{ "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "grafana", "uid": "-- Grafana --" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "target": { "limit": 100, "matchAny": false, "tags": [], "type": "dashboard" }, "type": "dashboard" } ] }, "description": "", "editable": true, "fiscalYearStartMonth": 0, "gnetId": 17514, "graphTooltip": 0, "id": 24, "links": [ { "asDropdown": true, "icon": "external link", "includeVars": false, "keepTime": false, "tags": [ "Zogg" ], "targetBlank": false, "title": "Dashboards", "tooltip": "", "type": "dashboards", "url": "" } ], "liveNow": false, "panels": [ { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 5, "panels": [], "title": "SSH - Total Stats", "type": "row" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [ { "options": { "match": "null", "result": { "index": 0, "text": "0" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "purple", "value": null } ] }, "unit": "short" }, "overrides": [] }, "gridPos": { "h": 4, "w": 6, "x": 0, "y": 1 }, "id": 2, "options": { "colorMode": "background", "graphMode": "none", "justifyMode": "center", "orientation": "auto", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "sum by(instance) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": session opened for\" | __error__=\"\" [$__interval]))", "queryType": "range", "refId": "A" } ], "title": "Total Opened Connection", "type": "stat" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [ { "options": { "match": "null", "result": { "index": 0, "text": "0" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "purple", "value": null }, { "color": "red", "value": 1 } ] }, "unit": "short" }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 6, "y": 1 }, "id": 3, "options": { "colorMode": "background", "graphMode": "none", "justifyMode": "center", "orientation": "auto", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "sum by(instance) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |~\": Failed|: Invalid|: Connection closed by authenticating user\" | __error__=\"\" [$__interval]))", "hide": false, "queryType": "range", "refId": "A" } ], "title": "Total Failed Connection", "transformations": [ { "id": "merge", "options": {} } ], "type": "stat" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "mappings": [ { "options": { "match": "null", "result": { "index": 0, "text": "0" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "purple", "value": null }, { "color": "red", "value": 1 } ] }, "unit": "short" }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 9, "y": 1 }, "id": 21, "options": { "colorMode": "background", "graphMode": "none", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "count" ], "fields": "/^IP$/", "values": false }, "textMode": "auto" }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "count by (ip) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", "hide": false, "legendFormat": "{{ ip }}", "queryType": "range", "refId": "A", "resolution": 1 }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "count by (ip) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", "hide": false, "legendFormat": "{{ ip }}", "queryType": "range", "refId": "B" } ], "title": "Total Failed - Unique IP", "transformations": [ { "id": "labelsToFields", "options": { "mode": "rows", "valueLabel": "ip" } }, { "id": "merge", "options": {} }, { "id": "organize", "options": { "excludeByName": { "178.40.119.51": false, "194.154.240.221": false, "label": true }, "indexByName": {}, "renameByName": { "value": "IP" } } } ], "type": "stat" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [ { "options": { "match": "null", "result": { "index": 0, "text": "0" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "orange", "value": null } ] }, "unit": "short" }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 12, "y": 1 }, "id": 6, "options": { "colorMode": "background", "graphMode": "none", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" | __error__=\"\" [$__interval])", "queryType": "range", "refId": "A" } ], "title": "SSH Log Lines", "type": "stat" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [ { "options": { "match": "null", "result": { "index": 0, "text": "0" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "orange", "value": null } ] }, "unit": "decbytes" }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 15, "y": 1 }, "id": 7, "options": { "colorMode": "background", "graphMode": "none", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "bytes_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" | __error__=\"\" [$__interval])", "queryType": "range", "refId": "A" } ], "title": "SSH Log in bytes", "type": "stat" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 9, "w": 6, "x": 0, "y": 5 }, "id": 15, "options": { "displayLabels": [], "legend": { "displayMode": "table", "placement": "right", "showLegend": true, "values": [ "value", "percent" ] }, "pieType": "donut", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "tooltip": { "mode": "multi", "sort": "none" } }, "pluginVersion": "9.2.5", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "sum