metron-platform/metron-indexing/metron-indexing-common/src/main/config/zeppelin/metron/metron-connection-report.json - metron - Git at Google

 {"paragraphs":[{"text":"%spark.sql\n\n#\n# load the Yaf telemetry that has been archived by Metron\n#\ncreate temporary table yaf\n  using org.apache.spark.sql.json\n  options (path \"hdfs:///apps/metron/indexing/indexed/yaf\")","dateUpdated":"2017-05-02T00:17:09+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/sql"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038892_607547570","id":"20170428-112507_2084067902","result":{"code":"SUCCESS","type":"TEXT","msg":""},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:09+0000","dateFinished":"2017-05-02T00:17:10+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:109","focus":true},{"text":"%spark.sql\n\n#\n# load the Bro telemetry that has been archived by Metron\n#\ncreate temporary table bro\n  using org.apache.spark.sql.json\n  options (path \"hdfs:///apps/metron/indexing/indexed/bro\")","dateUpdated":"2017-05-02T00:17:09+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/sql"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038899_618705289","id":"20170428-112518_1452220159","result":{"code":"SUCCESS","type":"TEXT","msg":""},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:09+0000","dateFinished":"2017-05-02T00:17:10+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:110","focus":true},{"text":"%spark.sql\n\n#\n# load the Snort telemetry that has been archived by Metron\n#\ncreate temporary table snort\n  using org.apache.spark.sql.json\n  options (path \"hdfs:///apps/metron/indexing/indexed/snort\")","dateUpdated":"2017-05-02T00:17:09+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/sql"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038899_618705289","id":"20170428-112536_146360703","result":{"code":"SUCCESS","type":"TEXT","msg":""},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:10+0000","dateFinished":"2017-05-02T00:17:11+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:111","focus":true},{"text":"%md\n\n### Top Connections - Yaf\n\nThe number of connections made between IPs, ordered from highest to lowest.\n\nThis may be filtered by a providing a start and end filter, along with a date_format as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html).\nThe default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T11:39:56+0000","config":{"colWidth":12,"editorMode":"ace/mode/scala","graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038902_617551042","id":"20170428-124415_505253984","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Top Connections - Yaf</h3>\n<p>The number of connections made between IPs, ordered from highest to lowest.</p>\n<p>This may be filtered by a providing a start and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:09+0000","dateFinished":"2017-05-02T00:17:12+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:112"},{"text":"%spark.sql\n\nSELECT\n    ip_src_addr,\n    ip_dst_addr,\n    COUNT(*) AS count\nFROM\n    yaf\nWHERE timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '${start}' = '' then '1900-01-01 00:00:00' else '${start}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000) AND\n    (unix_timestamp(CASE WHEN '${end}' = '' then from_unixtime(unix_timestamp()) else '${end}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000)\nGROUP BY ip_src_addr, ip_dst_addr\nORDER BY COUNT(*) DESC\n\n","dateUpdated":"2017-05-02T00:17:09+0000","config":{"colWidth":12,"editorMode":"ace/mode/sql","graph":{"mode":"table","height":300,"optionOpen":false,"keys":[{"name":"ip_src_addr","index":0,"aggr":"sum"}],"values":[{"name":"ip_dst_addr","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"ip_src_addr","index":0,"aggr":"sum"},"yAxis":{"name":"ip_dst_addr","index":1,"aggr":"sum"}}},"enabled":true},"settings":{"params":{"start":"","end":"","date_format":"yyyy-MM-dd HH:mm:ss","yyyy-MM-dd HH:mm:ss":""},"forms":{"start":{"name":"start","defaultValue":"","hidden":false},"date_format":{"name":"date_format","defaultValue":"yyyy-MM-dd