From 126b1de27d2b07e07a9228a23864fd9f59b2a6a9 Mon Sep 17 00:00:00 2001 From: blcrlsn2 Date: Sun, 31 May 2020 14:28:38 -0400 Subject: [PATCH 1/5] Adding UDP output to use with Logstash --- README.md | 2 ++ config.yaml | 3 +++ core/config.go | 6 ++++++ core/log.go | 20 +++++++++++++++++++- go.mod | 2 ++ 5 files changed, 32 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5a63c0c..e03499b 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,8 @@ github_access_tokens: # provide at least one token - 'token two' webhook: '' # URL to a POST webhook. webhook_payload: '' # Payload to POST to the webhook URL +logstash: '' # IP Address for Logstash Instance (UDP) +logstash_port: '' # Listen Packet Port blacklisted_extensions: [] # list of extensions to ignore blacklisted_paths: [] # list of paths to ignore blacklisted_entropy_extensions: [] # additional extensions to ignore for entropy checks diff --git a/config.yaml b/config.yaml index fa02ee0..0e7ff7f 100644 --- a/config.yaml +++ b/config.yaml @@ -2,6 +2,9 @@ github_access_tokens: - '' webhook: '' # URL to which the payload is POSTed +logstash: '' # IP Address for Logstash Instance (UDP) +logstash_port: '' # Listen Packet Port + # This default payload will work for Slack and MatterMost. # Consult your webhook API for additional configurations. webhook_payload: | diff --git a/core/config.go b/core/config.go index a90c13a..ab304c1 100644 --- a/core/config.go +++ b/core/config.go @@ -15,6 +15,8 @@ type Config struct { GitHubAccessTokens []string `yaml:"github_access_tokens"` Webhook string `yaml:"webhook,omitempty"` WebhookPayload string `yaml:"webhook_payload,omitempty"` + Logstash string `yaml:"logstash,omitempty"` + LogstashPort string `yaml:"logstash_port,omitempty"` BlacklistedExtensions []string `yaml:"blacklisted_extensions"` BlacklistedPaths []string `yaml:"blacklisted_paths"` BlacklistedEntropyExtensions []string `yaml:"blacklisted_entropy_extensions"` @@ -72,6 +74,10 @@ func ParseConfig(options *Options) (*Config, error) { if len(config.Webhook) > 0 { config.Webhook = os.ExpandEnv(config.Webhook) } + + if len(config.Logstash) > 0 { + config.Logstash = os.ExpandEnv(config.Logstash) + } return config, nil } diff --git a/core/log.go b/core/log.go index edd3077..acfca53 100644 --- a/core/log.go +++ b/core/log.go @@ -3,6 +3,7 @@ package core import ( "fmt" "net/http" + "net" "os" "regexp" "strings" @@ -66,7 +67,24 @@ func (l *Logger) Log(level int, format string, args ...interface{}) { payload := fmt.Sprintf(session.Config.WebhookPayload, text) http.Post(session.Config.Webhook, "application/json", strings.NewReader(payload)) } - + + if session.Config.Logstash != "" { + text := colorStrip(fmt.Sprintf(format, args...)) + payload := fmt.Sprintf(session.Config.Logstash, text) + pc, err := net.ListenPacket("udp4", ":" + session.Config.LogstashPort) + if err != nil { + panic(err) + } + defer pc.Close() + + addr,err := net.ResolveUDPAddr("udp4", session.Config.Logstash) + if err != nil { + panic(err) + } + + pc.WriteTo([]byte(payload), addr) + } + if level == FATAL { os.Exit(1) } diff --git a/go.mod b/go.mod index 07f2d91..bdd7ec6 100644 --- a/go.mod +++ b/go.mod @@ -1,5 +1,7 @@ module github.com/eth0izzle/shhgit +go 1.14 + require ( github.com/fatih/color v1.7.0 github.com/google/go-github v17.0.0+incompatible From 1a5904239c8a7a8f33e8cb448ba4fefd15335ba0 Mon Sep 17 00:00:00 2001 From: blcrlsn2 Date: Sun, 31 May 2020 14:32:02 -0400 Subject: [PATCH 2/5] added logstash config and kibana dashboard --- logstash/README.md | 29 ++++++ logstash/config/01-shhgit-pipeline.conf | 100 +++++++++++++++++++++ logstash/dashboard/shhgit_dashboard.ndjson | 13 +++ 3 files changed, 142 insertions(+) create mode 100644 logstash/README.md create mode 100644 