'; + + let dataForgeConfig: PartialConfig; + let editorUser: RoleCredentials; + let dataForgeIndices: string[]; + let ruleId: string; + const SPACE_ID = 'test_space'; + + describe('Suggested dashboards', function () { + this.tags(['skipCloud', 'skipMKI']); + before(async () => { + editorUser = await samlAuth.createM2mApiKeyWithRoleScope('editor'); + await spacesService.delete(SPACE_ID); + await kibanaServer.savedObjects.cleanStandardList(); + await spacesService.create({ + id: SPACE_ID, + name: 'Test Space', + disabledFeatures: [], + color: '#AABBCC', + }); + dataForgeConfig = { + schedule: [ + { + template: 'bad', + start: 'now-15m', + end: 'now+5m', + }, + ], + indexing: { + dataset: 'fake_stack' as Dataset, + eventsPerCycle: 1, + interval: 10000, + alignEventsToInterval: true, + }, + }; + dataForgeIndices = await generate({ client: esClient, config: dataForgeConfig, logger }); + + const { body } = await supertestWithAuth + .post('/api/saved_objects/_import') + .set(samlAuth.getInternalRequestHeader()) + .attach('file', join(__dirname, './fixtures/dashboards_default_space.ndjson')) + .expect(200); + + const { successResults } = body as { successResults: Array<{ type: string; id: string }> }; + + const objectIds = successResults + .filter((result) => result.type === 'index-pattern') + .map((result) => result.id); + + await supertestWithAuth + .post('/api/spaces/_update_objects_spaces') + .set(samlAuth.getInternalRequestHeader()) + .send({ + objects: objectIds.map((id) => ({ + type: 'index-pattern', + id, + })), + spacesToAdd: [SPACE_ID], + spacesToRemove: [], + }); + + await supertestWithAuth + .post(`/s/${SPACE_ID}/api/saved_objects/_import`) + .set(samlAuth.getInternalRequestHeader()) + .attach('file', join(__dirname, './fixtures/dashboards_test_space.ndjson')) + .expect(200); + }); + + after(async () => { + await supertestWithoutAuth + .delete(`/api/alerting/rule/${ruleId}`) + .set(editorUser.apiKeyHeader) + .set(samlAuth.getInternalRequestHeader()) + .expect(204); + await esClient.deleteByQuery({ + index: CUSTOM_THRESHOLD_RULE_ALERT_INDEX, + query: { term: { 'kibana.alert.rule.uuid': ruleId } }, + conflicts: 'proceed', + }); + await esClient.deleteByQuery({ + index: '.kibana-event-log-*', + query: { term: { 'rule.id': ruleId } }, + conflicts: 'proceed', + }); + await esDeleteAllIndices(dataForgeIndices); + await cleanup({ client: esClient, config: dataForgeConfig, logger }); + await samlAuth.invalidateM2mApiKeyWithRoleScope(editorUser); + }); + + it('should return a list of suggested dashboards', async () => { + const createdRule = await alertingApi.createRule({ + roleAuthc: editorUser, + spaceId: 'default', + tags: ['observability'], + consumer: expectedConsumer, + name: 'Threshold rule', + ruleTypeId: OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, + params: { + alertOnGroupDisappear: false, + alertOnNoData: false, + criteria: [ + { + comparator: COMPARATORS.GREATER_THAN, + equation: '1 - (A / B)', + label: 'Percentage of Rejected Messages', + metrics: [ + { + aggType: Aggregators.SUM, + field: 'processor.processed', + name: 'A', + }, + { + aggType: Aggregators.SUM, + field: 'processor.accepted', + name: 'B', + }, + ], + threshold: [0.05], + timeSize: 1, + timeUnit: 'm', + }, + ], + groupBy: ['host.name'], + searchConfiguration: { + query: { + language: 'kuery', + query: '', + }, + index: '593f894a-3378-42cc-bafc-61b4877b64b0', + }, + }, + actions: [], + schedule: { + interval: scheduleInterval, + }, + }); + ruleId = createdRule.id; + expect(ruleId).not.to.be(undefined); + + const alertResponse = await alertingApi.waitForDocumentInIndex({ + indexName: CUSTOM_THRESHOLD_RULE_ALERT_INDEX, + docCountTarget: 1, + }); + const firstHit = alertResponse.hits.hits[0]; + const alertId = firstHit._id; + + const { body } = await supertestWithoutAuth + .get(`/internal/observability/alerts/suggested_dashboards?alertId=${alertId}`) + .set(editorUser.apiKeyHeader) + .set(samlAuth.getInternalRequestHeader()) + .expect(200); + + rawExpect(body).toEqual({ + linkedDashboards: [], + suggestedDashboards: rawExpect.arrayContaining([ + { + id: 'b6fc0f00-f5a3-11ed-9275-13469aefbc4f', + title: 'Transaction Rates', + matchedBy: { + index: ['593f894a-3378-42cc-bafc-61b4877b64b0'], + fields: ['processor.processed', 'processor.accepted'], + }, + relevantPanelCount: 1, + relevantPanels: [ + { + panel: { + panelIndex: 'f7d97f37-6684-4ab6-8da9-4b9f4f809a22', + type: 'lens', + embeddableConfig: { + enhancements: { dynamicActions: { events: [] } }, + syncColors: false, + syncCursor: true, + syncTooltips: false, + filters: [], + query: { query: '', language: 'kuery' }, + attributes: { + title: '', + visualizationType: 'lnsXY', + type: 'lens', + references: [ + { + type: 'index-pattern', + id: '593f894a-3378-42cc-bafc-61b4877b64b0', + name: 'indexpattern-datasource-layer-04450f23-63ae-4570-87d9-8c5c89b53bce', + }, + { + type: 'index-pattern', + id: '593f894a-3378-42cc-bafc-61b4877b64b0', + name: 'indexpattern-datasource-layer-73aa5801-eb35-4e4f-8b94-adef5fca8c16', + }, + ], + state: { + visualization: { + title: 'Empty XY chart', + legend: { isVisible: true, position: 'right' }, + valueLabels: 'hide', + preferredSeriesType: 'bar_stacked', + layers: [ + { + layerId: '04450f23-63ae-4570-87d9-8c5c89b53bce', + accessors: ['9659b670-1b65-4f38-8098-8c04d28a3d66'], + position: 'top', + seriesType: 'bar_stacked', + showGridlines: false, + layerType: 'data', + colorMapping: { + assignments: [], + specialAssignments: [ + { + rule: { type: 'other' }, + color: { type: 'loop' }, + touched: false, + }, + ], + paletteId: 'default', + colorMode: { type: 'categorical' }, + }, + xAccessor: '78f5b4c0-bcf5-4dc1-8fb2-c766f0975d59', + }, + { + layerId: '73aa5801-eb35-4e4f-8b94-adef5fca8c16', + layerType: 'data', + accessors: ['1b14c449-f51f-4fd7-8431-de62a8c24f3f'], + seriesType: 'bar_stacked', + xAccessor: '89e414d1-0045-46df-9555-7d265a9f5960', + yConfig: [ + { + forAccessor: '1b14c449-f51f-4fd7-8431-de62a8c24f3f', + color: '#f6726a', + }, + ], + }, + ], + labelsOrientation: { x: 0, yLeft: -90, yRight: 0 }, + yTitle: 'Message Rate', + axisTitlesVisibilitySettings: { x: true, yLeft: true, yRight: true }, + }, + query: { query: '', language: 'kuery' }, + filters: [], + datasourceStates: { + formBased: { + layers: { + '04450f23-63ae-4570-87d9-8c5c89b53bce': { + columns: { + '78f5b4c0-bcf5-4dc1-8fb2-c766f0975d59': { + label: '@timestamp', + dataType: 'date', + operationType: 'date_histogram', + sourceField: '@timestamp', + isBucketed: true, + scale: 'interval', + params: { + interval: 'auto', + includeEmptyRows: true, + dropPartials: false, + }, + }, + '9659b670-1b65-4f38-8098-8c04d28a3d66X0': { + label: + 'Part of sum(processor.processed) / ((interval() / 1000) / 60)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.processed', + isBucketed: false, + scale: 'ratio', + params: { emptyAsNull: false }, + customLabel: true, + }, + '9659b670-1b65-4f38-8098-8c04d28a3d66X1': { + label: + 'Part of sum(processor.processed) / ((interval() / 1000) / 60)', + dataType: 'number', + operationType: 'interval', + isBucketed: false, + scale: 'ratio', + references: [], + customLabel: true, + }, + '9659b670-1b65-4f38-8098-8c04d28a3d66X2': { + label: + 'Part of sum(processor.processed) / ((interval() / 1000) / 60)', + dataType: 'number', + operationType: 'math', + isBucketed: false, + scale: 'ratio', + params: { + tinymathAst: { + type: 'function', + name: 'divide', + args: [ + '9659b670-1b65-4f38-8098-8c04d28a3d66X0', + { + type: 'function', + name: 'divide', + args: [ + { + type: 'function', + name: 'divide', + args: [ + '9659b670-1b65-4f38-8098-8c04d28a3d66X1', + 1000, + ], + location: { min: 29, max: 46 }, + text: 'interval() / 1000', + }, + 60, + ], + location: { min: 28, max: 52 }, + text: '(interval() / 1000) / 60', + }, + ], + location: { min: 0, max: 53 }, + text: 'sum(processor.processed) / ((interval() / 1000) / 60)', + }, + }, + references: [ + '9659b670-1b65-4f38-8098-8c04d28a3d66X0', + '9659b670-1b65-4f38-8098-8c04d28a3d66X1', + ], + customLabel: true, + }, + '9659b670-1b65-4f38-8098-8c04d28a3d66': { + label: 'Processed Rate', + dataType: 