diff --git a/README.md b/README.md
index e1f8399..8252d47 100644
--- a/README.md
+++ b/README.md
@@ -77,6 +77,7 @@ There are four sets of configuration files provided within the `logstash/elastif
 logstash
   `- elastiflow
        |- conf.d  (contains the logstash pipeline)
+       |- definitions  (custom Netflow and IPFIX field definitions)
        |- dictionaries (yaml files used to enrich raw flow data)
        |- geoipdbs  (contains GeoIP databases)
        `- templates  (contains index templates)
@@ -86,9 +87,9 @@ Copy the `elastiflow` directory to the location of your Logstash configuration f
 
 Environment Variable | Description | Default Value
 --- | --- | ---
-ELASTIFLOW_DICT_PATH | The path where the dictionary files are located | /etc/logstash/elastiflow/dictionaries
+ELASTIFLOW_DICT_PATH | The path where dictionary files are located | /etc/logstash/elastiflow/dictionaries
 ELASTIFLOW_TEMPLATE_PATH | The path to where index templates are located | /etc/logstash/elastiflow/templates
-ELASTIFLOW_GEOIP_DB_PATH | The path where the GeoIP DBs are located | /etc/logstash/elastiflow/geoipdbs
+ELASTIFLOW_GEOIP_DB_PATH | The path where GeoIP DBs are located | /etc/logstash/elastiflow/geoipdbs
 
 ### 4. Setup environment variable helper files
 Rather than directly editing the pipeline configuration files for your environment, environment variables are used to provide a single location for most configuration options. These environment variables will be referred to in the remaining instructions. A [reference](#environment-variable-reference) of all environment variables can be found [here](#environment-variable-reference).
@@ -142,26 +143,67 @@ Environment Variable | Description | Default Value
 --- | --- | ---
 ELASTIFLOW_NETFLOW_UDP_WORKERS | The number of Netflow input threads | 4
 ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE | The number of unprocessed Netflow UDP packets the input can buffer | 4096
+ELASTIFLOW_NETFLOW_UDP_RCV_BUFF | The socket receive buffer size (bytes) for Netflow | 33554432
 ELASTIFLOW_SFLOW_UDP_WORKERS | The number of sFlow input threads | 4
 ELASTIFLOW_SFLOW_UDP_QUEUE_SIZE | The number of unprocessed sFlow UDP packets the input can buffer | 4096
+ELASTIFLOW_SFLOW_UDP_RCV_BUFF | The socket receive buffer size (bytes) for sFlow | 33554432
 ELASTIFLOW_IPFIX_UDP_WORKERS | The number of IPFIX input threads | 4
 ELASTIFLOW_IPFIX_UDP_QUEUE_SIZE | The number of unprocessed IPFIX UDP packets the input can buffer | 4096
+ELASTIFLOW_IPFIX_UDP_RCV_BUFF | The socket receive buffer size (bytes) for IPFIX | 33554432
 
 > WARNING! Increasing `queue_size` will increase heap_usage. Make sure have configured JVM heap appropriately as specified in the [Requirements](#requirements)
 
+#### 6.a. Using Custom Netflow and IPFIX Field Definitions
+To properly decode flows from some devices it may be necessary to use customized field definitions. This is achieved by uncommenting one or both of the following lines in the pipeline's input.
+
+```
+#netflow_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/netflow.yml"
+#ipfix_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/ipfix.yml"
+```
+
+The path to the custom field definitions is configured by setting the following environment variable:
+
+Environment Variable | Description | Default Value
+--- | --- | ---
+ELASTIFLOW_DEFINITION_PATH | The path where custom field definitions are located | /etc/logstash/elastiflow/definitions
+
+The included custom field definitions add support for the following devices:
+* Riverbed WAN Optimizers
+
 ### 7. Configure Elasticsearch output
-Obviously the data needs to land in Elasticsearch, so you need to tell Logstash where to send it. This is done by setting these environment variables:
+Obviously the data needs to land in Elasticsearch, so you need to tell Logstash where to send it.
+
+The default is to send data to only a single Elasticsearch node. This node is specified using the following environment variable:
 
 Environment Variable | Description | Default Value
 --- | --- | ---
 ELASTIFLOW_ES_HOST | The Elasticsearch host to which the output will send data | 127.0.0.1:9200
-ELASTIFLOW_ES_SSL_ENABLE | Enable or disable SSL connection to Elasticsearch | false
-ELASTIFLOW_ES_SSL_VERIFY | Enable or disable verification of the SSL certificate. If enabled, the output must be edited to set the path to the certificate. | false
+
+Optionally Logstash can be configured to use an array of three Elasticsearch nodes. This is done by completing the following steps:
+
+1. Rename `30_output_10_single.logstash.conf` to `30_output_10_single.logstash.conf.disabled`
+2. Rename `30_output_20_multi.logstash.conf.disabled` to `30_output_20_multi.logstash.conf`
+3. Set the following environment variables:
+
+Environment Variable | Description | Default Value
+--- | --- | ---
+ELASTIFLOW_ES_HOST_1 | The first Elasticsearch host to which the output will send data | 127.0.0.1:9200
+ELASTIFLOW_ES_HOST_2 | The second Elasticsearch host to which the output will send data | 127.0.0.2:9200
+ELASTIFLOW_ES_HOST_3 | The third Elasticsearch host to which the output will send data | 127.0.0.3:9200
+
+To complete the setup of the Elasticsearch output, configure the following environment variables as required for your environment:
+
+Environment Variable | Description | Default Value
+--- | --- | ---
 ELASTIFLOW_ES_USER | The password for the connection to Elasticsearch | elastic
 ELASTIFLOW_ES_PASSWD | The username for the connection to Elasticsearch | changeme
+ELASTIFLOW_ES_SSL_ENABLE | Enable or disable SSL connection to Elasticsearch | false
+ELASTIFLOW_ES_SSL_VERIFY | Enable or disable verification of the SSL certificate. If enabled, the output must be edited to set the path to the certificate. | false
 
 > If you are only using the open-source version of Elasticsearch, it will ignore the username and password. In that case just leave the defaults.
 
+> If ELASTIFLOW_ES_SSL_ENABLE and ELASTIFLOW_ES_SSL_VERIFY are both `true`, you must uncomment the `cacert` option in the Elasticsearch output and set the path to the certificate.
+
 ### 8. Enable DNS name resolution (optional)
 In the past it was recommended to avoid DNS queries as the latency costs of such lookups had a devastating effect on throughput. While the Logstash DNS filter provides a caching mechanism, its use was not recommended. When the cache was enabled all lookups were performed synchronously. If a name server failed to respond, all other queries were stuck waiting until the query timed out. The end result was even worse performance.
 
@@ -275,9 +317,10 @@ The supported environment variables are:
 
 Environment Variable | Description | Default Value
 --- | --- | ---
-ELASTIFLOW_DICT_PATH | The path where the dictionary files are located | /etc/logstash/elastiflow/dictionaries
+ELASTIFLOW_DICT_PATH | The path where dictionary files are located | /etc/logstash/elastiflow/dictionaries
+ELASTIFLOW_DEFINITION_PATH | The path where custom field definitions are located | /etc/logstash/elastiflow/definitions
 ELASTIFLOW_TEMPLATE_PATH | The path to where index templates are located | /etc/logstash/elastiflow/templates
-ELASTIFLOW_GEOIP_DB_PATH | The path where the GeoIP DBs are located | /etc/logstash/elastiflow/geoipdbs
+ELASTIFLOW_GEOIP_DB_PATH | The path where GeoIP DBs are located | /etc/logstash/elastiflow/geoipdbs
 ELASTIFLOW_GEOIP_CACHE_SIZE | The size of the GeoIP query cache | 8192
 ELASTIFLOW_GEOIP_LOOKUP | Enable/Disable GeoIP lookups | true
 ELASTIFLOW_ASN_LOOKUP | Enable/Disable ASN lookups | true
@@ -290,6 +333,9 @@ ELASTIFLOW_DNS_HIT_CACHE_TTL | The time in seconds successful DNS queries are ca
 ELASTIFLOW_DNS_FAILED_CACHE_SIZE | The cache size for failed DNS queries | 75000
 ELASTIFLOW_DNS_FAILED_CACHE_TTL | The time in seconds failed DNS queries are cached | 3600
 ELASTIFLOW_ES_HOST | The Elasticsearch host to which the output will send data | 127.0.0.1:9200
+ELASTIFLOW_ES_HOST_1 | The first Elasticsearch host to which the output will send data | 127.0.0.1:9200
+ELASTIFLOW_ES_HOST_2 | The second Elasticsearch host to which the output will send data | 127.0.0.2:9200
+ELASTIFLOW_ES_HOST_3 | The third Elasticsearch host to which the output will send data | 127.0.0.3:9200
 ELASTIFLOW_ES_SSL_ENABLE | Enable or disable SSL connection to Elasticsearch | false
 ELASTIFLOW_ES_SSL_VERIFY | Enable or disable verification of the SSL certificate. If enabled, the output must be edited to set the path to the certificate. | false
 ELASTIFLOW_ES_USER | The password for the connection to Elasticsearch | elastic
@@ -300,6 +346,7 @@ ELASTIFLOW_NETFLOW_IPV6_HOST | The IP address on which to listen for Netflow mes
 ELASTIFLOW_NETFLOW_IPV6_PORT | The UDP port on which to listen for Netflow messages | 52055
 ELASTIFLOW_NETFLOW_UDP_WORKERS | The number of Netflow input threads | 4
 ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE | The number of unprocessed Netflow UDP packets the input can buffer | 4096
+ELASTIFLOW_NETFLOW_UDP_RCV_BUFF | The socket receive buffer size (bytes) for Netflow | 33554432
 ELASTIFLOW_NETFLOW_LASTSW_TIMESTAMP | Enable/Disable setting `@timestamp` with the value of netflow.last_switched | false
 ELASTIFLOW_NETFLOW_TZ | The timezone of netflow.last_switched | UTC
 ELASTIFLOW_SFLOW_IPV4_HOST | The IP address on which to listen for sFlow messages | 0.0.0.0
@@ -308,6 +355,7 @@ ELASTIFLOW_SFLOW_IPV6_HOST | The IP address on which to listen for sFlow message
 ELASTIFLOW_SFLOW_IPV6_PORT | The UDP port on which to listen for sFlow messages | 56343
 ELASTIFLOW_SFLOW_UDP_WORKERS | The number of sFlow input threads | 4
 ELASTIFLOW_SFLOW_UDP_QUEUE_SIZE | The number of unprocessed sFlow UDP packets the input can buffer | 4096
+ELASTIFLOW_SFLOW_UDP_RCV_BUFF | The socket receive buffer size (bytes) for sFlow | 33554432
 ELASTIFLOW_IPFIX_TCP_IPV4_HOST | The IP address on which to listen for IPFIX messages via TCP | 0.0.0.0
 ELASTIFLOW_IPFIX_TCP_IPV4_PORT | The port on which to listen for IPFIX messages via TCP | 4739
 ELASTIFLOW_IPFIX_UDP_IPV4_HOST | The IP address on which to listen for IPFIX messages via UDP | 0.0.0.0
@@ -318,6 +366,7 @@ ELASTIFLOW_IPFIX_UDP_IPV6_HOST | The IP address on which to listen for IPFIX mes
 ELASTIFLOW_IPFIX_UDP_IPV6_PORT | The port on which to listen for IPFIX messages via UDP | 54739
 ELASTIFLOW_IPFIX_UDP_WORKERS | The number of IPFIX input threads | 4
 ELASTIFLOW_IPFIX_UDP_QUEUE_SIZE | The number of unprocessed IPFIX UDP packets the input can buffer | 4096
+ELASTIFLOW_IPFIX_UDP_RCV_BUFF | The socket receive buffer size (bytes) for IPFIX | 33554432
 