logstash/config/01-shhgit-pipeline.conf create mode 100644 logstash/dashboard/shhgit_dashboard.ndjson diff --git a/logstash/README.md b/logstash/README.md new file mode 100644 index 0000000..0782981 --- /dev/null +++ b/logstash/README.md @@ -0,0 +1,29 @@ +# Logstash Configuration + +## 1. Install ElasticSearch, Kibana, and Logstash +- Follow the instructions on Elastic's website: https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-elastic-stack.html + +## 2. Configure Logstash + +In the folder logstash/config/01-shhgit-pipeline.conf is a working example with a few Grok rules to process the incoming messages from shhgit. These Grok rules are imperfect, but should provide a starting point to improve upon. + +- 01-shhgit-pipeline.conf should be placed in the Logstash /etc/logstash/conf.d directory. +- Update the output elasticsearch to point to your elasticsearch cluster + +## 3. Configure Kibana + +### Configure Pattern +- Click the gear icon (management) in the lower left +- Click Kibana -> Index Patters +- Click Create New Index Pattern +- Type "shhgit-*" into the input box, then click Next Step + +### Import Dashboard +In your web browser go to Kibana's IP using port 5601 (ex: 192.168.0.1:5601) +- Click Management -> Saved Objects +- You can import the dashboard found in the dashboard folder via the Import button in the top-right corner. + - shhgit Dashboard + +## TODO +- Clean up Grok Rules +- Add additional Grok Rules diff --git a/logstash/config/01-shhgit-pipeline.conf b/logstash/config/01-shhgit-pipeline.conf new file mode 100644 index 0000000..b7e8407 --- /dev/null +++ b/logstash/config/01-shhgit-pipeline.conf @@ -0,0 +1,100 @@ +input { + udp { + port => 8080 + } +} + +filter { + + if "Matching file" in [message] { + grok { + match => { "message" => "\[%{GREEDYDATA:location}\] Matching %{WORD:type} %{URIPATHPARAM:path} for %{GREEDYDATA:reason}\"" } + } + } + + if "match for" in [message] { + grok { + match => { "message" => "\[%{GREEDYDATA:location}\] %{NUMBER:number} match for %{GREEDYDATA:reason} in %{WORD:type} %{URIPATHPARAM:path}: %{URIPROTO:uriproto}://(?:%{USER:user}(?::%{GREEDYDATA:password}[^@]*)?@)?(?:%{URIHOST:urihost})?(?:%{URIPATHPARAM:uripathparam})?" } + } + } + + if "Potential secret" in [message] { + grok { + match => { "message" => "\[%{GREEDYDATA:location}\] %{GREEDYDATA:reason} in %{URIPATHPARAM:path} =%{SPACE}%{GREEDYDATA:secret}\"" } + } + } + + if "matches for" in [message] { + grok { + match => { "message" => "\[%{GREEDYDATA:location}\] %{NUMBER:number} matches for %{GREEDYDATA:reason} in %{WORD:type} %{GREEDYDATA:paths}\"" } + } + } + + if "Google OAuth Key" in [message] { + grok { + match => { "message" => "\[%{GREEDYDATA:location}\] %{NUMBER:number} matches for %{GREEDYDATA:reason} in %{WORD:type} %{GREEDYDATA:paths}\"" } + } + } + + if "Google Cloud API Key" in [message] { + grok { + match => { "message" => "\[%{GREEDYDATA:location}\] %{NUMBER:number} match for %{GREEDYDATA:reason} in %{WORD:type} %{URIPATHPARAM:path}:%{SPACE}%{GREEDYDATA:key}\"" } + } + } + + mutate { + split => {"paths" => "," } + } + + if "Cloning in to" in [message] { + grok + { + match => { "message" => "\[%{GREEDYDATA:location}\] Cloning in to %{URIPATH:path}\"" } + add_tag => ["cloning"] + } + } + + if "Failed to" in [message] { + grok + { + match => { "message" => "\"%{GREEDYDATA:errorMessage}\"" } + add_tag => ["failed"] + } + } + + if "Cloning failed" in [message] { + grok + { + match => { "message" => "\"%{GREEDYDATA:errorMessage}\"" } + add_tag => ["failed"] + } + } + + if "started. Loaded" in [message] { + grok + { + match => { "message" => "\"%{GREEDYDATA:errorMessage}\"" } + add_tag => ["info"] + } + } + + if "calls remain" in [message] { + grok + { + match => { "message" => "\"%{GREEDYDATA:errorMessage}\"" } + add_tag => ["info"] + } + } + + mutate { + rename => { "[message]" => "[original]"} + } +} + +output { + elasticsearch { + id => "shhgit" + hosts => ["localhost:9200"] + index => "shhgit-%{+YYYY.MM.dd}" + } +} diff --git a/logstash/dashboard/shhgit_dashboard.ndjson b/logstash/dashboard/shhgit_dashboard.ndjson new file mode 100644 index 0000000..a8bab28 --- /dev/null +++ b/logstash/dashboard/shhgit_dashboard.ndjson @@ -0,0 +1,13 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"shgit-timeline","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"timelion\",\"aggs\":[],\"params\":{\"expression\":\".es(index=shhgit*,timefield=@timestamp)\",\"interval\":\"auto\"},\"title\":\"shgit-timeline\"}"},"id":"960f18d0-a2ba-11ea-a9c6-7fe0efa7991f","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-05-30T21:14:45.341Z","version":"WzQxNDUsMjBd"} +{"attributes":{"fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"@version\"}}},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"errorMessage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"errorMessage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"errorMessage\"}}},{\"name\":\"host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host\"}}},{\"name\":\"key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"key\"}}},{\"name\":\"location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"location\"}}},{\"name\":\"number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"number\"}}},{\"name\":\"original\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"original\"}}},{\"name\":\"password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"password\"}}},{\"name\":\"path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"path\"}}},{\"name\":\"paths\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"paths.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"paths\"}}},{\"name\":\"port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"port\"}}},{\"name\":\"reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"reason\"}}},{\"name\":\"secret\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"secret.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"secret\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"type\"}}},{\"name\":\"urihost\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urihost.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"urihost\"}}},{\"name\":\"uripathparam\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uripathparam.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"uripathparam\"}}},{\"name\":\"uriproto\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uriproto.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"uriproto\"}}},{\"name\":\"user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user\"}}}]","timeFieldName":"@timestamp","title":"shhgit*"},"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-05-30T21:10:37.321Z","version":"WzQxMzAsMjBd"} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"tags.keyword\",\"value\":\"cloning, failed, info\",\"params\":[\"cloning\",\"failed\",\"info\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"tags.keyword\":\"cloning\"}},{\"match_phrase\":{\"tags.keyword\":\"failed\"}},{\"match_phrase\":{\"tags.keyword\":\"info\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"shgit-search","version":1},"id":"6f75a860-a2ba-11ea-a9c6-7fe0efa7991f","migrationVersion":{"search":"7.4.0"},"references":[{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2020-05-30T21:13:40.582Z","version":"WzQxNDEsMjBd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"shgit-reason","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"schema\":\"segment\",\"params\":{\"field\":\"reason.keyword\",\"size\":10,\"customLabel\":\"Top 