'number', + operationType: 'formula', + isBucketed: false, + scale: 'ratio', + params: { + formula: + 'sum(processor.processed) / ((interval() / 1000) / 60)', + isFormulaBroken: false, + }, + references: ['9659b670-1b65-4f38-8098-8c04d28a3d66X2'], + customLabel: true, + }, + }, + columnOrder: [ + '78f5b4c0-bcf5-4dc1-8fb2-c766f0975d59', + '9659b670-1b65-4f38-8098-8c04d28a3d66', + '9659b670-1b65-4f38-8098-8c04d28a3d66X0', + '9659b670-1b65-4f38-8098-8c04d28a3d66X1', + '9659b670-1b65-4f38-8098-8c04d28a3d66X2', + ], + sampling: 1, + ignoreGlobalFilters: false, + incompleteColumns: {}, + }, + '73aa5801-eb35-4e4f-8b94-adef5fca8c16': { + linkToLayers: [], + columns: { + '89e414d1-0045-46df-9555-7d265a9f5960': { + label: '@timestamp', + dataType: 'date', + operationType: 'date_histogram', + sourceField: '@timestamp', + isBucketed: true, + scale: 'interval', + params: { + interval: 'auto', + includeEmptyRows: true, + dropPartials: false, + }, + }, + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX0': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.accepted', + isBucketed: false, + scale: 'ratio', + params: { emptyAsNull: false }, + customLabel: true, + }, + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX1': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.processed', + isBucketed: false, + scale: 'ratio', + params: { emptyAsNull: false }, + customLabel: true, + }, + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX2': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)', + dataType: 'number', + operationType: 'interval', + isBucketed: false, + scale: 'ratio', + references: [], + customLabel: true, + }, + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX3': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)', + dataType: 'number', + operationType: 'math', + isBucketed: false, + scale: 'ratio', + params: { + tinymathAst: { + type: 'function', + name: 'subtract', + args: [ + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX0', + { + type: 'function', + name: 'divide', + args: [ + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX1', + { + type: 'function', + name: 'divide', + args: [ + { + type: 'function', + name: 'divide', + args: [ + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX2', + 1000, + ], + location: { min: 55, max: 72 }, + text: 'interval() / 1000', + }, + 60, + ], + location: { min: 54, max: 78 }, + text: '(interval() / 1000) / 60', + }, + ], + location: { min: 25, max: 79 }, + text: ' sum(processor.processed) / ((interval() / 1000) / 60)', + }, + ], + location: { min: 0, max: 79 }, + text: 'sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)', + }, + }, + references: [ + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX0', + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX1', + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX2', + ], + customLabel: true, + }, + '1b14c449-f51f-4fd7-8431-de62a8c24f3f': { + label: 'Reject Rate', + dataType: 'number', + operationType: 'formula', + isBucketed: false, + scale: 'ratio', + params: { + formula: + 'sum(processor.accepted) - sum(processor.processed) / ((interval() / 1000) / 60)', + isFormulaBroken: false, + }, + references: ['1b14c449-f51f-4fd7-8431-de62a8c24f3fX3'], + customLabel: true, + }, + }, + columnOrder: [ + '89e414d1-0045-46df-9555-7d265a9f5960', + '1b14c449-f51f-4fd7-8431-de62a8c24f3f', + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX0', + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX1', + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX2', + '1b14c449-f51f-4fd7-8431-de62a8c24f3fX3', + ], + sampling: 1, + ignoreGlobalFilters: false, + incompleteColumns: {}, + }, + }, + }, + indexpattern: { layers: {} }, + textBased: { layers: {} }, + }, + internalReferences: [], + adHocDataViews: {}, + }, + }, + }, + }, + matchedBy: { + index: ['593f894a-3378-42cc-bafc-61b4877b64b0'], + fields: ['processor.processed', 'processor.accepted'], + }, + }, + ], + }, + { + id: '48089ec0-f039-11ed-bdc6-f382ac874aa0', + title: 'Message Processor Operations', + matchedBy: { + index: ['593f894a-3378-42cc-bafc-61b4877b64b0'], + fields: ['processor.processed', 'processor.accepted', 'host.name'], + }, + relevantPanelCount: 2, + relevantPanels: [ + { + panel: { + panelIndex: '04857532-a5b3-4de0-a79f-75d8d0b5c8c7', + type: 'lens', + embeddableConfig: { + enhancements: { dynamicActions: { events: [] } }, + syncColors: false, + syncCursor: true, + syncTooltips: false, + filters: [], + query: { query: '', language: 'kuery' }, + attributes: { + title: '', + visualizationType: 'lnsXY', + type: 'lens', + references: [ + { + type: 'index-pattern', + id: '593f894a-3378-42cc-bafc-61b4877b64b0', + name: 'indexpattern-datasource-layer-9ad575bb-1de0-4b4c-a42f-bd9117f7c123', + }, + { + type: 'index-pattern', + id: '593f894a-3378-42cc-bafc-61b4877b64b0', + name: 'indexpattern-datasource-layer-3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1', + }, + ], + state: { + visualization: { + title: 'Empty XY chart', + legend: { isVisible: true, position: 'right' }, + valueLabels: 'hide', + preferredSeriesType: 'bar_stacked', + layers: [ + { + layerId: '9ad575bb-1de0-4b4c-a42f-bd9117f7c123', + accessors: ['5c829b86-8e00-4dec-ae77-409d14f1e9c6'], + position: 'top', + seriesType: 'bar_stacked', + showGridlines: false, + layerType: 'data', + colorMapping: { + assignments: [], + specialAssignments: [ + { + rule: { type: 'other' }, + color: { type: 'loop' }, + touched: false, + }, + ], + paletteId: 'default', + colorMode: { type: 'categorical' }, + }, + xAccessor: 'ee21691a-428f-4ad1-8ae2-349459564af4', + }, + { + layerId: '3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1', + layerType: 'data', + accessors: ['d6aa9f6b-57b7-46dc-afb2-0e60712da597'], + seriesType: 'bar_stacked', + xAccessor: '79c23309-891f-48be-8290-ab6141ea8761', + yConfig: [ + { + forAccessor: 'd6aa9f6b-57b7-46dc-afb2-0e60712da597', + color: '#f6726a', + }, + ], + }, + ], + yTitle: 'Processed vs Rejected', + axisTitlesVisibilitySettings: { x: true, yLeft: true, yRight: true }, + }, + query: { query: '', language: 'kuery' }, + filters: [], + datasourceStates: { + formBased: { + layers: { + '9ad575bb-1de0-4b4c-a42f-bd9117f7c123': { + columns: { + 'ee21691a-428f-4ad1-8ae2-349459564af4': { + label: '@timestamp', + dataType: 'date', + operationType: 'date_histogram', + sourceField: '@timestamp', + isBucketed: true, + scale: 'interval', + params: { + interval: 'auto', + includeEmptyRows: true, + dropPartials: false, + }, + }, + '5c829b86-8e00-4dec-ae77-409d14f1e9c6X0': { + label: 'Part of sum(processor.processed)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.processed', + isBucketed: false, + scale: 'ratio', + params: { emptyAsNull: false }, + customLabel: true, + }, + '5c829b86-8e00-4dec-ae77-409d14f1e9c6': { + label: 'Processed', + dataType: 'number', + operationType: 'formula', + isBucketed: false, + scale: 'ratio', + params: { + formula: 'sum(processor.processed)', + isFormulaBroken: false, + }, + references: ['5c829b86-8e00-4dec-ae77-409d14f1e9c6X0'], + customLabel: true, + }, + }, + columnOrder: [ + 'ee21691a-428f-4ad1-8ae2-349459564af4', + '5c829b86-8e00-4dec-ae77-409d14f1e9c6', + '5c829b86-8e00-4dec-ae77-409d14f1e9c6X0', + ], + sampling: 1, + ignoreGlobalFilters: false, + incompleteColumns: {}, + }, + '3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1': { + linkToLayers: [], + columns: { + '79c23309-891f-48be-8290-ab6141ea8761': { + label: '@timestamp', + dataType: 'date', + operationType: 'date_histogram', + sourceField: '@timestamp', + isBucketed: true, + scale: 'interval', + params: { + interval: 'auto', + includeEmptyRows: true, + dropPartials: false, + }, + }, + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X0': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.accepted', + isBucketed: false, + scale: 'ratio', + params: { emptyAsNull: false }, + customLabel: true, + }, + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X1': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.processed', + isBucketed: false, + scale: 'ratio', + params: { emptyAsNull: false }, + customLabel: true, + }, + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X2': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed)', + dataType: 'number', + operationType: 'math', + isBucketed: false, + scale: 'ratio', + params: { + tinymathAst: { + type: 'function', + name: 'subtract', + args: [ + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X0', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X1', + ], + location: { min: 0, max: 50 }, + text: 'sum(processor.accepted) - sum(processor.processed)', + }, + }, + references: [ + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X0', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X1', + ], + customLabel: true, + }, + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597': { + label: 'Rejected', + dataType: 'number', + operationType: 'formula', + isBucketed: false, + scale: 'ratio', + params: { + formula: 'sum(processor.accepted) - sum(processor.processed)', + isFormulaBroken: false, + }, + references: ['d6aa9f6b-57b7-46dc-afb2-0e60712da597X2'], + customLabel: true, + }, + }, + columnOrder: [ + '79c23309-891f-48be-8290-ab6141ea8761', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X0', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X1', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X2', + ], + sampling: 1, + ignoreGlobalFilters: false, + incompleteColumns: {}, + }, + }, + }, + indexpattern: { layers: {} }, + textBased: { layers: {} }, + }, + internalReferences: [], + adHocDataViews: {}, + }, + }, + }, + }, + matchedBy: { + index: ['593f894a-3378-42cc-bafc-61b4877b64b0'], + fields: ['processor.processed', 'processor.accepted'], + }, + }, + { + panel: { + panelIndex: '8db7a201-95c8-4211-89b5-1288e18c8f2e', + type: 'lens', + embeddableConfig: { + enhancements: { dynamicActions: { events: [] } }, + syncColors: false, + syncCursor: true, + syncTooltips: false, + filters: [], + query: { query: '', language: 'kuery' }, + attributes: { + title: '', + visualizationType: 'lnsXY', + type: 'lens', + references: [ + { + type: 'index-pattern', + id: '593f894a-3378-42cc-bafc-61b4877b64b0', + name: 'indexpattern-datasource-layer-3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1', + }, + ], + state: { + visualization: { + title: 'Empty XY chart', + legend: { isVisible: true, position: 'right' }, + valueLabels: 'hide', + preferredSeriesType: 'bar_stacked', + layers: [ + { + layerId: '3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1', + layerType: 'data', + accessors: ['d6aa9f6b-57b7-46dc-afb2-0e60712da597'], + seriesType: 'bar_stacked', + xAccessor: '79c23309-891f-48be-8290-ab6141ea8761', + yConfig: [ + { + forAccessor: 'd6aa9f6b-57b7-46dc-afb2-0e60712da597', + color: '#f6726a', + }, + ], + splitAccessor: '0fac59b3-04e0-4d9c-84a8-75227c7db151', + }, + ], + yTitle: 'Processed vs Rejected', + axisTitlesVisibilitySettings: { x: true, yLeft: true, yRight: true }, + }, + query: { query: '', language: 'kuery' }, + filters: [], + datasourceStates: { + formBased: { + layers: { + '3d6a7da9-b2c1-4dfd-848c-499cbd34f8d1': { + linkToLayers: [], + columns: { + '79c23309-891f-48be-8290-ab6141ea8761': { + label: '@timestamp', + dataType: 'date', + operationType: 'date_histogram', + sourceField: '@timestamp', + isBucketed: true, + scale: 'interval', + params: { + interval: 'auto', + includeEmptyRows: true, + dropPartials: false, + }, + }, + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X0': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.accepted', + isBucketed: false, + scale: 'ratio', + params: { emptyAsNull: false }, + customLabel: true, + }, + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X1': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.processed', + isBucketed: false, + scale: 'ratio', + params: { emptyAsNull: false }, + customLabel: true, + }, + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X2': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed)', + dataType: 'number', + operationType: 'math', + isBucketed: false, + scale: 'ratio', + params: { + tinymathAst: { + type: 'function', + name: 'subtract', + args: [ + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X0', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X1', + ], + location: { min: 0, max: 50 }, + text: 'sum(processor.accepted) - sum(processor.processed)', + }, + }, + references: [ + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X0', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X1', + ], + customLabel: true, + }, + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597': { + label: 'Rejected', + dataType: 'number', + operationType: 'formula', + isBucketed: false, + scale: 'ratio', + params: { + formula: 'sum(processor.accepted) - sum(processor.processed)', + isFormulaBroken: false, + }, + references: ['d6aa9f6b-57b7-46dc-afb2-0e60712da597X2'], + customLabel: true, + }, + '0fac59b3-04e0-4d9c-84a8-75227c7db151': { + label: 'Top 10 values of host.name', + dataType: 'string', + operationType: 'terms', + scale: 'ordinal', + sourceField: 'host.name', + isBucketed: true, + params: { + size: 10, + orderBy: { type: 'alphabetical', fallback: true }, + orderDirection: 'asc', + otherBucket: true, + missingBucket: false, + parentFormat: { id: 'terms' }, + include: [], + exclude: [], + includeIsRegex: false, + excludeIsRegex: false, + }, + }, + }, + columnOrder: [ + '0fac59b3-04e0-4d9c-84a8-75227c7db151', + '79c23309-891f-48be-8290-ab6141ea8761', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X0', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X1', + 'd6aa9f6b-57b7-46dc-afb2-0e60712da597X2', + ], + sampling: 1, + ignoreGlobalFilters: false, + incompleteColumns: {}, + indexPatternId: '593f894a-3378-42cc-bafc-61b4877b64b0', + }, + }, + currentIndexPatternId: '593f894a-3378-42cc-bafc-61b4877b64b0', + }, + indexpattern: { + layers: {}, + currentIndexPatternId: '593f894a-3378-42cc-bafc-61b4877b64b0', + }, + textBased: { + layers: {}, + indexPatternRefs: [ + { + id: '593f894a-3378-42cc-bafc-61b4877b64b0', + title: 'kbn-data-forge-fake_stack.message_processor-*', + timeField: '@timestamp', + }, + ], + }, + }, + internalReferences: [], + adHocDataViews: {}, + }, + }, + }, + title: '', + }, + matchedBy: { + index: ['593f894a-3378-42cc-bafc-61b4877b64b0'], + fields: ['processor.processed', 'processor.accepted', 'host.name'], + }, + }, + ], + }, + { + id: '121a2498-8e27-4eb8-a7ab-9cb43a9295fc', + title: 'Message Processor Events Processed vs Rejected', + matchedBy: { + index: ['593f894a-3378-42cc-bafc-61b4877b64b0'], + fields: ['processor.processed', 'processor.accepted'], + }, + relevantPanelCount: 1, + relevantPanels: [ + { + panel: { + panelIndex: '26355e5f-5a67-4ed1-84b2-da09b5f69b14', + type: 'lens', + embeddableConfig: { + enhancements: { + dynamicActions: { + events: [], + }, + }, + syncColors: false, + syncCursor: true, + syncTooltips: false, + filters: [], + query: { + query: '', + language: 'kuery', + }, + attributes: { + title: '', + visualizationType: 'lnsXY', + type: 'lens', + references: [ + { + type: 'index-pattern', + id: '593f894a-3378-42cc-bafc-61b4877b64b0', + name: 'indexpattern-datasource-layer-62d3121e-b476-4660-ab15-c16580e22003', + }, + { + type: 'index-pattern', + id: '593f894a-3378-42cc-bafc-61b4877b64b0', + name: 'indexpattern-datasource-layer-82ae8318-02fd-4afc-8957-59d25c9d0758', + }, + ], + state: { + visualization: { + title: 'Empty XY chart', + legend: { + isVisible: true, + position: 'right', + }, + valueLabels: 'hide', + preferredSeriesType: 'bar_stacked', + layers: [ + { + layerId: '62d3121e-b476-4660-ab15-c16580e22003', + accessors: ['a889b058-082b-47ac-a5e9-a649617f3992'], + position: 'top', + seriesType: 'bar_stacked', + showGridlines: false, + layerType: 'data', + colorMapping: { + assignments: [], + specialAssignments: [ + { + rule: { + type: 'other', + }, + color: { + type: 'loop', + }, + touched: false, + }, + ], + paletteId: 'default', + colorMode: { + type: 'categorical', + }, + }, + xAccessor: 'a4185ce7-4e0d-46eb-afa2-8b973e4d4f02', + }, + { + layerId: '82ae8318-02fd-4afc-8957-59d25c9d0758', + layerType: 'data', + accessors: ['cd468e18-c44c-494f-9628-841167d75405'], + seriesType: 'bar_stacked', + xAccessor: '732b0cd4-c146-4f7f-83e2-9993eda8217e', + yConfig: [ + { + forAccessor: 'cd468e18-c44c-494f-9628-841167d75405', + color: '#f6726a', + }, + ], + }, + ], + }, + query: { + query: '', + language: 'kuery', + }, + filters: [], + datasourceStates: { + formBased: { + layers: { + '62d3121e-b476-4660-ab15-c16580e22003': { + columns: { + 'a4185ce7-4e0d-46eb-afa2-8b973e4d4f02': { + label: '@timestamp', + dataType: 'date', + operationType: 'date_histogram', + sourceField: '@timestamp', + isBucketed: true, + scale: 'interval', + params: { + interval: 'auto', + includeEmptyRows: true, + dropPartials: false, + }, + }, + 'a889b058-082b-47ac-a5e9-a649617f3992': { + label: 'Processed', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.processed', + isBucketed: false, + scale: 'ratio', + params: { + emptyAsNull: true, + }, + customLabel: true, + }, + }, + columnOrder: [ + 'a4185ce7-4e0d-46eb-afa2-8b973e4d4f02', + 'a889b058-082b-47ac-a5e9-a649617f3992', + ], + sampling: 1, + ignoreGlobalFilters: false, + incompleteColumns: {}, + }, + '82ae8318-02fd-4afc-8957-59d25c9d0758': { + linkToLayers: [], + columns: { + '732b0cd4-c146-4f7f-83e2-9993eda8217e': { + label: '@timestamp', + dataType: 'date', + operationType: 'date_histogram', + sourceField: '@timestamp', + isBucketed: true, + scale: 'interval', + params: { + interval: 'auto', + includeEmptyRows: true, + dropPartials: false, + }, + }, + 'cd468e18-c44c-494f-9628-841167d75405X0': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.accepted', + isBucketed: false, + scale: 'ratio', + params: { + emptyAsNull: false, + }, + customLabel: true, + }, + 'cd468e18-c44c-494f-9628-841167d75405X1': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed)', + dataType: 'number', + operationType: 'sum', + sourceField: 'processor.processed', + isBucketed: false, + scale: 'ratio', + params: { + emptyAsNull: false, + }, + customLabel: true, + }, + 'cd468e18-c44c-494f-9628-841167d75405X2': { + label: + 'Part of sum(processor.accepted) - sum(processor.processed)', + dataType: 'number', + operationType: 'math', + isBucketed: false, + scale: 'ratio', + params: { + tinymathAst: { + type: 'function', + name: 'subtract', + args: [ + 'cd468e18-c44c-494f-9628-841167d75405X0', + 'cd468e18-c44c-494f-9628-841167d75405X1', + ], + location: { + min: 0, + max: 50, + }, + text: 'sum(processor.accepted) - sum(processor.processed)', + }, + }, + references: [ + 'cd468e18-c44c-494f-9628-841167d75405X0', + 'cd468e18-c44c-494f-9628-841167d75405X1', + ], + customLabel: true, + }, + 'cd468e18-c44c-494f-9628-841167d75405': { + label: 'Rejected', + dataType: 'number', + operationType: 'formula', + isBucketed: false, + scale: 'ratio', + params: { + formula: 'sum(processor.accepted) - sum(processor.processed)', + isFormulaBroken: false, + }, + references: ['cd468e18-c44c-494f-9628-841167d75405X2'], + customLabel: true, + }, + }, + columnOrder: [ + '732b0cd4-c146-4f7f-83e2-9993eda8217e', + 'cd468e18-c44c-494f-9628-841167d75405', + 'cd468e18-c44c-494f-9628-841167d75405X0', + 'cd468e18-c44c-494f-9628-841167d75405X1', + 'cd468e18-c44c-494f-9628-841167d75405X2', + ], + sampling: 1, + ignoreGlobalFilters: false, + incompleteColumns: {}, + }, + }, + }, + indexpattern: { + layers: {}, + }, + textBased: { + layers: {}, + }, + }, + internalReferences: [], + adHocDataViews: {}, + }, + }, + }, + }, + matchedBy: { + index: ['593f894a-3378-42cc-bafc-61b4877b64b0'], + fields: ['processor.processed', 'processor.accepted'], + }, + }, + ], + }, + ]), + }); + }); + }); +} diff --git a/x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.index.ts b/x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.index.ts index 8705e7553ed60..69ea5874c7da1 100644 --- a/x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.index.ts +++ b/x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.index.ts @@ -24,5 +24,6 @@ export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) loadTestFile(require.resolve('../../apis/observability/ai_assistant')); loadTestFile(require.resolve('../../apis/observability/streams')); loadTestFile(require.resolve('../../apis/observability/onboarding')); + loadTestFile(require.resolve('../../apis/observability/incident_management')); }); } diff --git a/x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.index.ts b/x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.index.ts index 93ad9a193b26b..3a1ab424d5618 100644 --- a/x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.index.ts +++ b/x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.index.ts @@ -18,5 +18,6 @@ export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) loadTestFile(require.resolve('../../apis/observability/ai_assistant')); loadTestFile(require.resolve('../../apis/observability/streams')); loadTestFile(require.resolve('../../apis/observability/onboarding')); + loadTestFile(require.resolve('../../apis/observability/incident_management')); }); } From d20dfcc5a688073b578db1b87e94923bdfb0b0b9 Mon Sep 17 00:00:00 2001 From: Dominique Belcher Date: Thu, 6 Mar 2025 16:59:46 -0500 Subject: [PATCH 4/6] add missing type --- src/platform/plugins/shared/content_management/server/types.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/platform/plugins/shared/content_management/server/types.ts b/src/platform/plugins/shared/content_management/server/types.ts index 020f135a7d080..9d5f7524388c6 100644 --- a/src/platform/plugins/shared/content_management/server/types.ts +++ b/src/platform/plugins/shared/content_management/server/types.ts @@ -11,6 +11,7 @@ import type { Version } from '@kbn/object-versioning'; import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server'; import type { FavoritesSetup } from '@kbn/content-management-favorites-server'; import type { CoreApi, StorageContextGetTransformFn } from './core'; +export type { IContentClient } from './content_client/types'; export interface ContentManagementServerSetupDependencies { usageCollection?: UsageCollectionSetup; From a33e1a74471d90b26fa238e1ad4d12089123367a Mon Sep 17 00:00:00 2001 From: Dominique Clarke Date: Thu, 6 Mar 2025 17:03:21 -0500 Subject: [PATCH 5/6] Update src/platform/plugins/shared/dashboard/server/index.ts --- src/platform/plugins/shared/dashboard/server/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/platform/plugins/shared/dashboard/server/index.ts b/src/platform/plugins/shared/dashboard/server/index.ts index 3c7101e9a6fb7..1108b5b9a9830 100644 --- a/src/platform/plugins/shared/dashboard/server/index.ts +++ b/src/platform/plugins/shared/dashboard/server/index.ts @@ -27,6 +27,6 @@ export async function plugin(initializerContext: PluginInitializerContext) { export type { DashboardPluginSetup, DashboardPluginStart } from './types'; export type { DashboardAttributes, DashboardPanel } from './content_management'; -export type { DashboardSavedObjectAttributes, SavedDashboardPanel } from './dashboard_saved_object'; +export type { DashboardSavedObjectAttributes } from './dashboard_saved_object'; export { PUBLIC_API_PATH } from './api/constants'; From 252afc5f1b45ddd5df1139345e4066e0656cbd1d Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Thu, 6 Mar 2025 22:15:00 +0000 Subject: [PATCH 6/6] [CI] Auto-commit changed files from 'node scripts/generate codeowners' --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b2c26aae1602c..a0bad318be280 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -929,6 +929,7 @@ x-pack/solutions/observability/packages/get-padded-alert-time-range-util @elasti x-pack/solutions/observability/packages/kbn-alerts-grouping @elastic/response-ops x-pack/solutions/observability/packages/kbn-custom-integrations @elastic/obs-ux-logs-team x-pack/solutions/observability/packages/kbn-investigation-shared @elastic/obs-ux-management-team +x-pack/solutions/observability/packages/kbn-observability-schema @elastic/obs-ux-management-team x-pack/solutions/observability/packages/kbn-scout-oblt @elastic/appex-qa x-pack/solutions/observability/packages/observability-ai/observability-ai-common @elastic/obs-ai-assistant x-pack/solutions/observability/packages/observability-ai/observability-ai-server @elastic/obs-ai-assistant