 # Recommended Setting for timepicker:quickRanges
 I recommend configuring `timepicker:quickRanges` for the setting below. The result will look like this:
diff --git a/kibana/elastiflow.dashboards.6.3.x.json b/kibana/elastiflow.dashboards.6.3.x.json
index 1fde208..e4ac37b 100644
--- a/kibana/elastiflow.dashboards.6.3.x.json
+++ b/kibana/elastiflow.dashboards.6.3.x.json
@@ -228,18 +228,18 @@
     }
   },
   {
-    "_id": "04157d70-6591-11e7-bfc3-d74b7bb89482",
+    "_id": "653cf1e0-2fd2-11e7-99ed-49759aed30f5",
     "_type": "dashboard",
     "_source": {
-      "title": "ElastiFlow: Flow Exporters",
+      "title": "ElastiFlow: Overview",
       "hits": 0,
       "description": "",
-      "panelsJSON": "[{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":1,\"i\":\"12\"},\"title\":\"\",\"type\":\"visualization\",\"id\":\"AWFhSJtiugC1WJLdzqel\",\"version\":\"6.2.1\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":10,\"y\":0,\"w\":2,\"h\":1,\"i\":\"13\"},\"title\":\"\",\"type\":\"visualization\",\"id\":\"AWFhGnANugC1WJLdzaom\",\"version\":\"6.2.1\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":10,\"y\":1,\"w\":2,\"h\":1,\"i\":\"14\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":1,\"w\":10,\"h\":1,\"i\":\"15\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"a65eb880-5609-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":6,\"y\":2,\"w\":6,\"h\":3,\"i\":\"16\"},\"title\":\"Egress Interfaces (bits/s)\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"1f0f0340-55d6-11e8-a695-171fb712da36\"},{\"panelIndex\":\"18\",\"gridData\":{\"x\":0,\"y\":2,\"w\":6,\"h\":3,\"i\":\"18\"},\"title\":\"Ingress Interfaces (bits/s)\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"86262810-55d6-11e8-a695-171fb712da36\"},{\"title\":\"Ingress Interfaces (pkts/s)\",\"panelIndex\":\"19\",\"gridData\":{\"x\":0,\"y\":5,\"w\":6,\"h\":3,\"i\":\"19\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"b79dce60-5613-11e8-b711-83a5f93b17f3\"},{\"title\":\"Egress Interfaces (pkts/s)\",\"panelIndex\":\"20\",\"gridData\":{\"x\":6,\"y\":5,\"w\":6,\"h\":3,\"i\":\"20\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"c481fa20-5613-11e8-b711-83a5f93b17f3\"}]",
+      "panelsJSON": "[{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":0,\"w\":40,\"h\":5,\"i\":\"17\"},\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"34\",\"gridData\":{\"x\":16,\"y\":10,\"w\":16,\"h\":15,\"i\":\"34\"},\"id\":\"36e56dc0-801a-11e7-8b60-018ea0aa61a0\",\"title\":\"Services (bytes)\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"35\",\"gridData\":{\"x\":40,\"y\":0,\"w\":8,\"h\":5,\"i\":\"35\"},\"id\":\"AWFhGnANugC1WJLdzaom\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"36\",\"gridData\":{\"x\":0,\"y\":5,\"w\":40,\"h\":5,\"i\":\"36\"},\"id\":\"95799400-55b3-11e8-a1f3-452446793d46\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"37\",\"gridData\":{\"x\":0,\"y\":25,\"w\":16,\"h\":15,\"i\":\"37\"},\"id\":\"98519990-55bb-11e8-a1f3-452446793d46\",\"title\":\"Autonomous Systems (bytes)\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"39\",\"gridData\":{\"x\":16,\"y\":25,\"w\":16,\"h\":15,\"i\":\"39\"},\"id\":\"7b10dd00-55e3-11e8-b711-83a5f93b17f3\",\"title\":\"IP Versions and Protocols (bytes)\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"40\",\"gridData\":{\"x\":0,\"y\":10,\"w\":16,\"h\":15,\"i\":\"40\"},\"id\":\"cc28fff0-801f-11e7-8a72-651c4183643b\",\"title\":\"Servers and Clients (bytes)\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":32,\"y\":10,\"w\":16,\"h\":10,\"i\":\"41\"},\"id\":\"4b025da0-55e8-11e8-b711-83a5f93b17f3\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"42\",\"gridData\":{\"x\":32,\"y\":20,\"w\":16,\"h\":25,\"i\":\"42\"},\"title\":\"\",\"version\":\"6.3.0\",\"type\":\"visualization\",\"id\":\"4c2019f0-55f9-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"43\",\"gridData\":{\"x\":40,\"y\":5,\"w\":8,\"h\":5,\"i\":\"43\"},\"title\":\"\",\"version\":\"6.3.0\",\"type\":\"visualization\",\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\",\"embeddableConfig\":{}}]",
       "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}",
       "version": 1,
       "timeRestore": false,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
       }
     },
     "_meta": {
@@ -253,7 +253,7 @@
       "title": "ElastiFlow: Sankey (src/dst)",
       "hits": 0,
       "description": "",
-      "panelsJSON": "[{\"panelIndex\":\"35\",\"gridData\":{\"x\":10,\"y\":0,\"w\":2,\"h\":1,\"i\":\"35\"},\"id\":\"AWFhGnANugC1WJLdzaom\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.2.1\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":1,\"i\":\"41\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"e294aae0-5626-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"43\",\"gridData\":{\"x\":10,\"y\":1,\"w\":2,\"h\":1,\"i\":\"43\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"44\",\"gridData\":{\"x\":7,\"y\":0,\"w\":3,\"h\":1,\"i\":\"44\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"9d8962a0-5627-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"45\",\"gridData\":{\"x\":0,\"y\":1,\"w\":10,\"h\":1,\"i\":\"45\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"17c29c50-55bd-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"46\",\"gridData\":{\"x\":0,\"y\":5,\"w\":3,\"h\":2,\"i\":\"46\"},\"title\":\"Destinations (flow records)\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"4f3525d0-2fc7-11e7-8936-6f5fd5520124\"},{\"panelIndex\":\"48\",\"gridData\":{\"x\":0,\"y\":3,\"w\":3,\"h\":2,\"i\":\"48\"},\"title\":\"Sources (flow records)\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"1e7d8770-2fc7-11e7-8936-6f5fd5520124\"},{\"panelIndex\":\"49\",\"gridData\":{\"x\":0,\"y\":2,\"w\":3,\"h\":1,\"i\":\"49\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"89935300-5631-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"50\",\"gridData\":{\"x\":3,\"y\":2,\"w\":9,\"h\":7,\"i\":\"50\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"cd197750-562f-11e8-b711-83a5f93b17f3\"},{\"title\":\"Destination Ports (flow records)\",\"panelIndex\":\"51\",\"gridData\":{\"x\":0,\"y\":7,\"w\":3,\"h\":2,\"i\":\"51\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"6f6d05b0-2fc8-11e7-bf24-57efade8fd83\"}]",
+      "panelsJSON": "[{\"panelIndex\":\"35\",\"gridData\":{\"x\":40,\"y\":0,\"w\":8,\"h\":5,\"i\":\"35\"},\"id\":\"AWFhGnANugC1WJLdzaom\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":5,\"i\":\"41\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"e294aae0-5626-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"43\",\"gridData\":{\"x\":40,\"y\":5,\"w\":8,\"h\":5,\"i\":\"43\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"44\",\"gridData\":{\"x\":28,\"y\":0,\"w\":12,\"h\":5,\"i\":\"44\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"9d8962a0-5627-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"45\",\"gridData\":{\"x\":0,\"y\":5,\"w\":40,\"h\":5,\"i\":\"45\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"17c29c50-55bd-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"46\",\"gridData\":{\"x\":0,\"y\":20,\"w\":12,\"h\":10,\"i\":\"46\"},\"title\":\"Destinations (flow records)\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"4f3525d0-2fc7-11e7-8936-6f5fd5520124\"},{\"panelIndex\":\"48\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":10,\"i\":\"48\"},\"title\":\"Sources (flow records)\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"1e7d8770-2fc7-11e7-8936-6f5fd5520124\"},{\"panelIndex\":\"50\",\"gridData\":{\"x\":12,\"y\":10,\"w\":36,\"h\":35,\"i\":\"50\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"cd197750-562f-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"51\",\"gridData\":{\"x\":0,\"y\":30,\"w\":12,\"h\":10,\"i\":\"51\"},\"title\":\"Destination Ports (flow records)\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"6f6d05b0-2fc8-11e7-bf24-57efade8fd83\"}]",
       "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}",
       "version": 1,
       "timeRestore": false,
@@ -266,13 +266,13 @@
     }
   },
   {
-    "_id": "757d59f0-5628-11e8-b711-83a5f93b17f3",
+    "_id": "d7124e80-5625-11e8-b711-83a5f93b17f3",
     "_type": "dashboard",
     "_source": {
-      "title": "ElastiFlow: Sankey (AS)",
+      "title": "ElastiFlow: Sankey (client/server)",
       "hits": 0,
       "description": "",
-      "panelsJSON": "[{\"panelIndex\":\"35\",\"gridData\":{\"x\":10,\"y\":0,\"w\":2,\"h\":1,\"i\":\"35\"},\"id\":\"AWFhGnANugC1WJLdzaom\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.2.1\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":1,\"i\":\"41\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"e294aae0-5626-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"43\",\"gridData\":{\"x\":10,\"y\":1,\"w\":2,\"h\":1,\"i\":\"43\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"44\",\"gridData\":{\"x\":7,\"y\":0,\"w\":3,\"h\":1,\"i\":\"44\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"af2a2c10-5627-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"45\",\"gridData\":{\"x\":0,\"y\":1,\"w\":10,\"h\":1,\"i\":\"45\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"e3c2e2c0-5607-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"46\",\"gridData\":{\"x\":0,\"y\":5,\"w\":3,\"h\":2,\"i\":\"46\"},\"title\":\"Destination AS (flow records)\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"77255120-55c6-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"47\",\"gridData\":{\"x\":0,\"y\":3,\"w\":3,\"h\":2,\"i\":\"47\"},\"title\":\"Source AS (flow records)\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"4c52f1f0-55c6-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"48\",\"gridData\":{\"x\":0,\"y\":7,\"w\":3,\"h\":2,\"i\":\"48\"},\"title\":\"Services (flow records)\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"be065300-801a-11e7-a69e-1db8cf608fe4\"},{\"panelIndex\":\"49\",\"gridData\":{\"x\":0,\"y\":2,\"w\":3,\"h\":1,\"i\":\"49\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"89935300-5631-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"50\",\"gridData\":{\"x\":3,\"y\":2,\"w\":9,\"h\":7,\"i\":\"50\"},\"title\":\"\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"00a54450-5630-11e8-b711-83a5f93b17f3\"}]",
+      "panelsJSON": "[{\"panelIndex\":\"35\",\"gridData\":{\"x\":40,\"y\":0,\"w\":8,\"h\":5,\"i\":\"35\"},\"id\":\"AWFhGnANugC1WJLdzaom\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"36\",\"gridData\":{\"x\":0,\"y\":5,\"w\":40,\"h\":5,\"i\":\"36\"},\"id\":\"95799400-55b3-11e8-a1f3-452446793d46\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":5,\"i\":\"41\"},\"id\":\"e294aae0-5626-11e8-b711-83a5f93b17f3\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"42\",\"gridData\":{\"x\":28,\"y\":0,\"w\":12,\"h\":5,\"i\":\"42\"},\"id\":\"2fbcb650-5627-11e8-b711-83a5f93b17f3\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"43\",\"gridData\":{\"x\":40,\"y\":5,\"w\":8,\"h\":5,\"i\":\"43\"},\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"44\",\"gridData\":{\"x\":12,\"y\":10,\"w\":36,\"h\":35,\"i\":\"44\"},\"id\":\"c824e870-5629-11e8-b711-83a5f93b17f3\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"45\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":10,\"i\":\"45\"},\"id\":\"69f4d440-8019-11e7-af24-27fa1061e1bd\",\"title\":\"Clients (flow records)\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"46\",\"gridData\":{\"x\":0,\"y\":20,\"w\":12,\"h\":10,\"i\":\"46\"},\"id\":\"aa56f4e0-801a-11e7-a69e-1db8cf608fe4\",\"title\":\"Servers (flow records)\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"47\",\"gridData\":{\"x\":0,\"y\":30,\"w\":12,\"h\":10,\"i\":\"47\"},\"id\":\"be065300-801a-11e7-a69e-1db8cf608fe4\",\"title\":\"Services (flow records)\",\"type\":\"visualization\",\"version\":\"6.3.2\"}]",
       "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}",
       "version": 1,
       "timeRestore": false,
@@ -285,13 +285,13 @@
     }
   },
   {
-    "_id": "d7124e80-5625-11e8-b711-83a5f93b17f3",
+    "_id": "757d59f0-5628-11e8-b711-83a5f93b17f3",
     "_type": "dashboard",
     "_source": {
-      "title": "ElastiFlow: Sankey (client/server)",
+      "title": "ElastiFlow: Sankey (AS)",
       "hits": 0,
       "description": "",
-      "panelsJSON": "[{\"panelIndex\":\"35\",\"gridData\":{\"x\":10,\"y\":0,\"w\":2,\"h\":1,\"i\":\"35\"},\"id\":\"AWFhGnANugC1WJLdzaom\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.2.1\"},{\"panelIndex\":\"36\",\"gridData\":{\"x\":0,\"y\":1,\"w\":10,\"h\":1,\"i\":\"36\"},\"id\":\"95799400-55b3-11e8-a1f3-452446793d46\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":1,\"i\":\"41\"},\"id\":\"e294aae0-5626-11e8-b711-83a5f93b17f3\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"42\",\"gridData\":{\"x\":7,\"y\":0,\"w\":3,\"h\":1,\"i\":\"42\"},\"id\":\"2fbcb650-5627-11e8-b711-83a5f93b17f3\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"43\",\"gridData\":{\"x\":10,\"y\":1,\"w\":2,\"h\":1,\"i\":\"43\"},\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"44\",\"gridData\":{\"x\":3,\"y\":2,\"w\":9,\"h\":7,\"i\":\"44\"},\"id\":\"c824e870-5629-11e8-b711-83a5f93b17f3\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"45\",\"gridData\":{\"x\":0,\"y\":3,\"w\":3,\"h\":2,\"i\":\"45\"},\"id\":\"69f4d440-8019-11e7-af24-27fa1061e1bd\",\"title\":\"Clients (flow records)\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"46\",\"gridData\":{\"x\":0,\"y\":5,\"w\":3,\"h\":2,\"i\":\"46\"},\"id\":\"aa56f4e0-801a-11e7-a69e-1db8cf608fe4\",\"title\":\"Servers (flow records)\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"47\",\"gridData\":{\"x\":0,\"y\":7,\"w\":3,\"h\":2,\"i\":\"47\"},\"id\":\"be065300-801a-11e7-a69e-1db8cf608fe4\",\"title\":\"Services (flow records)\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"48\",\"gridData\":{\"x\":0,\"y\":2,\"w\":3,\"h\":1,\"i\":\"48\"},\"id\":\"89935300-5631-11e8-b711-83a5f93b17f3\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.2.4\"}]",
+      "panelsJSON": "[{\"panelIndex\":\"35\",\"gridData\":{\"x\":40,\"y\":0,\"w\":8,\"h\":5,\"i\":\"35\"},\"id\":\"AWFhGnANugC1WJLdzaom\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":5,\"i\":\"41\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"e294aae0-5626-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"43\",\"gridData\":{\"x\":40,\"y\":5,\"w\":8,\"h\":5,\"i\":\"43\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"44\",\"gridData\":{\"x\":28,\"y\":0,\"w\":12,\"h\":5,\"i\":\"44\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"af2a2c10-5627-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"45\",\"gridData\":{\"x\":0,\"y\":5,\"w\":40,\"h\":5,\"i\":\"45\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"e3c2e2c0-5607-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"46\",\"gridData\":{\"x\":0,\"y\":20,\"w\":12,\"h\":10,\"i\":\"46\"},\"title\":\"Destination AS (flow records)\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"77255120-55c6-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"47\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":10,\"i\":\"47\"},\"title\":\"Source AS (flow records)\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"4c52f1f0-55c6-11e8-a1f3-452446793d46\"},{\"panelIndex\":\"48\",\"gridData\":{\"x\":0,\"y\":30,\"w\":12,\"h\":10,\"i\":\"48\"},\"title\":\"Services (flow records)\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"be065300-801a-11e7-a69e-1db8cf608fe4\"},{\"panelIndex\":\"50\",\"gridData\":{\"x\":12,\"y\":10,\"w\":36,\"h\":35,\"i\":\"50\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"00a54450-5630-11e8-b711-83a5f93b17f3\"}]",
       "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}",
       "version": 1,
       "timeRestore": false,
@@ -304,13 +304,13 @@
     }
   },
   {
-    "_id": "653cf1e0-2fd2-11e7-99ed-49759aed30f5",
+    "_id": "04157d70-6591-11e7-bfc3-d74b7bb89482",
     "_type": "dashboard",
     "_source": {
-      "title": "ElastiFlow: Overview",
+      "title": "ElastiFlow: Flow Exporters",
       "hits": 0,
       "description": "",
-      "panelsJSON": "[{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":0,\"w\":40,\"h\":5,\"i\":\"17\"},\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"34\",\"gridData\":{\"x\":16,\"y\":10,\"w\":16,\"h\":15,\"i\":\"34\"},\"id\":\"36e56dc0-801a-11e7-8b60-018ea0aa61a0\",\"title\":\"Services (bytes)\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"35\",\"gridData\":{\"x\":40,\"y\":0,\"w\":8,\"h\":5,\"i\":\"35\"},\"id\":\"AWFhGnANugC1WJLdzaom\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"36\",\"gridData\":{\"x\":0,\"y\":5,\"w\":40,\"h\":5,\"i\":\"36\"},\"id\":\"95799400-55b3-11e8-a1f3-452446793d46\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"37\",\"gridData\":{\"x\":0,\"y\":25,\"w\":16,\"h\":15,\"i\":\"37\"},\"id\":\"98519990-55bb-11e8-a1f3-452446793d46\",\"title\":\"Autonomous Systems (bytes)\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"39\",\"gridData\":{\"x\":16,\"y\":25,\"w\":16,\"h\":15,\"i\":\"39\"},\"id\":\"7b10dd00-55e3-11e8-b711-83a5f93b17f3\",\"title\":\"IP Versions and Protocols (bytes)\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"40\",\"gridData\":{\"x\":0,\"y\":10,\"w\":16,\"h\":15,\"i\":\"40\"},\"id\":\"cc28fff0-801f-11e7-8a72-651c4183643b\",\"title\":\"Servers and Clients (bytes)\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":32,\"y\":10,\"w\":16,\"h\":10,\"i\":\"41\"},\"id\":\"4b025da0-55e8-11e8-b711-83a5f93b17f3\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"panelIndex\":\"42\",\"gridData\":{\"x\":32,\"y\":20,\"w\":16,\"h\":25,\"i\":\"42\"},\"title\":\"\",\"version\":\"6.3.0\",\"type\":\"visualization\",\"id\":\"4c2019f0-55f9-11e8-b711-83a5f93b17f3\"},{\"panelIndex\":\"43\",\"gridData\":{\"x\":40,\"y\":5,\"w\":8,\"h\":5,\"i\":\"43\"},\"title\":\"\",\"version\":\"6.3.0\",\"type\":\"visualization\",\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\",\"embeddableConfig\":{}}]",
+      "panelsJSON": "[{\"gridData\":{\"h\":5,\"i\":\"12\",\"w\":40,\"x\":0,\"y\":0},\"id\":\"AWFhSJtiugC1WJLdzqel\",\"panelIndex\":\"12\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"gridData\":{\"h\":5,\"i\":\"13\",\"w\":8,\"x\":40,\"y\":0},\"id\":\"AWFhGnANugC1WJLdzaom\",\"panelIndex\":\"13\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"gridData\":{\"h\":5,\"i\":\"14\",\"w\":8,\"x\":40,\"y\":5},\"id\":\"8fee97e0-55b5-11e8-a1f3-452446793d46\",\"panelIndex\":\"14\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"gridData\":{\"h\":5,\"i\":\"15\",\"w\":40,\"x\":0,\"y\":5},\"id\":\"a65eb880-5609-11e8-b711-83a5f93b17f3\",\"panelIndex\":\"15\",\"title\":\"\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"gridData\":{\"h\":15,\"i\":\"16\",\"w\":24,\"x\":24,\"y\":10},\"id\":\"1f0f0340-55d6-11e8-a695-171fb712da36\",\"panelIndex\":\"16\",\"title\":\"Egress Interfaces (bits/s)\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"gridData\":{\"h\":15,\"i\":\"18\",\"w\":24,\"x\":0,\"y\":10},\"id\":\"86262810-55d6-11e8-a695-171fb712da36\",\"panelIndex\":\"18\",\"title\":\"Ingress Interfaces (bits/s)\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"gridData\":{\"h\":15,\"i\":\"19\",\"w\":24,\"x\":0,\"y\":25},\"id\":\"b79dce60-5613-11e8-b711-83a5f93b17f3\",\"panelIndex\":\"19\",\"title\":\"Ingress Interfaces (pkts/s)\",\"type\":\"visualization\",\"version\":\"6.3.2\"},{\"gridData\":{\"h\":15,\"i\":\"20\",\"w\":24,\"x\":24,\"y\":25},\"id\":\"c481fa20-5613-11e8-b711-83a5f93b17f3\",\"panelIndex\":\"20\",\"title\":\"Egress Interfaces (pkts/s)\",\"type\":\"visualization\",\"version\":\"6.3.2\"}]",
       "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false}",
       "version": 1,
       "timeRestore": false,
@@ -322,6 +322,25 @@
       "savedObjectVersion": 2
     }
   },
+  {
+    "_id": "7332d840-90c1-11e8-939c-451bb6b059ba",
+    "_type": "dashboard",
+    "_source": {
+      "title": "ElastiFlow: Riverbed Example",
+      "hits": 0,
+      "description": "",
+      "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":15,\"i\":\"1\"},\"title\":\"Riverbed FE Types (flow records)\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"faacc4e0-90bf-11e8-939c-451bb6b059ba\",\"embeddableConfig\":{}},{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":30,\"w\":14,\"h\":15,\"i\":\"2\"},\"title\":\"Riverbed Pass-Through Reasons (flow records)\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"365fd1d0-90c0-11e8-939c-451bb6b059ba\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":15,\"w\":14,\"h\":15,\"i\":\"3\"},\"title\":\"Riverbed WAN Visibility (flow records)\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"aff8d140-90c0-11e8-939c-451bb6b059ba\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"x\":14,\"y\":0,\"w\":34,\"h\":45,\"i\":\"4\"},\"title\":\"\",\"version\":\"6.3.2\",\"type\":\"visualization\",\"id\":\"c824e870-5629-11e8-b711-83a5f93b17f3\",\"embeddableConfig\":{}}]",
+      "optionsJSON": "{\"darkTheme\":false,\"useMargins\":false,\"hidePanelTitles\":false}",
+      "version": 1,
+      "timeRestore": false,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
   {
     "_id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5",
     "_type": "search",
@@ -805,28 +824,11 @@
     }
   },
   {
-    "_id": "11b0a5d0-55d3-11e8-a695-171fb712da36",
-    "_type": "visualization",
-    "_source": {
-      "title": "ElastiFlow: Servers (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Servers (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.server_hostname\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
-      "uiStateJSON": "{}",
-      "description": "",
-      "version": 1,
-      "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
-      }
-    },
-    "_meta": {
-      "savedObjectVersion": 2
-    }
-  },
-  {
-    "_id": "86262810-55d6-11e8-a695-171fb712da36",
+    "_id": "4023c4b0-55ce-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Ingress Interfaces (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Autonomous Systems (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -839,11 +841,11 @@
     }
   },
   {
-    "_id": "1f0f0340-55d6-11e8-a695-171fb712da36",
+    "_id": "ce773100-55cb-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Egress Interfaces (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Applications (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Applications (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.application\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -856,11 +858,11 @@
     }
   },
   {
-    "_id": "114eba40-55d4-11e8-a695-171fb712da36",
+    "_id": "fb44e2a0-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Protocols (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: IP Protocols (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_protocol\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Cities (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Cities (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -873,11 +875,11 @@
     }
   },
   {
-    "_id": "a109f3f0-55d1-11e8-a695-171fb712da36",
+    "_id": "c7534460-55d8-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: TCP Flags (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: TCP Flags (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Exporters (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -890,11 +892,11 @@
     }
   },
   {
-    "_id": "f54e7b80-55d0-11e8-a695-171fb712da36",
+    "_id": "d2606630-55d8-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: VLANs (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: VLANs (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Exporters (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -907,11 +909,11 @@
     }
   },
   {
-    "_id": "05aa2550-55d2-11e8-a695-171fb712da36",
+    "_id": "561570b0-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Locality (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Countries (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Countries (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.country\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -924,11 +926,11 @@
     }
   },
   {
-    "_id": "f4939a80-55d1-11e8-a695-171fb712da36",
+    "_id": "b48fcce0-55d8-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Locality (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Exporters (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -941,11 +943,11 @@
     }
   },
   {
-    "_id": "28ddcaf0-55d1-11e8-a695-171fb712da36",
+    "_id": "1d773d80-55dc-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Types of Service (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Types of Service (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Record Count - TSVB (metric)",
+      "visState": "{\"title\":\"ElastiFlow: Flow Record Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"bdd65820-55db-11e8-a230-6b3654bd4d61\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"label\":\"Flow Records\",\"terms_field\":\"event.type\",\"terms_size\":\"25\",\"filter\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"background_color_rules\":[{\"id\":\"c5d26960-55db-11e8-a230-6b3654bd4d61\"}]},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -958,11 +960,11 @@
     }
   },
   {
-    "_id": "3d778910-55d1-11e8-a695-171fb712da36",
+    "_id": "f7b9c440-55d2-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Types of Service (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Types of Service (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Servers (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Servers (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.server_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -975,11 +977,11 @@
     }
   },
   {
-    "_id": "8e644b60-55d6-11e8-a695-171fb712da36",
+    "_id": "d6729740-55d1-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Ingress Interfaces (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Traffic Locality (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -992,11 +994,11 @@
     }
   },
   {
-    "_id": "05719e40-55d4-11e8-a695-171fb712da36",
+    "_id": "532f1340-55d1-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Protocols (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: IP Protocols (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.ip_protocol\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Types of Service (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Types of Service (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1009,11 +1011,11 @@
     }
   },
   {
-    "_id": "2e0f7f50-55d6-11e8-a695-171fb712da36",
+    "_id": "11b0a5d0-55d3-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Egress Interfaces (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Servers (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Servers (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.server_hostname\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1026,11 +1028,11 @@
     }
   },
   {
-    "_id": "25b5bdb0-55d6-11e8-a695-171fb712da36",
+    "_id": "86262810-55d6-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Egress Interfaces (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Ingress Interfaces (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1043,11 +1045,11 @@
     }
   },
   {
-    "_id": "96e6a3a0-55d6-11e8-a695-171fb712da36",
+    "_id": "1f0f0340-55d6-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Ingress Interfaces (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Egress Interfaces (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1060,11 +1062,11 @@
     }
   },
   {
-    "_id": "7884d160-55d7-11e8-a695-171fb712da36",
+    "_id": "114eba40-55d4-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Ports (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destination Ports (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: IP Protocols (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: IP Protocols (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_protocol\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1077,11 +1079,11 @@
     }
   },
   {
-    "_id": "dccd45d0-55d7-11e8-a695-171fb712da36",
+    "_id": "a109f3f0-55d1-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destinations (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: TCP Flags (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: TCP Flags (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1094,11 +1096,11 @@
     }
   },
   {
-    "_id": "70733c50-55d7-11e8-a695-171fb712da36",
+    "_id": "f54e7b80-55d0-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Ports (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destination Ports (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: VLANs (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: VLANs (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1111,11 +1113,11 @@
     }
   },
   {
-    "_id": "e68a40f0-55d7-11e8-a695-171fb712da36",
+    "_id": "25b5bdb0-55d6-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destinations (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Egress Interfaces (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1128,11 +1130,11 @@
     }
   },
   {
-    "_id": "6486b700-55d7-11e8-a695-171fb712da36",
+    "_id": "2e0f7f50-55d6-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Ports (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destination Ports (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Egress Interfaces (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1145,11 +1147,11 @@
     }
   },
   {
-    "_id": "1fb54370-55d8-11e8-a695-171fb712da36",
+    "_id": "96e6a3a0-55d6-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Ports (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Source Ports (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Ingress Interfaces (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1162,11 +1164,11 @@
     }
   },
   {
-    "_id": "f058c840-55d7-11e8-a695-171fb712da36",
+    "_id": "7884d160-55d7-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destinations (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destination Ports (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destination Ports (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1179,11 +1181,11 @@
     }
   },
   {
-    "_id": "6f3cf880-55d2-11e8-a695-171fb712da36",
+    "_id": "dccd45d0-55d7-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sources (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Sources (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.src_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destinations (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destinations (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1196,11 +1198,11 @@
     }
   },
   {
-    "_id": "cebac580-55d2-11e8-a695-171fb712da36",
+    "_id": "70733c50-55d7-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Services (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Services (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destination Ports (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destination Ports (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1315,11 +1317,11 @@
     }
   },
   {
-    "_id": "9d557dd0-55d9-11e8-a695-171fb712da36",
+    "_id": "05aa2550-55d2-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Clients (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Clients (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Traffic Locality (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1332,11 +1334,11 @@
     }
   },
   {
-    "_id": "c6e39d30-55d9-11e8-a695-171fb712da36",
+    "_id": "f4939a80-55d1-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Cities (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Cities (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Traffic Locality (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1349,11 +1351,11 @@
     }
   },
   {
-    "_id": "2b35e790-55d8-11e8-a695-171fb712da36",
+    "_id": "28ddcaf0-55d1-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Ports (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Source Ports (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Types of Service (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Types of Service (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1366,11 +1368,11 @@
     }
   },
   {
-    "_id": "4aad7a20-55d8-11e8-a695-171fb712da36",
+    "_id": "3d778910-55d1-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Ports (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Source Ports (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Types of Service (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Types of Service (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1383,11 +1385,11 @@
     }
   },
   {
-    "_id": "81128960-55d9-11e8-a695-171fb712da36",
+    "_id": "8e644b60-55d6-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Clients (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Clients (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Ingress Interfaces (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1400,11 +1402,11 @@
     }
   },
   {
-    "_id": "71b7df60-55d9-11e8-a695-171fb712da36",
+    "_id": "05719e40-55d4-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Countries (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Countries (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.country\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: IP Protocols (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: IP Protocols (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.ip_protocol\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1417,11 +1419,11 @@
     }
   },
   {
-    "_id": "4023c4b0-55ce-11e8-a695-171fb712da36",
+    "_id": "e68a40f0-55d7-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Autonomous Systems (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destinations (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destinations (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1434,11 +1436,11 @@
     }
   },
   {
-    "_id": "ce773100-55cb-11e8-a695-171fb712da36",
+    "_id": "6486b700-55d7-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Applications (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Applications (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.application\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destination Ports (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destination Ports (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1451,11 +1453,11 @@
     }
   },
   {
-    "_id": "fb44e2a0-55d9-11e8-a695-171fb712da36",
+    "_id": "1fb54370-55d8-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Cities (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Cities (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Source Ports (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Source Ports (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1468,11 +1470,11 @@
     }
   },
   {
-    "_id": "c824e870-5629-11e8-b711-83a5f93b17f3",
+    "_id": "f058c840-55d7-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sankey Client/Server (flow records) - vega",
-      "visState": "{\"title\":\"ElastiFlow: Sankey Client/Server (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.client_hostname\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.server_hostname\\\"}}}\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"field\\\": \\\"stk1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"encode\\\": {\\\"labels\\\": {\\\"update\\\": {\\\"fontSize\\\": {\\\"value\\\": 12}}}}\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.75 : 0.3\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.75}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destinations (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destinations (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1485,11 +1487,11 @@
     }
   },
   {
-    "_id": "c7534460-55d8-11e8-a695-171fb712da36",
+    "_id": "6f3cf880-55d2-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Exporters (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Sources (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Sources (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.src_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1502,11 +1504,11 @@
     }
   },
   {
-    "_id": "d2606630-55d8-11e8-a695-171fb712da36",
+    "_id": "cebac580-55d2-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Exporters (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Services (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Services (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1519,11 +1521,11 @@
     }
   },
   {
-    "_id": "644c9760-55db-11e8-a695-171fb712da36",
+    "_id": "9d557dd0-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Types (flow records) - TSVB (stacked bar)",
-      "visState": "{\"title\":\"ElastiFlow: Flow Types (flow records) - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"label\":\"Flows\",\"terms_field\":\"event.type\",\"terms_size\":\"25\",\"filter\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Clients (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Clients (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1536,11 +1538,11 @@
     }
   },
   {
-    "_id": "f15da330-55d9-11e8-a695-171fb712da36",
+    "_id": "c6e39d30-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Cities (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Cities (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Cities (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Cities (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1553,11 +1555,11 @@
     }
   },
   {
-    "_id": "cdb8b440-55d1-11e8-a695-171fb712da36",
+    "_id": "2b35e790-55d8-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Locality (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Source Ports (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Source Ports (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1570,11 +1572,11 @@
     }
   },
   {
-    "_id": "446257c0-55d9-11e8-a695-171fb712da36",
+    "_id": "4aad7a20-55d8-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Countries (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Countries (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.country\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Source Ports (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Source Ports (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1587,11 +1589,11 @@
     }
   },
   {
-    "_id": "d3271c20-55d9-11e8-a695-171fb712da36",
+    "_id": "81128960-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Cities (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Cities (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Clients (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Clients (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1604,11 +1606,11 @@
     }
   },
   {
-    "_id": "8dd6aa00-55d9-11e8-a695-171fb712da36",
+    "_id": "71b7df60-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Clients (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Clients (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.client_hostname\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Countries (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Countries (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.country\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1621,11 +1623,11 @@
     }
   },
   {
-    "_id": "561570b0-55d9-11e8-a695-171fb712da36",
+    "_id": "644c9760-55db-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Countries (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Countries (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.country\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Types (flow records) - TSVB (stacked bar)",
+      "visState": "{\"title\":\"ElastiFlow: Flow Types (flow records) - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"label\":\"Flows\",\"terms_field\":\"event.type\",\"terms_size\":\"25\",\"filter\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1638,11 +1640,11 @@
     }
   },
   {
-    "_id": "b48fcce0-55d8-11e8-a695-171fb712da36",
+    "_id": "f15da330-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Exporters (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Cities (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Cities (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1655,11 +1657,11 @@
     }
   },
   {
-    "_id": "1d773d80-55dc-11e8-a695-171fb712da36",
+    "_id": "cdb8b440-55d1-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Record Count - TSVB (metric)",
-      "visState": "{\"title\":\"ElastiFlow: Flow Record Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"bdd65820-55db-11e8-a230-6b3654bd4d61\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"label\":\"Flow Records\",\"terms_field\":\"event.type\",\"terms_size\":\"25\",\"filter\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"background_color_rules\":[{\"id\":\"c5d26960-55db-11e8-a230-6b3654bd4d61\"}]},\"aggs\":[]}",
+      "title": "ElastiFlow: Traffic Locality (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1672,11 +1674,11 @@
     }
   },
   {
-    "_id": "f7b9c440-55d2-11e8-a695-171fb712da36",
+    "_id": "446257c0-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Servers (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Servers (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.server_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Countries (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Countries (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.country\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1689,11 +1691,11 @@
     }
   },
   {
-    "_id": "d6729740-55d1-11e8-a695-171fb712da36",
+    "_id": "d3271c20-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Locality (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Cities (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Cities (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1706,11 +1708,11 @@
     }
   },
   {
-    "_id": "532f1340-55d1-11e8-a695-171fb712da36",
+    "_id": "8dd6aa00-55d9-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Types of Service (flow records) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Types of Service (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Clients (flow records) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Clients (flow records) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Flow Records\",\"terms_field\":\"flow.client_hostname\",\"terms_size\":\"100\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1723,16 +1725,16 @@
     }
   },
   {
-    "_id": "64d369b0-55d2-11e8-a695-171fb712da36",
+    "_id": "26e166f0-2fe2-11e7-9d02-3f49bde5c1d5",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sources (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Sources (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: NAV: Overview",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Overview\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[**Overview**](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -1740,16 +1742,16 @@
     }
   },
   {
-    "_id": "b22f5660-55d2-11e8-a695-171fb712da36",
+    "_id": "AWFhSJtiugC1WJLdzqel",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Services (bits/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Services (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: NAV: Exporters",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Exporters\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [**Exporters**](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -1757,11 +1759,11 @@
     }
   },
   {
-    "_id": "beb869d0-55d2-11e8-a695-171fb712da36",
+    "_id": "d45c0d50-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Services (bytes) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Services (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destination Autonomous Systems (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"5b93e7e0-5612-11e8-b71a-cfa3c16427ce\",\"type\":\"calculation\",\"variables\":[{\"id\":\"5f2c77f0-5612-11e8-b71a-cfa3c16427ce\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.dst_autonomous_system: private\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1774,16 +1776,16 @@
     }
   },
   {
-    "_id": "c3861b50-55ce-11e8-a695-171fb712da36",
+    "_id": "9d8962a0-5627-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Client Autonomous Systems (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.client_autonomous_system: private\"},\"aggs\":[]}",
+      "title": "ElastiFlow: NAV: Sankey (src/dst)",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Sankey (src/dst)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Client/Server](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [**Src/Dst**](#/dashboard/4b86b4c0-5628-11e8-b711-83a5f93b17f3) | [AS](#/dashboard/757d59f0-5628-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -1791,11 +1793,11 @@
     }
   },
   {
-    "_id": "266da690-55d7-11e8-a695-171fb712da36",
+    "_id": "854eee30-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Ports (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destination Ports (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Source Autonomous Systems (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"eb6ed730-5612-11e8-88fd-2774a33bc32f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f0d103b0-5612-11e8-88fd-2774a33bc32f\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.src_autonomous_system: private\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1808,11 +1810,11 @@
     }
   },
   {
-    "_id": "9e614fe0-55d6-11e8-a695-171fb712da36",
+    "_id": "39c991b0-55d0-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Ingress Interfaces (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Source Autonomous Systems (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.src_autonomous_system: private\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1825,11 +1827,11 @@
     }
   },
   {
-    "_id": "39a495d0-55d6-11e8-a695-171fb712da36",
+    "_id": "f279d050-55d3-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Egress Interfaces (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: IP Protocols (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: IP Protocols (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_protocol\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1842,11 +1844,11 @@
     }
   },
   {
-    "_id": "deb4d510-55d8-11e8-a695-171fb712da36",
+    "_id": "822d3da0-55d8-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Exporters (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Source Ports (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Source Ports (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1859,16 +1861,16 @@
     }
   },
   {
-    "_id": "f98654a0-55d7-11e8-a695-171fb712da36",
+    "_id": "AWFhSAAsugC1WJLdzqUH",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destinations (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: NAV: Autonomous Systems",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Autonomous Systems\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [**AS Traffic**](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -1876,11 +1878,11 @@
     }
   },
   {
-    "_id": "ae3c66c0-55d1-11e8-a695-171fb712da36",
+    "_id": "f2b5acc0-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: TCP Flags (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: TCP Flags (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Autonomous Systems (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"e64ae1a0-5611-11e8-ace5-73cdd5366849\",\"type\":\"calculation\",\"variables\":[{\"id\":\"e9f01be0-5611-11e8-ace5-73cdd5366849\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1893,11 +1895,11 @@
     }
   },
   {
-    "_id": "1d3b5c10-55d3-11e8-a695-171fb712da36",
+    "_id": "fa458eb0-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Servers (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Servers (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.server_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Applications (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Applications (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"b907a980-5611-11e8-9d88-a7d70f388fc4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"bbfd42d0-5611-11e8-9d88-a7d70f388fc4\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.application\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1910,16 +1912,16 @@
     }
   },
   {
-    "_id": "e2f1d4c0-55d3-11e8-a695-171fb712da36",
+    "_id": "dbcd7bb0-561c-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Version (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: IP Version (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_version\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: NAV: Traffic Details (types)",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Traffic Details (types)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[**Types**](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [Attributes](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [Locality](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -1927,11 +1929,11 @@
     }
   },
   {
-    "_id": "da47ecc0-55d2-11e8-a695-171fb712da36",
+    "_id": "de476b70-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Services (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Services (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Clients (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Clients (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"35bed8e0-5612-11e8-9abc-51bfe6c5250a\",\"type\":\"calculation\",\"variables\":[{\"id\":\"38885920-5612-11e8-9abc-51bfe6c5250a\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1944,11 +1946,11 @@
     }
   },
   {
-    "_id": "8f6da1e0-55d2-11e8-a695-171fb712da36",
+    "_id": "d8e1bc80-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sources (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Sources (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Countries (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Countries (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"47b1b9f0-5612-11e8-8f25-dd843d63ccd9\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4ba84880-5612-11e8-8f25-dd843d63ccd9\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.country\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1961,11 +1963,11 @@
     }
   },
   {
-    "_id": "a9d0ba20-55cf-11e8-a695-171fb712da36",
+    "_id": "ebd23770-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Autonomous Systems (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.dst_autonomous_system: private\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Cities (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Cities (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"f5d79820-5611-11e8-937b-f9dd7f7e8b36\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f9111840-5611-11e8-937b-f9dd7f7e8b36\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1978,11 +1980,11 @@
     }
   },
   {
-    "_id": "e12188f0-55d0-11e8-a695-171fb712da36",
+    "_id": "a8323470-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: VLANs (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: VLANs (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Server Autonomous Systems (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"c89ecad0-5612-11e8-b8f4-81e5f5de0f37\",\"type\":\"calculation\",\"variables\":[{\"id\":\"cb30e760-5612-11e8-b8f4-81e5f5de0f37\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.server_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.server_autonomous_system: private\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -1995,11 +1997,11 @@
     }
   },
   {
-    "_id": "5e5bf210-55d1-11e8-a695-171fb712da36",
+    "_id": "7a609f00-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Types of Service (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Types of Service (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Source Ports (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Source Ports (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"f82d7990-5612-11e8-aa3f-47704e17ccf8\",\"type\":\"calculation\",\"variables\":[{\"id\":\"fc0f6eb0-5612-11e8-aa3f-47704e17ccf8\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2012,11 +2014,11 @@
     }
   },
   {
-    "_id": "fa17b8d0-55cf-11e8-a695-171fb712da36",
+    "_id": "65162e80-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Server Autonomous Systems (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.server_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.server_autonomous_system: private\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Traffic Locality (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"2fbfdab0-5613-11e8-9246-a5562341aeaa\",\"type\":\"calculation\",\"variables\":[{\"id\":\"31d17ca0-5613-11e8-9246-a5562341aeaa\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2029,11 +2031,11 @@
     }
   },
   {
-    "_id": "39c991b0-55d0-11e8-a695-171fb712da36",
+    "_id": "e71599c0-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Autonomous Systems (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.src_autonomous_system: private\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Client Autonomous Systems (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"0c862c80-5612-11e8-9c03-ebe615bd9c32\",\"type\":\"calculation\",\"variables\":[{\"id\":\"142047a0-5612-11e8-9c03-ebe615bd9c32\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.client_autonomous_system: private\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2046,11 +2048,11 @@
     }
   },
   {
-    "_id": "f279d050-55d3-11e8-a695-171fb712da36",
+    "_id": "ce449a90-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Protocols (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: IP Protocols (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_protocol\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destination Ports (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destination Ports (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"670b6440-5612-11e8-b312-79bc7794402d\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6ac62250-5612-11e8-b312-79bc7794402d\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2063,11 +2065,11 @@
     }
   },
   {
-    "_id": "822d3da0-55d8-11e8-a695-171fb712da36",
+    "_id": "c481fa20-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Ports (packets) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Source Ports (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Egress Interfaces (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"83a0e580-5612-11e8-9770-ed998bc0982c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"88cdd130-5612-11e8-9770-ed998bc0982c\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2080,11 +2082,11 @@
     }
   },
   {
-    "_id": "00a54450-5630-11e8-b711-83a5f93b17f3",
+    "_id": "b79dce60-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sankey Src AS/Dst AS (flow records) - vega",
-      "visState": "{\"title\":\"ElastiFlow: Sankey Src AS/Dst AS (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src_autonomous_system\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst_autonomous_system\\\"}}}\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"field\\\": \\\"stk1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source AS\\\", \\\"Dest AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"encode\\\": {\\\"labels\\\": {\\\"update\\\": {\\\"fontSize\\\": {\\\"value\\\": 12}}}}\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.75 : 0.3\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.75}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Ingress Interfaces (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"a00fcbf0-5612-11e8-833a-d52124abe7ce\",\"type\":\"calculation\",\"variables\":[{\"id\":\"a25ec500-5612-11e8-833a-d52124abe7ce\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2097,11 +2099,11 @@
     }
   },
   {
-    "_id": "89935300-5631-11e8-b711-83a5f93b17f3",