10 Reasons\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"title\":\"shgit-reason\"}"},"id":"03860400-a2bb-11ea-a9c6-7fe0efa7991f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"6f75a860-a2ba-11ea-a9c6-7fe0efa7991f","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-05-30T21:36:50.603Z","version":"WzQzMDQsMjBd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"tags.keyword\",\"value\":\"cloning, failed, info\",\"params\":[\"cloning\",\"failed\",\"info\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"tags.keyword\":\"cloning\"}},{\"match_phrase\":{\"tags.keyword\":\"failed\"}},{\"match_phrase\":{\"tags.keyword\":\"info\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shgit-count","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"title\":\"shgit-count\"}"},"id":"c561d000-a2ba-11ea-a9c6-7fe0efa7991f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-05-30T21:16:04.736Z","version":"WzQxNTIsMjBd"} +{"attributes":{"expression":"kibana\n| kibana_context query=\"{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"}\" filters=\"[]\"\n| lens_merge_tables layerIds=\"be29f84d-ee76-410c-9fb8-ff16bcb3b14e\" \n tables={esaggs index=\"604a4130-a2b9-11ea-a9c6-7fe0efa7991f\" metricsAtAllLevels=false partialRows=false includeFormatHints=true aggConfigs={lens_auto_date aggConfigs=\"[{\\\"id\\\":\\\"eff3769d-3b1c-4719-a082-d4d83ad470d2\\\",\\\"enabled\\\":true,\\\"type\\\":\\\"terms\\\",\\\"schema\\\":\\\"segment\\\",\\\"params\\\":{\\\"field\\\":\\\"port.keyword\\\",\\\"orderBy\\\":\\\"8bff7a86-f8c2-44a2-a81d-f99c8614a696\\\",\\\"order\\\":\\\"desc\\\",\\\"size\\\":3,\\\"otherBucket\\\":false,\\\"otherBucketLabel\\\":\\\"Other\\\",\\\"missingBucket\\\":false,\\\"missingBucketLabel\\\":\\\"Missing\\\"}},{\\\"id\\\":\\\"8bff7a86-f8c2-44a2-a81d-f99c8614a696\\\",\\\"enabled\\\":true,\\\"type\\\":\\\"count\\\",\\\"schema\\\":\\\"metric\\\",\\\"params\\\":{}}]\"} | lens_rename_columns idMap=\"{\\\"col-0-eff3769d-3b1c-4719-a082-d4d83ad470d2\\\":{\\\"label\\\":\\\"Top values of port.keyword\\\",\\\"dataType\\\":\\\"string\\\",\\\"operationType\\\":\\\"terms\\\",\\\"scale\\\":\\\"ordinal\\\",\\\"sourceField\\\":\\\"port.keyword\\\",\\\"isBucketed\\\":true,\\\"params\\\":{\\\"size\\\":3,\\\"orderBy\\\":{\\\"type\\\":\\\"column\\\",\\\"columnId\\\":\\\"8bff7a86-f8c2-44a2-a81d-f99c8614a696\\\"},\\\"orderDirection\\\":\\\"desc\\\"},\\\"id\\\":\\\"eff3769d-3b1c-4719-a082-d4d83ad470d2\\\"},\\\"col-1-8bff7a86-f8c2-44a2-a81d-f99c8614a696\\\":{\\\"label\\\":\\\"Count of records\\\",\\\"dataType\\\":\\\"number\\\",\\\"operationType\\\":\\\"count\\\",\\\"isBucketed\\\":false,\\\"scale\\\":\\\"ratio\\\",\\\"sourceField\\\":\\\"Records\\\",\\\"id\\\":\\\"8bff7a86-f8c2-44a2-a81d-f99c8614a696\\\"}}\"}\n| lens_xy_chart xTitle=\"Top values of port.keyword\" yTitle=\"Count of records\" legend={lens_xy_legendConfig isVisible=true position=\"right\"} \n layers={lens_xy_layer layerId=\"be29f84d-ee76-410c-9fb8-ff16bcb3b14e\" hide=false xAccessor=\"eff3769d-3b1c-4719-a082-d4d83ad470d2\" yScaleType=\"linear\" xScaleType=\"ordinal\" isHistogram=false seriesType=\"bar\" accessors=\"8bff7a86-f8c2-44a2-a81d-f99c8614a696\" columnToLabel=\"{\\\"8bff7a86-f8c2-44a2-a81d-f99c8614a696\\\":\\\"Count of records\\\"}\"}","state":{"datasourceMetaData":{"filterableIndexPatterns":[{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","title":"shhgit*"}]},"datasourceStates":{"indexpattern":{"currentIndexPatternId":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","layers":{"be29f84d-ee76-410c-9fb8-ff16bcb3b14e":{"columnOrder":["eff3769d-3b1c-4719-a082-d4d83ad470d2","8bff7a86-f8c2-44a2-a81d-f99c8614a696"],"columns":{"8bff7a86-f8c2-44a2-a81d-f99c8614a696":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"eff3769d-3b1c-4719-a082-d4d83ad470d2":{"dataType":"string","isBucketed":true,"label":"Top