HH:mm:ss","hidden":false},"end":{"name":"end","defaultValue":"","hidden":false}}},"jobName":"paragraph_1493670038902_617551042","id":"20170428-112604_1206608049","result":{"code":"SUCCESS","type":"TABLE","msg":"ip_src_addr\tip_dst_addr\tcount\n62.75.195.236\t192.168.138.158\t210\n192.168.66.1\t192.168.66.121\t182\n192.168.66.121\t192.168.66.1\t131\n192.168.138.158\t62.75.195.236\t112\n192.168.138.158\t95.163.121.204\t37\n72.34.49.86\t192.168.138.158\t37\n192.168.138.158\t72.34.49.86\t28\n95.163.121.204\t192.168.138.158\t27\n192.168.138.158\t204.152.254.221\t16\n204.152.254.221\t192.168.138.158\t14\n192.168.138.158\t188.165.164.184\t7\n192.168.138.158\t192.168.138.2\t6\n192.168.138.2\t192.168.138.158\t4\n188.165.164.184\t192.168.138.158\t3\n192.168.66.1\t224.0.0.251\t1\n","comment":"","msgTable":[[{"key":"ip_dst_addr","value":"62.75.195.236"},{"key":"ip_dst_addr","value":"192.168.138.158"},{"key":"ip_dst_addr","value":"210"}],[{"key":"count","value":"192.168.66.1"},{"key":"count","value":"192.168.66.121"},{"key":"count","value":"182"}],[{"value":"192.168.66.121"},{"value":"192.168.66.1"},{"value":"131"}],[{"value":"192.168.138.158"},{"value":"62.75.195.236"},{"value":"112"}],[{"value":"192.168.138.158"},{"value":"95.163.121.204"},{"value":"37"}],[{"value":"72.34.49.86"},{"value":"192.168.138.158"},{"value":"37"}],[{"value":"192.168.138.158"},{"value":"72.34.49.86"},{"value":"28"}],[{"value":"95.163.121.204"},{"value":"192.168.138.158"},{"value":"27"}],[{"value":"192.168.138.158"},{"value":"204.152.254.221"},{"value":"16"}],[{"value":"204.152.254.221"},{"value":"192.168.138.158"},{"value":"14"}],[{"value":"192.168.138.158"},{"value":"188.165.164.184"},{"value":"7"}],[{"value":"192.168.138.158"},{"value":"192.168.138.2"},{"value":"6"}],[{"value":"192.168.138.2"},{"value":"192.168.138.158"},{"value":"4"}],[{"value":"188.165.164.184"},{"value":"192.168.138.158"},{"value":"3"}],[{"value":"192.168.66.1"},{"value":"224.0.0.251"},{"value":"1"}]],"columnNames":[{"name":"ip_src_addr","index":0,"aggr":"sum"},{"name":"ip_dst_addr","index":1,"aggr":"sum"},{"name":"count","index":2,"aggr":"sum"}],"rows":[["62.75.195.236","192.168.138.158","210"],["192.168.66.1","192.168.66.121","182"],["192.168.66.121","192.168.66.1","131"],["192.168.138.158","62.75.195.236","112"],["192.168.138.158","95.163.121.204","37"],["72.34.49.86","192.168.138.158","37"],["192.168.138.158","72.34.49.86","28"],["95.163.121.204","192.168.138.158","27"],["192.168.138.158","204.152.254.221","16"],["204.152.254.221","192.168.138.158","14"],["192.168.138.158","188.165.164.184","7"],["192.168.138.158","192.168.138.2","6"],["192.168.138.2","192.168.138.158","4"],["188.165.164.184","192.168.138.158","3"],["192.168.66.1","224.0.0.251","1"]]},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:11+0000","dateFinished":"2017-05-02T00:17:14+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:113"},{"config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493684751112_1504866931","id":"20170502-002551_1551961648","dateCreated":"2017-05-02T00:25:51+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:2780","dateUpdated":"2017-05-02T11:20:23+0000","dateFinished":"2017-05-02T11:19:43+0000","dateStarted":"2017-05-02T11:19:43+0000","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Connections Histogram - Yaf</h3>\n<p>A histogram of connections made between IPs, binned into groups of time with a configurable lookback.</p>\n<p>This may be filtered by a providing a start and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"},"text":"%md\n\n### Connections Histogram - Yaf\n\nA histogram of connections made between IPs, binned into configurable groups of time.\n\nThis may be filtered by a providing a start and end filter, along with a date_format as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe default format is yyyy-MM-dd HH:mm:ss"},{"text":"%spark\nimport org.apache.spark.sql.Row\nimport scala.concurrent.duration._\nimport java.util.concurrent.TimeUnit\n\nval timeunits = Seq((\"SECONDS\", \"Seconds\"), (\"MINUTES\", \"Minutes\"), (\"HOURS\", \"Hours\"), (\"DAYS\", \"Days\"))\nval sourceIp = z.input(\"SourceIp\").toString\nval destIp = z.input(\"DestIp\").toString\nval start = z.input(\"start\").toString\nval end = z.input(\"end\").toString\nval date_format = z.input(\"date_format\", \"yyyy-MM-dd HH:mm:ss\")\nval durationAmount = z.input(\"BinSize\", \"5\").toString.toInt\nval durationUnit = z.select(\"BinUnit\", \"MINUTES\", timeunits).toString\nval durationSize = Duration.create(durationAmount, TimeUnit.valueOf(durationUnit)).toMillis\n\nval results = sqlContext.sql(\ns\"\"\"SELECT\n    CONCAT(from_unixtime(($durationSize*FLOOR(timestamp/$durationSize))/1000)) AS time,\n    COUNT(*) AS count\nFROM\n    yaf\nWHERE\n    ip_src_addr = '$sourceIp' AND\n    ip_dst_addr = '$destIp' AND\n    timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '$start' = '' then '1900-01-01 00:00:00' else '$start' END, '$date_format') * 1000) AND\n    (unix_timestamp(CASE WHEN '$end' = '' then from_unixtime(unix_timestamp()) else '$end' END, '$date_format') * 1000)\nGROUP BY FLOOR(timestamp/$durationSize)\n\"\"\").map {\n   case Row(time: String, count: Long) => {\n\t\ttime + \"\\t\" + count\n   }\n  }.collect()\n\nprint(\"%table