+    "_id": "bf600af0-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Vega Warning",
-      "visState": "{\"title\":\"ElastiFlow: Vega Warning\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"NOTICE! Vega visualizations are **experimental**. You may experience minor issues with Kibana 6.2.4.\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Exporters (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"95108cd0-5612-11e8-8cf4-f1fcac410c6e\",\"type\":\"calculation\",\"variables\":[{\"id\":\"97231920-5612-11e8-8cf4-f1fcac410c6e\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2114,16 +2116,16 @@
     }
   },
   {
-    "_id": "AWFhSAAsugC1WJLdzqUH",
+    "_id": "c8e924d0-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Autonomous Systems",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Autonomous Systems\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [**AS Traffic**](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: Destinations (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destinations (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"73319730-5612-11e8-aef2-8d6be7224727\",\"type\":\"calculation\",\"variables\":[{\"id\":\"76164090-5612-11e8-aef2-8d6be7224727\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -2131,16 +2133,16 @@
     }
   },
   {
-    "_id": "26e166f0-2fe2-11e7-9d02-3f49bde5c1d5",
+    "_id": "b3007880-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Overview",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Overview\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[**Overview**](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: IP Protocols (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: IP Protocols (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"ac032f10-5612-11e8-987a-399b859ae9e0\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aefebbd0-5612-11e8-987a-399b859ae9e0\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_protocol\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -2148,16 +2150,16 @@
     }
   },
   {
-    "_id": "AWFhSJtiugC1WJLdzqel",
+    "_id": "6a815bb0-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Exporters",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Exporters\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [**Exporters**](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: TCP Flags (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: TCP Flags (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"21a94970-5613-11e8-932f-d5f0b2e476ba\",\"type\":\"calculation\",\"variables\":[{\"id\":\"23e04db0-5613-11e8-932f-d5f0b2e476ba\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -2165,11 +2167,11 @@
     }
   },
   {
-    "_id": "cd197750-562f-11e8-b711-83a5f93b17f3",
+    "_id": "ae9de1b0-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sankey Src/Dst (flow records) - vega",
-      "visState": "{\"title\":\"ElastiFlow: Sankey Src/Dst (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src_hostname\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst_hostname\\\"}}}\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"field\\\": \\\"stk1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source\\\", \\\"Dest\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"encode\\\": {\\\"labels\\\": {\\\"update\\\": {\\\"fontSize\\\": {\\\"value\\\": 12}}}}\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.75 : 0.3\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.75}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}",
+      "title": "ElastiFlow: IP Version (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: IP Version (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"bc2c73b0-5612-11e8-a8ff-859eba5de32f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"bf205f50-5612-11e8-a8ff-859eba5de32f\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_version\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2182,11 +2184,11 @@
     }
   },
   {
-    "_id": "d45c0d50-5613-11e8-b711-83a5f93b17f3",
+    "_id": "b22f5660-55d2-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Autonomous Systems (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"5b93e7e0-5612-11e8-b71a-cfa3c16427ce\",\"type\":\"calculation\",\"variables\":[{\"id\":\"5f2c77f0-5612-11e8-b71a-cfa3c16427ce\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.dst_autonomous_system: private\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Services (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Services (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2199,16 +2201,16 @@
     }
   },
   {
-    "_id": "9d8962a0-5627-11e8-b711-83a5f93b17f3",
+    "_id": "beb869d0-55d2-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Sankey (src/dst)",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Sankey (src/dst)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Client/Server](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [**Src/Dst**](#/dashboard/4b86b4c0-5628-11e8-b711-83a5f93b17f3) | [AS](#/dashboard/757d59f0-5628-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: Services (bytes) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Services (bytes) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Bytes\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -2216,11 +2218,11 @@
     }
   },
   {
-    "_id": "854eee30-5613-11e8-b711-83a5f93b17f3",
+    "_id": "c3861b50-55ce-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Autonomous Systems (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"eb6ed730-5612-11e8-88fd-2774a33bc32f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f0d103b0-5612-11e8-88fd-2774a33bc32f\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.src_autonomous_system: private\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Client Autonomous Systems (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.client_autonomous_system: private\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2233,11 +2235,11 @@
     }
   },
   {
-    "_id": "f2b5acc0-5613-11e8-b711-83a5f93b17f3",
+    "_id": "266da690-55d7-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Autonomous Systems (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"e64ae1a0-5611-11e8-ace5-73cdd5366849\",\"type\":\"calculation\",\"variables\":[{\"id\":\"e9f01be0-5611-11e8-ace5-73cdd5366849\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destination Ports (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destination Ports (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2250,11 +2252,11 @@
     }
   },
   {
-    "_id": "fa458eb0-5613-11e8-b711-83a5f93b17f3",
+    "_id": "9e614fe0-55d6-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Applications (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Applications (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"b907a980-5611-11e8-9d88-a7d70f388fc4\",\"type\":\"calculation\",\"variables\":[{\"id\":\"bbfd42d0-5611-11e8-9d88-a7d70f388fc4\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.application\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Ingress Interfaces (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2267,16 +2269,16 @@
     }
   },
   {
-    "_id": "dbcd7bb0-561c-11e8-b711-83a5f93b17f3",
+    "_id": "da47ecc0-55d2-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Traffic Details (types)",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Traffic Details (types)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[**Types**](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [Attributes](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [Locality](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: Services (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Services (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -2284,11 +2286,11 @@
     }
   },
   {
-    "_id": "de476b70-5613-11e8-b711-83a5f93b17f3",
+    "_id": "8f6da1e0-55d2-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Clients (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Clients (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"35bed8e0-5612-11e8-9abc-51bfe6c5250a\",\"type\":\"calculation\",\"variables\":[{\"id\":\"38885920-5612-11e8-9abc-51bfe6c5250a\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Sources (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Sources (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2301,11 +2303,11 @@
     }
   },
   {
-    "_id": "d8e1bc80-5613-11e8-b711-83a5f93b17f3",
+    "_id": "a9d0ba20-55cf-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Countries (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Countries (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"47b1b9f0-5612-11e8-8f25-dd843d63ccd9\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4ba84880-5612-11e8-8f25-dd843d63ccd9\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.country\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destination Autonomous Systems (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.dst_autonomous_system: private\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2318,11 +2320,11 @@
     }
   },
   {
-    "_id": "ebd23770-5613-11e8-b711-83a5f93b17f3",
+    "_id": "e12188f0-55d0-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Cities (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Cities (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"f5d79820-5611-11e8-937b-f9dd7f7e8b36\",\"type\":\"calculation\",\"variables\":[{\"id\":\"f9111840-5611-11e8-937b-f9dd7f7e8b36\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.city\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: VLANs (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: VLANs (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2335,11 +2337,11 @@
     }
   },
   {
-    "_id": "a8323470-5613-11e8-b711-83a5f93b17f3",
+    "_id": "5e5bf210-55d1-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Server Autonomous Systems (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"c89ecad0-5612-11e8-b8f4-81e5f5de0f37\",\"type\":\"calculation\",\"variables\":[{\"id\":\"cb30e760-5612-11e8-b8f4-81e5f5de0f37\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.server_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.server_autonomous_system: private\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Types of Service (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Types of Service (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2352,11 +2354,11 @@
     }
   },
   {
-    "_id": "7a609f00-5613-11e8-b711-83a5f93b17f3",
+    "_id": "fa17b8d0-55cf-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Ports (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Source Ports (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"f82d7990-5612-11e8-aa3f-47704e17ccf8\",\"type\":\"calculation\",\"variables\":[{\"id\":\"fc0f6eb0-5612-11e8-aa3f-47704e17ccf8\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Server Autonomous Systems (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.server_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.server_autonomous_system: private\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2369,11 +2371,11 @@
     }
   },
   {
-    "_id": "65162e80-5613-11e8-b711-83a5f93b17f3",
+    "_id": "39a495d0-55d6-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Locality (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"2fbfdab0-5613-11e8-9246-a5562341aeaa\",\"type\":\"calculation\",\"variables\":[{\"id\":\"31d17ca0-5613-11e8-9246-a5562341aeaa\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.traffic_locality\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Egress Interfaces (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2386,11 +2388,11 @@
     }
   },
   {
-    "_id": "e71599c0-5613-11e8-b711-83a5f93b17f3",
+    "_id": "deb4d510-55d8-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Client Autonomous Systems (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"0c862c80-5612-11e8-9c03-ebe615bd9c32\",\"type\":\"calculation\",\"variables\":[{\"id\":\"142047a0-5612-11e8-9c03-ebe615bd9c32\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.client_autonomous_system\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"NOT flow.client_autonomous_system: private\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Exporters (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2403,11 +2405,11 @@
     }
   },
   {
-    "_id": "ce449a90-5613-11e8-b711-83a5f93b17f3",
+    "_id": "f98654a0-55d7-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Ports (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destination Ports (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"670b6440-5612-11e8-b312-79bc7794402d\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6ac62250-5612-11e8-b312-79bc7794402d\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_port_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Destinations (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Destinations (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2420,11 +2422,11 @@
     }
   },
   {
-    "_id": "c481fa20-5613-11e8-b711-83a5f93b17f3",
+    "_id": "ae3c66c0-55d1-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Egress Interfaces (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"83a0e580-5612-11e8-9770-ed998bc0982c\",\"type\":\"calculation\",\"variables\":[{\"id\":\"88cdd130-5612-11e8-9770-ed998bc0982c\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.output_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: TCP Flags (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: TCP Flags (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2437,11 +2439,11 @@
     }
   },
   {
-    "_id": "b79dce60-5613-11e8-b711-83a5f93b17f3",
+    "_id": "1d3b5c10-55d3-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Ingress Interfaces (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"a00fcbf0-5612-11e8-833a-d52124abe7ce\",\"type\":\"calculation\",\"variables\":[{\"id\":\"a25ec500-5612-11e8-833a-d52124abe7ce\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.input_snmp\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Servers (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Servers (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.server_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2454,11 +2456,11 @@
     }
   },
   {
-    "_id": "bf600af0-5613-11e8-b711-83a5f93b17f3",
+    "_id": "e2f1d4c0-55d3-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Exporters (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"95108cd0-5612-11e8-8cf4-f1fcac410c6e\",\"type\":\"calculation\",\"variables\":[{\"id\":\"97231920-5612-11e8-8cf4-f1fcac410c6e\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"node.hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: IP Version (packets) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: IP Version (packets) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_version\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}} packets\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2471,11 +2473,11 @@
     }
   },
   {
-    "_id": "c8e924d0-5613-11e8-b711-83a5f93b17f3",
+    "_id": "64d369b0-55d2-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Destinations (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"73319730-5612-11e8-aef2-8d6be7224727\",\"type\":\"calculation\",\"variables\":[{\"id\":\"76164090-5612-11e8-aef2-8d6be7224727\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.dst_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Sources (bits/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Sources (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"708a47c0-55cc-11e8-a850-cf92cd717894\",\"type\":\"calculation\",\"variables\":[{\"id\":\"74efc4c0-55cc-11e8-a850-cf92cd717894\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.src_hostname\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2488,11 +2490,45 @@
     }
   },
   {
-    "_id": "b3007880-5613-11e8-b711-83a5f93b17f3",
+    "_id": "b72505d0-561c-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Protocols (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: IP Protocols (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"ac032f10-5612-11e8-987a-399b859ae9e0\",\"type\":\"calculation\",\"variables\":[{\"id\":\"aefebbd0-5612-11e8-987a-399b859ae9e0\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_protocol\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: NAV: Traffic Details (attributes)",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Traffic Details (attributes)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Types](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [**Attributes**](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [Locality](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "AWFhTELFugC1WJLdzrdg",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: NAV: Top-N (services)",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Top-N (services)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Talkers](#/dashboard/AWFgr4DaugC1WJLdy9iE) |  [**Services**](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [Conversations](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [Apps](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "8b7247d0-5613-11e8-b711-83a5f93b17f3",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: Services (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Services (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"dfd5f020-5612-11e8-8874-4b2cb46d3ac9\",\"type\":\"calculation\",\"variables\":[{\"id\":\"e35ca5e0-5612-11e8-8874-4b2cb46d3ac9\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2505,11 +2541,11 @@
     }
   },
   {
-    "_id": "6a815bb0-5613-11e8-b711-83a5f93b17f3",
+    "_id": "604bae20-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: TCP Flags (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: TCP Flags (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"21a94970-5613-11e8-932f-d5f0b2e476ba\",\"type\":\"calculation\",\"variables\":[{\"id\":\"23e04db0-5613-11e8-932f-d5f0b2e476ba\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tcp_flags\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Types of Service (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: Types of Service (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"3a636540-5613-11e8-bbfc-bb680694cbb3\",\"type\":\"calculation\",\"variables\":[{\"id\":\"3e0a2620-5613-11e8-bbfc-bb680694cbb3\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2522,11 +2558,28 @@
     }
   },
   {
-    "_id": "ae9de1b0-5613-11e8-b711-83a5f93b17f3",
+    "_id": "5af01150-5613-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Version (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: IP Version (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"bc2c73b0-5612-11e8-a8ff-859eba5de32f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"bf205f50-5612-11e8-a8ff-859eba5de32f\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.ip_version\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: VLANs (pkts/s) - TSVB (stacked area)",
+      "visState": "{\"title\":\"ElastiFlow: VLANs (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"4a7ea020-5613-11e8-9991-679c12b3fef7\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4d43b390-5613-11e8-9991-679c12b3fef7\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "e3c2e2c0-5607-11e8-b711-83a5f93b17f3",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: Src/Dst Autonomous Systems - input list",
+      "visState": "{\"title\":\"ElastiFlow: Src/Dst Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.src_autonomous_system\",\"label\":\"Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108883717\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.dst_autonomous_system\",\"label\":\"Destnation AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108909005\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2641,33 +2694,16 @@
     }
   },
   {
-    "_id": "AWFhRsIDugC1WJLdzp9S",
-    "_type": "visualization",
-    "_source": {
-      "title": "ElastiFlow: NAV: Top-N",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Top-N\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [**Top-N**](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
-      "uiStateJSON": "{}",
-      "description": "",
-      "version": 1,
-      "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
-      }
-    },
-    "_meta": {
-      "savedObjectVersion": 2
-    }
-  },
-  {
-    "_id": "AWFhF0AlugC1WJLdzZyF",
+    "_id": "61ed9a20-561a-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Geo IP (client/server)",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Geo IP (client/server)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[**Client/Server**](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [Src/Dst](#/dashboard/AWFhE8NZugC1WJLdzYri)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: Traffic Attributes - input list",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Attributes - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.ip_protocol\",\"label\":\"IP Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":50,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.vlan\",\"label\":\"VLAN\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}},{\"id\":\"1526153132040\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.tos\",\"label\":\"Type of Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}},{\"id\":\"1526153149794\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.tcp_flags\",\"label\":\"TCP Flag\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -2675,11 +2711,11 @@
     }
   },
   {
-    "_id": "8fee97e0-55b5-11e8-a1f3-452446793d46",
+    "_id": "c0ca16b0-561d-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Blank",
-      "visState": "{\"title\":\"ElastiFlow: Blank\",\"type\":\"markdown\",\"params\":{\"fontSize\":8,\"markdown\":\"![](http://www.koiossian.com/public/elastiflow.gif)\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Traffic Locality - input list",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.traffic_locality\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.autonomous_system\",\"label\":\"Autonomous System\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"}},{\"id\":\"1526153132040\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.country\",\"label\":\"Country\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}},{\"id\":\"1526153149794\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.city\",\"label\":\"City\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2692,16 +2728,16 @@
     }
   },
   {
-    "_id": "e294aae0-5626-11e8-b711-83a5f93b17f3",
+    "_id": "b577fca0-561d-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Sankey",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Sankey\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [**Sankey**](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: Traffic Types - input list",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Types - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"}},{\"id\":\"1526153132040\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}},{\"id\":\"1526153149794\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.application\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2000,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -2709,16 +2745,16 @@
     }
   },
   {
-    "_id": "AWFhSZLAugC1WJLdzqua",
+    "_id": "a7a47e70-2fde-11e7-9d02-3f49bde5c1d5",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Flow Records",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Flow Records\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [**Flow Records**](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Conversation Partners",
+      "visState": "{\"title\":\"ElastiFlow: Conversation Partners\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.src_hostname\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.dst_hostname\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -2726,16 +2762,16 @@
     }
   },
   {
-    "_id": "88dadc40-55e0-11e8-b711-83a5f93b17f3",
+    "_id": "4abad150-55bc-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Flow Records (client/server)",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Flow Records (client/server)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[**Client/Server**](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5) | [Src/Dst](#/dashboard/58858cb0-55e1-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: Autonomous Systems (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -2845,16 +2881,16 @@
     }
   },
   {
-    "_id": "b72505d0-561c-11e8-b711-83a5f93b17f3",
+    "_id": "17c29c50-55bd-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Traffic Details (attributes)",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Traffic Details (attributes)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Types](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22)\\n | [**Attributes**](#/dashboard/64c19720-5619-11e8-b711-83a5f93b17f3) | [Locality](#/dashboard/95ccacb0-5619-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: Src/Dst - input list",
+      "visState": "{\"title\":\"ElastiFlow: Src/Dst - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.src_hostname\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108883717\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.dst_hostname\",\"label\":\"Destnation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108909005\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.dst_port_name\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -2862,16 +2898,16 @@
     }
   },
   {
-    "_id": "AWFhTELFugC1WJLdzrdg",
+    "_id": "95799400-55b3-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: NAV: Top-N (services)",
-      "visState": "{\"title\":\"ElastiFlow: NAV: Top-N (services)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Talkers](#/dashboard/AWFgr4DaugC1WJLdy9iE) |  [**Services**](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c)\\n | [Conversations](#/dashboard/AWFgw02HugC1WJLdzCFZ) | [Apps](#/dashboard/44d6d8c0-560b-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "title": "ElastiFlow: Client/Server - input list",
+      "visState": "{\"title\":\"ElastiFlow: Client/Server - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108883717\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108909005\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -2879,11 +2915,11 @@
     }
   },
   {
-    "_id": "8b7247d0-5613-11e8-b711-83a5f93b17f3",
+    "_id": "7546a110-55fd-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Services (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Services (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"dfd5f020-5612-11e8-8874-4b2cb46d3ac9\",\"type\":\"calculation\",\"variables\":[{\"id\":\"e35ca5e0-5612-11e8-8874-4b2cb46d3ac9\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.service_name\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Types, Exporters & Services - input list",
+      "visState": "{\"title\":\"ElastiFlow: Flow Types, Exporters & Services - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"event.type\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526140705539\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2896,11 +2932,11 @@
     }
   },
   {
-    "_id": "604bae20-5613-11e8-b711-83a5f93b17f3",
+    "_id": "72ac9770-560c-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Types of Service (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: Types of Service (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"3a636540-5613-11e8-bbfc-bb680694cbb3\",\"type\":\"calculation\",\"variables\":[{\"id\":\"3e0a2620-5613-11e8-bbfc-bb680694cbb3\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.tos\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Types, Exporters & Apps - input list",
+      "visState": "{\"title\":\"ElastiFlow: Flow Types, Exporters & Apps - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"event.type\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526140705539\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.application\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2913,11 +2949,11 @@
     }
   },
   {
-    "_id": "5af01150-5613-11e8-b711-83a5f93b17f3",
+    "_id": "53f4a4d0-55df-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: VLANs (pkts/s) - TSVB (stacked area)",
-      "visState": "{\"title\":\"ElastiFlow: VLANs (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.packets\"},{\"script\":\"params.packets / (params._interval / 1000)\",\"id\":\"4a7ea020-5613-11e8-9991-679c12b3fef7\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4d43b390-5613-11e8-9991-679c12b3fef7\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"packets\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"split_color_mode\":\"rainbow\",\"label\":\"Packets\",\"terms_field\":\"flow.vlan\",\"terms_size\":\"100\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"{{value}}pkts/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\",\"filter\":\"\"},\"aggs\":[]}",
+      "title": "ElastiFlow: Flow Types & Exporters - input list",
+      "visState": "{\"title\":\"ElastiFlow: Flow Types & Exporters - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"event.type\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2930,16 +2966,16 @@
     }
   },
   {
-    "_id": "a7a47e70-2fde-11e7-9d02-3f49bde5c1d5",
+    "_id": "35464390-55bc-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Conversation Partners",
-      "visState": "{\"title\":\"ElastiFlow: Conversation Partners\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.src_hostname\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.dst_hostname\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}],\"listeners\":{}}",
-      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+      "title": "ElastiFlow: Autonomous Systems (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}}]}",
+      "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -2947,16 +2983,16 @@
     }
   },
   {
-    "_id": "AWFgzeMpugC1WJLdzEfQ",
+    "_id": "d0e385d0-55ba-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Exporters",
-      "visState": "{\"title\":\"ElastiFlow: Flow Exporters\",\"type\":\"table\",\"params\":{\"perPage\":4,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"node.hostname\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}],\"listeners\":{}}",
-      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
+      "title": "ElastiFlow: Applications (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Applications (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.application\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Application\"}}]}",
+      "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -2964,11 +3000,11 @@
     }
   },
   {
-    "_id": "4abad150-55bc-11e8-a1f3-452446793d46",
+    "_id": "a76ff350-55ba-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Autonomous Systems (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}}]}",
+      "title": "ElastiFlow: Applications (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Applications (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.application\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Application\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2981,11 +3017,28 @@
     }
   },
   {
-    "_id": "35464390-55bc-11e8-a1f3-452446793d46",
+    "_id": "37a8b330-8019-11e7-af24-27fa1061e1bd",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Autonomous Systems (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}}]}",
+      "title": "ElastiFlow: Clients (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Clients (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "55234750-55bf-11e8-a1f3-452446793d46",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: Countries (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Countries (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.country\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -2997,6 +3050,108 @@
       "savedObjectVersion": 2
     }
   },
+  {
+    "_id": "AWFhRsIDugC1WJLdzp9S",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: NAV: Top-N",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Top-N\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [**Top-N**](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "AWFhF0AlugC1WJLdzZyF",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: NAV: Geo IP (client/server)",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Geo IP (client/server)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[**Client/Server**](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [Src/Dst](#/dashboard/AWFhE8NZugC1WJLdzYri)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "8fee97e0-55b5-11e8-a1f3-452446793d46",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: Blank",
+      "visState": "{\"title\":\"ElastiFlow: Blank\",\"type\":\"markdown\",\"params\":{\"fontSize\":8,\"markdown\":\"![](http://www.koiossian.com/public/elastiflow.gif)\"},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "e294aae0-5626-11e8-b711-83a5f93b17f3",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: NAV: Sankey",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Sankey\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [**Sankey**](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "AWFhSZLAugC1WJLdzqua",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: NAV: Flow Records",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Flow Records\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Top-N](#/dashboard/AWFgr4DaugC1WJLdy9iE) | [Flow](#/dashboard/d7124e80-5625-11e8-b711-83a5f93b17f3) | [Geo IP](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [AS Traffic](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Details](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [**Flow Records**](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "88dadc40-55e0-11e8-b711-83a5f93b17f3",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: NAV: Flow Records (client/server)",
+      "visState": "{\"title\":\"ElastiFlow: NAV: Flow Records (client/server)\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[**Client/Server**](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5) | [Src/Dst](#/dashboard/58858cb0-55e1-11e8-b711-83a5f93b17f3)\\n![](http://www.koiossian.com/public/elastiflow.gif)\\n***\",\"type\":\"markdown\",\"fontSize\":11},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
   {
     "_id": "98519990-55bb-11e8-a1f3-452446793d46",
     "_type": "visualization",
@@ -3015,16 +3170,33 @@
     }
   },
   {
-    "_id": "d0e385d0-55ba-11e8-a1f3-452446793d46",
+    "_id": "AWFgzeMpugC1WJLdzEfQ",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Applications (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Applications (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.application\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Application\"}}]}",
+      "title": "ElastiFlow: Flow Exporters",
+      "visState": "{\"title\":\"ElastiFlow: Flow Exporters\",\"type\":\"table\",\"params\":{\"perPage\":4,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"node.hostname\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}],\"listeners\":{}}",
+      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "4c52f1f0-55c6-11e8-a1f3-452446793d46",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: Source Autonomous Systems (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.src_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.src_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3032,16 +3204,16 @@
     }
   },
   {
-    "_id": "a76ff350-55ba-11e8-a1f3-452446793d46",
+    "_id": "8be71430-55c7-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Applications (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Applications (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.application\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Application\"}}]}",
+      "title": "ElastiFlow: Server Autonomous Systems (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3049,16 +3221,16 @@
     }
   },
   {
-    "_id": "37a8b330-8019-11e7-af24-27fa1061e1bd",
+    "_id": "72ff0a90-55c7-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Clients (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Clients (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
+      "title": "ElastiFlow: Server Autonomous Systems (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3066,11 +3238,11 @@
     }
   },
   {
-    "_id": "55234750-55bf-11e8-a1f3-452446793d46",
+    "_id": "df88de80-801f-11e7-8a72-651c4183643b",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Countries (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Countries (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.country\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}",
+      "title": "ElastiFlow: Servers and Clients (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Servers and Clients (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3083,16 +3255,16 @@
     }
   },
   {
-    "_id": "74cc8db0-55be-11e8-a1f3-452446793d46",
+    "_id": "77255120-55c6-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Cities (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Cities (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.city\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}]}",
+      "title": "ElastiFlow: Destination Autonomous Systems (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.dst_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.dst_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3100,16 +3272,16 @@
     }
   },
   {
-    "_id": "b88a8790-2fd7-11e7-bd03-932d3e38a4ff",
+    "_id": "1b6b9b90-55c7-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: VLANs (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: VLANs (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}]}",
+      "title": "ElastiFlow: Client Autonomous Systems (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3117,16 +3289,16 @@
     }
   },
   {
-    "_id": "849562d0-55be-11e8-a1f3-452446793d46",
+    "_id": "97885520-55c6-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Cities (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Cities (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.city\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}]}",
+      "title": "ElastiFlow: Destination Autonomous Systems (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.dst_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.dst_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3134,16 +3306,16 @@
     }
   },
   {
-    "_id": "9f9e54b0-2fd6-11e7-a82c-3146dd695923",
+    "_id": "5a0b1a10-55c7-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sources and Ports (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Sources and Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
+      "title": "ElastiFlow: Server Autonomous Systems (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3151,16 +3323,16 @@
     }
   },
   {
-    "_id": "a8b68cb0-2fc8-11e7-8d8b-45ec51795dad",
+    "_id": "d8ab4a30-55c6-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Ports (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Source Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
+      "title": "ElastiFlow: Client Autonomous Systems (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3168,11 +3340,28 @@
     }
   },
   {
-    "_id": "0edebc40-801b-11e7-b4bd-5b3ceedd298a",
+    "_id": "88a5e860-55c6-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Services (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Services (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
+      "title": "ElastiFlow: Destination Autonomous Systems (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.dst_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.dst_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "4f3525d0-2fc7-11e7-8936-6f5fd5520124",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: Destinations (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destinations (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3185,11 +3374,11 @@
     }
   },
   {
-    "_id": "1e7d8770-2fc7-11e7-8936-6f5fd5520124",
+    "_id": "af1425a0-2fc7-11e7-8936-6f5fd5520124",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sources (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Sources (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
+      "title": "ElastiFlow: Destinations (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destinations (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3202,11 +3391,11 @@
     }
   },
   {
-    "_id": "8a52f7a0-2fc7-11e7-8936-6f5fd5520124",
+    "_id": "b6a092e0-2fcc-11e7-9bae-a35d2fe38fc2",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sources (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Sources (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
+      "title": "ElastiFlow: IP Version (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: IP Version (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3219,11 +3408,11 @@
     }
   },
   {
-    "_id": "7c2cfd10-2fc7-11e7-8936-6f5fd5520124",
+    "_id": "fa3371f0-801a-11e7-b4bd-5b3ceedd298a",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sources (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Sources (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
+      "title": "ElastiFlow: Servers (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Servers (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3236,11 +3425,11 @@
     }
   },
   {
-    "_id": "eada0e30-801f-11e7-8a72-651c4183643b",
+    "_id": "1c1f5550-801a-11e7-8b60-018ea0aa61a0",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Servers and Clients (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Servers and Clients (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
+      "title": "ElastiFlow: Servers (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Servers (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3253,11 +3442,11 @@
     }
   },
   {
-    "_id": "d297fe60-2fd7-11e7-af27-99e728e71e91",
+    "_id": "be065300-801a-11e7-a69e-1db8cf608fe4",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: VLANs (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: VLANs (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}]}",
+      "title": "ElastiFlow: Services (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Services (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3270,16 +3459,16 @@
     }
   },
   {
-    "_id": "e8251d30-2fd7-11e7-a4f6-dbb93cfb4a10",
+    "_id": "0e130320-55c7-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: VLANs (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: VLANs (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}]}",
+      "title": "ElastiFlow: Client Autonomous Systems (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3287,16 +3476,16 @@
     }
   },
   {
-    "_id": "b74bbb70-2fd6-11e7-a82c-3146dd695923",
+    "_id": "1a9184b0-55c6-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sources and Ports (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Sources and Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
+      "title": "ElastiFlow: Source Autonomous Systems (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.src_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.src_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -3304,11 +3493,11 @@
     }
   },
   {
-    "_id": "c6b36620-2fc8-11e7-87d6-cdce05879baf",
+    "_id": "74cc8db0-55be-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Ports (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Source Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
+      "title": "ElastiFlow: Cities (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Cities (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.city\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3321,16 +3510,16 @@
     }
   },
   {
-    "_id": "8dcbcce0-2fd6-11e7-a82c-3146dd695923",
+    "_id": "b88a8790-2fd7-11e7-bd03-932d3e38a4ff",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Sources and Ports (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Sources and Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
+      "title": "ElastiFlow: VLANs (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: VLANs (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3338,11 +3527,11 @@
     }
   },
   {
-    "_id": "de9b3dd0-2fc8-11e7-844c-67b9b101127b",
+    "_id": "849562d0-55be-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Ports (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Source Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
+      "title": "ElastiFlow: Cities (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Cities (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.city\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3355,11 +3544,11 @@
     }
   },
   {
-    "_id": "24530d50-55be-11e8-a1f3-452446793d46",
+    "_id": "9f9e54b0-2fd6-11e7-a82c-3146dd695923",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Cities (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Cities (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.city\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}]}",
+      "title": "ElastiFlow: Sources and Ports (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Sources and Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3372,11 +3561,11 @@
     }
   },
   {
-    "_id": "14fb54b0-556a-11e8-a695-171fb712da36",
+    "_id": "a8b68cb0-2fc8-11e7-8d8b-45ec51795dad",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Applications (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Applications (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.application\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Application\"}}]}",
+      "title": "ElastiFlow: Source Ports (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Source Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3389,11 +3578,11 @@
     }
   },
   {
-    "_id": "69f4d440-8019-11e7-af24-27fa1061e1bd",
+    "_id": "0edebc40-801b-11e7-b4bd-5b3ceedd298a",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Clients (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Clients (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
+      "title": "ElastiFlow: Services (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Services (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3406,11 +3595,11 @@
     }
   },
   {
-    "_id": "47bf0c10-8019-11e7-af24-27fa1061e1bd",
+    "_id": "b74bbb70-2fd6-11e7-a82c-3146dd695923",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Clients (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Clients (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
+      "title": "ElastiFlow: Sources and Ports (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Sources and Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3423,11 +3612,11 @@
     }
   },
   {
-    "_id": "64d75bf0-55bf-11e8-a1f3-452446793d46",
+    "_id": "c6b36620-2fc8-11e7-87d6-cdce05879baf",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Countries (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Countries (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.country\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}",
+      "title": "ElastiFlow: Source Ports (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Source Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3440,11 +3629,11 @@
     }
   },
   {
-    "_id": "21671b80-55bf-11e8-a1f3-452446793d46",
+    "_id": "8dcbcce0-2fd6-11e7-a82c-3146dd695923",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Countries (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Countries (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.country\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}",
+      "title": "ElastiFlow: Sources and Ports (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Sources and Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3457,11 +3646,11 @@
     }
   },
   {
-    "_id": "178b0af0-6230-11e7-9a50-efc26ded795d",
+    "_id": "de9b3dd0-2fc8-11e7-844c-67b9b101127b",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Locality (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Locality\"}}]}",
+      "title": "ElastiFlow: Source Ports (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Source Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3474,11 +3663,11 @@
     }
   },
   {
-    "_id": "4dc994a0-2fd7-11e7-97a8-85d8d5a99269",
+    "_id": "24530d50-55be-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Types of Service (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Types of Service (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}]}",
+      "title": "ElastiFlow: Cities (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Cities (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.city\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3491,11 +3680,11 @@
     }
   },
   {
-    "_id": "2aeac270-6230-11e7-84f1-9728c106b1b6",
+    "_id": "14fb54b0-556a-11e8-a695-171fb712da36",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Locality (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Locality\"}}]}",
+      "title": "ElastiFlow: Applications (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Applications (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.application\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Application\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3508,11 +3697,11 @@
     }
   },
   {
-    "_id": "84e4c9f0-2fd7-11e7-97a8-85d8d5a99269",
+    "_id": "69f4d440-8019-11e7-af24-27fa1061e1bd",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Types of Service (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Types of Service (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}]}",
+      "title": "ElastiFlow: Clients (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Clients (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3525,11 +3714,11 @@
     }
   },
   {
-    "_id": "f6be96c0-622f-11e7-abbc-93bb293f5057",
+    "_id": "47bf0c10-8019-11e7-af24-27fa1061e1bd",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Locality (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Locality\"}}]}",
+      "title": "ElastiFlow: Clients (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Clients (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3542,11 +3731,11 @@
     }
   },
   {
-    "_id": "69f864d0-2fd7-11e7-97a8-85d8d5a99269",
+    "_id": "64d75bf0-55bf-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Types of Service (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Types of Service (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}]}",
+      "title": "ElastiFlow: Countries (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Countries (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.country\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3559,11 +3748,11 @@
     }
   },
   {
-    "_id": "cc28fff0-801f-11e7-8a72-651c4183643b",
+    "_id": "21671b80-55bf-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Servers and Clients (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Servers and Clients (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
+      "title": "ElastiFlow: Countries (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Countries (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.country\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3576,11 +3765,11 @@
     }
   },
   {
-    "_id": "aa56f4e0-801a-11e7-a69e-1db8cf608fe4",
+    "_id": "178b0af0-6230-11e7-9a50-efc26ded795d",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Servers (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Servers (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}",
+      "title": "ElastiFlow: Traffic Locality (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Locality\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3593,11 +3782,11 @@
     }
   },
   {
-    "_id": "b6a092e0-2fcc-11e7-9bae-a35d2fe38fc2",
+    "_id": "4dc994a0-2fd7-11e7-97a8-85d8d5a99269",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Version (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: IP Version (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}]}",
+      "title": "ElastiFlow: Types of Service (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Types of Service (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3610,11 +3799,11 @@
     }
   },
   {
-    "_id": "fa3371f0-801a-11e7-b4bd-5b3ceedd298a",
+    "_id": "1e7d8770-2fc7-11e7-8936-6f5fd5520124",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Servers (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Servers (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}",
+      "title": "ElastiFlow: Sources (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Sources (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3627,11 +3816,11 @@
     }
   },
   {
-    "_id": "1c1f5550-801a-11e7-8b60-018ea0aa61a0",
+    "_id": "8a52f7a0-2fc7-11e7-8936-6f5fd5520124",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Servers (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Servers (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}",
+      "title": "ElastiFlow: Sources (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Sources (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3644,11 +3833,11 @@
     }
   },
   {
-    "_id": "be065300-801a-11e7-a69e-1db8cf608fe4",
+    "_id": "7c2cfd10-2fc7-11e7-8936-6f5fd5520124",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Services (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Services (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
+      "title": "ElastiFlow: Sources (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Sources (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3661,16 +3850,16 @@
     }
   },
   {
-    "_id": "0e130320-55c7-11e8-a1f3-452446793d46",
+    "_id": "eada0e30-801f-11e7-8a72-651c4183643b",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Client Autonomous Systems (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client AS\"}}]}",
+      "title": "ElastiFlow: Servers and Clients (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Servers and Clients (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3678,16 +3867,16 @@
     }
   },
   {
-    "_id": "1a9184b0-55c6-11e8-a1f3-452446793d46",
+    "_id": "d297fe60-2fd7-11e7-af27-99e728e71e91",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Autonomous Systems (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}]}",
+      "title": "ElastiFlow: VLANs (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: VLANs (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.src_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.src_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3695,16 +3884,16 @@
     }
   },
   {
-    "_id": "4c52f1f0-55c6-11e8-a1f3-452446793d46",
+    "_id": "e8251d30-2fd7-11e7-a4f6-dbb93cfb4a10",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Autonomous Systems (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}]}",
+      "title": "ElastiFlow: VLANs (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: VLANs (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.vlan\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.src_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.src_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3712,16 +3901,16 @@
     }
   },
   {
-    "_id": "8be71430-55c7-11e8-a1f3-452446793d46",
+    "_id": "84e4c9f0-2fd7-11e7-97a8-85d8d5a99269",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Server Autonomous Systems (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server AS\"}}]}",
+      "title": "ElastiFlow: Types of Service (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Types of Service (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3729,16 +3918,16 @@
     }
   },
   {