values of port.keyword","operationType":"terms","params":{"orderBy":{"columnId":"8bff7a86-f8c2-44a2-a81d-f99c8614a696","type":"column"},"orderDirection":"desc","size":3},"scale":"ordinal","sourceField":"port.keyword"}},"indexPatternId":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f"}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"accessors":["8bff7a86-f8c2-44a2-a81d-f99c8614a696"],"layerId":"be29f84d-ee76-410c-9fb8-ff16bcb3b14e","position":"top","seriesType":"bar","showGridlines":false,"xAccessor":"eff3769d-3b1c-4719-a082-d4d83ad470d2"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar"}},"title":"shgit-ports","visualizationType":"lnsXY"},"id":"9881b490-a2bc-11ea-a9c6-7fe0efa7991f","migrationVersion":{"lens":"7.7.0"},"references":[],"type":"lens","updated_at":"2020-05-30T21:29:08.441Z","version":"WzQyNTgsMjBd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shgit-password","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"password.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top 10 Passwords\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"shgit-password\"}"},"id":"4460f390-a2bb-11ea-a9c6-7fe0efa7991f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-05-30T21:19:37.800Z","version":"WzQxNjAsMjBd"} +{"attributes":{"expression":"kibana\n| kibana_context query=\"{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"}\" filters=\"[]\"\n| lens_merge_tables layerIds=\"ccfd1e54-60ce-42a9-a652-e09d44b4529e\" \n tables={esaggs index=\"604a4130-a2b9-11ea-a9c6-7fe0efa7991f\" metricsAtAllLevels=false partialRows=false includeFormatHints=true aggConfigs={lens_auto_date aggConfigs=\"[{\\\"id\\\":\\\"99d369ae-6b76-4f74-a808-cc225a4a8f93\\\",\\\"enabled\\\":true,\\\"type\\\":\\\"terms\\\",\\\"schema\\\":\\\"segment\\\",\\\"params\\\":{\\\"field\\\":\\\"uriproto.keyword\\\",\\\"orderBy\\\":\\\"90a598d4-bd6b-4cc8-8416-993bc49d8e06\\\",\\\"order\\\":\\\"desc\\\",\\\"size\\\":3,\\\"otherBucket\\\":false,\\\"otherBucketLabel\\\":\\\"Other\\\",\\\"missingBucket\\\":false,\\\"missingBucketLabel\\\":\\\"Missing\\\"}},{\\\"id\\\":\\\"90a598d4-bd6b-4cc8-8416-993bc49d8e06\\\",\\\"enabled\\\":true,\\\"type\\\":\\\"count\\\",\\\"schema\\\":\\\"metric\\\",\\\"params\\\":{}}]\"} | lens_rename_columns idMap=\"{\\\"col-0-99d369ae-6b76-4f74-a808-cc225a4a8f93\\\":{\\\"label\\\":\\\"Top values of uriproto.keyword\\\",\\\"dataType\\\":\\\"string\\\",\\\"operationType\\\":\\\"terms\\\",\\\"scale\\\":\\\"ordinal\\\",\\\"sourceField\\\":\\\"uriproto.keyword\\\",\\\"isBucketed\\\":true,\\\"params\\\":{\\\"size\\\":3,\\\"orderBy\\\":{\\\"type\\\":\\\"column\\\",\\\"columnId\\\":\\\"90a598d4-bd6b-4cc8-8416-993bc49d8e06\\\"},\\\"orderDirection\\\":\\\"desc\\\"},\\\"id\\\":\\\"99d369ae-6b76-4f74-a808-cc225a4a8f93\\\"},\\\"col-1-90a598d4-bd6b-4cc8-8416-993bc49d8e06\\\":{\\\"label\\\":\\\"Count of records\\\",\\\"dataType\\\":\\\"number\\\",\\\"operationType\\\":\\\"count\\\",\\\"isBucketed\\\":false,\\\"scale\\\":\\\"ratio\\\",\\\"sourceField\\\":\\\"Records\\\",\\\"id\\\":\\\"90a598d4-bd6b-4cc8-8416-993bc49d8e06\\\"}}\"}\n| lens_xy_chart xTitle=\"Top values of uriproto.keyword\" yTitle=\"Count of records\" legend={lens_xy_legendConfig isVisible=true position=\"right\"} \n layers={lens_xy_layer layerId=\"ccfd1e54-60ce-42a9-a652-e09d44b4529e\" hide=false xAccessor=\"99d369ae-6b76-4f74-a808-cc225a4a8f93\" yScaleType=\"linear\" xScaleType=\"ordinal\" isHistogram=false seriesType=\"bar\" accessors=\"90a598d4-bd6b-4cc8-8416-993bc49d8e06\" columnToLabel=\"{\\\"90a598d4-bd6b-4cc8-8416-993bc49d8e06\\\":\\\"Count of