by (username) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\" [$__interval]))", "hide": false, "legendFormat": "{{ username }}", "queryType": "range", "refId": "A" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "sum by (username) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\" [$__interval]))", "hide": false, "legendFormat": "{{ username }}", "queryType": "range", "refId": "B" } ], "title": "Session Opened by User", "transformations": [], "type": "piechart" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 9, "w": 6, "x": 6, "y": 5 }, "id": 16, "options": { "displayLabels": [], "legend": { "displayMode": "table", "placement": "right", "showLegend": true, "values": [ "value", "percent" ] }, "pieType": "donut", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "tooltip": { "mode": "multi", "sort": "none" } }, "pluginVersion": "9.2.5", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "sum by (username) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", "hide": false, "legendFormat": "{{ username }}", "queryType": "range", "refId": "A" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "sum by (username) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\" [$__interval]))", "hide": false, "legendFormat": "{{ username }}", "queryType": "range", "refId": "B" } ], "title": "Failed Attempt by User", "transformations": [ { "id": "joinByLabels", "options": { "value": "username" } } ], "type": "piechart" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "gridPos": { "h": 16, "w": 12, "x": 12, "y": 5 }, "id": 9, "options": { "dedupStrategy": "signature", "enableLogDetails": true, "prettifyLogMessage": false, "showCommonLabels": false, "showLabels": false, "showTime": false, "sortOrder": "Descending", "wrapLogMessage": false }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "{host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" ", "queryType": "range", "refId": "A" } ], "title": "SSH Recent Log", "type": "logs" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [] }, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 14 }, "id": 22, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "frameIndex": 0, "showHeader": true }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "count by (ip) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for <_> from port <_>` | __error__=\"\" [$__interval]))", "hide": false, "legendFormat": "{{ ip }}", "queryType": "range", "refId": "A", "resolution": 1 } ], "title": "Session Opened by Unique IP", "transformations": [ { "id": "labelsToFields", "options": { "mode": "rows" } }, { "id": "merge", "options": {} }, { "id": "organize", "options": { "excludeByName": { "label": true }, "indexByName": {}, "renameByName": { "value": "IP" } } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [] }, "gridPos": { "h": 7, "w": 6, "x": 6, "y": 14 }, "id": 19, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "frameIndex": 0, "showHeader": true }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "count by (ip) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", "hide": false, "legendFormat": "{{ ip }}", "queryType": "range", "refId": "A", "resolution": 1 }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "count by (ip) (count_over_time({host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", "hide": false, "legendFormat": "{{ ip }}", "queryType": "range", "refId": "B" } ], "title": "Failed by Unique IP", "transformations": [ { "id": "labelsToFields", "options": { "mode": "rows" } }, { "id": "merge", "options": {} }, { "id": "organize", "options": { "excludeByName": { "label": true }, "indexByName": {}, "renameByName": { "value": "IP" } } } ], "type": "table" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 21 }, "id": 11, "panels": [], "title": "Detailed Stats", "type": "row" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" } ] } }, "overrides": [] }, "gridPos": { "h": 10, "w": 12, "x": 0, "y": 22 }, "id": 20, "maxDataPoints": 1, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "{host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for from port <_>` | __error__=\"\"", "hide": false, "legendFormat": "{{ ip }} {{ username }}", "queryType": "range", "refId": "A", "resolution": 1 } ], "title": "Session Opened by User and IP", "transformations": [ { "id": "merge", "options": {} }, { "id": "extractFields", "options": { "format": "auto", "replace": false, "source": "labels" } }, { "id": "organize", "options": { "excludeByName": { "Line": true, "Time": false, "env": true, "filename": true, "id": true, "job": true, "label": true, "labels": true, "tsNs": true }, "indexByName": {}, "renameByName": { "label": "", "value": "" } } }, { "id": "sortBy", "options": { "fields": {}, "sort": [ { "desc": true, "field": "Time" } ] } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" } ] } }, "overrides": [] }, "gridPos": { "h": 10, "w": 12, "x": 12, "y": 22 }, "id": 23, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "{host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |~\": Invalid|: Failed .