-    "_id": "72ff0a90-55c7-11e8-a1f3-452446793d46",
+    "_id": "f6be96c0-622f-11e7-abbc-93bb293f5057",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Server Autonomous Systems (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server AS\"}}]}",
+      "title": "ElastiFlow: Traffic Locality (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Locality\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3746,11 +3935,11 @@
     }
   },
   {
-    "_id": "df88de80-801f-11e7-8a72-651c4183643b",
+    "_id": "69f864d0-2fd7-11e7-97a8-85d8d5a99269",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Servers and Clients (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Servers and Clients (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
+      "title": "ElastiFlow: Types of Service (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Types of Service (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tos\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3763,16 +3952,16 @@
     }
   },
   {
-    "_id": "77255120-55c6-11e8-a1f3-452446793d46",
+    "_id": "cc28fff0-801f-11e7-8a72-651c4183643b",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Autonomous Systems (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}}]}",
+      "title": "ElastiFlow: Servers and Clients (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Servers and Clients (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.dst_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.dst_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3780,16 +3969,16 @@
     }
   },
   {
-    "_id": "1b6b9b90-55c7-11e8-a1f3-452446793d46",
+    "_id": "aa56f4e0-801a-11e7-a69e-1db8cf608fe4",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Client Autonomous Systems (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client AS\"}}]}",
+      "title": "ElastiFlow: Servers (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Servers (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3797,16 +3986,16 @@
     }
   },
   {
-    "_id": "97885520-55c6-11e8-a1f3-452446793d46",
+    "_id": "2aeac270-6230-11e7-84f1-9728c106b1b6",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Autonomous Systems (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}}]}",
+      "title": "ElastiFlow: Traffic Locality (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.traffic_locality\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Locality\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.dst_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.dst_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3814,16 +4003,16 @@
     }
   },
   {
-    "_id": "5a0b1a10-55c7-11e8-a1f3-452446793d46",
+    "_id": "1418ce10-6592-11e7-bfc3-d74b7bb89482",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Server Autonomous Systems (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Server Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server AS\"}}]}",
+      "title": "ElastiFlow: Egress Interfaces (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_snmp\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3831,16 +4020,16 @@
     }
   },
   {
-    "_id": "d8ab4a30-55c6-11e8-a1f3-452446793d46",
+    "_id": "64b144f0-658e-11e7-bfc3-d74b7bb89482",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Client Autonomous Systems (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Client Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client AS\"}}]}",
+      "title": "ElastiFlow: Flow Exporters (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"node.hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3848,16 +4037,16 @@
     }
   },
   {
-    "_id": "88a5e860-55c6-11e8-a1f3-452446793d46",
+    "_id": "f8731d50-2fd6-11e7-97a8-85d8d5a99269",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Autonomous Systems (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destination Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}}]}",
+      "title": "ElastiFlow: Flow Exporters (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"node.hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.dst_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.dst_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -3865,11 +4054,11 @@
     }
   },
   {
-    "_id": "4f3525d0-2fc7-11e7-8936-6f5fd5520124",
+    "_id": "b2c9a3d0-658e-11e7-bfc3-d74b7bb89482",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destinations (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}]}",
+      "title": "ElastiFlow: Direction (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Direction (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -3882,16 +4071,16 @@
     }
   },
   {
-    "_id": "af1425a0-2fc7-11e7-8936-6f5fd5520124",
+    "_id": "46a5ed10-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destinations (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Source Locations (flow records) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Source Locations (flow records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Source\"}}]}",
+      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
       }
     },
     "_meta": {
@@ -3899,16 +4088,16 @@
     }
   },
   {
-    "_id": "5fd2fe30-2fc7-11e7-8936-6f5fd5520124",
+    "_id": "ef98f6b0-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destinations (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Destination Locations (packets) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Destination Locations (packets) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Destination\"}}]}",
+      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
       }
     },
     "_meta": {
@@ -3916,16 +4105,16 @@
     }
   },
   {
-    "_id": "066b9700-55c6-11e8-a1f3-452446793d46",
+    "_id": "ffd219d0-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Autonomous Systems (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Server Locations (packets) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Server Locations (packets) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Server\"}}]}",
+      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.src_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.src_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
       }
     },
     "_meta": {
@@ -3933,16 +4122,16 @@
     }
   },
   {
-    "_id": "264fb270-2fdb-11e7-84e6-333bd21ad9fd",
+    "_id": "e46dc590-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination and Source Ports (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destination and Source Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Client Locations (packets) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Client Locations (packets) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Client\"}}]}",
+      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
       }
     },
     "_meta": {
@@ -3950,16 +4139,16 @@
     }
   },
   {
-    "_id": "5c5d6f60-2fdb-11e7-84e6-333bd21ad9fd",
+    "_id": "d7942120-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination and Source Ports (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destination and Source Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Source Locations (bytes) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Source Locations (bytes) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Source\"}}]}",
+      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
       }
     },
     "_meta": {
@@ -3967,16 +4156,16 @@
     }
   },
   {
-    "_id": "a4ade270-658e-11e7-bfc3-d74b7bb89482",
+    "_id": "0be16960-5604-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Direction (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Direction (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Source Locations (packets) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Source Locations (packets) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Source\"}}]}",
+      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
       }
     },
     "_meta": {
@@ -3984,16 +4173,16 @@
     }
   },
   {
-    "_id": "793a6f00-2fdd-11e7-afd7-595689f3f18c",
+    "_id": "33c10ae0-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations and Sources (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destinations and Sources (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Destination Locations (flow records) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Destination Locations (flow records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Destination\"}}]}",
+      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
       }
     },
     "_meta": {
@@ -4001,16 +4190,16 @@
     }
   },
   {
-    "_id": "44b3cb70-2fd6-11e7-bc99-41245d9394f2",
+    "_id": "203cdb70-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations and Ports (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destinations and Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Server Locations (flow records) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Server Locations (flow records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Server\"}}]}",
+      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
       }
     },
     "_meta": {
@@ -4018,16 +4207,16 @@
     }
   },
   {
-    "_id": "313a9880-2fd6-11e7-bc99-41245d9394f2",
+    "_id": "066b9700-55c6-11e8-a1f3-452446793d46",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations and Ports (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destinations and Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
+      "title": "ElastiFlow: Source Autonomous Systems (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"elastiflow-*\",\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"flow.src_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"flow.src_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}]}"
       }
     },
     "_meta": {
@@ -4035,11 +4224,11 @@
     }
   },
   {
-    "_id": "23d6dc80-2fd6-11e7-bc99-41245d9394f2",
+    "_id": "264fb270-2fdb-11e7-84e6-333bd21ad9fd",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations and Ports (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destinations and Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
+      "title": "ElastiFlow: Destination and Source Ports (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destination and Source Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4052,16 +4241,16 @@
     }
   },
   {
-    "_id": "4440e130-2fdd-11e7-afd7-595689f3f18c",
+    "_id": "5c5d6f60-2fdb-11e7-84e6-333bd21ad9fd",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations and Sources (bytes) - donut",
-      "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Bytes\",\"field\":\"flow.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Destination\",\"field\":\"flow.dst_hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Source\",\"field\":\"flow.src_hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"title\":\"ElastiFlow: Destinations and Sources (bytes) - donut\",\"type\":\"pie\"}",
+      "title": "ElastiFlow: Destination and Source Ports (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destination and Source Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4069,11 +4258,11 @@
     }
   },
   {
-    "_id": "41a7e3a0-658f-11e7-bfc3-d74b7bb89482",
+    "_id": "a4ade270-658e-11e7-bfc3-d74b7bb89482",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Types (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Flow Types (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Type\"}}]}",
+      "title": "ElastiFlow: Direction (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Direction (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4086,11 +4275,11 @@
     }
   },
   {
-    "_id": "b02faaf0-2fcb-11e7-8df8-b363df28ab61",
+    "_id": "793a6f00-2fdd-11e7-afd7-595689f3f18c",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Version (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: IP Version (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}]}",
+      "title": "ElastiFlow: Destinations and Sources (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destinations and Sources (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4103,11 +4292,11 @@
     }
   },
   {
-    "_id": "3026fe40-658f-11e7-bfc3-d74b7bb89482",
+    "_id": "44b3cb70-2fd6-11e7-bc99-41245d9394f2",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Types (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Flow Types (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Type\"}}]}",
+      "title": "ElastiFlow: Destinations and Ports (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destinations and Ports (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4120,11 +4309,11 @@
     }
   },
   {
-    "_id": "55f66b20-2fdd-11e7-afd7-595689f3f18c",
+    "_id": "313a9880-2fd6-11e7-bc99-41245d9394f2",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destinations and Sources (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Destinations and Sources (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
+      "title": "ElastiFlow: Destinations and Ports (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destinations and Ports (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4137,11 +4326,11 @@
     }
   },
   {
-    "_id": "4ea0a8d0-658f-11e7-bfc3-d74b7bb89482",
+    "_id": "23d6dc80-2fd6-11e7-bc99-41245d9394f2",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Types (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Flow Types (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Type\"}}]}",
+      "title": "ElastiFlow: Destinations and Ports (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destinations and Ports (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_port_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4154,16 +4343,16 @@
     }
   },
   {
-    "_id": "1fa2c100-6592-11e7-bfc3-d74b7bb89482",
+    "_id": "4440e130-2fdd-11e7-afd7-595689f3f18c",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Egress Interfaces (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_snmp\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}]}",
+      "title": "ElastiFlow: Destinations and Sources (bytes) - donut",
+      "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Bytes\",\"field\":\"flow.bytes\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Destination\",\"field\":\"flow.dst_hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Source\",\"field\":\"flow.src_hostname\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"title\":\"ElastiFlow: Destinations and Sources (bytes) - donut\",\"type\":\"pie\"}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4171,11 +4360,11 @@
     }
   },
   {
-    "_id": "36e56dc0-801a-11e7-8b60-018ea0aa61a0",
+    "_id": "41a7e3a0-658f-11e7-bfc3-d74b7bb89482",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Services (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Services (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
+      "title": "ElastiFlow: Flow Types (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Flow Types (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Type\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4188,16 +4377,16 @@
     }
   },
   {
-    "_id": "f11380e0-6591-11e7-bfc3-d74b7bb89482",
+    "_id": "b02faaf0-2fcb-11e7-8df8-b363df28ab61",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Ingress Interfaces (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.input_snmp\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Ingress Interface\"}}]}",
+      "title": "ElastiFlow: IP Version (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: IP Version (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4409,16 +4598,16 @@
     }
   },
   {
-    "_id": "1418ce10-6592-11e7-bfc3-d74b7bb89482",
+    "_id": "55f66b20-2fdd-11e7-afd7-595689f3f18c",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Egress Interfaces (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_snmp\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}]}",
+      "title": "ElastiFlow: Destinations and Sources (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destinations and Sources (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4426,11 +4615,28 @@
     }
   },
   {
-    "_id": "64b144f0-658e-11e7-bfc3-d74b7bb89482",
+    "_id": "4ea0a8d0-658f-11e7-bfc3-d74b7bb89482",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Exporters (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"node.hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}]}",
+      "title": "ElastiFlow: Flow Types (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Flow Types (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Type\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "1fa2c100-6592-11e7-bfc3-d74b7bb89482",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: Egress Interfaces (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Egress Interfaces (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.output_snmp\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4443,11 +4649,28 @@
     }
   },
   {
-    "_id": "f8731d50-2fd6-11e7-97a8-85d8d5a99269",
+    "_id": "36e56dc0-801a-11e7-8b60-018ea0aa61a0",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Exporters (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Flow Exporters (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"node.hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}]}",
+      "title": "ElastiFlow: Services (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Services (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.service_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "f11380e0-6591-11e7-bfc3-d74b7bb89482",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: Ingress Interfaces (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Ingress Interfaces (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.input_snmp\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Ingress Interface\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4460,11 +4683,11 @@
     }
   },
   {
-    "_id": "b2c9a3d0-658e-11e7-bfc3-d74b7bb89482",
+    "_id": "5fd2fe30-2fc7-11e7-8936-6f5fd5520124",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Direction (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: Direction (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.direction\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}]}",
+      "title": "ElastiFlow: Destinations (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Destinations (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -4477,16 +4700,16 @@
     }
   },
   {
-    "_id": "46a5ed10-5603-11e8-b711-83a5f93b17f3",
+    "_id": "3026fe40-658f-11e7-bfc3-d74b7bb89482",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Locations (flow records) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Source Locations (flow records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Source\"}}]}",
-      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
+      "title": "ElastiFlow: Flow Types (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Flow Types (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Type\"}}]}",
+      "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4494,16 +4717,16 @@
     }
   },
   {
-    "_id": "ef98f6b0-5603-11e8-b711-83a5f93b17f3",
+    "_id": "00a54450-5630-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Locations (packets) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Destination Locations (packets) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Destination\"}}]}",
-      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
+      "title": "ElastiFlow: Sankey Src AS/Dst AS (flow records) - vega",
+      "visState": "{\"title\":\"ElastiFlow: Sankey Src AS/Dst AS (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src_autonomous_system\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst_autonomous_system\\\"}}}\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source AS\\\", \\\"Dest AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"encode\\\": {\\\"labels\\\": {\\\"update\\\": {\\\"fontSize\\\": {\\\"value\\\": 12}}}}\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.75 : 0.3\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.75}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}",
+      "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -4511,11 +4734,28 @@
     }
   },
   {
-    "_id": "ffd219d0-5603-11e8-b711-83a5f93b17f3",
+    "_id": "cd197750-562f-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Server Locations (packets) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Server Locations (packets) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Server\"}}]}",
+      "title": "ElastiFlow: Sankey Src/Dst (flow records) - vega",
+      "visState": "{\"title\":\"ElastiFlow: Sankey Src/Dst (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src_hostname\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst_hostname\\\"}}}\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source\\\", \\\"Dest\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"encode\\\": {\\\"labels\\\": {\\\"update\\\": {\\\"fontSize\\\": {\\\"value\\\": 12}}}}\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.75 : 0.3\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.75}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}",
+      "uiStateJSON": "{}",
+      "description": "",
+      "version": 1,
+      "kibanaSavedObjectMeta": {
+        "searchSourceJSON": "{}"
+      }
+    },
+    "_meta": {
+      "savedObjectVersion": 2
+    }
+  },
+  {
+    "_id": "98248160-5603-11e8-b711-83a5f93b17f3",
+    "_type": "visualization",
+    "_source": {
+      "title": "ElastiFlow: Destination Locations (bytes) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Destination Locations (bytes) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Destination\"}}]}",
       "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
@@ -4528,11 +4768,11 @@
     }
   },
   {
-    "_id": "e46dc590-5603-11e8-b711-83a5f93b17f3",
+    "_id": "b0451c50-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Client Locations (packets) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Client Locations (packets) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Client\"}}]}",
+      "title": "ElastiFlow: Server Locations (bytes) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Server Locations (bytes) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Server\"}}]}",
       "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
@@ -4545,11 +4785,11 @@
     }
   },
   {
-    "_id": "d7942120-5603-11e8-b711-83a5f93b17f3",
+    "_id": "0b71ad10-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Locations (bytes) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Source Locations (bytes) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Source\"}}]}",
+      "title": "ElastiFlow: Client Locations (flow records) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Client Locations (flow records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Client\"}}]}",
       "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
@@ -4562,11 +4802,11 @@
     }
   },
   {
-    "_id": "0be16960-5604-11e8-b711-83a5f93b17f3",
+    "_id": "7ffb5af0-5603-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Locations (packets) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Source Locations (packets) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.src_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Source\"}}]}",
+      "title": "ElastiFlow: Client Locations (bytes) - tilemap",
+      "visState": "{\"title\":\"ElastiFlow: Client Locations (bytes) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Client\"}}]}",
       "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
       "description": "",
       "version": 1,
@@ -4579,16 +4819,16 @@
     }
   },
   {
-    "_id": "33c10ae0-5603-11e8-b711-83a5f93b17f3",
+    "_id": "7b10dd00-55e3-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Locations (flow records) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Destination Locations (flow records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Destination\"}}]}",
-      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
+      "title": "ElastiFlow: IP Versions and Protocols (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: IP Versions and Protocols (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_protocol\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Protocol\"}}]}",
+      "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4596,16 +4836,16 @@
     }
   },
   {
-    "_id": "203cdb70-5603-11e8-b711-83a5f93b17f3",
+    "_id": "6d0c50a0-801d-11e7-bcae-4bd056c878e8",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Server Locations (flow records) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Server Locations (flow records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Server\"}}]}",
-      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
+      "title": "ElastiFlow: Top Conversations - table",
+      "visState": "{\"title\":\"ElastiFlow: Top Conversations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":true,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.service_name\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
+      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4613,16 +4853,16 @@
     }
   },
   {
-    "_id": "98248160-5603-11e8-b711-83a5f93b17f3",
+    "_id": "c0997620-55e3-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Locations (bytes) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Destination Locations (bytes) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.dst_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Destination\"}}]}",
-      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
+      "title": "ElastiFlow: IP Versions and Protocols (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: IP Versions and Protocols (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_protocol\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Protocol\"}}]}",
+      "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4630,16 +4870,16 @@
     }
   },
   {
-    "_id": "b0451c50-5603-11e8-b711-83a5f93b17f3",
+    "_id": "b3ed2340-55e3-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Server Locations (bytes) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Server Locations (bytes) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.server_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Server\"}}]}",
-      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
+      "title": "ElastiFlow: IP Versions and Protocols (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: IP Versions and Protocols (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_protocol\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Protocol\"}}]}",
+      "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4647,16 +4887,16 @@
     }
   },
   {
-    "_id": "0b71ad10-5603-11e8-b711-83a5f93b17f3",
+    "_id": "3277ea90-6578-11e7-8471-e5432f50acbd",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Client Locations (flow records) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Client Locations (flow records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Client\"}}]}",
-      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
+      "title": "ElastiFlow: Source Count",
+      "visState": "{\"title\":\"ElastiFlow: Source Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.src_hostname\",\"customLabel\":\"Sources\"}}]}",
+      "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4664,16 +4904,16 @@
     }
   },
   {
-    "_id": "7ffb5af0-5603-11e8-b711-83a5f93b17f3",
+    "_id": "55be8550-655e-11e7-9dda-9f993e2ba58b",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Client Locations (bytes) - tilemap",
-      "visState": "{\"title\":\"ElastiFlow: Client Locations (bytes) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":2,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=000430f9-33fb-430b-989a-f0cb8414cca4\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.client_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Client\"}}]}",
-      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[-13.923403897723347,43.94531250000001]}",
+      "title": "ElastiFlow: Destination Count",
+      "visState": "{\"title\":\"ElastiFlow: Destination Count\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\",\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.dst_hostname\",\"customLabel\":\"Destinations\"}}]}",
+      "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4681,16 +4921,16 @@
     }
   },
   {
-    "_id": "7b10dd00-55e3-11e8-b711-83a5f93b17f3",
+    "_id": "003b4bd0-5618-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Versions and Protocols (bytes) - donut",
-      "visState": "{\"title\":\"ElastiFlow: IP Versions and Protocols (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_protocol\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Protocol\"}}]}",
-      "uiStateJSON": "{}",
+      "title": "ElastiFlow: Traffic Locality Count",
+      "visState": "{\"title\":\"ElastiFlow: Traffic Locality Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.traffic_locality\",\"customLabel\":\"Traffic Localities\"}}]}",
+      "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -4698,12 +4938,12 @@
     }
   },
   {
-    "_id": "6d0c50a0-801d-11e7-bcae-4bd056c878e8",
+    "_id": "2e450d90-8017-11e7-9e6a-575834c68c0e",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Top Conversations - table",
-      "visState": "{\"title\":\"ElastiFlow: Top Conversations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":true,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.client_hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.server_hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"flow.service_name\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}",
-      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}",
+      "title": "ElastiFlow: Server Count",
+      "visState": "{\"title\":\"ElastiFlow: Server Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.server_hostname\",\"customLabel\":\"Servers\"}}]}",
+      "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
@@ -5123,45 +5363,11 @@
     }
   },
   {
-    "_id": "c0997620-55e3-11e8-b711-83a5f93b17f3",
-    "_type": "visualization",
-    "_source": {
-      "title": "ElastiFlow: IP Versions and Protocols (flow records) - donut",
-      "visState": "{\"title\":\"ElastiFlow: IP Versions and Protocols (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_protocol\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Protocol\"}}]}",
-      "uiStateJSON": "{}",
-      "description": "",
-      "version": 1,
-      "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
-      }
-    },
-    "_meta": {
-      "savedObjectVersion": 2
-    }
-  },
-  {
-    "_id": "b3ed2340-55e3-11e8-b711-83a5f93b17f3",
-    "_type": "visualization",
-    "_source": {
-      "title": "ElastiFlow: IP Versions and Protocols (packets) - donut",
-      "visState": "{\"title\":\"ElastiFlow: IP Versions and Protocols (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_version\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.ip_protocol\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Protocol\"}}]}",
-      "uiStateJSON": "{}",
-      "description": "",
-      "version": 1,
-      "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
-      }
-    },
-    "_meta": {
-      "savedObjectVersion": 2
-    }
-  },
-  {
-    "_id": "3277ea90-6578-11e7-8471-e5432f50acbd",
+    "_id": "b13956f0-657a-11e7-8471-e5432f50acbd",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Source Count",
-      "visState": "{\"title\":\"ElastiFlow: Source Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.src_hostname\",\"customLabel\":\"Sources\"}}]}",
+      "title": "ElastiFlow: VLAN Count",
+      "visState": "{\"title\":\"ElastiFlow: VLAN Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.vlan\",\"customLabel\":\"VLANs\"}}]}",
       "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
       "description": "",
       "version": 1,
@@ -5174,67 +5380,16 @@
     }
   },
   {
-    "_id": "55be8550-655e-11e7-9dda-9f993e2ba58b",
+    "_id": "4c2019f0-55f9-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Destination Count",
-      "visState": "{\"title\":\"ElastiFlow: Destination Count\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\",\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.dst_hostname\",\"customLabel\":\"Destinations\"}}]}",
+      "title": "ElastiFlow: IP Reputations (flow records) - tag cloud",
+      "visState": "{\"title\":\"ElastiFlow: IP Reputations (flow records) - tag cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.rep_tags\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Reputation\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
-      }
-    },
-    "_meta": {
-      "savedObjectVersion": 2
-    }
-  },
-  {
-    "_id": "003b4bd0-5618-11e8-b711-83a5f93b17f3",
-    "_type": "visualization",
-    "_source": {
-      "title": "ElastiFlow: Traffic Locality Count",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.traffic_locality\",\"customLabel\":\"Traffic Localities\"}}]}",
-      "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
-      "description": "",
-      "version": 1,
-      "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"
-      }
-    },
-    "_meta": {
-      "savedObjectVersion": 2
-    }
-  },
-  {
-    "_id": "2e450d90-8017-11e7-9e6a-575834c68c0e",
-    "_type": "visualization",
-    "_source": {
-      "title": "ElastiFlow: Server Count",
-      "visState": "{\"title\":\"ElastiFlow: Server Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.server_hostname\",\"customLabel\":\"Servers\"}}]}",
-      "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
-      "description": "",
-      "version": 1,
-      "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
-      }
-    },
-    "_meta": {
-      "savedObjectVersion": 2
-    }
-  },
-  {
-    "_id": "b13956f0-657a-11e7-8471-e5432f50acbd",
-    "_type": "visualization",
-    "_source": {
-      "title": "ElastiFlow: VLAN Count",
-      "visState": "{\"title\":\"ElastiFlow: VLAN Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"handleNoResults\":true,\"type\":\"metric\",\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":36,\"labelColor\":false,\"subText\":\"\"},\"useRange\":false,\"metricColorMode\":\"None\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.vlan\",\"customLabel\":\"VLANs\"}}]}",
-      "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
-      "description": "",
-      "version": 1,
-      "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
       }
     },
     "_meta": {
@@ -5242,11 +5397,11 @@
     }
   },
   {
-    "_id": "4c2019f0-55f9-11e8-b711-83a5f93b17f3",
+    "_id": "4b025da0-55e8-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: IP Reputations (flow records) - tag cloud",
-      "visState": "{\"title\":\"ElastiFlow: IP Reputations (flow records) - tag cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.rep_tags\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Reputation\"}}]}",
+      "title": "ElastiFlow: TCP Flags (flow records) - tag cloud",
+      "visState": "{\"title\":\"ElastiFlow: TCP Flags (flow records) - tag cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TCP Flag\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -5259,16 +5414,16 @@
     }
   },
   {
-    "_id": "4b025da0-55e8-11e8-b711-83a5f93b17f3",
+    "_id": "c824e870-5629-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: TCP Flags (flow records) - tag cloud",
-      "visState": "{\"title\":\"ElastiFlow: TCP Flags (flow records) - tag cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.tcp_flags\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TCP Flag\"}}]}",
+      "title": "ElastiFlow: Sankey Client/Server (flow records) - vega",
+      "visState": "{\"title\":\"ElastiFlow: Sankey Client/Server (flow records) - vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.client_hostname\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.server_hostname\\\"}}}\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.doc_count\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"encode\\\": {\\\"labels\\\": {\\\"update\\\": {\\\"fontSize\\\": {\\\"value\\\": 12}}}}\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.75 : 0.3\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.75}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\"},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+        "searchSourceJSON": "{}"
       }
     },
     "_meta": {
@@ -5276,16 +5431,16 @@
     }
   },
   {
-    "_id": "e3c2e2c0-5607-11e8-b711-83a5f93b17f3",
+    "_id": "dfad9b10-90bf-11e8-939c-451bb6b059ba",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Src/Dst Autonomous Systems - input list",
-      "visState": "{\"title\":\"ElastiFlow: Src/Dst Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.src_autonomous_system\",\"label\":\"Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108883717\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.dst_autonomous_system\",\"label\":\"Destnation AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108909005\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Riverbed FE Types (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Riverbed FE Types (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.rb_fe_type\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"FE Type\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -5293,16 +5448,16 @@
     }
   },
   {
-    "_id": "a65eb880-5609-11e8-b711-83a5f93b17f3",
+    "_id": "ea32ef40-90bf-11e8-939c-451bb6b059ba",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Ingress/Egress Interfaces - input list",
-      "visState": "{\"title\":\"ElastiFlow: Ingress/Egress Interfaces - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"event.type\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526108883717\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.input_snmp\",\"label\":\"Ingress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\"},{\"id\":\"1526108909005\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.output_snmp\",\"label\":\"Egress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Riverbed FE Types (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Riverbed FE Types (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.rb_fe_type\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"FE Type\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -5310,11 +5465,11 @@
     }
   },
   {
-    "_id": "17c29c50-55bd-11e8-a1f3-452446793d46",
+    "_id": "a65eb880-5609-11e8-b711-83a5f93b17f3",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Src/Dst - input list",
-      "visState": "{\"title\":\"ElastiFlow: Src/Dst - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.src_hostname\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108883717\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.dst_hostname\",\"label\":\"Destnation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108909005\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.dst_port_name\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Ingress/Egress Interfaces - input list",
+      "visState": "{\"title\":\"ElastiFlow: Ingress/Egress Interfaces - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"event.type\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526108883717\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.input_ifname\",\"label\":\"Ingress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\"},{\"id\":\"1526108909005\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.output_ifname\",\"label\":\"Egress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"parent\":\"1526107541713\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
@@ -5327,16 +5482,16 @@
     }
   },
   {
-    "_id": "95799400-55b3-11e8-a1f3-452446793d46",
+    "_id": "365fd1d0-90c0-11e8-939c-451bb6b059ba",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Client/Server - input list",
-      "visState": "{\"title\":\"ElastiFlow: Client/Server - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108883717\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5000,\"order\":\"desc\"}},{\"id\":\"1526108909005\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Riverbed Pass-Through Reasons (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Riverbed Pass-Through Reasons (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.rb_passthru_reason\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Pass-Through Reason\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -5344,16 +5499,16 @@
     }
   },
   {
-    "_id": "7546a110-55fd-11e8-b711-83a5f93b17f3",
+    "_id": "570b2970-90c0-11e8-939c-451bb6b059ba",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Types, Exporters & Services - input list",
-      "visState": "{\"title\":\"ElastiFlow: Flow Types, Exporters & Services - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"event.type\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526140705539\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Riverbed Pass-Through Reasons (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Riverbed Pass-Through Reasons (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.rb_passthru_reason\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Pass-Through Reason\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -5361,16 +5516,16 @@
     }
   },
   {
-    "_id": "72ac9770-560c-11e8-b711-83a5f93b17f3",
+    "_id": "493a2cb0-90c0-11e8-939c-451bb6b059ba",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Types, Exporters & Apps - input list",
-      "visState": "{\"title\":\"ElastiFlow: Flow Types, Exporters & Apps - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"event.type\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}},{\"id\":\"1526140705539\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.application\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Riverbed Pass-Through Reasons (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Riverbed Pass-Through Reasons (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.rb_passthru_reason\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Pass-Through Reason\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -5378,16 +5533,16 @@
     }
   },
   {
-    "_id": "53f4a4d0-55df-11e8-b711-83a5f93b17f3",
+    "_id": "aff8d140-90c0-11e8-939c-451bb6b059ba",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Flow Types & Exporters - input list",
-      "visState": "{\"title\":\"ElastiFlow: Flow Types & Exporters - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"event.type\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"node.hostname\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Riverbed WAN Visibility (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Riverbed WAN Visibility (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.rb_wan_visibility\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"WAN Visibility\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -5395,16 +5550,16 @@
     }
   },
   {
-    "_id": "61ed9a20-561a-11e8-b711-83a5f93b17f3",
+    "_id": "945db590-90c0-11e8-939c-451bb6b059ba",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Attributes - input list",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Attributes - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.ip_protocol\",\"label\":\"IP Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":50,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.vlan\",\"label\":\"VLAN\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}},{\"id\":\"1526153132040\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.tos\",\"label\":\"Type of Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}},{\"id\":\"1526153149794\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.tcp_flags\",\"label\":\"TCP Flag\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Riverbed WAN Visibility (packets) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Riverbed WAN Visibility (packets) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.rb_wan_visibility\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"WAN Visibility\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -5412,16 +5567,16 @@
     }
   },
   {
-    "_id": "c0ca16b0-561d-11e8-b711-83a5f93b17f3",
+    "_id": "a1a53700-90c0-11e8-939c-451bb6b059ba",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Locality - input list",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Locality - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.traffic_locality\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":10,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.autonomous_system\",\"label\":\"Autonomous System\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"}},{\"id\":\"1526153132040\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.country\",\"label\":\"Country\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}},{\"id\":\"1526153149794\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.city\",\"label\":\"City\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Riverbed WAN Visibility (bytes) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Riverbed WAN Visibility (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.rb_wan_visibility\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"WAN Visibility\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
@@ -5429,16 +5584,16 @@
     }
   },
   {
-    "_id": "b577fca0-561d-11e8-b711-83a5f93b17f3",
+    "_id": "faacc4e0-90bf-11e8-939c-451bb6b059ba",
     "_type": "visualization",
     "_source": {
-      "title": "ElastiFlow: Traffic Types - input list",
-      "visState": "{\"title\":\"ElastiFlow: Traffic Types - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1526107640219\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"}},{\"id\":\"1526107541713\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"}},{\"id\":\"1526153132040\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"}},{\"id\":\"1526153149794\",\"indexPattern\":\"elastiflow-*\",\"fieldName\":\"flow.application\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2000,\"order\":\"desc\"}}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true},\"aggs\":[]}",
+      "title": "ElastiFlow: Riverbed FE Types (flow records) - donut",
+      "visState": "{\"title\":\"ElastiFlow: Riverbed FE Types (flow records) - donut\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.rb_fe_type\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"FE Type\"}}]}",
       "uiStateJSON": "{}",
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{}"
+        "searchSourceJSON": "{\"index\":\"elastiflow-*\",\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
       }
     },
     "_meta": {
diff --git a/kibana/elastiflow.index_pattern.json b/kibana/elastiflow.index_pattern.json
index 69e656b..3be1b73 100644
--- a/kibana/elastiflow.index_pattern.json
+++ b/kibana/elastiflow.index_pattern.json
@@ -2,7 +2,7 @@
 	"attributes": {
 		"title": "elastiflow-*",
 		"timeFieldName": "@timestamp",
-		"fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"event.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.application\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bgp_next_hop\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bgp_valid_state\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_addr_trans\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_mask_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_port_trans\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.input_snmp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.ip_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.ip_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.next_hop\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.output_snmp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.sampling_interval\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.service_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.service_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_addr_trans\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_mask_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_port_trans\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.tos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.traffic_direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.traffic_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.vlan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.deltaFlowCount\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.flowEndSysUpTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.flowStartSysUpTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.mplsLabelStackLength\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.octetDeltaCount\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.packetDeltaCount\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipfix.version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.first_switched\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flow_active_timeout\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flow_end_reason\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flow_inactive_timeout\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flow_seq_num\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flows\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.flowset_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.forwarding_status.reason\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.forwarding_status.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.icmp_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.in_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.in_pkts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.last_switched\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.mpls_label_stack_octets.bottom_of_stack\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.mpls_label_stack_octets.experimental\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.mpls_label_stack_octets.label\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.mpls_label_stack_octets.ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.out_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.out_pkts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.sampling_algorithm\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.scope_system\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.total_bytes_exp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.total_flows_exp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.total_pkts_exp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.ipaddr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.drops\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.eth_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.frame_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.padded\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.sample_pool\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.sflow_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.source_id_index\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.source_id_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.stripped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.sub_agent_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.uptime_in_ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sflow.vlan_priority\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
+		"fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"event.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.application\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bgp_next_hop\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bgp_valid_state\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.client_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_addr_trans\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_mask_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_port_trans\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.input_ifname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.input_snmp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.ip_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.ip_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.next_hop\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.output_ifname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.output_snmp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.sampling_interval\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.server_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.service_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.service_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_addr_trans\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_mask_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_port_trans\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.tos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.traffic_direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.traffic_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.vlan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_cfe_inpath_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_cfe_tcp_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_cfe_tcp_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_fe_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_outer_inpath_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_outer_tcp_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_outer_tcp_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_passthru_reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_retrans_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_retrans_pkts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_sfe_inpath_addr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_sfe_tcp_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_sfe_tcp_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_tcp_conn_rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_unk_51130\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.rb_wan_visibility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.ipaddr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
 		"fieldFormatMap": "{\"flow.bytes\":{\"id\":\"bytes\"},\"flow.dst_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst_port_trans\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.service_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src_port_trans\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.client_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.server_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.vlan\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"flow.client_addr\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst_addr\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.server_addr\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src_addr\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.dst_addr_trans\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.src_addr_trans\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}}}"
 	}
 }
diff --git a/logstash.service.d/elastiflow.conf b/logstash.service.d/elastiflow.conf
index 4e626ad..e8d14e1 100644
--- a/logstash.service.d/elastiflow.conf
+++ b/logstash.service.d/elastiflow.conf
@@ -18,6 +18,7 @@
 [Service]
 # ElastiFlow global configuration
 Environment="ELASTIFLOW_DICT_PATH=/etc/logstash/elastiflow/dictionaries"
+Environment="ELASTIFLOW_DEFINITION_PATH=/etc/logstash/elastiflow/definitions"
 Environment="ELASTIFLOW_TEMPLATE_PATH=/etc/logstash/elastiflow/templates"
 Environment="ELASTIFLOW_GEOIP_DB_PATH=/etc/logstash/elastiflow/geoipdbs"
 Environment="ELASTIFLOW_GEOIP_CACHE_SIZE=8192"
@@ -26,6 +27,7 @@ Environment="ELASTIFLOW_ASN_LOOKUP=true"
 Environment="ELASTIFLOW_KEEP_ORIG_DATA=true"
 Environment="ELASTIFLOW_DEFAULT_APPID_SRCTYPE=__UNKNOWN"
 
