{
  "apiVersion": "dashboard.grafana.app/v2",
  "kind": "Dashboard",
  "metadata": {
    "name": "graylog-logs-kdnlab",
    "generation": 11,
    "creationTimestamp": "2026-04-06T06:06:13Z",
    "labels": {},
    "annotations": {}
  },
  "spec": {
    "annotations": [
      {
        "kind": "AnnotationQuery",
        "spec": {
          "query": {
            "kind": "DataQuery",
            "group": "grafana",
            "version": "v0",
            "spec": {},
            "labels": {
              "grafana.app/export-label": "grafana-1"
            }
          },
          "enable": true,
          "hide": true,
          "iconColor": "rgba(0, 211, 255, 1)",
          "name": "Annotations & Alerts",
          "builtIn": true
        }
      }
    ],
    "cursorSync": "Crosshair",
    "description": "Graylog log volume and per-host breakdown — KDN Lab",
    "editable": true,
    "elements": {
      "panel-1": {
        "kind": "Panel",
        "spec": {
          "id": 1,
          "title": "Total Messages",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "Total",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "1d",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "*",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "stat",
            "version": "13.0.2",
            "spec": {
              "options": {
                "colorMode": "background",
                "graphMode": "area",
                "justifyMode": "center",
                "orientation": "auto",
                "percentChangeColorMode": "standard",
                "reduceOptions": {
                  "calcs": [
                    "sum"
                  ],
                  "fields": "",
                  "values": false
                },
                "showPercentChange": false,
                "textMode": "auto",
                "wideLayout": true
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "fixed",
                    "fixedColor": "blue"
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-10": {
        "kind": "Panel",
        "spec": {
          "id": 10,
          "title": "Total Log Volume Over Time",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "Messages",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "auto"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "source:moonlab OR source:docker-lab OR source:proxmox OR source:nexus-node OR source:k8s-prod01 OR source:authentik OR source:stargate OR source:minecraft OR source:gatekeeper OR source:rpi4\n",
                        "rawDSLQuery": "",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "timeseries",
            "version": "13.0.2",
            "spec": {
              "options": {
                "annotations": {
                  "clustering": -1,
                  "multiLane": false
                },
                "legend": {
                  "calcs": [],
                  "displayMode": "list",
                  "placement": "bottom",
                  "showLegend": true
                },
                "tooltip": {
                  "hideZeros": false,
                  "mode": "multi",
                  "sort": "none"
                }
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "palette-classic"
                  },
                  "custom": {
                    "axisBorderShow": false,
                    "axisCenteredZero": false,
                    "axisColorMode": "text",
                    "axisLabel": "",
                    "axisPlacement": "auto",
                    "barAlignment": 0,
                    "barWidthFactor": 0.6,
                    "drawStyle": "line",
                    "fillOpacity": 15,
                    "gradientMode": "opacity",
                    "hideFrom": {
                      "legend": false,
                      "tooltip": false,
                      "viz": false
                    },
                    "insertNulls": false,
                    "lineInterpolation": "linear",
                    "lineWidth": 2,
                    "pointSize": 5,
                    "scaleDistribution": {
                      "type": "linear"
                    },
                    "showPoints": "auto",
                    "showValues": false,
                    "spanNulls": false,
                    "stacking": {
                      "group": "A",
                      "mode": "none"
                    },
                    "thresholdsStyle": {
                      "mode": "off"
                    }
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-2": {
        "kind": "Panel",
        "spec": {
          "id": 2,
          "title": "Messages Last Hour",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "Msgs/hr",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "1h",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "*",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "stat",
            "version": "13.0.2",
            "spec": {
              "options": {
                "colorMode": "background",
                "graphMode": "area",
                "justifyMode": "center",
                "orientation": "auto",
                "percentChangeColorMode": "standard",
                "reduceOptions": {
                  "calcs": [
                    "lastNotNull"
                  ],
                  "fields": "",
                  "values": false
                },
                "showPercentChange": false,
                "textMode": "auto",
                "wideLayout": true
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "fixed",
                    "fixedColor": "green"
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-20": {
        "kind": "Panel",
        "spec": {
          "id": 20,
          "title": "Log Share by Host",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "{{term source}}",
                        "bucketAggs": [
                          {
                            "field": "source",
                            "id": "2",
                            "settings": {
                              "execution_hint": "map",
                              "min_doc_count": "1",
                              "order": "desc",
                              "orderBy": "_count",
                              "size": "20"
                            },
                            "type": "terms"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "*",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "piechart",
