{"version":"0.1.0","name":"Systemd logs","tiles":[{"id":"p7xtm","x":0,"y":0,"w":8,"h":10,"config":{"name":"Log volume over time","source":"Logs","displayType":"line","granularity":"auto","select":[{"aggFn":"count","aggCondition":"","aggConditionLanguage":"lucene","valueExpression":"","alias":"count"}],"where":"","whereLanguage":"lucene","groupBy":""}},{"id":"11xyne","x":8,"y":0,"w":8,"h":10,"config":{"name":"Top systemd units by log count","source":"Logs","displayType":"stacked_bar","granularity":"auto","select":[{"aggFn":"count","aggCondition":"","aggConditionLanguage":"lucene","valueExpression":""}],"where":"","whereLanguage":"lucene","groupBy":"LogAttributes['unit']"}},{"id":"1afpl1","x":16,"y":0,"w":8,"h":10,"config":{"name":"SSH authentication events","source":"Logs","displayType":"stacked_bar","granularity":"auto","select":[{"aggFn":"count","aggCondition":"Body LIKE '%sshd%' AND (Body LIKE '%Accepted%' OR Body LIKE '%Failed password%')","aggConditionLanguage":"sql","valueExpression":""}],"where":"","whereLanguage":"lucene","groupBy":"toStartOfHour(Timestamp), if(Body LIKE '%Accepted publickey%', 'Successful', 'Failed')"}},{"id":"1m8clm","x":0,"y":10,"w":8,"h":10,"config":{"name":"Service failures","source":"Logs","displayType":"line","granularity":"auto","select":[{"aggFn":"count","aggCondition":"(Body LIKE '%FAILURE%' OR Body LIKE '%exited with code 1%')","aggConditionLanguage":"sql","valueExpression":"","alias":"Service failures"}],"where":"","whereLanguage":"lucene","groupBy":"toStartOfHour(Timestamp)"}},{"id":"qo0rg","x":16,"y":10,"w":8,"h":10,"config":{"name":"SSH brute force by IP","source":"Logs","displayType":"line","granularity":"auto","select":[{"aggFn":"count","aggCondition":"Body LIKE '%Failed password%' AND extractAll(Body, '\\\\b(?:[0-9]{1,3}\\\\.){3}[0-9]{1,3}\\\\b')[1] != ''","aggConditionLanguage":"sql","valueExpression":""}],"where":"","whereLanguage":"lucene","groupBy":"extractAll(Body, '\\\\b(?:[0-9]{1,3}\\\\.){3}[0-9]{1,3}\\\\b')[1]"}},{"id":"ahugb","x":8,"y":10,"w":8,"h":10,"config":{"name":"Errors over time","source":"Logs","displayType":"stacked_bar","granularity":"auto","select":[{"aggFn":"count","aggCondition":"(Body LIKE '%error%' OR Body LIKE '%FAILURE%' OR Body LIKE '%Failed%')","aggConditionLanguage":"sql","valueExpression":"","alias":"Errors"}],"where":"","whereLanguage":"lucene"}}],"filters":[]}