+
 # Name resolution option
 Environment="ELASTIFLOW_RESOLVE_IP2HOST=false"
 Environment="ELASTIFLOW_NAMESERVER=127.0.0.1"
@@ -34,14 +36,24 @@ Environment="ELASTIFLOW_DNS_HIT_CACHE_TTL=900"
 Environment="ELASTIFLOW_DNS_FAILED_CACHE_SIZE=75000"
 Environment="ELASTIFLOW_DNS_FAILED_CACHE_TTL=3600"
 
+
 # Elasticsearch connection settings
-#   - If you need Logstash to connect to one of an array of servers, you must edit the output directly.
-#   - If ELASTIFLOW_ES_SSL_VERIFY is true then you must edit the output and set the path where the cacert can be found.
+Environment="ELASTIFLOW_ES_USER=elastic"
+Environment="ELASTIFLOW_ES_PASSWD=changeme"
+
+# If you need Logstash to connect to only one Elasticsearch server, use the following environment variable.
 Environment="ELASTIFLOW_ES_HOST=127.0.0.1:9200"
+
+# If you need Logstash to connect to one of an array of three Elasticsearch servers, use the following environment variables.
+# It is also necessary to rename the output files to disable single node output, and enable multi-node.
+Environment="ELASTIFLOW_ES_HOST_1=127.0.0.1:9200"
+Environment="ELASTIFLOW_ES_HOST_2=127.0.0.2:9200"
+Environment="ELASTIFLOW_ES_HOST_3=127.0.0.3:9200"
+
+# If ELASTIFLOW_ES_SSL_VERIFY is true then you must edit the output and set the path where the cacert can be found.
 Environment="ELASTIFLOW_ES_SSL_ENABLE=false"
 Environment="ELASTIFLOW_ES_SSL_VERIFY=false"
-Environment="ELASTIFLOW_ES_USER=elastic"
-Environment="ELASTIFLOW_ES_PASSWD=changeme"
+
 