            "version": "13.0.2",
            "spec": {
              "options": {
                "legend": {
                  "displayMode": "table",
                  "placement": "right",
                  "showLegend": true,
                  "values": [
                    "value",
                    "percent"
                  ]
                },
                "pieType": "pie",
                "reduceOptions": {
                  "calcs": [
                    "lastNotNull"
                  ],
                  "fields": "",
                  "values": false
                },
                "sort": "desc",
                "tooltip": {
                  "hideZeros": false,
                  "mode": "multi",
                  "sort": "none"
                }
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "color": {
                    "mode": "palette-classic"
                  },
                  "custom": {
                    "hideFrom": {
                      "legend": false,
                      "tooltip": false,
                      "viz": false
                    }
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-21": {
        "kind": "Panel",
        "spec": {
          "id": 21,
          "title": "Top Hosts by Log Volume",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "{{term source}}",
                        "bucketAggs": [
                          {
                            "field": "source",
                            "id": "2",
                            "settings": {
                              "execution_hint": "map",
                              "min_doc_count": "1",
                              "order": "desc",
                              "orderBy": "_count",
                              "size": "15"
                            },
                            "type": "terms"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "*",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "barchart",
            "version": "13.0.2",
            "spec": {
              "options": {
                "barRadius": 0.05,
                "barWidth": 0.7,
                "fullHighlight": false,
                "groupWidth": 0.7,
                "legend": {
                  "calcs": [],
                  "displayMode": "list",
                  "placement": "bottom",
                  "showLegend": true
                },
                "orientation": "horizontal",
                "showValue": "auto",
                "stacking": "none",
                "tooltip": {
                  "hideZeros": false,
                  "mode": "single",
                  "sort": "none"
                },
                "xTickLabelRotation": 0,
                "xTickLabelSpacing": 0
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "palette-classic"
                  },
                  "custom": {
                    "axisBorderShow": false,
                    "axisCenteredZero": false,
                    "axisColorMode": "text",
                    "axisLabel": "",
                    "axisPlacement": "auto",
                    "fillOpacity": 80,
                    "gradientMode": "none",
                    "hideFrom": {
                      "legend": false,
                      "tooltip": false,
                      "viz": false
                    },
                    "lineWidth": 1,
                    "scaleDistribution": {
                      "type": "linear"
                    },
                    "thresholdsStyle": {
                      "mode": "off"
                    }
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-22": {
        "kind": "Panel",
        "spec": {
          "id": 22,
          "title": "Log Volume by Host Over Time",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "{{term source}}",
                        "bucketAggs": [
                          {
                            "field": "source",
                            "id": "3",
                            "settings": {
                              "execution_hint": "map",
                              "min_doc_count": "1",
                              "order": "desc",
                              "orderBy": "_count",
                              "size": "15"
                            },
                            "type": "terms"
                          },
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "auto",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "source:moonlab OR source:dockerlab OR source:stargate OR source:grafana OR source:vaultwarden OR source:authentik OR source:kubelife OR source:minecraft OR source:gatekeeper OR source:rpi4 OR source:nexus OR source:proxmox",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "timeseries",
            "version": "13.0.2",
            "spec": {
              "options": {
                "annotations": {
                  "clustering": -1,
                  "multiLane": false
                },
                "legend": {
                  "calcs": [],
                  "displayMode": "list",
                  "placement": "bottom",
                  "showLegend": true
                },
                "tooltip": {
                  "hideZeros": false,
                  "mode": "multi",
                  "sort": "none"
                }
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "palette-classic"
                  },
                  "custom": {
                    "axisBorderShow": false,
                    "axisCenteredZero": false,
                    "axisColorMode": "text",
                    "axisLabel": "",
                    "axisPlacement": "auto",
                    "barAlignment": 0,
                    "barWidthFactor": 0.6,
                    "drawStyle": "line",
                    "fillOpacity": 15,
                    "gradientMode": "opacity",
                    "hideFrom": {
                      "legend": false,
                      "tooltip": false,
                      "viz": false
                    },
                    "insertNulls": false,
                    "lineInterpolation": "linear",
                    "lineWidth": 2,
                    "pointSize": 5,
                    "scaleDistribution": {
                      "type": "linear"
                    },
                    "showPoints": "auto",
                    "showValues": false,
                    "spanNulls": false,
                    "stacking": {
                      "group": "A",