time\\tcount\\n\" + results.mkString(\"\\n\"))","dateUpdated":"2017-05-02T12:53:25+0000","config":{"colWidth":12,"graph":{"mode":"multiBarChart","height":300,"optionOpen":false,"keys":[{"name":"time","index":0,"aggr":"sum"}],"values":[{"name":"count","index":1,"aggr":"sum"}],"groups":[],"scatter":{"yAxis":{"name":"count","index":1,"aggr":"sum"}}},"enabled":true,"editorMode":"ace/mode/scala","tableHide":false,"editorHide":false},"settings":{"params":{"SourceIp":"62.75.195.236","DestIp":"192.168.138.158","LookBackAmount":"24","LookBackUnit":"MINUTES","BinSize":"1","BinUnit":"MINUTES","start":"","end":"","date_format":"yyyy-MM-dd HH:mm:ss"},"forms":{"SourceIp":{"name":"SourceIp","displayName":"SourceIp","type":"input","defaultValue":"","hidden":false},"DestIp":{"name":"DestIp","displayName":"DestIp","type":"input","defaultValue":"","hidden":false},"start":{"name":"start","displayName":"start","type":"input","defaultValue":"","hidden":false},"end":{"name":"end","displayName":"end","type":"input","defaultValue":"","hidden":false},"date_format":{"name":"date_format","displayName":"date_format","type":"input","defaultValue":"yyyy-MM-dd HH:mm:ss","hidden":false},"BinSize":{"name":"BinSize","displayName":"BinSize","type":"input","defaultValue":5,"hidden":false},"BinUnit":{"name":"BinUnit","displayName":"BinUnit","type":"select","defaultValue":"MINUTES","options":[{"value":"SECONDS","displayName":"Seconds","$$hashKey":"object:4090"},{"value":"MINUTES","displayName":"Minutes","$$hashKey":"object:4091"},{"value":"HOURS","displayName":"Hours","$$hashKey":"object:4092"},{"value":"DAYS","displayName":"Days","$$hashKey":"object:4093"}],"hidden":false}}},"jobName":"paragraph_1493672984960_2113296590","id":"20170501-210944_251279181","result":{"code":"SUCCESS","type":"TABLE","msg":"time\tcount\n2017-05-01 20:37:00\t2\n2017-05-01 20:38:00\t7\n2017-05-01 20:39:00\t18\n2017-05-01 20:40:00\t30\n2017-05-01 20:41:00\t15\n2017-05-01 20:42:00\t30\n2017-05-01 20:43:00\t27\n2017-05-01 20:44:00\t26\n2017-05-01 20:45:00\t39\n2017-05-01 20:46:00\t16","comment":"","msgTable":[[{"key":"count","value":"2017-05-01 20:37:00"},{"key":"count","value":"2"}],[{"value":"2017-05-01 20:38:00"},{"value":"7"}],[{"value":"2017-05-01 20:39:00"},{"value":"18"}],[{"value":"2017-05-01 20:40:00"},{"value":"30"}],[{"value":"2017-05-01 20:41:00"},{"value":"15"}],[{"value":"2017-05-01 20:42:00"},{"value":"30"}],[{"value":"2017-05-01 20:43:00"},{"value":"27"}],[{"value":"2017-05-01 20:44:00"},{"value":"26"}],[{"value":"2017-05-01 20:45:00"},{"value":"39"}],[{"value":"2017-05-01 20:46:00"},{"value":"16"}]],"columnNames":[{"name":"time","index":0,"aggr":"sum"},{"name":"count","index":1,"aggr":"sum"}],"rows":[["2017-05-01 20:37:00","2"],["2017-05-01 20:38:00","7"],["2017-05-01 20:39:00","18"],["2017-05-01 20:40:00","30"],["2017-05-01 20:41:00","15"],["2017-05-01 20:42:00","30"],["2017-05-01 20:43:00","27"],["2017-05-01 20:44:00","26"],["2017-05-01 20:45:00","39"],["2017-05-01 20:46:00","16"]]},"dateCreated":"2017-05-01T09:09:44+0000","dateStarted":"2017-05-02T11:19:39+0000","dateFinished":"2017-05-02T11:19:47+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:114","focus":true},{"text":"%md\n\n### Top Requests - Bro DNS\n\nThe number of DNS requests made between IPs, ordered from highest to lowest.\n\nThis may be filtered by a providing a start and end filter, along with a date_format as specified by  [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T12:59:13+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/markdown"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038902_617551042","id":"20170428-124500_925401848","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Top Requests - Bro DNS</h3>\n<p>The number of DNS queries made between IPs, ordered from highest to lowest.</p>\n<p>This may be filtered by a providing a start and end filter, along with a date_format as specified by  <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:12+0000","dateFinished":"2017-05-02T00:17:12+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:115"},{"text":"%spark.sql\n\nSELECT\n    ip_src_addr,\n    ip_dst_addr,\n    COUNT(*) AS count\nFROM\n    bro\nWHERE timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '${start}' = '' then '1900-01-01 00:00:00' else '${start}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000) AND\n    (unix_timestamp(CASE WHEN '${end}' = '' then from_unixtime(unix_timestamp()) else '${end}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000) AND\n    protocol = 'dns'\nGROUP BY ip_src_addr, ip_dst_addr\nORDER BY COUNT(*) DESC\n    \n    ","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[{"name":"ip_src_addr","index":0,"aggr":"sum"}],"values":[{"name":"ip_dst_addr","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"ip_src_addr","index":0,"aggr":"sum"},"yAxis":{"name":"ip_dst_addr","index":1,"aggr":"sum"}}},"enabled":true,"editorMode":"ace/mode/sql"},"settings":{"params":{"start":"","end":"","date_format":"yyyy-MM-dd HH:mm:ss","yyyy-MM-dd