elastic · tsg · Jul 21, 2017 · Jul 17, 2017 · Jul 20, 2017 · Jul 20, 2017
diff --git a/.gitignore b/.gitignore
@@ -4,7 +4,8 @@
 /build
 /*/data
 /*/logs
-/*/_meta/kibana/index-pattern
+/*/_meta/kibana/5.x/index-pattern
+/*/_meta/kibana/default/index-pattern
 
 # Files
 .DS_Store

diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -69,6 +69,8 @@ https://github.com/elastic/beats/compare/v5.4.1...master[Check the HEAD diff]
 
 *Affecting all Beats*
 
+- Add option to the import_dashboards script to load the dashboards via Kibana API. {pull}4682[4682]
+
 *Filebeat*
 
 - Add support for loading Xpack Machine Learning configurations from the modules, and added sample configurations for the Nginx module. {pull}4506[4506] {pull}4609[4609]

diff --git a/...dashboard/Filebeat-Apache2-Dashboard.json → ...dashboard/Filebeat-Apache2-Dashboard.json b/...dashboard/Filebeat-Apache2-Dashboard.json → ...dashboard/Filebeat-Apache2-Dashboard.json
diff --git a/...ta/kibana/search/Apache2-access-logs.json → ...ibana/5.x/search/Apache2-access-logs.json b/...ta/kibana/search/Apache2-access-logs.json → ...ibana/5.x/search/Apache2-access-logs.json
diff --git a/...eta/kibana/search/Apache2-errors-log.json → ...kibana/5.x/search/Apache2-errors-log.json b/...eta/kibana/search/Apache2-errors-log.json → ...kibana/5.x/search/Apache2-errors-log.json
diff --git a/...zation/Apache2-access-unique-IPs-map.json → ...zation/Apache2-access-unique-IPs-map.json b/...zation/Apache2-access-unique-IPs-map.json → ...zation/Apache2-access-unique-IPs-map.json
diff --git a/...ibana/visualization/Apache2-browsers.json → ...a/5.x/visualization/Apache2-browsers.json b/...ibana/visualization/Apache2-browsers.json → ...a/5.x/visualization/Apache2-browsers.json
diff --git a/...ization/Apache2-error-logs-over-time.json → ...ization/Apache2-error-logs-over-time.json b/...ization/Apache2-error-logs-over-time.json → ...ization/Apache2-error-logs-over-time.json
diff --git a/...ualization/Apache2-operating-systems.json → ...ualization/Apache2-operating-systems.json b/...ualization/Apache2-operating-systems.json → ...ualization/Apache2-operating-systems.json
diff --git a/...n/Apache2-response-codes-of-top-URLs.json → ...n/Apache2-response-codes-of-top-URLs.json b/...n/Apache2-response-codes-of-top-URLs.json → ...n/Apache2-response-codes-of-top-URLs.json
diff --git a/...ion/Apache2-response-codes-over-time.json → ...ion/Apache2-response-codes-over-time.json b/...ion/Apache2-response-codes-over-time.json → ...ion/Apache2-response-codes-over-time.json
diff --git a/filebeat/module/apache2/_meta/kibana/default/dashboard/Filebeat-apache2.json b/filebeat/module/apache2/_meta/kibana/default/dashboard/Filebeat-apache2.json
@@ -0,0 +1,167 @@
+{
+  "objects": [
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[]}"
+        },
+        "savedSearchId": "Apache2-access-logs",
+        "title": "Apache2 access unique IPs map",
+        "uiStateJSON": "{\"mapCenter\":[14.944784875088372,5.09765625]}",
+        "version": 1,
+        "visState": "{\"title\":\"Apache2 access unique IPs map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"apache2.access.remote_ip\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.geoip.location\",\"autoPrecision\":true}}],\"listeners\":{}}"
+      },
+      "id": "Apache2-access-unique-IPs-map",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[]}"
+        },
+        "savedSearchId": "Apache2-access-logs",
+        "title": "Apache2 response codes of top URLs",
+        "uiStateJSON": "{\"vis\":{\"colors\":{\"200\":\"#7EB26D\",\"404\":\"#EF843C\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Apache2 response codes of top URLs\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"apache2.access.url\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URL\",\"row\":false}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"
+      },
+      "id": "Apache2-response-codes-of-top-URLs",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[]}"
+        },
+        "savedSearchId": "Apache2-access-logs",