 # Netflow - IPv4
 Environment="ELASTIFLOW_NETFLOW_IPV4_HOST=0.0.0.0"
@@ -52,10 +64,12 @@ Environment="ELASTIFLOW_NETFLOW_IPV6_PORT=52055"
 # Netflow - UDP input options
 Environment="ELASTIFLOW_NETFLOW_UDP_WORKERS=4"
 Environment="ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE=4096"
+Environment="ELASTIFLOW_NETFLOW_UDP_RCV_BUFF=33554432"
 # Netflow timestamp options
 Environment="ELASTIFLOW_NETFLOW_LASTSW_TIMESTAMP=false"
 Environment="ELASTIFLOW_NETFLOW_TZ=UTC"
 
+
 # sFlow - IPv4
 Environment="ELASTIFLOW_SFLOW_IPV4_HOST=0.0.0.0"
 Environment="ELASTIFLOW_SFLOW_IPV4_PORT=6343"
@@ -65,6 +79,8 @@ Environment="ELASTIFLOW_SFLOW_IPV6_PORT=56343"
 # sFlow - UDP input options
 Environment="ELASTIFLOW_SFLOW_UDP_WORKERS=4"
 Environment="ELASTIFLOW_SFLOW_UDP_QUEUE_SIZE=4096"
+Environment="ELASTIFLOW_SFLOW_UDP_RCV_BUFF=33554432"
+
 