                      "mode": "none"
                    },
                    "thresholdsStyle": {
                      "mode": "off"
                    }
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-3": {
        "kind": "Panel",
        "spec": {
          "id": 3,
          "title": "pfSense Messages",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "pfSense",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "1d",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "source:pfSense OR source:pfsense OR source:filterlog*",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "stat",
            "version": "13.0.2",
            "spec": {
              "options": {
                "colorMode": "background",
                "graphMode": "none",
                "justifyMode": "center",
                "orientation": "auto",
                "percentChangeColorMode": "standard",
                "reduceOptions": {
                  "calcs": [
                    "sum"
                  ],
                  "fields": "",
                  "values": false
                },
                "showPercentChange": false,
                "textMode": "auto",
                "wideLayout": true
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "fixed",
                    "fixedColor": "orange"
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-30": {
        "kind": "Panel",
        "spec": {
          "id": 30,
          "title": "SSH Logins — Accepted vs Failed",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "SSH Accepted",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "auto",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "message:\"Accepted password\" OR message:\"Accepted publickey\"",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                },
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "SSH Failed",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "4",
                            "settings": {
                              "interval": "auto",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "3",
                            "type": "count"
                          }
                        ],
                        "query": "message:\"Failed password\"",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "B",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "timeseries",
            "version": "13.0.2",
            "spec": {
              "options": {
                "annotations": {
                  "clustering": -1,
                  "multiLane": false
                },
                "legend": {
                  "calcs": [],
                  "displayMode": "list",
                  "placement": "bottom",
                  "showLegend": true
                },
                "tooltip": {
                  "hideZeros": false,
                  "mode": "multi",
                  "sort": "none"
                }
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "palette-classic"
                  },
                  "custom": {
                    "axisBorderShow": false,
                    "axisCenteredZero": false,
                    "axisColorMode": "text",
                    "axisLabel": "",
                    "axisPlacement": "auto",
                    "barAlignment": 0,
                    "barWidthFactor": 0.6,
                    "drawStyle": "line",
                    "fillOpacity": 15,
                    "gradientMode": "opacity",
                    "hideFrom": {
                      "legend": false,
                      "tooltip": false,
                      "viz": false
                    },
                    "insertNulls": false,
                    "lineInterpolation": "linear",
                    "lineWidth": 2,
                    "pointSize": 5,
                    "scaleDistribution": {
                      "type": "linear"
                    },
                    "showPoints": "auto",
                    "showValues": false,
                    "spanNulls": false,
                    "stacking": {
                      "group": "A",
                      "mode": "none"
                    },
                    "thresholdsStyle": {
                      "mode": "off"
                    }
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-31": {
        "kind": "Panel",
        "spec": {
          "id": 31,
          "title": "Sudo Usage Over Time",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "Sudo",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "auto",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "message:sudo",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "timeseries",
            "version": "13.0.2",
            "spec": {
              "options": {
                "annotations": {
                  "clustering": -1,
                  "multiLane": false
                },
                "legend": {
                  "calcs": [],
                  "displayMode": "list",
                  "placement": "bottom",
                  "showLegend": true
                },
                "tooltip": {
                  "hideZeros": false,
                  "mode": "multi",
                  "sort": "none"
                }
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "palette-classic"
                  },
                  "custom": {
                    "axisBorderShow": false,
                    "axisCenteredZero": false,
                    "axisColorMode": "text",
                    "axisLabel": "",
                    "axisPlacement": "auto",
                    "barAlignment": 0,
                    "barWidthFactor": 0.6,
                    "drawStyle": "line",
                    "fillOpacity": 15,
                    "gradientMode": "opacity",
                    "hideFrom": {
                      "legend": false,
                      "tooltip": false,
                      "viz": false
                    },
                    "insertNulls": false,
                    "lineInterpolation": "linear",
                    "lineWidth": 2,
                    "pointSize": 5,
                    "scaleDistribution": {
                      "type": "linear"
                    },
                    "showPoints": "auto",
                    "showValues": false,
                    "spanNulls": false,
                    "stacking": {
                      "group": "A",
                      "mode": "none"
                    },
                    "thresholdsStyle": {
