From 7919a850c38f46df54241835ab42c3ed48abdd5f Mon Sep 17 00:00:00 2001
From: Andrew Kroh <andrew.kroh@elastic.co>
Date: Tue, 4 Apr 2017 04:33:08 -0400
Subject: [PATCH] Add DNS dashboard for Packetbeat (#3883)

The dashboard provides an overview of the requests over time. It summaries the number or requests, amount of data transferred, and average response times. It also shows the top requested domains.
(cherry picked from commit 85e179febed2d9cc81ec6e1db0700df9c020c897)
---
 CHANGELOG.asciidoc                                 | 14 ++++++++++++++
 packetbeat/_meta/kibana/dashboard/DNS.json         | 13 +++++++++++++
 .../visualization/DNS-Count-and-Response-Time.json | 11 +++++++++++
 .../kibana/visualization/DNS-Query-Summary.json    | 11 +++++++++++
 .../kibana/visualization/DNS-Question-Types.json   | 10 ++++++++++
 .../DNS-Request-Status-Over-Time.json              | 10 ++++++++++
 .../kibana/visualization/DNS-Response-Codes.json   | 10 ++++++++++
 .../kibana/visualization/DNS-Top-10-Questions.json | 10 ++++++++++
 8 files changed, 89 insertions(+)
 create mode 100644 packetbeat/_meta/kibana/dashboard/DNS.json
 create mode 100644 packetbeat/_meta/kibana/visualization/DNS-Count-and-Response-Time.json
 create mode 100644 packetbeat/_meta/kibana/visualization/DNS-Query-Summary.json
 create mode 100644 packetbeat/_meta/kibana/visualization/DNS-Question-Types.json
 create mode 100644 packetbeat/_meta/kibana/visualization/DNS-Request-Status-Over-Time.json
 create mode 100644 packetbeat/_meta/kibana/visualization/DNS-Response-Codes.json
 create mode 100644 packetbeat/_meta/kibana/visualization/DNS-Top-10-Questions.json

diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index c1aed183892..56f14818c75 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -38,6 +38,10 @@ https://github.com/elastic/beats/compare/v5.3.0...master[Check the HEAD diff]
 *Metricbeat*
 
 - Avoid errors when some Apache status fields are missing. {issue}3074[3074]
+- Linux cgroup metrics are now enabled by default for the system process
+  metricset. The configuration option for the feature was renamed from
+  `cgroups` to `process.cgroups.enabled`. {pull}3519[3519]
+- Change fieldnames couchbase.node.couch.*.actual_disk_size.* to couchbase.node.couch.*.disk_size.* {pull}3545[3545]
 
 *Packetbeat*
 
@@ -168,6 +172,16 @@ https://github.com/elastic/beats/compare/v5.2.2...v5.3.0[View commits]
 - The Docker, Kafka, and Prometheus modules are now Beta, instead of experimental. {pull}3525[3525]
 - The HAProxy module is now GA, instead of experimental. {pull}3525[3525]
 - Add the ability to collect the environment variables from system processes. {pull}3337[3337]
+- Add experimental metricset `perfmon` to Windows module. {pull}3758[3758]
+- Add memcached module with stats metricset. {pull}3693[3693]
+
+*Packetbeat*
+- Add `fields` and `fields_under_root` to packetbeat protocols configurations. {pull}3518[3518]
+- Add list style packetbeat protocols configurations. This change supports specifying multiple configurations of the same protocol analyzer. {pull}3518[3518]
+- Add DNS dashboard for an overview the DNS traffic. {pull}3883[3883]
+- Add DNS Tunneling dashboard to highlight domains with large numbers of subdomains or high data volume. {pull}3884[3884]
+
+*Winlogbeat*
 