 # IPFIX - IPv4
 Environment="ELASTIFLOW_IPFIX_TCP_IPV4_HOST=0.0.0.0"
@@ -79,3 +95,4 @@ Environment="ELASTIFLOW_IPFIX_UDP_IPV6_PORT=54739"
 # IPFIX - UDP input options
 Environment="ELASTIFLOW_IPFIX_UDP_WORKERS=4"
 Environment="ELASTIFLOW_IPFIX_UDP_QUEUE_SIZE=4096"
+Environment="ELASTIFLOW_IPFIX_UDP_RCV_BUFF=33554432"
diff --git a/logstash/elastiflow/conf.d/10_input_ipfix_ipv4.logstash.conf b/logstash/elastiflow/conf.d/10_input_ipfix_ipv4.logstash.conf
index 799aae5..43d2dec 100644
--- a/logstash/elastiflow/conf.d/10_input_ipfix_ipv4.logstash.conf
+++ b/logstash/elastiflow/conf.d/10_input_ipfix_ipv4.logstash.conf
@@ -24,6 +24,8 @@ input {
     codec => netflow {
       versions => [10]
       target => "ipfix"
+      #netflow_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/netflow.yml"
+      #ipfix_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/ipfix.yml"
     }
     type => "ipfix"
   }
@@ -33,9 +35,12 @@ input {
     port => "${ELASTIFLOW_IPFIX_UDP_IPV4_PORT:4739}"
     workers => "${ELASTIFLOW_IPFIX_UDP_WORKERS:4}"
     queue_size => "${ELASTIFLOW_IPFIX_UDP_QUEUE_SIZE:2048}"
+    receive_buffer_bytes => "${ELASTIFLOW_IPFIX_UDP_RCV_BUFF:33554432}"
     codec => netflow {
       versions => [5,9,10]
       target => "ipfix"
+      #netflow_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/netflow.yml"
+      #ipfix_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/ipfix.yml"
     }
     type => "ipfix"
   }
diff --git a/logstash/elastiflow/conf.d/10_input_ipfix_ipv6.logstash.conf.disabled b/logstash/elastiflow/conf.d/10_input_ipfix_ipv6.logstash.conf.disabled
index 6d3e531..8953e69 100644
--- a/logstash/elastiflow/conf.d/10_input_ipfix_ipv6.logstash.conf.disabled
+++ b/logstash/elastiflow/conf.d/10_input_ipfix_ipv6.logstash.conf.disabled
@@ -24,6 +24,8 @@ input {
     codec => netflow {
       versions => [10]
       target => "ipfix"
+      #netflow_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/netflow.yml"
+      #ipfix_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/ipfix.yml"
     }
     type => "ipfix"
   }
@@ -33,9 +35,12 @@ input {
     port => "${ELASTIFLOW_IPFIX_UDP_IPV6_PORT:54739}"
     workers => "${ELASTIFLOW_IPFIX_UDP_WORKERS:4}"
     queue_size => "${ELASTIFLOW_IPFIX_UDP_QUEUE_SIZE:2048}"
+    receive_buffer_bytes => "${ELASTIFLOW_IPFIX_UDP_RCV_BUFF:33554432}"
     codec => netflow {
       versions => [5,9,10]
       target => "ipfix"
+      #netflow_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/netflow.yml"
+      #ipfix_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/ipfix.yml"
     }
     type => "ipfix"
   }
diff --git a/logstash/elastiflow/conf.d/10_input_netflow_ipv4.logstash.conf b/logstash/elastiflow/conf.d/10_input_netflow_ipv4.logstash.conf
index 60b3bdb..0f5c416 100644
--- a/logstash/elastiflow/conf.d/10_input_netflow_ipv4.logstash.conf
+++ b/logstash/elastiflow/conf.d/10_input_netflow_ipv4.logstash.conf
@@ -23,8 +23,11 @@ input {
     port => "${ELASTIFLOW_NETFLOW_IPV4_PORT:2055}"
     workers => "${ELASTIFLOW_NETFLOW_UDP_WORKERS:4}"
     queue_size => "${ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE:2048}"
+    receive_buffer_bytes => "${ELASTIFLOW_NETFLOW_UDP_RCV_BUFF:33554432}"
     codec => netflow {
       versions => [5,9,10]
+      #netflow_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/netflow.yml"
+      #ipfix_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/ipfix.yml"
     }
     type => "netflow"
   }
diff --git a/logstash/elastiflow/conf.d/10_input_netflow_ipv6.logstash.conf.disabled b/logstash/elastiflow/conf.d/10_input_netflow_ipv6.logstash.conf.disabled
index 6422015..06375fd 100644
--- a/logstash/elastiflow/conf.d/10_input_netflow_ipv6.logstash.conf.disabled
+++ b/logstash/elastiflow/conf.d/10_input_netflow_ipv6.logstash.conf.disabled
@@ -23,8 +23,11 @@ input {
     port => "${ELASTIFLOW_NETFLOW_IPV6_PORT:52055}"
     workers => "${ELASTIFLOW_NETFLOW_UDP_WORKERS:4}"
     queue_size => "${ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE:2048}"
+    receive_buffer_bytes => "${ELASTIFLOW_NETFLOW_UDP_RCV_BUFF:33554432}"
     codec => netflow {
       versions => [5,9,10]
+      #netflow_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/netflow.yml"
+      #ipfix_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/ipfix.yml"
     }
     type => "netflow"
   }
diff --git a/logstash/elastiflow/conf.d/10_input_sflow_ipv4.logstash.conf b/logstash/elastiflow/conf.d/10_input_sflow_ipv4.logstash.conf
index b2c286b..6298176 100644
--- a/logstash/elastiflow/conf.d/10_input_sflow_ipv4.logstash.conf
+++ b/logstash/elastiflow/conf.d/10_input_sflow_ipv4.logstash.conf
@@ -23,6 +23,7 @@ input {
     port => "${ELASTIFLOW_SFLOW_IPV4_PORT:6343}"
     workers => "${ELASTIFLOW_SFLOW_UDP_WORKERS:4}"
     queue_size => "${ELASTIFLOW_SFLOW_UDP_QUEUE_SIZE:2048}"
+    receive_buffer_bytes => "${ELASTIFLOW_SFLOW_UDP_RCV_BUFF:33554432}"
     codec => sflow { }
     type => "sflow"
   }
diff --git a/logstash/elastiflow/conf.d/10_input_sflow_ipv6.logstash.conf.disabled b/logstash/elastiflow/conf.d/10_input_sflow_ipv6.logstash.conf.disabled
index 6f0b42b..c97a01b 100644
--- a/logstash/elastiflow/conf.d/10_input_sflow_ipv6.logstash.conf.disabled
+++ b/logstash/elastiflow/conf.d/10_input_sflow_ipv6.logstash.conf.disabled
@@ -23,6 +23,7 @@ input {
     port => "${ELASTIFLOW_SFLOW_IPV6_PORT:56343}"
     workers => "${ELASTIFLOW_SFLOW_UDP_WORKERS:4}"
     queue_size => "${ELASTIFLOW_SFLOW_UDP_QUEUE_SIZE:2048}"
+    receive_buffer_bytes => "${ELASTIFLOW_SFLOW_UDP_RCV_BUFF:33554432}"
     codec => sflow { }
     type => "sflow"
   }
diff --git a/logstash/elastiflow/conf.d/20_filter_20_netflow.logstash.conf b/logstash/elastiflow/conf.d/20_filter_20_netflow.logstash.conf
index 49bd7bc..ea7edf2 100644
--- a/logstash/elastiflow/conf.d/20_filter_20_netflow.logstash.conf
+++ b/logstash/elastiflow/conf.d/20_filter_20_netflow.logstash.conf
@@ -550,6 +550,98 @@ filter {
             }
           }
         }
+      
+      # Lookup Riverbed-specific fields if present.
+        if [netflow][rb_fe_type] {
+          translate {
+            id => "netflow_9_translate_rb_fe_type"
+            dictionary_path => "${ELASTIFLOW_DICT_PATH:/etc/logstash/elastiflow/dictionaries}/riverbed_fe_type.yml"
+            field => "[netflow][rb_fe_type]"
+            destination => "[netflow][rb_fe_type]"
+            override => true
+            fallback => "undefined (%{[netflow][rb_fe_type]})"
+          }
+        }
+        if [netflow][rb_passthru_reason] {
+          translate {
+            id => "netflow_9_translate_rb_passthru_reason"
+            dictionary_path => "${ELASTIFLOW_DICT_PATH:/etc/logstash/elastiflow/dictionaries}/riverbed_passthru_reason.yml"
+            field => "[netflow][rb_passthru_reason]"
+            destination => "[netflow][rb_passthru_reason]"
+            override => true
+            fallback => "undefined (%{[netflow][rb_passthru_reason]})"
+          }
+        }
+        if [netflow][rb_wan_visibility] {
+          translate {
+            id => "netflow_9_translate_rb_wan_visibility"
+            dictionary_path => "${ELASTIFLOW_DICT_PATH:/etc/logstash/elastiflow/dictionaries}/riverbed_wan_visibility.yml"
+            field => "[netflow][rb_wan_visibility]"
+            destination => "[netflow][rb_wan_visibility]"
+            override => true
+            fallback => "undefined (%{[netflow][rb_wan_visibility]})"
+          }
+        }
+        if [netflow][rb_cfe_tcp_port] {
+          translate {
+            id => "netflow_9_translate_rb_cfe_tcp_port"
+            dictionary_path => "${ELASTIFLOW_DICT_PATH:/etc/logstash/elastiflow/dictionaries}/iana_service_names_tcp.yml"
+            field => "[netflow][rb_cfe_tcp_port]"
+            destination => "[netflow][rb_cfe_tcp_port_name]"
+            fallback => "__UNKNOWN"
+          }
+          if [netflow][rb_cfe_tcp_port_name] == "__UNKNOWN" {
+            mutate {
+              id => "elastiflow_rb_cfe_tcp_port_name_unknown"
+              replace => { "[netflow][rb_cfe_tcp_port_name]" => "TCP/%{[flow][rb_cfe_tcp_port]}" }
+            }
+          } else {
+            mutate {
+              id => "elastiflow_rb_cfe_tcp_port_name_append_port"
+              replace => { "[netflow][rb_cfe_tcp_port_name]" => "%{[netflow][rb_cfe_tcp_port_name]} (TCP/%{[netflow][rb_cfe_tcp_port]})" }
+            }
+          }
+        }
+        if [netflow][rb_outer_tcp_port] {
+          translate {
+            id => "netflow_9_translate_rb_outer_tcp_port"
+            dictionary_path => "${ELASTIFLOW_DICT_PATH:/etc/logstash/elastiflow/dictionaries}/iana_service_names_tcp.yml"
+            field => "[netflow][rb_outer_tcp_port]"
+            destination => "[netflow][rb_outer_tcp_port_name]"
+            fallback => "__UNKNOWN"
+          }
+          if [netflow][rb_outer_tcp_port_name] == "__UNKNOWN" {
+            mutate {
+              id => "elastiflow_rb_outer_tcp_port_name_unknown"
+              replace => { "[netflow][rb_outer_tcp_port_name]" => "TCP/%{[flow][rb_outer_tcp_port]}" }
+            }
+          } else {
+            mutate {
+              id => "elastiflow_rb_outer_tcp_port_name_append_port"
+              replace => { "[netflow][rb_outer_tcp_port_name]" => "%{[netflow][rb_outer_tcp_port_name]} (TCP/%{[netflow][rb_outer_tcp_port]})" }
+            }
+          }
+        }
+        if [netflow][rb_sfe_tcp_port] {
+          translate {
+            id => "netflow_9_translate_rb_sfe_tcp_port"
+            dictionary_path => "${ELASTIFLOW_DICT_PATH:/etc/logstash/elastiflow/dictionaries}/iana_service_names_tcp.yml"
+            field => "[netflow][rb_sfe_tcp_port]"
+            destination => "[netflow][rb_sfe_tcp_port_name]"
+            fallback => "__UNKNOWN"
+          }
+          if [netflow][rb_sfe_tcp_port_name] == "__UNKNOWN" {
+            mutate {
+              id => "elastiflow_rb_sfe_tcp_port_name_unknown"
+              replace => { "[netflow][rb_sfe_tcp_port_name]" => "TCP/%{[flow][rb_sfe_tcp_port]}" }
+            }
+          } else {
+            mutate {
+              id => "elastiflow_rb_sfe_tcp_port_append_port"
+              replace => { "[netflow][rb_sfe_tcp_port_name]" => "%{[netflow][rb_sfe_tcp_port_name]} (TCP/%{[netflow][rb_sfe_tcp_port]})" }
+            }
+          }
+        }
     }
 
     # Netflow version was not recognized.
diff --git a/logstash/elastiflow/conf.d/20_filter_90_post_process.logstash.conf b/logstash/elastiflow/conf.d/20_filter_90_post_process.logstash.conf
index 0dd82a1..7f48446 100644
--- a/logstash/elastiflow/conf.d/20_filter_90_post_process.logstash.conf
+++ b/logstash/elastiflow/conf.d/20_filter_90_post_process.logstash.conf
@@ -530,7 +530,12 @@ filter {
 
       # Determine client and server from source and destination ports.
         if [flow][dst_port] and [flow][src_port] {
-          if [flow][src_port_name] == "__UNKNOWN" {
+          if [flow][tcp_flags] == 2 {
+            mutate {
+              id => "elastiflow_postproc_syn_flag_dstIsSrv"
+              add_field => { "[@metadata][isServer]" => "dst" }
+            }
+          } else if [flow][src_port_name] == "__UNKNOWN" {
             if [flow][dst_port_name] == "__UNKNOWN" {
               if [flow][dst_port] <= [flow][src_port] {
                 mutate {
@@ -831,6 +836,34 @@ filter {
       }
     }
 
+  # Populate interface names from dictionary if enabled.
+    if [flow][input_snmp] {
+      mutate {
+        id => "elastiflow_postproc_translate_in_if_key"
+        add_field => { "[@metadata][in_if_key]" => "%{[node][ipaddr]}::ifName.%{[flow][input_snmp]}" }
+      }
+      translate {
+        id => "elastiflow_postproc_translate_input_ifname"
+        dictionary_path => "${ELASTIFLOW_DICT_PATH:/etc/logstash/elastiflow/dictionaries}/ifName.yml"
+        field => "[@metadata][in_if_key]"
+        destination => "[flow][input_ifname]"
+        fallback => "index: %{[flow][input_snmp]}"
+      }
+    }
+    if [flow][output_snmp] {
+      mutate {
+        id => "elastiflow_postproc_translate_out_if_key"
+        add_field => { "[@metadata][out_if_key]" => "%{[node][ipaddr]}::ifName.%{[flow][output_snmp]}" }
+      }
+      translate {
+        id => "elastiflow_postproc_translate_output_ifname"
+        dictionary_path => "${ELASTIFLOW_DICT_PATH:/etc/logstash/elastiflow/dictionaries}/ifName.yml"
+        field => "[@metadata][out_if_key]"
+        destination => "[flow][output_ifname]"
+        fallback => "index: %{[flow][output_snmp]}"
+      }
+    }
+
   # Remove remaining original data if configured not to keep it.
     if [@metadata][keep_orig_data] == "false" {
       mutate {
diff --git a/logstash/elastiflow/conf.d/30_output.logstash.conf b/logstash/elastiflow/conf.d/30_output_10_single.logstash.conf
similarity index 91%
rename from logstash/elastiflow/conf.d/30_output.logstash.conf
rename to logstash/elastiflow/conf.d/30_output_10_single.logstash.conf
index 7b186b1..6550faa 100644
--- a/logstash/elastiflow/conf.d/30_output.logstash.conf
+++ b/logstash/elastiflow/conf.d/30_output_10_single.logstash.conf
@@ -17,7 +17,7 @@
 