HH:mm:ss":""},"forms":{"start":{"name":"start","defaultValue":"","hidden":false},"date_format":{"name":"date_format","defaultValue":"yyyy-MM-dd HH:mm:ss","hidden":false},"end":{"name":"end","defaultValue":"","hidden":false}}},"jobName":"paragraph_1493670038902_617551042","id":"20170428-114040_87496728","result":{"code":"SUCCESS","type":"TABLE","msg":"ip_src_addr\tip_dst_addr\tcount\n192.168.138.158\t192.168.138.2\t78\n192.168.66.1\t224.0.0.251\t53\n","comment":"","msgTable":[[{"key":"ip_dst_addr","value":"192.168.138.158"},{"key":"ip_dst_addr","value":"192.168.138.2"},{"key":"ip_dst_addr","value":"78"}],[{"key":"count","value":"192.168.66.1"},{"key":"count","value":"224.0.0.251"},{"key":"count","value":"53"}]],"columnNames":[{"name":"ip_src_addr","index":0,"aggr":"sum"},{"name":"ip_dst_addr","index":1,"aggr":"sum"},{"name":"count","index":2,"aggr":"sum"}],"rows":[["192.168.138.158","192.168.138.2","78"],["192.168.66.1","224.0.0.251","53"]]},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:14+0000","dateFinished":"2017-05-02T00:17:20+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:116"},{"config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493729863774_-980328101","id":"20170502-125743_777301519","dateCreated":"2017-05-02T12:57:43+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4571","text":"%md\n\n### Requests Histogram - Bro DNS\n\nA histogram of DNS requests made between IPs, binned into configurable groups of time.\n\nThis may be filtered by a providing a start and end filter, along with a date_format as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T12:59:10+0000","dateFinished":"2017-05-02T12:59:10+0000","dateStarted":"2017-05-02T12:59:10+0000","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Requests Histogram - Bro DNS</h3>\n<p>A histogram of DNS requests made between IPs, binned into configurable groups of time.</p>\n<p>This may be filtered by a providing a start and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"}},{"config":{"colWidth":12,"graph":{"mode":"multiBarChart","height":300,"optionOpen":false,"keys":[{"name":"time","index":0,"aggr":"sum"}],"values":[{"name":"count","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"time","index":0,"aggr":"sum"},"yAxis":{"name":"count","index":1,"aggr":"sum"}}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{"SourceIp":"192.168.138.158","DestIp":"192.168.138.2","start":"","end":"","date_format":"yyyy-MM-dd HH:mm:ss","BinSize":"1","BinUnit":"MINUTES"},"forms":{"SourceIp":{"name":"SourceIp","displayName":"SourceIp","type":"input","defaultValue":"","hidden":false},"DestIp":{"name":"DestIp","displayName":"DestIp","type":"input","defaultValue":"","hidden":false},"start":{"name":"start","displayName":"start","type":"input","defaultValue":"","hidden":false},"end":{"name":"end","displayName":"end","type":"input","defaultValue":"","hidden":false},"date_format":{"name":"date_format","displayName":"date_format","type":"input","defaultValue":"yyyy-MM-dd HH:mm:ss","hidden":false},"BinSize":{"name":"BinSize","displayName":"BinSize","type":"input","defaultValue":"5","hidden":false},"BinUnit":{"name":"BinUnit","displayName":"BinUnit","type":"select","defaultValue":"MINUTES","options":[{"value":"SECONDS","displayName":"Seconds","$$hashKey":"object:4133"},{"value":"MINUTES","displayName":"Minutes","$$hashKey":"object:4134"},{"value":"HOURS","displayName":"Hours","$$hashKey":"object:4135"},{"value":"DAYS","displayName":"Days","$$hashKey":"object:4136"}],"hidden":false}}},"jobName":"paragraph_1493729434074_-1929699562","id":"20170502-125034_1944008091","dateCreated":"2017-05-02T12:50:34+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:3683","text":"%spark\nimport org.apache.spark.sql.Row\nimport scala.concurrent.duration._\nimport java.util.concurrent.TimeUnit\n\nval timeunits = Seq((\"SECONDS\", \"Seconds\"), (\"MINUTES\", \"Minutes\"), (\"HOURS\", \"Hours\"), (\"DAYS\", \"Days\"))\nval sourceIp = z.input(\"SourceIp\").toString\nval destIp = z.input(\"DestIp\").toString\nval start = z.input(\"start\").toString\nval end = z.input(\"end\").toString\nval date_format = z.input(\"date_format\", \"yyyy-MM-dd HH:mm:ss\")\nval durationAmount = z.input(\"BinSize\", \"5\").toString.toInt\nval durationUnit = z.select(\"BinUnit\", \"MINUTES\", timeunits).toString\nval durationSize = Duration.create(durationAmount, TimeUnit.valueOf(durationUnit)).toMillis\n\nval results = sqlContext.sql(\ns\"\"\"SELECT\n    CONCAT(from_unixtime(($durationSize*FLOOR(timestamp/$durationSize))/1000)) AS time,\n    COUNT(*) AS count\nFROM\n    bro\nWHERE\n    ip_src_addr = '$sourceIp' AND\n    ip_dst_addr = '$destIp' AND\n    timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '$start' = '' then '1900-01-01 00:00:00' else '$start' END, '$date_format') * 1000) AND\n    (unix_timestamp(CASE WHEN '$end' = '' then