                      "mode": "off"
                    }
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-32": {
        "kind": "Panel",
        "spec": {
          "id": 32,
          "title": "Audit Events Over Time",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "Audit Events",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "auto",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "message:\"type=SYSCALL\" OR message:\"type=USER_AUTH\" OR message:\"type=USER_LOGIN\"",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "timeseries",
            "version": "13.0.2",
            "spec": {
              "options": {
                "annotations": {
                  "clustering": -1,
                  "multiLane": false
                },
                "legend": {
                  "calcs": [],
                  "displayMode": "list",
                  "placement": "bottom",
                  "showLegend": true
                },
                "tooltip": {
                  "hideZeros": false,
                  "mode": "multi",
                  "sort": "none"
                }
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "palette-classic"
                  },
                  "custom": {
                    "axisBorderShow": false,
                    "axisCenteredZero": false,
                    "axisColorMode": "text",
                    "axisLabel": "",
                    "axisPlacement": "auto",
                    "barAlignment": 0,
                    "barWidthFactor": 0.6,
                    "drawStyle": "line",
                    "fillOpacity": 15,
                    "gradientMode": "none",
                    "hideFrom": {
                      "legend": false,
                      "tooltip": false,
                      "viz": false
                    },
                    "insertNulls": false,
                    "lineInterpolation": "linear",
                    "lineWidth": 2,
                    "pointSize": 5,
                    "scaleDistribution": {
                      "type": "linear"
                    },
                    "showPoints": "auto",
                    "showValues": false,
                    "spanNulls": false,
                    "stacking": {
                      "group": "A",
                      "mode": "none"
                    },
                    "thresholdsStyle": {
                      "mode": "off"
                    }
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-33": {
        "kind": "Panel",
        "spec": {
          "id": 33,
          "title": "Auth Failures by Host",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "{{term source}}",
                        "bucketAggs": [
                          {
                            "field": "source",
                            "id": "3",
                            "settings": {
                              "execution_hint": "map",
                              "min_doc_count": "1",
                              "order": "desc",
                              "orderBy": "_count",
                              "size": "10"
                            },
                            "type": "terms"
                          },
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "auto",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "message:\"Failed password\" OR message:\"authentication failure\" OR message:\"Invalid user\"",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "timeseries",
            "version": "13.0.2",
            "spec": {
              "options": {
                "annotations": {
                  "clustering": -1,
                  "multiLane": false
                },
                "legend": {
                  "calcs": [],
                  "displayMode": "list",
                  "placement": "bottom",
                  "showLegend": true
                },
                "tooltip": {
                  "hideZeros": false,
                  "mode": "multi",
                  "sort": "none"
                }
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "palette-classic"
                  },
                  "custom": {
                    "axisBorderShow": false,
                    "axisCenteredZero": false,
                    "axisColorMode": "text",
                    "axisLabel": "",
                    "axisPlacement": "auto",
                    "barAlignment": 0,
                    "barWidthFactor": 0.6,
                    "drawStyle": "line",
                    "fillOpacity": 15,
                    "gradientMode": "none",
                    "hideFrom": {
                      "legend": false,
                      "tooltip": false,
                      "viz": false
                    },
                    "insertNulls": false,
                    "lineInterpolation": "linear",
                    "lineWidth": 2,
                    "pointSize": 5,
                    "scaleDistribution": {
                      "type": "linear"
                    },
                    "showPoints": "auto",
                    "showValues": false,
                    "spanNulls": false,
                    "stacking": {
                      "group": "A",
                      "mode": "none"
                    },
                    "thresholdsStyle": {
                      "mode": "off"
                    }
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-4": {
        "kind": "Panel",
        "spec": {
          "id": 4,
          "title": "Proxmox Messages",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "Proxmox",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "1d",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "source:proxmox",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "stat",
            "version": "13.0.2",
            "spec": {
              "options": {
                "colorMode": "background",
                "graphMode": "none",
                "justifyMode": "center",
                "orientation": "auto",
                "percentChangeColorMode": "standard",
                "reduceOptions": {
                  "calcs": [
                    "sum"
                  ],
                  "fields": "",
                  "values": false
                },
                "showPercentChange": false,
                "textMode": "auto",
                "wideLayout": true
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 80,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "fixed",