 ==== Deprecated
 
diff --git a/packetbeat/_meta/kibana/dashboard/DNS.json b/packetbeat/_meta/kibana/dashboard/DNS.json
new file mode 100644
index 00000000000..256eef5d37d
--- /dev/null
+++ b/packetbeat/_meta/kibana/dashboard/DNS.json
@@ -0,0 +1,13 @@
+{
+  "hits": 0, 
+  "timeRestore": false, 
+  "description": "", 
+  "title": "DNS", 
+  "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", 
+  "panelsJSON": "[{\"col\":6,\"id\":\"DNS-Count-and-Response-Time\",\"panelIndex\":1,\"row\":4,\"size_x\":7,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"DNS-Query-Summary\",\"panelIndex\":2,\"row\":1,\"size_x\":5,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"DNS-Question-Types\",\"panelIndex\":3,\"row\":4,\"size_x\":5,\"size_y\":4,\"type\":\"visualization\"},{\"col\":6,\"id\":\"DNS-Request-Status-Over-Time\",\"panelIndex\":4,\"row\":1,\"size_x\":7,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"DNS-Top-10-Questions\",\"panelIndex\":5,\"row\":8,\"size_x\":5,\"size_y\":4,\"type\":\"visualization\"},{\"col\":6,\"id\":\"DNS-Response-Codes\",\"panelIndex\":6,\"row\":8,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\"}]", 
+  "optionsJSON": "{\"darkTheme\":false}", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
+  }
+}
\ No newline at end of file
diff --git a/packetbeat/_meta/kibana/visualization/DNS-Count-and-Response-Time.json b/packetbeat/_meta/kibana/visualization/DNS-Count-and-Response-Time.json
new file mode 100644
index 00000000000..6f5582db642
--- /dev/null
+++ b/packetbeat/_meta/kibana/visualization/DNS-Count-and-Response-Time.json
@@ -0,0 +1,11 @@
+{
+  "visState": "{\"title\":\"DNS Count and Response Time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"histogram\",\"schema\":\"group\",\"params\":{\"field\":\"responsetime\",\"interval\":50,\"min_doc_count\":false,\"extended_bounds\":{}}}],\"listeners\":{}}", 
+  "description": "", 
+  "title": "DNS Count and Response Time", 
+  "uiStateJSON": "{}", 
+  "version": 1, 
+  "savedSearchId": "DNS", 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"filter\":[]}"
+  }
+}
\ No newline at end of file
diff --git a/packetbeat/_meta/kibana/visualization/DNS-Query-Summary.json b/packetbeat/_meta/kibana/visualization/DNS-Query-Summary.json
new file mode 100644
index 00000000000..8b549a6eae7
--- /dev/null
+++ b/packetbeat/_meta/kibana/visualization/DNS-Query-Summary.json
@@ -0,0 +1,11 @@
+{
+  "visState": "{\"title\":\"DNS Query Summary\",\"type\":\"metric\",\"params\":{\"fontSize\":\"17\",\"handleNoResults\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\",\"customLabel\":\"Bytes In\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\",\"customLabel\":\"Bytes Out\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\",\"customLabel\":\"Avg Response Time (ms)\"}}],\"listeners\":{}}", 
+  "description": "", 
+  "title": "DNS Query Summary", 
+  "uiStateJSON": "{}", 
+  "version": 1, 
+  "savedSearchId": "DNS", 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"filter\":[]}"
+  }
+}
\ No newline at end of file
diff --git a/packetbeat/_meta/kibana/visualization/DNS-Question-Types.json b/packetbeat/_meta/kibana/visualization/DNS-Question-Types.json
new file mode 100644
index 00000000000..e33fbda1b1c
--- /dev/null
+++ b/packetbeat/_meta/kibana/visualization/DNS-Question-Types.json
@@ -0,0 +1,10 @@
+{
+  "visState": "{\"title\":\"DNS Question Types\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.question.type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", 
+  "description": "", 
+  "title": "DNS Question Types", 
+  "uiStateJSON": "{}", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+  }
+}
\ No newline at end of file
diff --git a/packetbeat/_meta/kibana/visualization/DNS-Request-Status-Over-Time.json b/packetbeat/_meta/kibana/visualization/DNS-Request-Status-Over-Time.json
new file mode 100644
index 00000000000..1b042b491b8
--- /dev/null
+++ b/packetbeat/_meta/kibana/visualization/DNS-Request-Status-Over-Time.json
@@ -0,0 +1,10 @@
+{
+  "visState": "{\"title\":\"DNS Request Status Over Time\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", 
+  "description": "", 
+  "title": "DNS Request Status Over Time", 
+  "uiStateJSON": "{\"vis\":{\"colors\":{\"Error\":\"#890F02\",\"OK\":\"#0A50A1\"}}}", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type: dns\"}},\"filter\":[]}"
+  }
+}
\ No newline at end of file
diff --git a/packetbeat/_meta/kibana/visualization/DNS-Response-Codes.json b/packetbeat/_meta/kibana/visualization/DNS-Response-Codes.json
new file mode 100644
index 00000000000..05bcee33459
--- /dev/null
+++ b/packetbeat/_meta/kibana/visualization/DNS-Response-Codes.json
@@ -0,0 +1,10 @@
+{
+  "visState": "{\"title\":\"DNS Response Codes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code\"}}],\"listeners\":{}}", 
+  "description": "", 
+  "title": "DNS Response Codes", 
+  "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"filter\":[],\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type: dns\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}"
+  }
+}
\ No newline at end of file
diff --git a/packetbeat/_meta/kibana/visualization/DNS-Top-10-Questions.json b/packetbeat/_meta/kibana/visualization/DNS-Top-10-Questions.json
new file mode 100644
index 00000000000..2b5090f3ff9
--- /dev/null
+++ b/packetbeat/_meta/kibana/visualization/DNS-Top-10-Questions.json
@@ -0,0 +1,10 @@
+{
+  "visState": "{\"title\":\"DNS Top 10 Questions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.question.name\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Question\"}}],\"listeners\":{}}", 
+  "description": "", 
+  "title": "DNS Top 10 Questions", 
+  "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", 
+  "version": 1, 
+  "kibanaSavedObjectMeta": {
+    "searchSourceJSON": "{\"filter\":[],\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type: dns AND status: OK\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}"
+  }
+}
\ No newline at end of file