from_unixtime(unix_timestamp()) else '$end' END, '$date_format') * 1000) AND\n    protocol = 'dns'\nGROUP BY FLOOR(timestamp/$durationSize)\n\"\"\").map {\n   case Row(time: String, count: Long) => {\n\t\ttime + \"\\t\" + count\n   }\n  }.collect()\n\nprint(\"%table time\\tcount\\n\" + results.mkString(\"\\n\"))","dateUpdated":"2017-05-02T12:53:24+0000","dateFinished":"2017-05-02T12:53:33+0000","dateStarted":"2017-05-02T12:53:24+0000","result":{"code":"SUCCESS","type":"TABLE","msg":"time\tcount\n2017-05-01 20:02:00\t4\n2017-05-01 20:03:00\t15\n2017-05-01 20:04:00\t21\n2017-05-01 20:05:00\t18\n2017-05-01 20:06:00\t17\n2017-05-01 20:07:00\t3","comment":"","msgTable":[[{"key":"count","value":"2017-05-01 20:02:00"},{"key":"count","value":"4"}],[{"value":"2017-05-01 20:03:00"},{"value":"15"}],[{"value":"2017-05-01 20:04:00"},{"value":"21"}],[{"value":"2017-05-01 20:05:00"},{"value":"18"}],[{"value":"2017-05-01 20:06:00"},{"value":"17"}],[{"value":"2017-05-01 20:07:00"},{"value":"3"}]],"columnNames":[{"name":"time","index":0,"aggr":"sum"},{"name":"count","index":1,"aggr":"sum"}],"rows":[["2017-05-01 20:02:00","4"],["2017-05-01 20:03:00","15"],["2017-05-01 20:04:00","21"],["2017-05-01 20:05:00","18"],["2017-05-01 20:06:00","17"],["2017-05-01 20:07:00","3"]]}},{"text":"%md\n\n### Top Requests - Bro HTTP\n\nThe number of HTTP requests made between IPs, ordered from highest to lowest.\n\nThis may be filtered by a providing a start and end filter, along with a date_format as specified by  [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"editorMode":"ace/mode/scala","graph":{"mode":"table","height":86,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038900_616781544","id":"20170428-123858_1869250606","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Top Requests - Bro HTTP</h3>\n<p>The number of HTTP requests made between IPs, ordered from highest to lowest.</p>\n<p>This may be filtered by a providing a start and end filter, along with a date_format as specified by  <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:12+0000","dateFinished":"2017-05-02T00:17:12+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:117"},{"text":"%spark.sql\n\nSELECT\n    ip_src_addr,\n    ip_dst_addr,\n    COUNT(*) AS count\nFROM\n    bro\nWHERE timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '${start}' = '' then '1900-01-01 00:00:00' else '${start}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000) AND\n    (unix_timestamp(CASE WHEN '${end}' = '' then from_unixtime(unix_timestamp()) else '${end}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000) AND\n    protocol = 'http'\nGROUP BY ip_src_addr, ip_dst_addr\nORDER BY COUNT(*) DESC\n","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"editorMode":"ace/mode/scala","graph":{"mode":"table","height":278,"optionOpen":false,"keys":[{"name":"ip_src_addr","index":0,"aggr":"sum"}],"values":[{"name":"ip_dst_addr","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"ip_src_addr","index":0,"aggr":"sum"},"yAxis":{"name":"ip_dst_addr","index":1,"aggr":"sum"}}},"enabled":true},"settings":{"params":{"start":"","date_format":"yyyy-MM-dd HH:mm:ss","end":""},"forms":{"start":{"name":"start","defaultValue":"","hidden":false},"date_format":{"name":"date_format","defaultValue":"yyyy-MM-dd HH:mm:ss","hidden":false},"end":{"name":"end","defaultValue":"","hidden":false}}},"jobName":"paragraph_1493670038900_616781544","id":"20170428-123208_869982701","result":{"code":"SUCCESS","type":"TABLE","msg":"ip_src_addr\tip_dst_addr\tcount\n192.168.138.158\t95.163.121.204\t208\n192.168.66.1\t192.168.66.121\t147\n192.168.138.158\t62.75.195.236\t107\n192.168.138.158\t72.34.49.86\t44\n192.168.138.158\t204.152.254.221\t36\n192.168.138.158\t188.165.164.184\t17\n","comment":"","msgTable":[[{"key":"ip_dst_addr","value":"192.168.138.158"},{"key":"ip_dst_addr","value":"95.163.121.204"},{"key":"ip_dst_addr","value":"208"}],[{"key":"count","value":"192.168.66.1"},{"key":"count","value":"192.168.66.121"},{"key":"count","value":"147"}],[{"value":"192.168.138.158"},{"value":"62.75.195.236"},{"value":"107"}],[{"value":"192.168.138.158"},{"value":"72.34.49.86"},{"value":"44"}],[{"value":"192.168.138.158"},{"value":"204.152.254.221"},{"value":"36"}],[{"value":"192.168.138.158"},{"value":"188.165.164.184"},{"value":"17"}]],"columnNames":[{"name":"ip_src_addr","index":0,"aggr":"sum"},{"name":"ip_dst_addr","index":1,"aggr":"sum"},{"name":"count","index":2,"aggr":"sum"}],"rows":[["192.168.138.158","95.163.121.204","208"],["192.168.66.1","192.168.66.121","147"],["192.168.138.158","62.75.195.236","107"],["192.168.138.158","72.34.49.86","44"],["192.168.138.158","204.152.254.221","36"],["192.168.138.158","188.165.164.184","17"]]},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:19+0000","dateFinished":"2017-05-02T00:17:21+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:118"},{"config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493729961028_741593438","id":"20170502-125921_2097846713","dateCreated":"2017-05-02T12:59:21+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4649","text":"%md\n\n### Requests Histogram - Bro HTTP\n\nA histogram of HTTP requests made between IPs, binned into configurable groups of time.