                    "fixedColor": "purple"
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-40": {
        "kind": "Panel",
        "spec": {
          "id": 40,
          "title": "Recent Messages — All Hosts",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "bucketAggs": [],
                        "metrics": [
                          {
                            "id": "1",
                            "settings": {
                              "limit": "500"
                            },
                            "type": "logs"
                          }
                        ],
                        "query": "*",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "logs",
            "version": "13.0.2",
            "spec": {
              "options": {
                "dedupStrategy": "none",
                "enableInfiniteScrolling": false,
                "enableLogDetails": true,
                "prettifyLogMessage": false,
                "showCommonLabels": false,
                "showControls": false,
                "showFieldSelector": false,
                "showLabels": true,
                "showLevel": true,
                "showTime": true,
                "sortOrder": "Descending",
                "timestampResolution": "ms",
                "unwrappedColumns": false,
                "wrapLogMessage": true
              },
              "fieldConfig": {
                "defaults": {},
                "overrides": []
              }
            }
          }
        }
      },
      "panel-5": {
        "kind": "Panel",
        "spec": {
          "id": 5,
          "title": "Auth Failures",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "Auth Failures",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "1d",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "message:\"Failed password\" OR message:\"authentication failure\" OR message:\"Invalid user\"",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "stat",
            "version": "13.0.2",
            "spec": {
              "options": {
                "colorMode": "background",
                "graphMode": "none",
                "justifyMode": "center",
                "orientation": "auto",
                "percentChangeColorMode": "standard",
                "reduceOptions": {
                  "calcs": [
                    "sum"
                  ],
                  "fields": "",
                  "values": false
                },
                "showPercentChange": false,
                "textMode": "auto",
                "wideLayout": true
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 1,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "thresholds"
                  }
                },
                "overrides": []
              }
            }
          }
        }
      },
      "panel-6": {
        "kind": "Panel",
        "spec": {
          "id": 6,
          "title": "SSH Failed Logins",
          "description": "",
          "links": [],
          "data": {
            "kind": "QueryGroup",
            "spec": {
              "queries": [
                {
                  "kind": "PanelQuery",
                  "spec": {
                    "query": {
                      "kind": "DataQuery",
                      "group": "elasticsearch",
                      "version": "v0",
                      "datasource": {
                        "name": "${DS_GRAYLOG_OPENSEARCH}"
                      },
                      "spec": {
                        "alias": "SSH Failed",
                        "bucketAggs": [
                          {
                            "field": "timestamp",
                            "id": "2",
                            "settings": {
                              "interval": "1d",
                              "min_doc_count": "0",
                              "trimEdges": "0"
                            },
                            "type": "date_histogram"
                          }
                        ],
                        "metrics": [
                          {
                            "id": "1",
                            "type": "count"
                          }
                        ],
                        "query": "message:\"Failed password\"",
                        "timeField": "timestamp"
                      }
                    },
                    "refId": "A",
                    "hidden": false
                  }
                }
              ],
              "transformations": [],
              "queryOptions": {}
            }
          },
          "vizConfig": {
            "kind": "VizConfig",
            "group": "stat",
            "version": "13.0.2",
            "spec": {
              "options": {
                "colorMode": "background",
                "graphMode": "none",
                "justifyMode": "center",
                "orientation": "auto",
                "percentChangeColorMode": "standard",
                "reduceOptions": {
                  "calcs": [
                    "sum"
                  ],
                  "fields": "",
                  "values": false
                },
                "showPercentChange": false,
                "textMode": "auto",
                "wideLayout": true
              },
              "fieldConfig": {
                "defaults": {
                  "unit": "short",
                  "thresholds": {
                    "mode": "absolute",
                    "steps": [
                      {
                        "value": 0,
                        "color": "green"
                      },
                      {
                        "value": 1,
                        "color": "red"
                      }
                    ]
                  },
                  "color": {
                    "mode": "thresholds"
                  }
                },
                "overrides": []
              }
            }
          }
        }
      }
    },
    "layout": {
      "kind": "RowsLayout",
      "spec": {
        "rows": [
          {
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "📊 Overview",
              "collapse": false,
              "layout": {
                "kind": "GridLayout",
                "spec": {
                  "items": [
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 0,
                        "y": 0,
                        "width": 4,
