{
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": {
"filter": []
}
},
"savedSearchRefName": "search_0",
"title": "Event Types by Size — ArcSight [Filebeat CEF]",
"uiStateJSON": {
"vis": {
"colors": {
"Count": "#64B0C8",
"Total (Bytes)": "#E24D42"
}
}
},
"version": 1,
"visState": {
"aggs": [
{
"enabled": true,
"id": "1",
"params": {},
"schema": "metric",
"type": "count"
},
{
"enabled": true,
"id": "2",
"params": {
"customLabel": "Event Type",
"field": "cef.device.event_class_id",
"order": "desc",
"orderBy": "1",
"size": 20
},
"schema": "segment",
"type": "terms"
},
{
"enabled": true,
"id": "3",
"params": {
"customLabel": "Total (Bytes)",
"field": "source.bytes"
},
"schema": "metric",
"type": "sum"
}
],
"listeners": {},
"params": {
"addLegend": true,
"addTimeMarker": false,
"addTooltip": true,
"categoryAxes": [
{
"id": "CategoryAxis-1",
"labels": {
"rotate": 75,
"show": true,
"truncate": 100
},
"position": "bottom",
"scale": {
"type": "linear"
},
"show": true,
"style": {},
"title": {
"text": "Event Type"
},
"type": "category"
}
],
"grid": {
"categoryLines": false,
"style": {
"color": "#eee"
},
"valueAxis": null
},
"legendPosition": "right",
"legendSize": "auto",
"orderBucketsBySum": false,
"seriesParams": [
{
"data": {
"id": "1",
"label": "Count"
},
"drawLinesBetweenPoints": true,
"mode": "normal",
"show": "true",
"showCircles": true,
"type": "histogram",
"valueAxis": "ValueAxis-1"
},
{
"data": {
"id": "3",
"label": "Total (Bytes)"
},
"drawLinesBetweenPoints": true,
"interpolate": "linear",
"lineWidth": 3,
"mode": "normal",
"show": true,
"showCircles": false,
"type": "line",
"valueAxis": "ValueAxis-2"
}
],
"times": [],
"valueAxes": [
{
"id": "ValueAxis-1",
"labels": {
"filter": false,
"rotate": 0,
"show": true,
"truncate": 100
},
"name": "LeftAxis-1",
"position": "left",
"scale": {
"mode": "normal",
"type": "square root"
},
"show": true,
"style": {},
"title": {
"text": "Count"
},
"type": "value"
},
{
"id": "ValueAxis-2",
"labels": {
"filter": false,
"rotate": 0,
"show": true,
"truncate": 100
},
"name": "RightAxis-1",
"position": "right",
"scale": {
"mode": "normal",
"type": "square root"
},
"show": true,
"style": {},
"title": {
"text": "Total (Bytes)"
},
"type": "value"
}
]
},
"title": "Event Types by Size — ArcSight [Filebeat CEF]",
"type": "histogram"
}
},
"coreMigrationVersion": "8.3.3",
"id": "cef-8d4f3630-04f0-4b40-8d56-5b989b471370",
"migrationVersion": {
"visualization": "8.3.0"
},
"references": [
{
"id": "cef-721d1d17-9c3a-4002-9f23-d51a12604d41",
"name": "search_0",
"type": "search"
}
],
"type": "visualization",
"updated_at": "2022-08-24T00:29:51.550Z",
"version": "WzI0MjIsMV0="
}