Default Beats Kibana dashboards to KQL instead of Lucene (#11268)

Closes #10969. In Kibana as of 7.0, the default query language is no longer Lucene, but KQL (Kibana Query Language). This PR updates all of the JSON objects to use the new language, and modifies any existing queries to the new syntax (if needed - most of them stayed the same).
elastic · Mar 21, 2019 · 02d29c6 · 02d29c6
1 parent 6865403
commit 02d29c6
Show file tree

Hide file tree

Showing 83 changed files with 1,040 additions and 1,733 deletions.
diff --git a/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-executions.json b/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-executions.json
@@ -7,7 +7,7 @@
  "searchSourceJSON": {
  "filter": [], 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }
  }
@@ -63,7 +63,7 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }
  }
@@ -115,7 +115,7 @@
  "searchSourceJSON": {
  "filter": [], 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }
  }
@@ -231,8 +231,8 @@
  "highlightAll": true, 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": "*"
+ "language": "kuery",
+ "query": ""
  }, 
  "version": true
  }
@@ -258,7 +258,7 @@
  "filter": [], 
  "highlightAll": true, 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }, 
  "version": true

diff --git a/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-overview.json b/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-overview.json
@@ -82,7 +82,7 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }
  }
@@ -191,7 +191,7 @@
  "highlightAll": true, 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }, 
  "version": true
@@ -218,7 +218,7 @@
  "filter": [], 
  "highlightAll": true, 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }, 
  "version": true

diff --git a/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-sockets.json b/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-sockets.json
@@ -35,7 +35,7 @@
  }
  ], 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }
  }
@@ -129,7 +129,7 @@
  "searchSourceJSON": {
  "filter": [], 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }
  }
@@ -223,7 +223,7 @@
  "searchSourceJSON": {
  "filter": [], 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }
  }
@@ -388,7 +388,7 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }
  }
@@ -545,7 +545,7 @@
  "highlightAll": true, 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }, 
  "version": true
@@ -652,7 +652,7 @@
  "highlightAll": true, 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }, 
  "version": true
@@ -782,7 +782,7 @@
  "highlightAll": true, 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }, 
  "version": true
@@ -809,8 +809,8 @@
  "filter": [], 
  "highlightAll": true, 
  "query": {
- "language": "lucene", 
- "query": "*"
+ "language": "kuery",
+ "query": ""
  }, 
  "version": true
  }

diff --git a/auditbeat/module/file_integrity/_meta/kibana/7/dashboard/auditbeat-file-integrity.json b/auditbeat/module/file_integrity/_meta/kibana/7/dashboard/auditbeat-file-integrity.json
@@ -8,14 +8,8 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "default_field": "*", 
- "query": "*"
- }
- }
+ "language": "kuery",
+ "query": ""
  }
  }
  }, 
@@ -114,14 +108,8 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "default_field": "*", 
- "query": "*"
- }
- }
+ "language": "kuery",
+ "query": ""
  }
  }
  }, 
@@ -253,14 +241,8 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "default_field": "*", 
- "query": "*"
- }
- }
+ "language": "kuery",
+ "query": ""
  }
  }
  }, 
@@ -315,14 +297,8 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "default_field": "*", 
- "query": "*"
- }
- }
+ "language": "kuery",
+ "query": ""
  }
  }
  }, 
@@ -377,15 +353,9 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "default_field": "*", 
+ "language": "kuery",
  "query": "event.action:updated OR event.action:attributes_modified"
  }
- }
- }
  }
  }, 
  "savedSearchId": "a380a060-cb44-11e7-9835-2f31fe08873b-ecs", 
@@ -540,8 +510,8 @@
  ], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": "*"
+ "language": "kuery",
+ "query": ""
  }
  }
  }, 
@@ -639,14 +609,8 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "default_field": "*", 
- "query": "*"
- }
- }
+ "language": "kuery",
+ "query": ""
  }
  }
  }, 
@@ -744,14 +708,8 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "default_field": "*", 
- "query": "*"
- }
- }
+ "language": "kuery",
+ "query": ""
  }
  }
  }, 
@@ -835,15 +793,9 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "default_field": "*", 
+ "language": "kuery",
  "query": "event.action:deleted"
  }
- }
- }
  }
  }, 
  "savedSearchId": "a380a060-cb44-11e7-9835-2f31fe08873b-ecs", 
@@ -897,15 +849,9 @@
  "filter": [], 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "default_field": "*", 
+ "language": "kuery",
  "query": "event.action:created"
  }
- }
- }
  }
  }, 
  "savedSearchId": "a380a060-cb44-11e7-9835-2f31fe08873b-ecs", 
@@ -992,7 +938,7 @@
  "highlightAll": true, 
  "index": "auditbeat-*", 
  "query": {
- "language": "lucene", 
+ "language": "kuery",
  "query": ""
  }, 
  "version": true
@@ -1019,13 +965,8 @@
  "filter": [], 
  "highlightAll": true, 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "query": "*"
- }
- }
+ "language": "kuery",
+ "query": ""
  }, 
  "version": true
  }

diff --git a/filebeat/module/apache/_meta/kibana/7/dashboard/Filebeat-apache.json b/filebeat/module/apache/_meta/kibana/7/dashboard/Filebeat-apache.json
@@ -448,11 +448,9 @@
  }, 
  "index": "filebeat-*", 
  "query": {
- "query_string": {
- "analyze_wildcard": true, 
+ "language": "kuery",
  "query": "event.dataset:apache.error"
  }
- }
  }
  }, 
  "sort": [
@@ -494,11 +492,9 @@
  }, 
  "index": "filebeat-*", 
  "query": {
- "query_string": {
- "analyze_wildcard": true, 
+ "language": "kuery",
  "query": "event.dataset:apache.access"
  }
- }
  }
  }, 
  "sort": [
@@ -521,13 +517,8 @@
  "filter": [], 
  "highlightAll": true, 
  "query": {
- "language": "lucene", 
- "query": {
- "query_string": {
- "analyze_wildcard": true, 
- "query": "*"
- }
- }
+ "language": "kuery",
+ "query": ""
  }, 
  "version": true
  }