                        "height": 4,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-1"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 4,
                        "y": 0,
                        "width": 4,
                        "height": 4,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-2"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 8,
                        "y": 0,
                        "width": 4,
                        "height": 4,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-3"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 12,
                        "y": 0,
                        "width": 4,
                        "height": 4,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-4"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 16,
                        "y": 0,
                        "width": 4,
                        "height": 4,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-5"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 20,
                        "y": 0,
                        "width": 4,
                        "height": 4,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-6"
                        }
                      }
                    }
                  ]
                }
              }
            }
          },
          {
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "📈 Message Volume Over Time",
              "collapse": false,
              "layout": {
                "kind": "GridLayout",
                "spec": {
                  "items": [
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 0,
                        "y": 0,
                        "width": 24,
                        "height": 8,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-10"
                        }
                      }
                    }
                  ]
                }
              }
            }
          },
          {
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "🖥️ Per-Host Breakdown",
              "collapse": false,
              "layout": {
                "kind": "GridLayout",
                "spec": {
                  "items": [
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 0,
                        "y": 0,
                        "width": 12,
                        "height": 10,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-20"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 12,
                        "y": 0,
                        "width": 12,
                        "height": 10,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-21"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 0,
                        "y": 10,
                        "width": 24,
                        "height": 8,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-22"
                        }
                      }
                    }
                  ]
                }
              }
            }
          },
          {
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "🔐 Security Events",
              "collapse": false,
              "layout": {
                "kind": "GridLayout",
                "spec": {
                  "items": [
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 0,
                        "y": 0,
                        "width": 12,
                        "height": 8,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-30"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 12,
                        "y": 0,
                        "width": 12,
                        "height": 8,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-31"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 0,
                        "y": 8,
                        "width": 12,
                        "height": 8,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-32"
                        }
                      }
                    },
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 12,
                        "y": 8,
                        "width": 12,
                        "height": 8,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-33"
                        }
                      }
                    }
                  ]
                }
              }
            }
          },
          {
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "📋 Recent Log Messages",
              "collapse": false,
              "layout": {
                "kind": "GridLayout",
                "spec": {
                  "items": [
                    {
                      "kind": "GridLayoutItem",
                      "spec": {
                        "x": 0,
                        "y": 0,
                        "width": 24,
                        "height": 12,
                        "element": {
                          "kind": "ElementReference",
                          "name": "panel-40"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        ]
      }
    },
    "links": [
      {
        "title": "Open Graylog",
        "type": "link",
        "icon": "external link",
        "tooltip": "",
        "url": "https://logs.lab.kdn.cloud",
        "tags": [],
        "asDropdown": false,
        "targetBlank": true,
        "includeVars": false,
        "keepTime": false
      }
    ],
    "liveNow": false,
    "preload": false,
    "tags": [
      "graylog",
      "logs",
      "security",
      "kdn-lab"
    ],
    "timeSettings": {
      "timezone": "browser",
      "from": "now-12h",
      "to": "now",
      "autoRefresh": "1m",
      "autoRefreshIntervals": [
        "5s",
        "10s",
        "30s",
        "1m",
        "5m",
        "15m",
        "30m",
        "1h",
        "2h",
        "1d"
      ],
      "hideTimepicker": false,
      "fiscalYearStartMonth": 0
    },
    "title": "Graylog — Log Analytics — KDN Lab",
    "variables": [
      {
        "kind": "DatasourceVariable",
        "spec": {
          "name": "DS_GRAYLOG_OPENSEARCH",
          "pluginId": "grafana-opensearch-datasource",
          "refresh": "onDashboardLoad",
          "regex": "",
          "current": {
            "text": "",
            "value": ""
          },
          "options": [],
          "multi": false,
          "includeAll": false,
          "label": "Graylog OpenSearch",
          "hide": "dontHide",
          "skipUrlSync": false,
          "allowCustomValue": true
        }
      }
    ]
  }
}