+        "title": "Apache2 browsers",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Apache2 browsers\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"apache2.access.remote_ip\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"
+      },
+      "id": "Apache2-browsers",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[]}"
+        },
+        "savedSearchId": "Apache2-access-logs",
+        "title": "Apache2 operating systems",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Apache2 operating systems\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"apache2.access.remote_ip\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.os_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.os_major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"
+      },
+      "id": "Apache2-operating-systems",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[]}"
+        },
+        "savedSearchId": "Apache2-errors-log",
+        "title": "Apache2 error logs over time",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Apache2 error logs over time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"apache2.error.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"
+      },
+      "id": "Apache2-error-logs-over-time",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[]}"
+        },
+        "savedSearchId": "Apache2-access-logs",
+        "title": "Apache2 response codes over time",
+        "uiStateJSON": "{\"vis\":{\"colors\":{\"200\":\"#629E51\",\"404\":\"#EF843C\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Apache2 response codes over time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"apache2.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"
+      },
+      "id": "Apache2-response-codes-over-time",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "columns": [
+          "apache2.error.client",
+          "apache2.error.level",
+          "apache2.error.module",
+          "apache2.error.message"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:apache2.error\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}"
+        },
+        "sort": [
+          "@timestamp",
+          "desc"
+        ],
+        "title": "Apache2 errors log",
+        "version": 1
+      },
+      "id": "Apache2-errors-log",
+      "type": "search",
+      "version": 8
+    },
+    {
+      "attributes": {
+        "columns": [
+          "apache2.access.remote_ip",
+          "apache2.access.method",
+          "apache2.access.url",
+          "apache2.access.response_code"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:apache2.access\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}"
+        },
+        "sort": [
+          "@timestamp",
+          "desc"
+        ],
+        "title": "Apache2 access logs",
+        "version": 1
+      },
+      "id": "Apache2-access-logs",
+      "type": "search",
+      "version": 20
+    },
+    {
+      "attributes": {
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
+        },
+        "optionsJSON": "{\"darkTheme\":false}",
+        "panelsJSON": "[{\"col\":1,\"id\":\"Apache2-access-unique-IPs-map\",\"panelIndex\":1,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-response-codes-of-top-URLs\",\"panelIndex\":2,\"row\":6,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Apache2-browsers\",\"panelIndex\":3,\"row\":6,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":11,\"id\":\"Apache2-operating-systems\",\"panelIndex\":4,\"row\":4,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-error-logs-over-time\",\"panelIndex\":5,\"row\":9,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-response-codes-over-time\",\"panelIndex\":6,\"row\":4,\"size_x\":10,\"size_y\":2,\"type\":\"visualization\"},{\"id\":\"Apache2-errors-log\",\"type\":\"search\",\"panelIndex\":7,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":11,\"columns\":[\"apache2.error.client\",\"apache2.error.level\",\"apache2.error.module\",\"apache2.error.message\"],\"sort\":[\"@timestamp\",\"desc\"]}]",
+        "timeRestore": false,
+        "title": "Filebeat Apache2 Dashboard",