records\\\"}\"}","state":{"datasourceMetaData":{"filterableIndexPatterns":[{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","title":"shhgit*"}]},"datasourceStates":{"indexpattern":{"currentIndexPatternId":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","layers":{"ccfd1e54-60ce-42a9-a652-e09d44b4529e":{"columnOrder":["99d369ae-6b76-4f74-a808-cc225a4a8f93","90a598d4-bd6b-4cc8-8416-993bc49d8e06"],"columns":{"90a598d4-bd6b-4cc8-8416-993bc49d8e06":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"99d369ae-6b76-4f74-a808-cc225a4a8f93":{"dataType":"string","isBucketed":true,"label":"Top values of uriproto.keyword","operationType":"terms","params":{"orderBy":{"columnId":"90a598d4-bd6b-4cc8-8416-993bc49d8e06","type":"column"},"orderDirection":"desc","size":3},"scale":"ordinal","sourceField":"uriproto.keyword"}},"indexPatternId":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f"}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"accessors":["90a598d4-bd6b-4cc8-8416-993bc49d8e06"],"layerId":"ccfd1e54-60ce-42a9-a652-e09d44b4529e","position":"top","seriesType":"bar","showGridlines":false,"xAccessor":"99d369ae-6b76-4f74-a808-cc225a4a8f93"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar"}},"title":"shgit-uriproto","visualizationType":"lnsXY"},"id":"390f5940-a2bc-11ea-a9c6-7fe0efa7991f","migrationVersion":{"lens":"7.7.0"},"references":[],"type":"lens","updated_at":"2020-05-30T21:33:19.234Z","version":"WzQyODYsMjBd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shgit-locations","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"location.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top 10 Locations\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"shgit-locations\"}"},"id":"d79bfdd0-a2bb-11ea-a9c6-7fe0efa7991f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-05-30T21:23:44.812Z","version":"WzQxNzAsMjBd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"shgit-reasons","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"reason.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"shgit-reasons\"}"},"id":"4826a390-a2ba-11ea-a9c6-7fe0efa7991f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-05-30T21:12:34.633Z","version":"WzQxMzcsMjBd"} +{"attributes":{"expression":"kibana\n| kibana_context query=\"{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"}\" filters=\"[]\"\n| lens_merge_tables layerIds=\"a5b942af-15fe-4a19-be44-958fcf6d45cf\" \n tables={esaggs index=\"604a4130-a2b9-11ea-a9c6-7fe0efa7991f\" metricsAtAllLevels=false partialRows=false includeFormatHints=true aggConfigs={lens_auto_date aggConfigs=\"[{\\\"id\\\":\\\"9bd8b8ce-a7ff-421a-9b70-c8481396442e\\\",\\\"enabled\\\":true,\\\"type\\\":\\\"terms\\\",\\\"schema\\\":\\\"segment\\\",\\\"params\\\":{\\\"field\\\":\\\"urihost.keyword\\\",\\\"orderBy\\\":\\\"3e41808b-9da7-4984-a779-ca5e48318d10\\\",\\\"order\\\":\\\"desc\\\",\\\"size\\\":3,\\\"otherBucket\\\":false,\\\"otherBucketLabel\\\":\\\"Other\\\",\\\"missingBucket\\\":false,\\\"missingBucketLabel\\\":\\\"Missing\\\"}},{\\\"id\\\":\\\"3e41808b-9da7-4984-a779-ca5e48318d10\\\",\\\"enabled\\\":true,\\\"type\\\":\\\"count\\\",\\\"schema\\\":\\\"metric\\\",\\\"params\\\":{}}]\"} | lens_rename_columns idMap=\"{\\\"col-0-9bd8b8ce-a7ff-421a-9b70-c8481396442e\\\":{\\\"label\\\":\\\"Top values of urihost.keyword\\\",\\\"dataType\\\":\\\"string\\\",\\\"operationType\\\":\\\"terms\\\",\\\"scale\\\":\\\"ordinal\\\",\\\"sourceField\\\":\\\"urihost.keyword\\\",\\\"isBucketed\\\":true,\\\"params\\\":{\\\"size\\\":3,\\\"orderBy\\\":{\\\"type\\\":\\\"column\\\",\\\"columnId\\\":\\\"3e41808b-9da7-4984-a779-ca5e48318d10\\\"},\\\"orderDirection\\\":\\\"desc\\\"},\\\"id\\\":\\\"9bd8b8ce-a7ff-421a-9b70-c8481396442e\\\"},\\\"col-1-3e41808b-9da7-4984-a779-ca5e48318d10\\\":{\\\"label\\\":\\\"Count of