\n\nThis may be filtered by a providing a start and end filter, along with a date_format as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T13:00:10+0000","dateFinished":"2017-05-02T13:00:10+0000","dateStarted":"2017-05-02T13:00:10+0000","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Requests Histogram - Bro HTTP</h3>\n<p>A histogram of HTTP requests made between IPs, binned into configurable groups of time.</p>\n<p>This may be filtered by a providing a start and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"}},{"config":{"colWidth":12,"graph":{"mode":"multiBarChart","height":300,"optionOpen":false,"keys":[{"name":"time","index":0,"aggr":"sum"}],"values":[{"name":"count","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"time","index":0,"aggr":"sum"},"yAxis":{"name":"count","index":1,"aggr":"sum"}}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{"SourceIp":"192.168.138.158","DestIp":"95.163.121.204","start":"","end":"","date_format":"yyyy-MM-dd HH:mm:ss","BinSize":"1","BinUnit":"MINUTES"},"forms":{"SourceIp":{"name":"SourceIp","displayName":"SourceIp","type":"input","defaultValue":"","hidden":false},"DestIp":{"name":"DestIp","displayName":"DestIp","type":"input","defaultValue":"","hidden":false},"start":{"name":"start","displayName":"start","type":"input","defaultValue":"","hidden":false},"end":{"name":"end","displayName":"end","type":"input","defaultValue":"","hidden":false},"date_format":{"name":"date_format","displayName":"date_format","type":"input","defaultValue":"yyyy-MM-dd HH:mm:ss","hidden":false},"BinSize":{"name":"BinSize","displayName":"BinSize","type":"input","defaultValue":"5","hidden":false},"BinUnit":{"name":"BinUnit","displayName":"BinUnit","type":"select","defaultValue":"MINUTES","options":[{"value":"SECONDS","displayName":"Seconds","$$hashKey":"object:4331"},{"value":"MINUTES","displayName":"Minutes","$$hashKey":"object:4332"},{"value":"HOURS","displayName":"Hours","$$hashKey":"object:4333"},{"value":"DAYS","displayName":"Days","$$hashKey":"object:4334"}],"hidden":false}}},"jobName":"paragraph_1493729623175_-771160972","id":"20170502-125343_190565024","dateCreated":"2017-05-02T12:53:43+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4137","text":"%spark\nimport org.apache.spark.sql.Row\nimport scala.concurrent.duration._\nimport java.util.concurrent.TimeUnit\n\nval timeunits = Seq((\"SECONDS\", \"Seconds\"), (\"MINUTES\", \"Minutes\"), (\"HOURS\", \"Hours\"), (\"DAYS\", \"Days\"))\nval sourceIp = z.input(\"SourceIp\").toString\nval destIp = z.input(\"DestIp\").toString\nval start = z.input(\"start\").toString\nval end = z.input(\"end\").toString\nval date_format = z.input(\"date_format\", \"yyyy-MM-dd HH:mm:ss\")\nval durationAmount = z.input(\"BinSize\", \"5\").toString.toInt\nval durationUnit = z.select(\"BinUnit\", \"MINUTES\", timeunits).toString\nval durationSize = Duration.create(durationAmount, TimeUnit.valueOf(durationUnit)).toMillis\n\nval results = sqlContext.sql(\ns\"\"\"SELECT\n    CONCAT(from_unixtime(($durationSize*FLOOR(timestamp/$durationSize))/1000)) AS time,\n    COUNT(*) AS count\nFROM\n    bro\nWHERE\n    ip_src_addr = '$sourceIp' AND\n    ip_dst_addr = '$destIp' AND\n    timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '$start' = '' then '1900-01-01 00:00:00' else '$start' END, '$date_format') * 1000) AND\n    (unix_timestamp(CASE WHEN '$end' = '' then from_unixtime(unix_timestamp()) else '$end' END, '$date_format') * 1000) AND\n    protocol = 'http'\nGROUP BY FLOOR(timestamp/$durationSize)\n\"\"\").map {\n   case Row(time: String, count: Long) => {\n\t\ttime + \"\\t\" + count\n   }\n  }.collect()\n\nprint(\"%table time\\tcount\\n\" + results.mkString(\"\\n\"))","dateUpdated":"2017-05-02T12:54:35+0000","dateFinished":"2017-05-02T12:54:31+0000","dateStarted":"2017-05-02T12:54:22+0000","result":{"code":"SUCCESS","type":"TABLE","msg":"time\tcount\n2017-05-01 20:02:00\t10\n2017-05-01 20:03:00\t39\n2017-05-01 20:04:00\t48\n2017-05-01 20:05:00\t58\n2017-05-01 20:06:00\t43\n2017-05-01 20:07:00\t10","comment":"","msgTable":[[{"key":"count","value":"2017-05-01 20:02:00"},{"key":"count","value":"10"}],[{"value":"2017-05-01 20:03:00"},{"value":"39"}],[{"value":"2017-05-01 20:04:00"},{"value":"48"}],[{"value":"2017-05-01 20:05:00"},{"value":"58"}],[{"value":"2017-05-01 20:06:00"},{"value":"43"}],[{"value":"2017-05-01 20:07:00"},{"value":"10"}]],"columnNames":[{"name":"time","index":0,"aggr":"sum"},{"name":"count","index":1,"aggr":"sum"}],"rows":[["2017-05-01 20:02:00","10"],["2017-05-01 20:03:00","39"],["2017-05-01 20:04:00","48"],["2017-05-01 20:05:00","58"],["2017-05-01 20:06:00","43"],["2017-05-01 20:07:00","10"]]}},{"text":"%md\n\n### Top Alerts - Snort\n\nThe number of alerts triggered between IPs, ordered from highest to lowest.