+        "uiStateJSON": "{\"P-1\":{\"mapCenter\":[40.713955826286046,-0.17578125]}}",
+        "version": 1
+      },
+      "id": "Filebeat-Apache2-Dashboard",
+      "type": "dashboard",
+      "version": 4
+    }
+  ],
+  "version": "6.0.0-alpha3-SNAPSHOT"
+}
diff --git a/...dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json → ...dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json b/...dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json → ...dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json
diff --git a/...4ac0a370-0a11-11e7-8b04-eb22a5669f27.json → ...4ac0a370-0a11-11e7-8b04-eb22a5669f27.json b/...4ac0a370-0a11-11e7-8b04-eb22a5669f27.json → ...4ac0a370-0a11-11e7-8b04-eb22a5669f27.json
diff --git a/...2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json → ...2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json b/...2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json → ...2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json
diff --git a/...5ebdbe50-0a0f-11e7-825f-6748cda7d858.json → ...5ebdbe50-0a0f-11e7-825f-6748cda7d858.json b/...5ebdbe50-0a0f-11e7-825f-6748cda7d858.json → ...5ebdbe50-0a0f-11e7-825f-6748cda7d858.json
diff --git a/...6295bdd0-0a0e-11e7-825f-6748cda7d858.json → ...6295bdd0-0a0e-11e7-825f-6748cda7d858.json b/...6295bdd0-0a0e-11e7-825f-6748cda7d858.json → ...6295bdd0-0a0e-11e7-825f-6748cda7d858.json
diff --git a/...c5411910-0a87-11e7-8b04-eb22a5669f27.json → ...c5411910-0a87-11e7-8b04-eb22a5669f27.json b/...c5411910-0a87-11e7-8b04-eb22a5669f27.json → ...c5411910-0a87-11e7-8b04-eb22a5669f27.json
diff --git a/...d1726930-0a7f-11e7-8b04-eb22a5669f27.json → ...d1726930-0a7f-11e7-8b04-eb22a5669f27.json b/...d1726930-0a7f-11e7-8b04-eb22a5669f27.json → ...d1726930-0a7f-11e7-8b04-eb22a5669f27.json
diff --git a/filebeat/module/auditd/_meta/kibana/default/dashboard/Filebeat-auditd.json b/filebeat/module/auditd/_meta/kibana/default/dashboard/Filebeat-auditd.json
@@ -0,0 +1,121 @@
+{
+  "objects": [
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\n  \"index\": \"filebeat-*\",\n  \"query\": {\n    \"query_string\": {\n      \"query\": \"*\",\n      \"analyze_wildcard\": true\n    }\n  },\n  \"filter\": []\n}"
+        },
+        "title": "Audit Event Types",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\n  \"title\": \"Audit Event Types\",\n  \"type\": \"pie\",\n  \"params\": {\n    \"addTooltip\": true,\n    \"addLegend\": true,\n    \"legendPosition\": \"right\",\n    \"isDonut\": true\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"count\",\n      \"schema\": \"metric\",\n      \"params\": {}\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"auditd.log.record_type\",\n        \"size\": 50,\n        \"order\": \"desc\",\n        \"orderBy\": \"1\"\n      }\n    }\n  ],\n  \"listeners\": {}\n}"
+      },
+      "id": "6295bdd0-0a0e-11e7-825f-6748cda7d858",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"auditd.log.record_type:EXECVE\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        },
+        "title": "Audit Top Exec Commands",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Audit Top Exec Commands\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"auditd.log.a0\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command (arg 0)\"}}],\"listeners\":{}}"
+      },
+      "id": "5ebdbe50-0a0f-11e7-825f-6748cda7d858",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
+        },
+        "title": "Audit Event Results",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"type\":\"timelion\",\"title\":\"Audit Event Results\",\"params\":{\"expression\":\".es(q=\\\"_exists_:auditd.log NOT auditd.log.res:failure\\\").label(\\\"Success\\\") .es(q=\\\"auditd.log.res:failed\\\").label(\\\"Failure\\\").title(\\\"Audit Event Results\\\")\",\"interval\":\"auto\"}}"
+      },
+      "id": "2bb0fa70-0a11-11e7-9e84-43da493ad0c7",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        },
+        "title": "Audit Event Address Geo Location",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Audit Event Address Geo Location\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"auditd.log.geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}"