* user\" | pattern `<_> user from <_> port` | __error__=\"\"", "hide": false, "queryType": "range", "refId": "A" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "{host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from port` | __error__=\"\"", "hide": false, "queryType": "range", "refId": "B" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "{host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": Connection closed by authenticating user\" | pattern `<_> user port` | __error__=\"\"", "hide": false, "queryType": "range", "refId": "C" } ], "title": "SSH Failure by User and IP", "transformations": [ { "id": "merge", "options": {} }, { "id": "extractFields", "options": { "format": "auto", "replace": false, "source": "labels" } }, { "id": "organize", "options": { "excludeByName": { "Line": true, "env": true, "filename": true, "id": true, "job": true, "labels": true, "tsNs": true }, "indexByName": {}, "renameByName": { "Time": "", "env": "", "instance": "", "job": "", "tsNs": "" } } }, { "id": "sortBy", "options": { "fields": {}, "sort": [ { "desc": true, "field": "Time" } ] } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" } ] } }, "overrides": [] }, "gridPos": { "h": 10, "w": 12, "x": 0, "y": 32 }, "id": 13, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "{host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\"", "hide": false, "queryType": "range", "refId": "A" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "{host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\"", "hide": false, "queryType": "range", "refId": "B" } ], "title": "SSH Session Opened by User", "transformations": [ { "id": "merge", "options": {} }, { "id": "extractFields", "options": { "format": "auto", "replace": false, "source": "labels" } }, { "id": "organize", "options": { "excludeByName": { "Line": true, "env": true, "filename": true, "id": true, "job": true, "labels": true, "tsNs": true }, "indexByName": {}, "renameByName": { "Time": "", "env": "", "instance": "", "job": "", "tsNs": "" } } }, { "id": "sortBy", "options": { "fields": {}, "sort": [ { "desc": true, "field": "Time" } ] } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" } ] } }, "overrides": [] }, "gridPos": { "h": 10, "w": 12, "x": 12, "y": 32 }, "id": 14, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true }, "pluginVersion": "9.5.2", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "{host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\"", "hide": false, "queryType": "range", "refId": "A" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "{host=~\"$host\", $filename=~\"$source\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\"", "hide": false, "queryType": "range", "refId": "B" } ], "title": "SSH Failure by User", "transformations": [ { "id": "merge", "options": {} }, { "id": "extractFields", "options": { "format": "auto", "replace": false, "source": "labels" } }, { "id": "organize", "options": { "excludeByName": { "Line": true, "env": true, "filename": true, "id": true, "job": true, "labels": true, "tsNs": true }, "indexByName": {}, "renameByName": { "Time": "", "env": "", "instance": "", "job": "", "tsNs": "" } } }, { "id": "sortBy", "options": { "fields": {}, "sort": [ { "desc": true, "field": "Time" } ] } } ], "type": "table" } ], "refresh": "5m", "revision": 2, "schemaVersion": 38, "style": "dark", "tags": [ "Zogg", "Loki" ], "templating": { "list": [ { "current": { "selected": false, "text": "Loki", "value": "Loki" }, "hide": 0, "includeAll": false, "label": "Datasource", "multi": false, "name": "datasource", "options": [], "query": "loki", "queryValue": "", "refresh": 1, "regex": "", "skipUrlSync": false, "type": "datasource" }, { "current": { "selected": true, "text": "services", "value": "services" }, "datasource": { "type": "loki", "uid": "${datasource}" }, "definition": "label_names()", "hide": 0, "includeAll": false, "label": "Host", "multi": false, "name": "host", "options": [], "query": { "label": "host", "refId": "LokiVariableQueryEditor-VariableQuery", "stream": "", "type": 1 }, "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 0, "type": "query" }, { "current": { "selected": false, "text": "filename", "value": "filename" }, "hide": 0, "includeAll": false, "label": "Filename", "multi": false, "name": "filename", "options": [ { "selected": true, "text": "filename", "value": "filename" } ], "query": "filename", "queryValue": "", "skipUrlSync": false, "type": "custom" }, { "current": { "selected": false, "text": "/var/log/auth.log", "value": "/var/log/auth.log" }, "description": "", "hide": 0, "includeAll": false, "label": "Source", "multi": false, "name": "source", "options": [ { "selected": true, "text": "/var/log/auth.log", "value": "/var/log/auth.log" } ], "query": "/var/log/auth.log", "queryValue": "", "skipUrlSync": false, "type": "custom" } ] }, "time": { "from": "now-1h", "to": "now" }, "timepicker": {}, "timezone": "", "title": "SSH", "uid": "ZOGG0013", "version": 8, "weekStart": "" }