\n\nThis may be filtered by a providing a start and end filter, along with a date_format as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/markdown"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038903_617166293","id":"20170428-124511_1307410313","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Top Alerts - Snort</h3>\n<p>The number of alerts triggered between IPs, ordered from highest to lowest.</p>\n<p>This may be filtered by a providing a start and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:12+0000","dateFinished":"2017-05-02T00:17:12+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:119"},{"text":"%spark.sql\n\nSELECT\n    ip_src_addr,\n    ip_dst_addr,\n    COUNT(*) AS count\nFROM\n    snort\nWHERE timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '${start}' = '' then '1900-01-01 00:00:00' else '${start}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000) AND\n    (unix_timestamp(CASE WHEN '${end}' = '' then from_unixtime(unix_timestamp()) else '${end}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000)\nGROUP BY ip_src_addr, ip_dst_addr\nORDER BY COUNT(*) DESC\n    ","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"editorMode":"ace/mode/scala","graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true},"settings":{"params":{"date_format":"yyyy-MM-dd HH:mm:ss","start":"","end":""},"forms":{"start":{"name":"start","defaultValue":"","hidden":false},"date_format":{"name":"date_format","defaultValue":"yyyy-MM-dd HH:mm:ss","hidden":false},"end":{"name":"end","defaultValue":"","hidden":false}}},"jobName":"paragraph_1493670038903_617166293","id":"20170428-123118_1636321684","result":{"code":"SUCCESS","type":"TABLE","msg":"ip_src_addr\tip_dst_addr\tcount\n192.168.66.1\t192.168.66.121\t227\n62.75.195.236\t192.168.138.158\t174\n192.168.138.158\t62.75.195.236\t81\n192.168.66.121\t192.168.66.1\t60\n192.168.138.158\t95.163.121.204\t30\n72.34.49.86\t192.168.138.158\t29\n95.163.121.204\t192.168.138.158\t26\n192.168.138.158\t72.34.49.86\t25\n192.168.138.158\t204.152.254.221\t14\n204.152.254.221\t192.168.138.158\t14\n","comment":"","msgTable":[[{"key":"ip_dst_addr","value":"192.168.66.1"},{"key":"ip_dst_addr","value":"192.168.66.121"},{"key":"ip_dst_addr","value":"227"}],[{"key":"count","value":"62.75.195.236"},{"key":"count","value":"192.168.138.158"},{"key":"count","value":"174"}],[{"value":"192.168.138.158"},{"value":"62.75.195.236"},{"value":"81"}],[{"value":"192.168.66.121"},{"value":"192.168.66.1"},{"value":"60"}],[{"value":"192.168.138.158"},{"value":"95.163.121.204"},{"value":"30"}],[{"value":"72.34.49.86"},{"value":"192.168.138.158"},{"value":"29"}],[{"value":"95.163.121.204"},{"value":"192.168.138.158"},{"value":"26"}],[{"value":"192.168.138.158"},{"value":"72.34.49.86"},{"value":"25"}],[{"value":"192.168.138.158"},{"value":"204.152.254.221"},{"value":"14"}],[{"value":"204.152.254.221"},{"value":"192.168.138.158"},{"value":"14"}]],"columnNames":[{"name":"ip_src_addr","index":0,"aggr":"sum"},{"name":"ip_dst_addr","index":1,"aggr":"sum"},{"name":"count","index":2,"aggr":"sum"}],"rows":[["192.168.66.1","192.168.66.121","227"],["62.75.195.236","192.168.138.158","174"],["192.168.138.158","62.75.195.236","81"],["192.168.66.121","192.168.66.1","60"],["192.168.138.158","95.163.121.204","30"],["72.34.49.86","192.168.138.158","29"],["95.163.121.204","192.168.138.158","26"],["192.168.138.158","72.34.49.86","25"],["192.168.138.158","204.152.254.221","14"],["204.152.254.221","192.168.138.158","14"]]},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:21+0000","dateFinished":"2017-05-02T00:17:23+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:120"},{"config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493729982351_281449077","id":"20170502-125942_58259658","dateCreated":"2017-05-02T12:59:42+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4719","text":"%md\n\n### Alerts Histogram - Snort\n\nA histogram of alerts triggered between IPs, binned into configurable groups of time.\n\nThis may be filtered by a providing a start and end filter, along with a date_format as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T13:00:05+0000","dateFinished":"2017-05-02T13:00:05+0000","dateStarted":"2017-05-02T13:00:05+0000","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Alerts Histogram - Snort</h3>\n<p>A histogram of alerts triggered between IPs, binned into configurable groups of time.