+      },
+      "id": "d1726930-0a7f-11e7-8b04-eb22a5669f27",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        },
+        "title": "Audit Event Account Tag Cloud",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Audit Event Account Tag Cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":15,\"maxFontSize\":42,\"hideLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auditd.log.acct\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"
+      },
+      "id": "c5411910-0a87-11e7-8b04-eb22a5669f27",
+      "type": "visualization",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "columns": [
+          "auditd.log.record_type",
+          "auditd.log.sequence",
+          "auditd.log.acct"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:auditd.log\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        },
+        "sort": [
+          "@timestamp",
+          "desc"
+        ],
+        "title": "Audit Events",
+        "version": 1
+      },
+      "id": "4ac0a370-0a11-11e7-8b04-eb22a5669f27",
+      "type": "search",
+      "version": 4
+    },
+    {
+      "attributes": {
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}"
+        },
+        "optionsJSON": "{\"darkTheme\":false}",
+        "panelsJSON": "[{\"col\":1,\"id\":\"6295bdd0-0a0e-11e7-825f-6748cda7d858\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"5ebdbe50-0a0f-11e7-825f-6748cda7d858\",\"panelIndex\":2,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2bb0fa70-0a11-11e7-9e84-43da493ad0c7\",\"panelIndex\":3,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"d1726930-0a7f-11e7-8b04-eb22a5669f27\",\"panelIndex\":5,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"c5411910-0a87-11e7-8b04-eb22a5669f27\",\"panelIndex\":6,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":7,\"type\":\"search\",\"id\":\"4ac0a370-0a11-11e7-8b04-eb22a5669f27\",\"col\":1,\"row\":8,\"columns\":[\"auditd.log.record_type\",\"auditd.log.sequence\",\"auditd.log.acct\"],\"sort\":[\"@timestamp\",\"desc\"]}]",
+        "timeRestore": false,
+        "title": "Filebeat Auditd",
+        "uiStateJSON": "{\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}",
+        "version": 1
+      },
+      "id": "dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb",
+      "type": "dashboard",
+      "version": 4
+    }
+  ],
+  "version": "6.0.0-alpha3-SNAPSHOT"
+}
diff --git a/...a/dashboard/Filebeat-MySQL-Dashboard.json → ...x/dashboard/Filebeat-MySQL-Dashboard.json b/...a/dashboard/Filebeat-MySQL-Dashboard.json → ...x/dashboard/Filebeat-MySQL-Dashboard.json
diff --git a/...ibana/search/Filebeat-MySQL-Slow-log.json → ...a/5.x/search/Filebeat-MySQL-Slow-log.json b/...ibana/search/Filebeat-MySQL-Slow-log.json → ...a/5.x/search/Filebeat-MySQL-Slow-log.json
diff --git a/...bana/search/Filebeat-MySQL-error-log.json → .../5.x/search/Filebeat-MySQL-error-log.json b/...bana/search/Filebeat-MySQL-error-log.json → .../5.x/search/Filebeat-MySQL-error-log.json
diff --git a/...isualization/MySQL-Error-logs-levels.json → ...isualization/MySQL-Error-logs-levels.json b/...isualization/MySQL-Error-logs-levels.json → ...isualization/MySQL-Error-logs-levels.json
diff --git a/...sualization/MySQL-Slow-logs-by-count.json → ...sualization/MySQL-Slow-logs-by-count.json b/...sualization/MySQL-Slow-logs-by-count.json → ...sualization/MySQL-Slow-logs-by-count.json
diff --git a/...ization/MySQL-Slow-queries-over-time.json → ...ization/MySQL-Slow-queries-over-time.json b/...ization/MySQL-Slow-queries-over-time.json → ...ization/MySQL-Slow-queries-over-time.json
diff --git a/...ibana/visualization/MySQL-error-logs.json → ...a/5.x/visualization/MySQL-error-logs.json b/...ibana/visualization/MySQL-error-logs.json → ...a/5.x/visualization/MySQL-error-logs.json
diff --git a/.../visualization/MySQL-slowest-queries.json → .../visualization/MySQL-slowest-queries.json b/.../visualization/MySQL-slowest-queries.json → .../visualization/MySQL-slowest-queries.json