{"version":"0.1.0","name":"Host Logs","tiles":[{"id":"1fqed4","x":0,"y":0,"w":8,"h":10,"config":{"name":"Log volume over time","source":"Logs","displayType":"line","granularity":"5 minute","select":[{"aggFn":"count","aggCondition":"","aggConditionLanguage":"lucene","valueExpression":""}],"where":"","whereLanguage":"lucene","groupBy":"SeverityText"}},{"id":"gaysf","x":8,"y":0,"w":8,"h":10,"config":{"name":"Top systemd units","source":"Logs","displayType":"stacked_bar","granularity":"auto","select":[{"aggFn":"count","aggCondition":"","aggConditionLanguage":"lucene","valueExpression":""}],"where":"","whereLanguage":"lucene","groupBy":"LogAttributes['unit']"}},{"id":"1m2363","x":16,"y":0,"w":8,"h":10,"config":{"name":"SSH activity","source":"Logs","displayType":"stacked_bar","granularity":"auto","select":[{"aggFn":"count","aggCondition":"ServiceName = 'host-demo' AND LogAttributes['unit'] = 'sshd'","aggConditionLanguage":"sql","valueExpression":""}],"where":"","whereLanguage":"lucene","groupBy":"CASE WHEN Body LIKE '%Failed%' THEN 'Failed Logins' ELSE 'Successful Logins' END"}},{"id":"9beco","x":16,"y":10,"w":8,"h":10,"config":{"name":"Firewall blocks","source":"Logs","displayType":"line","granularity":"5 minute","select":[{"aggFn":"count","aggCondition":"ServiceName = 'host-demo' AND Body LIKE '%UFW%'","aggConditionLanguage":"sql","valueExpression":""}],"where":"","whereLanguage":"lucene","groupBy":"CASE WHEN Body LIKE '%BLOCK%' THEN 'Blocked' ELSE 'Allowed' END"}},{"id":"9ovld","x":8,"y":10,"w":8,"h":10,"config":{"name":"Service restarts","source":"Logs","displayType":"stacked_bar","granularity":"auto","select":[{"aggFn":"count","aggCondition":"Body LIKE '%Starting%' OR Body LIKE '%Stopped%' OR Body LIKE '%Started%'","aggConditionLanguage":"sql","valueExpression":""}],"where":"","whereLanguage":"lucene","groupBy":"LogAttributes['unit']"}},{"id":"85aly","x":0,"y":10,"w":8,"h":10,"config":{"name":"","source":"Logs","displayType":"line","granularity":"auto","select":[{"aggFn":"count","aggCondition":"ServiceName = 'host-demo' AND (Body LIKE '%Failed password%' OR Body LIKE '%Ban%' OR Body LIKE '%UFW BLOCK%')","aggConditionLanguage":"sql","valueExpression":""}],"where":"","whereLanguage":"lucene","groupBy":"LogAttributes['unit']"}}],"filters":[]}