records\\\",\\\"dataType\\\":\\\"number\\\",\\\"operationType\\\":\\\"count\\\",\\\"isBucketed\\\":false,\\\"scale\\\":\\\"ratio\\\",\\\"sourceField\\\":\\\"Records\\\",\\\"id\\\":\\\"3e41808b-9da7-4984-a779-ca5e48318d10\\\"}}\"}\n| lens_datatable \n columns={lens_datatable_columns columnIds=\"9bd8b8ce-a7ff-421a-9b70-c8481396442e\" columnIds=\"3e41808b-9da7-4984-a779-ca5e48318d10\"}","state":{"datasourceMetaData":{"filterableIndexPatterns":[{"id":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","title":"shhgit*"}]},"datasourceStates":{"indexpattern":{"currentIndexPatternId":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f","layers":{"a5b942af-15fe-4a19-be44-958fcf6d45cf":{"columnOrder":["9bd8b8ce-a7ff-421a-9b70-c8481396442e","3e41808b-9da7-4984-a779-ca5e48318d10"],"columns":{"3e41808b-9da7-4984-a779-ca5e48318d10":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"9bd8b8ce-a7ff-421a-9b70-c8481396442e":{"dataType":"string","isBucketed":true,"label":"Top values of urihost.keyword","operationType":"terms","params":{"orderBy":{"columnId":"3e41808b-9da7-4984-a779-ca5e48318d10","type":"column"},"orderDirection":"desc","size":3},"scale":"ordinal","sourceField":"urihost.keyword"}},"indexPatternId":"604a4130-a2b9-11ea-a9c6-7fe0efa7991f"}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"columns":["9bd8b8ce-a7ff-421a-9b70-c8481396442e","3e41808b-9da7-4984-a779-ca5e48318d10"],"layerId":"a5b942af-15fe-4a19-be44-958fcf6d45cf"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_horizontal"}},"title":"shgit-host","visualizationType":"lnsDatatable"},"id":"c2774850-a2bc-11ea-a9c6-7fe0efa7991f","migrationVersion":{"lens":"7.7.0"},"references":[],"type":"lens","updated_at":"2020-05-30T21:38:38.535Z","version":"WzQzMTMsMjBd"} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":14,\"i\":\"0f2082f8-5843-427f-afd3-aa793d1564c7\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"0f2082f8-5843-427f-afd3-aa793d1564c7\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"title\":\"shgit-reason\"},\"gridData\":{\"h\":14,\"i\":\"2753d454-ede6-4314-b56d-e8c1a44a6b5d\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"2753d454-ede6-4314-b56d-e8c1a44a6b5d\",\"title\":\"shgit-reason\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"7855c383-5c71-4871-b570-8cef7e6bca09\",\"w\":9,\"x\":0,\"y\":14},\"panelIndex\":\"7855c383-5c71-4871-b570-8cef7e6bca09\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"db18e4d2-389b-44af-bbc1-044addb968c7\",\"w\":20,\"x\":9,\"y\":14},\"panelIndex\":\"db18e4d2-389b-44af-bbc1-044addb968c7\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"ee8775f1-f0d3-4f7d-9b45-e4b48e1e948f\",\"w\":19,\"x\":29,\"y\":14},\"panelIndex\":\"ee8775f1-f0d3-4f7d-9b45-e4b48e1e948f\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"title\":\"shgit-uriproto\"},\"gridData\":{\"h\":15,\"i\":\"9817cc03-1ce6-47cc-918c-4da546e95994\",\"w\":24,\"x\":0,\"y\":25},\"panelIndex\":\"9817cc03-1ce6-47cc-918c-4da546e95994\",\"title\":\"shgit-uriproto\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"a96cd57d-3abf-4cdd-87e5-989ced7bbc67\",\"w\":24,\"x\":24,\"y\":25},\"panelIndex\":\"a96cd57d-3abf-4cdd-87e5-989ced7bbc67\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"7806f61a-d9e9-4bc2-afca-4106d47fa1ad\",\"w\":48,\"x\":0,\"y\":40},\"panelIndex\":\"7806f61a-d9e9-4bc2-afca-4106d47fa1ad\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"2321490c-d690-446f-9bbf-b19d036440e6\",\"w\":24,\"x\":0,\"y\":51},\"panelIndex\":\"2321490c-d690-446f-9bbf-b19d036440e6\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"84b637d3-5e62-4463-a889-37b25c331187\",\"w\":24,\"x\":24,\"y\":51},\"panelIndex\":\"84b637d3-5e62-4463-a889-37b25c331187\",\"version\":\"7.7.0\",\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"shgit","version":1},