</p>\n<p>This may be filtered by a providing a start and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"}},{"config":{"colWidth":12,"graph":{"mode":"multiBarChart","height":300,"optionOpen":false,"keys":[{"name":"time","index":0,"aggr":"sum"}],"values":[{"name":"count","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"time","index":0,"aggr":"sum"},"yAxis":{"name":"count","index":1,"aggr":"sum"}}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{"SourceIp":"192.168.66.1","DestIp":"192.168.66.121","start":"","end":"","date_format":"yyyy-MM-dd HH:mm:ss","BinSize":"1","BinUnit":"MINUTES"},"forms":{"SourceIp":{"name":"SourceIp","displayName":"SourceIp","type":"input","defaultValue":"","hidden":false},"DestIp":{"name":"DestIp","displayName":"DestIp","type":"input","defaultValue":"","hidden":false},"start":{"name":"start","displayName":"start","type":"input","defaultValue":"","hidden":false},"end":{"name":"end","displayName":"end","type":"input","defaultValue":"","hidden":false},"date_format":{"name":"date_format","displayName":"date_format","type":"input","defaultValue":"yyyy-MM-dd HH:mm:ss","hidden":false},"BinSize":{"name":"BinSize","displayName":"BinSize","type":"input","defaultValue":"5","hidden":false},"BinUnit":{"name":"BinUnit","displayName":"BinUnit","type":"select","defaultValue":"MINUTES","options":[{"value":"SECONDS","displayName":"Seconds","$$hashKey":"object:4567"},{"value":"MINUTES","displayName":"Minutes","$$hashKey":"object:4568"},{"value":"HOURS","displayName":"Hours","$$hashKey":"object:4569"},{"value":"DAYS","displayName":"Days","$$hashKey":"object:4570"}],"hidden":false}}},"jobName":"paragraph_1493729702158_612719525","id":"20170502-125502_1681465417","dateCreated":"2017-05-02T12:55:02+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4366","text":"%spark\nimport org.apache.spark.sql.Row\nimport scala.concurrent.duration._\nimport java.util.concurrent.TimeUnit\n\nval timeunits = Seq((\"SECONDS\", \"Seconds\"), (\"MINUTES\", \"Minutes\"), (\"HOURS\", \"Hours\"), (\"DAYS\", \"Days\"))\nval sourceIp = z.input(\"SourceIp\").toString\nval destIp = z.input(\"DestIp\").toString\nval start = z.input(\"start\").toString\nval end = z.input(\"end\").toString\nval date_format = z.input(\"date_format\", \"yyyy-MM-dd HH:mm:ss\")\nval durationAmount = z.input(\"BinSize\", \"5\").toString.toInt\nval durationUnit = z.select(\"BinUnit\", \"MINUTES\", timeunits).toString\nval durationSize = Duration.create(durationAmount, TimeUnit.valueOf(durationUnit)).toMillis\n\nval results = sqlContext.sql(\ns\"\"\"SELECT\n    CONCAT(from_unixtime(($durationSize*FLOOR(timestamp/$durationSize))/1000)) AS time,\n    COUNT(*) AS count\nFROM\n    snort\nWHERE\n    ip_src_addr = '$sourceIp' AND\n    ip_dst_addr = '$destIp' AND\n    timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '$start' = '' then '1900-01-01 00:00:00' else '$start' END, '$date_format') * 1000) AND\n    (unix_timestamp(CASE WHEN '$end' = '' then from_unixtime(unix_timestamp()) else '$end' END, '$date_format') * 1000)\nGROUP BY FLOOR(timestamp/$durationSize)\n\"\"\").map {\n   case Row(time: String, count: Long) => {\n\t\ttime + \"\\t\" + count\n   }\n  }.collect()\n\nprint(\"%table time\\tcount\\n\" + results.mkString(\"\\n\"))","dateUpdated":"2017-05-02T12:55:54+0000","dateFinished":"2017-05-02T12:56:04+0000","dateStarted":"2017-05-02T12:55:54+0000","result":{"code":"SUCCESS","type":"TABLE","msg":"time\tcount\n2017-05-01 20:02:00\t4\n2017-05-01 20:03:00\t27\n2017-05-01 20:04:00\t47\n2017-05-01 20:05:00\t68\n2017-05-01 20:06:00\t56\n2017-05-01 20:07:00\t25","comment":"","msgTable":[[{"key":"count","value":"2017-05-01 20:02:00"},{"key":"count","value":"4"}],[{"value":"2017-05-01 20:03:00"},{"value":"27"}],[{"value":"2017-05-01 20:04:00"},{"value":"47"}],[{"value":"2017-05-01 20:05:00"},{"value":"68"}],[{"value":"2017-05-01 20:06:00"},{"value":"56"}],[{"value":"2017-05-01 20:07:00"},{"value":"25"}]],"columnNames":[{"name":"time","index":0,"aggr":"sum"},{"name":"count","index":1,"aggr":"sum"}],"rows":[["2017-05-01 20:02:00","4"],["2017-05-01 20:03:00","27"],["2017-05-01 20:04:00","47"],["2017-05-01 20:05:00","68"],["2017-05-01 20:06:00","56"],["2017-05-01 20:07:00","25"]]}},{"dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038903_617166293","id":"20170428-112735_164601815","result":{"code":"SUCCESS","type":"TEXT","msg":""},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:22+0000","dateFinished":"2017-05-02T00:17:23+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:121"}],"name":"Metron - Connection Report","id":"2CJ36HA8C","angularObjects":{"2CFJZNPTR:shared_process":[],"2CHQEKJX6:shared_process":[],"2CGXQM678:shared_process":[],"2CHVX3RDD:shared_process":[],"2CFCW5XXT:shared_process":[],"2CFQKHR9K:shared_process":[]},"config":{"looknfeel":"default"},"info":{}}