"id":"a22bfcf0-a2ba-11ea-a9c6-7fe0efa7991f","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"960f18d0-a2ba-11ea-a9c6-7fe0efa7991f","name":"panel_0","type":"visualization"},{"id":"03860400-a2bb-11ea-a9c6-7fe0efa7991f","name":"panel_1","type":"visualization"},{"id":"c561d000-a2ba-11ea-a9c6-7fe0efa7991f","name":"panel_2","type":"visualization"},{"id":"9881b490-a2bc-11ea-a9c6-7fe0efa7991f","name":"panel_3","type":"lens"},{"id":"4460f390-a2bb-11ea-a9c6-7fe0efa7991f","name":"panel_4","type":"visualization"},{"id":"390f5940-a2bc-11ea-a9c6-7fe0efa7991f","name":"panel_5","type":"lens"},{"id":"d79bfdd0-a2bb-11ea-a9c6-7fe0efa7991f","name":"panel_6","type":"visualization"},{"id":"6f75a860-a2ba-11ea-a9c6-7fe0efa7991f","name":"panel_7","type":"search"},{"id":"4826a390-a2ba-11ea-a9c6-7fe0efa7991f","name":"panel_8","type":"visualization"},{"id":"c2774850-a2bc-11ea-a9c6-7fe0efa7991f","name":"panel_9","type":"lens"}],"type":"dashboard","updated_at":"2020-05-30T21:38:54.992Z","version":"WzQzMTgsMjBd"} +{"exportedCount":12,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file From dc765e50537e4e73e33a893b8f9f5ee250b732eb Mon Sep 17 00:00:00 2001 From: blcrlsn2 Date: Thu, 11 Jun 2020 16:09:48 -0400 Subject: [PATCH 3/5] removed the panic --- core/log.go | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/core/log.go b/core/log.go index acfca53..812eb8b 100644 --- a/core/log.go +++ b/core/log.go @@ -72,16 +72,10 @@ func (l *Logger) Log(level int, format string, args ...interface{}) { text := colorStrip(fmt.Sprintf(format, args...)) payload := fmt.Sprintf(session.Config.Logstash, text) pc, err := net.ListenPacket("udp4", ":" + session.Config.LogstashPort) - if err != nil { - panic(err) - } defer pc.Close() - addr,err := net.ResolveUDPAddr("udp4", session.Config.Logstash) - if err != nil { - panic(err) - } - + addr, err := net.ResolveUDPAddr("udp4", session.Config.Logstash) + pc.WriteTo([]byte(payload), addr) } From 8f74e8e99c01b6d197b747f1ae5f7b5f5dbbc72b Mon Sep 17 00:00:00 2001 From: blcrlsn2 Date: Sun, 21 Jun 2020 11:14:10 -0400 Subject: [PATCH 4/5] handled err by pushing message to user --- core/log.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/core/log.go b/core/log.go index 812eb8b..8a625e4 100644 --- a/core/log.go +++ b/core/log.go @@ -72,9 +72,15 @@ func (l *Logger) Log(level int, format string, args ...interface{}) { text := colorStrip(fmt.Sprintf(format, args...)) payload := fmt.Sprintf(session.Config.Logstash, text) pc, err := net.ListenPacket("udp4", ":" + session.Config.LogstashPort) + if err != nil { + l.Error("Logstash: Unknown Port") + } defer pc.Close() addr, err := net.ResolveUDPAddr("udp4", session.Config.Logstash) + if err != nil { + l.Error("Logstash: No Such Host") + } pc.WriteTo([]byte(payload), addr) } From 00be1560970a712bc48438406ca3b19da771521c Mon Sep 17 00:00:00 2001 From: blcrlsn2 Date: Sun, 21 Jun 2020 11:15:59 -0400 Subject: [PATCH 5/5] updated message to user --- core/log.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/log.go b/core/log.go index 8a625e4..c5e22bf 100644 --- a/core/log.go +++ b/core/log.go @@ -70,16 +70,16 @@ func (l *Logger) Log(level int, format string, args ...interface{}) { if session.Config.Logstash != "" { text := colorStrip(fmt.Sprintf(format, args...)) - payload := fmt.Sprintf(session.Config.Logstash, text) + payload := fmt.Sprintf(session.Config.Logstash, text) pc, err := net.ListenPacket("udp4", ":" + session.Config.LogstashPort) if err != nil { - l.Error("Logstash: Unknown Port") + fmt.Printf("Logstash: Unknown Port\n") } defer pc.Close() addr, err := net.ResolveUDPAddr("udp4", session.Config.Logstash) if err != nil { - l.Error("Logstash: No Such Host") + fmt.Printf("Logstash: No Such Host\n") } pc.WriteTo([]byte(payload), addr)