 output {
   elasticsearch {
-    id => "output_elasticsearch"
+    id => "output_elasticsearch_single"
     hosts => [ "${ELASTIFLOW_ES_HOST:127.0.0.1:9200}" ]
     ssl => "${ELASTIFLOW_ES_SSL_ENABLE:false}"
     ssl_certificate_verification => "${ELASTIFLOW_ES_SSL_VERIFY:false}"
@@ -25,9 +25,9 @@ output {
     #cacert => "/PATH/TO/CERT"
     user => "${ELASTIFLOW_ES_USER:elastic}"
     password => "${ELASTIFLOW_ES_PASSWD:changeme}"
-    index => "elastiflow-3.1.0-%{+YYYY.MM.dd}"
+    index => "elastiflow-3.2.0-%{+YYYY.MM.dd}"
     template => "${ELASTIFLOW_TEMPLATE_PATH:/etc/logstash/templates}/elastiflow.template.json"
-    template_name => "elastiflow-3.1.0"
+    template_name => "elastiflow-3.2.0"
     template_overwrite => "true"
   }
 }
diff --git a/logstash/elastiflow/conf.d/30_output_20_multi.logstash.conf.disabled b/logstash/elastiflow/conf.d/30_output_20_multi.logstash.conf.disabled
new file mode 100644
index 0000000..4aebd7c
--- /dev/null
+++ b/logstash/elastiflow/conf.d/30_output_20_multi.logstash.conf.disabled
@@ -0,0 +1,33 @@
+#------------------------------------------------------------------------------
+# Copyright (C)2018 Robert Cowart
+# 
+# The contents of this file and/or repository are subject to the Robert Cowart
+# Public License (the "License") and may not be used or distributed except in
+# compliance with the License. You may obtain a copy of the License at:
+# 
+# http://www.koiossian.com/public/robert_cowart_public_license.txt
+# 
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
+# the specific language governing rights and limitations under the License.
+# 
+# The Original Source Code was developed by Robert Cowart. Portions created by
+# Robert Cowart are Copyright (C)2018 Robert Cowart. All Rights Reserved.
+#------------------------------------------------------------------------------
+
+output {
+  elasticsearch {
+    id => "output_elasticsearch_multi"
+    hosts => [ "${ELASTIFLOW_ES_HOST_1:127.0.0.1:9200}", "${ELASTIFLOW_ES_HOST_2:127.0.0.2:9200}", "${ELASTIFLOW_ES_HOST_3:127.0.0.3:9200}" ]
+    ssl => "${ELASTIFLOW_ES_SSL_ENABLE:false}"
+    ssl_certificate_verification => "${ELASTIFLOW_ES_SSL_VERIFY:false}"
+    # If ssl_certificate_verification is true, uncomment cacert and set the path to the certificate.
+    #cacert => "/PATH/TO/CERT"
+    user => "${ELASTIFLOW_ES_USER:elastic}"
+    password => "${ELASTIFLOW_ES_PASSWD:changeme}"
+    index => "elastiflow-3.2.0-%{+YYYY.MM.dd}"
+    template => "${ELASTIFLOW_TEMPLATE_PATH:/etc/logstash/templates}/elastiflow.template.json"
+    template_name => "elastiflow-3.2.0"
+    template_overwrite => "true"
+  }
+}
diff --git a/logstash/elastiflow/definitions/ipfix.yml b/logstash/elastiflow/definitions/ipfix.yml
new file mode 100644
index 0000000..63c55da
--- /dev/null
+++ b/logstash/elastiflow/definitions/ipfix.yml
@@ -0,0 +1,3848 @@
+---
+0:
+  0:
+  - :skip
+  1:
+  - :uint64
+  - :octetDeltaCount
+  2:
+  - :uint64
+  - :packetDeltaCount
+  3:
+  - :uint64
+  - :deltaFlowCount
+  4:
+  - :uint8
+  - :protocolIdentifier
+  5:
+  - :uint8
+  - :ipClassOfService
+  6:
+  - :uint16
+  - :tcpControlBits
+  7:
+  - :uint16
+  - :sourceTransportPort
+  8:
+  - :ip4_addr
+  - :sourceIPv4Address
+  9:
+  - :uint8
+  - :sourceIPv4PrefixLength
+  10:
+  - :uint32
+  - :ingressInterface
+  11:
+  - :uint16
+  - :destinationTransportPort
+  12:
+  - :ip4_addr
+  - :destinationIPv4Address
+  13:
+  - :uint8
+  - :destinationIPv4PrefixLength
+  14:
+  - :uint32
+  - :egressInterface
+  15:
+  - :ip4_addr
+  - :ipNextHopIPv4Address
+  16:
+  - :uint32
+  - :bgpSourceAsNumber
+  17:
+  - :uint32
+  - :bgpDestinationAsNumber
+  18:
+  - :ip4_addr
+  - :bgpNextHopIPv4Address
+  19:
+  - :uint64
+  - :postMCastPacketDeltaCount
+  20:
+  - :uint64
+  - :postMCastOctetDeltaCount
+  21:
+  - :uint32
+  - :flowEndSysUpTime
+  22:
+  - :uint32
+  - :flowStartSysUpTime
+  23:
+  - :uint64
+  - :postOctetDeltaCount
+  24:
+  - :uint64
+  - :postPacketDeltaCount
+  25:
+  - :uint64
+  - :minimumIpTotalLength
+  26:
+  - :uint64
+  - :maximumIpTotalLength
+  27:
+  - :ip6_addr
+  - :sourceIPv6Address
+  28:
+  - :ip6_addr
+  - :destinationIPv6Address
+  29:
+  - :uint8
+  - :sourceIPv6PrefixLength
+  30:
+  - :uint8
+  - :destinationIPv6PrefixLength
+  31:
+  - :uint32
+  - :flowLabelIPv6
+  32:
+  - :uint16
+  - :icmpTypeCodeIPv4
+  33:
+  - :uint8
+  - :igmpType
+  34:
+  - :uint32
+  - :samplingInterval
+  35:
+  - :uint8
+  - :samplingAlgorithm
+  36:
+  - :uint16
+  - :flowActiveTimeout
+  37:
+  - :uint16
+  - :flowIdleTimeout
+  38:
+  - :uint8
+  - :engineType
+  39:
+  - :uint8
+  - :engineId
+  40:
+  - :uint64
+  - :exportedOctetTotalCount
+  41:
+  - :uint64
+  - :exportedMessageTotalCount
+  42:
+  - :uint64
+  - :exportedFlowRecordTotalCount
+  43:
+  - :ip4_addr
+  - :ipv4RouterSc
+  44:
+  - :ip4_addr
+  - :sourceIPv4Prefix
+  45:
+  - :ip4_addr
+  - :destinationIPv4Prefix
+  46:
+  - :uint8
+  - :mplsTopLabelType
+  47:
+  - :ip4_addr
+  - :mplsTopLabelIPv4Address
+  48:
+  - :uint8
+  - :samplerId
+  49:
+  - :uint8
+  - :samplerMode
+  50:
+  - :uint32
+  - :samplerRandomInterval
+  51:
+  - :uint8
+  - :classId
+  52:
+  - :uint8
+  - :minimumTTL
+  53:
+  - :uint8
+  - :maximumTTL
+  54:
+  - :uint32
+  - :fragmentIdentification
+  55:
+  - :uint8
+  - :postIpClassOfService
+  56:
+  - :mac_addr
+  - :sourceMacAddress
+  57:
+  - :mac_addr
+  - :postDestinationMacAddress
+  58:
+  - :uint16
+  - :vlanId
+  59:
+  - :uint16
+  - :postVlanId
+  60:
+  - :uint8
+  - :ipVersion
+  61:
+  - :uint8
+  - :flowDirection
+  62:
+  - :ip6_addr
+  - :ipNextHopIPv6Address
+  63:
+  - :ip6_addr
+  - :bgpNextHopIPv6Address
+  64:
+  - :uint32
+  - :ipv6ExtensionHeaders
+  70:
+  - :string
+  - :mplsTopLabelStackSection
+  71:
+  - :string
+  - :mplsLabelStackSection2
+  72:
+  - :string
+  - :mplsLabelStackSection3
+  73:
+  - :string
+  - :mplsLabelStackSection4
+  74:
+  - :string
+  - :mplsLabelStackSection5
+  75:
+  - :string
+  - :mplsLabelStackSection6
+  76:
+  - :string
+  - :mplsLabelStackSection7
+  77:
+  - :string
+  - :mplsLabelStackSection8
+  78:
+  - :string
+  - :mplsLabelStackSection9
+  79:
+  - :string
+  - :mplsLabelStackSection10
+  80:
+  - :mac_addr
+  - :destinationMacAddress
+  81:
+  - :mac_addr
+  - :postSourceMacAddress
+  82:
+  - :string
+  - :interfaceName
+  83:
+  - :string
+  - :interfaceDescription
+  84:
+  - :string
+  - :samplerName
+  85:
+  - :uint64
+  - :octetTotalCount
+  86:
+  - :uint64
+  - :packetTotalCount
+  87:
+  - :uint32
+  - :flagsAndSamplerId
+  88:
+  - :uint16
+  - :fragmentOffset
+  89:
+  - :uint32
+  - :forwardingStatus
+  90:
+  - :string
+  - :mplsVpnRouteDistinguisher
+  91:
+  - :uint8
+  - :mplsTopLabelPrefixLength
+  92:
+  - :uint32
+  - :srcTrafficIndex
+  93:
+  - :uint32
+  - :dstTrafficIndex
+  94:
+  - :string
+  - :applicationDescription
+  95:
+  - :string
+  - :applicationId
+  96:
+  - :string
+  - :applicationName
+  98:
+  - :uint8
+  - :postIpDiffServCodePoint
+  99:
+  - :uint32
+  - :multicastReplicationFactor
+  100:
+  - :string
+  - :className
+  101:
+  - :uint8
+  - :classificationEngineId
+  102:
+  - :uint16
+  - :layer2packetSectionOffset
+  103:
+  - :uint16
+  - :layer2packetSectionSize
+  104:
+  - :string
+  - :layer2packetSectionData
+  128:
+  - :uint32
+  - :bgpNextAdjacentAsNumber
+  129:
+  - :uint32
+  - :bgpPrevAdjacentAsNumber
+  130:
+  - :ip4_addr
+  - :exporterIPv4Address
+  131:
+  - :ip6_addr
+  - :exporterIPv6Address
+  132:
+  - :uint64
+  - :droppedOctetDeltaCount
+  133:
+  - :uint64
+  - :droppedPacketDeltaCount
+  134:
+  - :uint64
+  - :droppedOctetTotalCount
+  135:
+  - :uint64
+  - :droppedPacketTotalCount
+  136:
+  - :uint8
+  - :flowEndReason
+  137:
+  - :uint64
+  - :commonPropertiesId
+  138:
+  - :uint64
+  - :observationPointId
+  139:
+  - :uint16
+  - :icmpTypeCodeIPv6
+  140:
+  - :ip6_addr
+  - :mplsTopLabelIPv6Address
+  141:
+  - :uint32
+  - :lineCardId
+  142:
+  - :uint32
+  - :portId
+  143:
+  - :uint32
+  - :meteringProcessId
+  144:
+  - :uint32
+  - :exportingProcessId
+  145:
+  - :uint16
+  - :templateId
+  146:
+  - :uint8
+  - :wlanChannelId
+  147:
+  - :string
+  - :wlanSSID
+  148:
+  - :uint64
+  - :flowId
+  149:
+  - :uint32
+  - :observationDomainId
+  150:
+  - :uint32
+  - :flowStartSeconds
+  151:
+  - :uint32
+  - :flowEndSeconds
+  152:
+  - :uint64
+  - :flowStartMilliseconds
+  153:
+  - :uint64
+  - :flowEndMilliseconds
+  154:
+  - :uint64
+  - :flowStartMicroseconds
+  155:
+  - :uint64
+  - :flowEndMicroseconds
+  156:
+  - :uint64
+  - :flowStartNanoseconds
+  157:
+  - :uint64
+  - :flowEndNanoseconds
+  158:
+  - :uint32
+  - :flowStartDeltaMicroseconds
+  159:
+  - :uint32
+  - :flowEndDeltaMicroseconds
+  160:
+  - :uint64
+  - :systemInitTimeMilliseconds
+  161:
+  - :uint32
+  - :flowDurationMilliseconds
+  162:
+  - :uint32
+  - :flowDurationMicroseconds
+  163:
+  - :uint64
+  - :observedFlowTotalCount
+  164:
+  - :uint64
+  - :ignoredPacketTotalCount
+  165:
+  - :uint64
+  - :ignoredOctetTotalCount
+  166:
+  - :uint64
+  - :notSentFlowTotalCount
+  167:
+  - :uint64
+  - :notSentPacketTotalCount
+  168:
+  - :uint64
+  - :notSentOctetTotalCount
+  169:
+  - :ip6_addr
+  - :destinationIPv6Prefix
+  170:
+  - :ip6_addr
+  - :sourceIPv6Prefix
+  171:
+  - :uint64
+  - :postOctetTotalCount
+  172:
+  - :uint64
+  - :postPacketTotalCount
+  173:
+  - :uint64
+  - :flowKeyIndicator
+  174:
+  - :uint64
+  - :postMCastPacketTotalCount
+  175:
+  - :uint64
+  - :postMCastOctetTotalCount
+  176:
+  - :uint8
+  - :icmpTypeIPv4
+  177:
+  - :uint8
+  - :icmpCodeIPv4
+  178:
+  - :uint8
+  - :icmpTypeIPv6
+  179:
+  - :uint8
+  - :icmpCodeIPv6
+  180:
+  - :uint16
+  - :udpSourcePort
+  181:
+  - :uint16
+  - :udpDestinationPort
+  182:
+  - :uint16
+  - :tcpSourcePort
+  183:
+  - :uint16
+  - :tcpDestinationPort
+  184:
+  - :uint32
+  - :tcpSequenceNumber
+  185:
+  - :uint32
+  - :tcpAcknowledgementNumber
+  186:
+  - :uint16
+  - :tcpWindowSize
+  187:
+  - :uint16
+  - :tcpUrgentPointer
+  188:
+  - :uint8
+  - :tcpHeaderLength
+  189:
+  - :uint8
+  - :ipHeaderLength
+  190:
+  - :uint16
+  - :totalLengthIPv4
+  191:
+  - :uint16
+  - :payloadLengthIPv6
+  192:
+  - :uint8
+  - :ipTTL
+  193:
+  - :uint8
+  - :nextHeaderIPv6
+  194:
+  - :uint32
+  - :mplsPayloadLength
+  195:
+  - :uint8
+  - :ipDiffServCodePoint
+  196:
+  - :uint8
+  - :ipPrecedence
+  197:
+  - :uint8
+  - :fragmentFlags
+  198:
+  - :uint64
+  - :octetDeltaSumOfSquares
+  199:
+  - :uint64
+  - :octetTotalSumOfSquares
+  200:
+  - :uint8
+  - :mplsTopLabelTTL
+  201:
+  - :uint32
+  - :mplsLabelStackLength
+  202:
+  - :uint32
+  - :mplsLabelStackDepth
+  203:
+  - :uint8
+  - :mplsTopLabelExp
+  204:
+  - :uint32
+  - :ipPayloadLength
+  205:
+  - :uint16
+  - :udpMessageLength
+  206:
+  - :uint8
+  - :isMulticast
+  207:
+  - :uint8
+  - :ipv4IHL
+  208:
+  - :uint32
+  - :ipv4Options
+  209:
+  - :uint64
+  - :tcpOptions
+  210:
+  - :skip
+  211:
+  - :ip4_addr
+  - :collectorIPv4Address
+  212:
+  - :ip6_addr
+  - :collectorIPv6Address
+  213:
+  - :uint32
+  - :exportInterface
+  214:
+  - :uint8
+  - :exportProtocolVersion
+  215:
+  - :uint8
+  - :exportTransportProtocol
+  216:
+  - :uint16
+  - :collectorTransportPort
+  217:
+  - :uint16
+  - :exporterTransportPort
+  218:
+  - :uint64
+  - :tcpSynTotalCount
+  219:
+  - :uint64
+  - :tcpFinTotalCount
+  220:
+  - :uint64
+  - :tcpRstTotalCount
+  221:
+  - :uint64
+  - :tcpPshTotalCount
+  222:
+  - :uint64
+  - :tcpAckTotalCount
+  223:
+  - :uint64
+  - :tcpUrgTotalCount
+  224:
+  - :uint64
+  - :ipTotalLength
+  225:
+  - :ip4_addr
+  - :postNATSourceIPv4Address
+  226:
+  - :ip4_addr
+  - :postNATDestinationIPv4Address
+  227:
+  - :uint16
+  - :postNAPTSourceTransportPort
+  228:
+  - :uint16
+  - :postNAPTDestinationTransportPort
+  229:
+  - :uint8
+  - :natOriginatingAddressRealm
+  230:
+  - :uint8
+  - :natEvent
+  231:
+  - :uint64
+  - :initiatorOctets
+  232:
+  - :uint64
+  - :responderOctets
+  233:
+  - :uint8
+  - :firewallEvent
+  234:
+  - :uint32
+  - :ingressVRFID
+  235:
+  - :uint32
+  - :egressVRFID
+  236:
+  - :string
+  - :VRFname
+  237:
+  - :uint8
+  - :postMplsTopLabelExp
+  238:
+  - :uint16
+  - :tcpWindowScale
+  239:
+  - :uint8
+  - :biflowDirection
+  240:
+  - :uint8
+  - :ethernetHeaderLength
+  241:
+  - :uint16
+  - :ethernetPayloadLength
+  242:
+  - :uint16
+  - :ethernetTotalLength
+  243:
+  - :uint16
+  - :dot1qVlanId
+  244:
+  - :uint8
+  - :dot1qPriority
+  245:
+  - :uint16
+  - :dot1qCustomerVlanId
+  246:
+  - :uint8
+  - :dot1qCustomerPriority
+  247:
+  - :string
+  - :metroEvcId
+  248:
+  - :uint8
+  - :metroEvcType
+  249:
+  - :uint32
+  - :pseudoWireId
+  250:
+  - :uint16
+  - :pseudoWireType
+  251:
+  - :uint32
+  - :pseudoWireControlWord
+  252:
+  - :uint32
+  - :ingressPhysicalInterface
+  253:
+  - :uint32
+  - :egressPhysicalInterface
+  254:
+  - :uint16
+  - :postDot1qVlanId
+  255:
+  - :uint16
+  - :postDot1qCustomerVlanId
+  256:
+  - :uint16
+  - :ethernetType
+  257:
+  - :uint8
+  - :postIpPrecedence
+  258:
+  - :uint64
+  - :collectionTimeMilliseconds
+  259:
+  - :uint16
+  - :exportSctpStreamId
+  260:
+  - :uint32
+  - :maxExportSeconds
+  261:
+  - :uint32
+  - :maxFlowEndSeconds
+  262:
+  - :string
+  - :messageMD5Checksum
+  263:
+  - :uint8
+  - :messageScope
+  264:
+  - :uint32
+  - :minExportSeconds
+  265:
+  - :uint32
+  - :minFlowStartSeconds
+  266:
+  - :string
+  - :opaqueOctets
+  267:
+  - :uint8
+  - :sessionScope
+  268:
+  - :uint64
+  - :maxFlowEndMicroseconds
+  269:
+  - :uint64
+  - :maxFlowEndMilliseconds
+  270:
+  - :uint64
+  - :maxFlowEndNanoseconds
+  271:
+  - :uint64
+  - :minFlowStartMicroseconds
+  272:
+  - :uint64
+  - :minFlowStartMilliseconds
+  273:
+  - :uint64
+  - :minFlowStartNanoseconds
+  274:
+  - :string
+  - :collectorCertificate
+  275:
+  - :string
+  - :exporterCertificate
+  276:
+  - :uint8
+  - :dataRecordsReliability
+  277:
+  - :uint8
+  - :observationPointType
+  278:
+  - :uint32
+  - :newConnectionDeltaCount
+  279:
+  - :uint64
+  - :connectionSumDurationSeconds
+  280:
+  - :uint64
+  - :connectionTransactionId
+  281:
+  - :ip6_addr
+  - :postNATSourceIPv6Address
+  282:
+  - :ip6_addr
+  - :postNATDestinationIPv6Address
+  283:
+  - :uint32
+  - :natPoolId
+  284:
+  - :string
+  - :natPoolName
+  285:
+  - :uint16
+  - :anonymizationFlags
+  286:
+  - :uint16
+  - :anonymizationTechnique
+  287:
+  - :uint16
+  - :informationElementIndex
+  288:
+  - :string
+  - :p2pTechnology
+  289:
+  - :string
+  - :tunnelTechnology
+  290:
+  - :string
+  - :encryptedTechnology
+  291:
+  - :skip
+  292:
+  - :skip
+  293:
+  - :skip
+  294:
+  - :uint8
+  - :bgpValidityState
+  295:
+  - :uint32
+  - :IPSecSPI
+  296:
+  - :uint32
+  - :greKey
+  297:
+  - :uint8
+  - :natType
+  298:
+  - :uint64
+  - :initiatorPackets
+  299:
+  - :uint64
+  - :responderPackets
+  300:
+  - :string
+  - :observationDomainName
+  301:
+  - :uint64
+  - :selectionSequenceId
+  302:
+  - :uint64
+  - :selectorId
+  303:
+  - :uint16
+  - :informationElementId
+  304:
+  - :uint16
+  - :selectorAlgorithm
+  305:
+  - :uint32
+  - :samplingPacketInterval
+  306:
+  - :uint32
+  - :samplingPacketSpace
+  307:
+  - :uint32
+  - :samplingTimeInterval
+  308:
+  - :uint32
+  - :samplingTimeSpace
+  309:
+  - :uint32
+  - :samplingSize
+  310:
+  - :uint32
+  - :samplingPopulation
+  311:
+  - :double
+  - :samplingProbability
+  312:
+  - :uint16
+  - :dataLinkFrameSize
+  313:
+  - :string
+  - :ipHeaderPacketSection
+  314:
+  - :string
+  - :ipPayloadPacketSection
+  315:
+  - :string
+  - :dataLinkFrameSection
+  316:
+  - :string
+  - :mplsLabelStackSection
+  317:
+  - :string
+  - :mplsPayloadPacketSection
+  318:
+  - :uint64
+  - :selectorIdTotalPktsObserved
+  319:
+  - :uint64
+  - :selectorIdTotalPktsSelected
+  320:
+  - :double
+  - :absoluteError
+  321:
+  - :double
+  - :relativeError
+  322:
+  - :uint32
+  - :observationTimeSeconds
+  323:
+  - :uint64
+  - :observationTimeMilliseconds
+  324:
+  - :uint64
+  - :observationTimeMicroseconds
+  325:
+  - :uint64
+  - :observationTimeNanoseconds
+  326:
+  - :uint64
+  - :digestHashValue
+  327:
+  - :uint64
+  - :hashIPPayloadOffset
+  328:
+  - :uint64
+  - :hashIPPayloadSize
+  329:
+  - :uint64
+  - :hashOutputRangeMin
+  330:
+  - :uint64
+  - :hashOutputRangeMax
+  331:
+  - :uint64
+  - :hashSelectedRangeMin
+  332:
+  - :uint64
+  - :hashSelectedRangeMax
+  333:
+  - :uint8
+  - :hashDigestOutput
+  334:
+  - :uint64
+  - :hashInitialiserValue
+  335:
+  - :string
+  - :selectorName
+  336:
+  - :double
+  - :upperCILimit
+  337:
+  - :double
+  - :lowerCILimit
+  338:
+  - :double
+  - :confidenceLevel
+  339:
+  - :uint8
+  - :informationElementDataType
+  340:
+  - :string
+  - :informationElementDescription
+  341:
+  - :string
+  - :informationElementName
+  342:
+  - :uint64
+  - :informationElementRangeBegin
+  343:
+  - :uint64
+  - :informationElementRangeEnd
+  344:
+  - :uint8
+  - :informationElementSemantics
+  345:
+  - :uint16
+  - :informationElementUnits
+  346:
+  - :uint32
+  - :privateEnterpriseNumber
+  347:
+  - :string
+  - :virtualStationInterfaceId
+  348:
+  - :string
+  - :virtualStationInterfaceName
+  349:
+  - :string
+  - :virtualStationUUID
+  350:
+  - :string
+  - :virtualStationName
+  351:
+  - :uint64
+  - :layer2SegmentId
+  352:
+  - :uint64
+  - :layer2OctetDeltaCount
+  353:
+  - :uint64
+  - :layer2OctetTotalCount
+  354:
+  - :uint64
+  - :ingressUnicastPacketTotalCount
+  355:
+  - :uint64
+  - :ingressMulticastPacketTotalCount
+  356:
+  - :uint64
+  - :ingressBroadcastPacketTotalCount
+  357:
+  - :uint64
+  - :egressUnicastPacketTotalCount
+  358:
+  - :uint64
+  - :egressBroadcastPacketTotalCount
+  359:
+  - :uint64
+  - :monitoringIntervalStartMilliSeconds
+  360:
+  - :uint64
+  - :monitoringIntervalEndMilliSeconds
+  361:
+  - :uint16
+  - :portRangeStart
+  362:
+  - :uint16
+  - :portRangeEnd
+  363:
+  - :uint16
+  - :portRangeStepSize
+  364:
+  - :uint16
+  - :portRangeNumPorts
+  365:
+  - :mac_addr
+  - :staMacAddress
+  366:
+  - :ip4_addr
+  - :staIPv4Address
+  367:
+  - :mac_addr
+  - :wtpMacAddress
+  368:
+  - :uint32
+  - :ingressInterfaceType
+  369:
+  - :uint32
+  - :egressInterfaceType
+  370:
+  - :uint16
+  - :rtpSequenceNumber
+  371:
+  - :string
+  - :userName
+  372:
+  - :string
+  - :applicationCategoryName
+  373:
+  - :string
+  - :applicationSubCategoryName
+  374:
+  - :string
+  - :applicationGroupName
+  375:
+  - :uint64
+  - :originalFlowsPresent
+  376:
+  - :uint64
+  - :originalFlowsInitiated
+  377:
+  - :uint64
+  - :originalFlowsCompleted
+  378:
+  - :uint64
+  - :distinctCountOfSourceIPAddress
+  379:
+  - :uint64
+  - :distinctCountOfDestinationIPAddress
+  380:
+  - :uint32
+  - :distinctCountOfSourceIPv4Address
+  381:
+  - :uint32
+  - :distinctCountOfDestinationIPv4Address
+  382:
+  - :uint64
+  - :distinctCountOfSourceIPv6Address
+  383:
+  - :uint64
+  - :distinctCountOfDestinationIPv6Address
+  384:
+  - :uint8
+  - :valueDistributionMethod
+  385:
+  - :uint32
+  - :rfc3550JitterMilliseconds
+  386:
+  - :uint32
+  - :rfc3550JitterMicroseconds
+  387:
+  - :uint32
+  - :rfc3550JitterNanoseconds
+  388:
+  - :uint8
+  - :dot1qDEI
+  389:
+  - :uint8
+  - :dot1qCustomerDEI
+  390:
+  - :uint16
+  - :flowSelectorAlgorithm
+  391:
+  - :uint64
+  - :flowSelectedOctetDeltaCount
+  392:
+  - :uint64
+  - :flowSelectedPacketDeltaCount
+  393:
+  - :uint64
+  - :flowSelectedFlowDeltaCount
+  394:
+  - :uint64
+  - :selectorIDTotalFlowsObserved
+  395:
+  - :uint64
+  - :selectorIDTotalFlowsSelected
+  396:
+  - :uint64
+  - :samplingFlowInterval
+  397:
+  - :uint64
+  - :samplingFlowSpacing
+  398:
+  - :uint64
+  - :flowSamplingTimeInterval
+  399:
+  - :uint64
+  - :flowSamplingTimeSpacing
+  400:
+  - :uint16
+  - :hashFlowDomain
+  401:
+  - :uint64
+  - :transportOctetDeltaCount
+  402:
+  - :uint64
+  - :transportPacketDeltaCount
+  403:
+  - :ip4_addr
+  - :originalExporterIPv4Address
+  404:
+  - :ip6_addr
+  - :originalExporterIPv6Address
+  405:
+  - :uint32
+  - :originalObservationDomainId
+  406:
+  - :uint32
+  - :intermediateProcessId
+  407:
+  - :uint64
+  - :ignoredDataRecordTotalCount
+  408:
+  - :uint16
+  - :dataLinkFrameType
+  409:
+  - :uint16
+  - :sectionOffset
+  410:
+  - :uint16
+  - :sectionExportedOctets
+  411:
+  - :string
+  - :dot1qServiceInstanceTag
+  412:
+  - :uint32
+  - :dot1qServiceInstanceId
+  413:
+  - :uint8
+  - :dot1qServiceInstancePriority
+  414:
+  - :mac_addr
+  - :dot1qCustomerSourceMacAddress
+  415:
+  - :mac_addr
+  - :dot1qCustomerDestinationMacAddress
+  417:
+  - :uint64
+  - :postLayer2OctetDeltaCount
+  418:
+  - :uint64
+  - :postMCastLayer2OctetDeltaCount
+  420:
+  - :uint64
+  - :postLayer2OctetTotalCount
+  421:
+  - :uint64
+  - :postMCastLayer2OctetTotalCount
+  422:
+  - :uint64
+  - :minimumLayer2TotalLength
+  423:
+  - :uint64
+  - :maximumLayer2TotalLength
+  424:
+  - :uint64
+  - :droppedLayer2OctetDeltaCount
+  425:
+  - :uint64
+  - :droppedLayer2OctetTotalCount
+  426:
+  - :uint64
+  - :ignoredLayer2OctetTotalCount
+  427:
+  - :uint64
+  - :notSentLayer2OctetTotalCount
+  428:
+  - :uint64
+  - :layer2OctetDeltaSumOfSquares
+  429:
+  - :uint64
+  - :layer2OctetTotalSumOfSquares
+  430:
+  - :uint64
+  - :layer2FrameDeltaCount
+  431:
+  - :uint64
+  - :layer2FrameTotalCount
+  432:
+  - :ip4_addr
+  - :pseudoWireDestinationIPv4Address
+  433:
+  - :uint64
+  - :ignoredLayer2FrameTotalCount
+9:
+  8337:
+  - :uint64
+  - :ciscoServerBytesNetwork
+  8338:
+  - :uint64
+  - :ciscoClientBytesNetwork
+  9252:
+  - :uint8
+  - :ciscoServicesWaasSegment
+  9253:
+  - :uint8
+  - :ciscoServicesWaasPassthroughReason
+  9357:
+  - :string
+  - :ciscoAppHTTPUriStatistics
+  12232:
+  - :string
+  - :cisoAppCategoryName
+  12234:
+  - :string
+  - :ciscoAppGroupName
+  12235:
+  - :string
+  - :ciscoAppHTTPHost
+  12236:
+  - :ip4_addr
+  - :ciscoClientIPv4Address
+  12237:
+  - :ip4_addr
+  - :ciscoServerIPv4Address
+  12240:
+  - :uint16
+  - :ciscoClientL4Port
+  12241:
+  - :uint16
+  - :ciscoServerL4Port
+  12242:
+  - :uint32
+  - :ciscoConnectionId
+  12244:
+  - :string
+  - :ciscoAppBusiness
+637:
+  91:
+  - :uint16
+  - :natInsideSvcid
+  92:
+  - :uint16
+  - :natOutsideSvcid
+  93:
+  - :string
+  - :natSubString
+5951:
+  128:
+  - :uint32
+  - :netscalerRoundTripTime
+  129:
+  - :uint32
+  - :netscalerTransactionId
+  130:
+  - :string
+  - :netscalerHttpReqUrl
+  131:
+  - :string
+  - :netscalerHttpReqCookie
+  132:
+  - :uint64
+  - :netscalerFlowFlags
+  133:
+  - :uint32
+  - :netscalerConnectionId
+  134:
+  - :uint8
+  - :netscalerSyslogPriority
+  135:
+  - :string
+  - :netscalerSyslogMessage
+  136:
+  - :uint64
+  - :netscalerSyslogTimestamp
+  140:
+  - :string
+  - :netscalerHttpReqReferer
+  141:
+  - :string
+  - :netscalerHttpReqMethod
+  142:
+  - :string
+  - :netscalerHttpReqHost
+  143:
+  - :string
+  - :netscalerHttpReqUserAgent
+  144:
+  - :uint16
+  - :netscalerHttpRspStatus
+  145:
+  - :uint64
+  - :netscalerHttpRspLen
+  146:
+  - :uint64
+  - :netscalerServerTTFB
+  147:
+  - :uint64
+  - :netscalerServerTTLB
+  150:
+  - :uint32
+  - :netscalerAppNameIncarnationNumber
+  151:
+  - :uint32
+  - :netscalerAppNameAppId
+  152:
+  - :string
+  - :netscalerAppName
+  153:
+  - :uint64
+  - :netscalerHttpReqRcvFB
+  156:
+  - :uint64
+  - :netscalerHttpReqForwFB
+  157:
+  - :uint64
+  - :netscalerHttpResRcvFB
+  158:
+  - :uint64
+  - :netscalerHttpResForwFB
+  159:
+  - :uint64
+  - :netscalerHttpReqRcvLB
+  160:
+  - :uint64
+  - :netscalerHttpReqForwLB
+  161:
+  - :uint32
+  - :netscalerMainPageId
+  162:
+  - :uint32
+  - :netscalerMainPageCoreId
+  163:
+  - :string
+  - :netscalerHttpClientInteractionStartTime
+  164:
+  - :string
+  - :netscalerHttpClientRenderEndTime
+  165:
+  - :string
+  - :netscalerHttpClientRenderStartTime
+  167:
+  - :string
+  - :netscalerAppTemplateName
+  168:
+  - :string
+  - :netscalerHttpClientInteractionEndTime
+  169:
+  - :uint64
+  - :netscalerHttpResRcvLB
+  170:
+  - :uint64
+  - :netscalerHttpResForwLB
+  171:
+  - :uint32
+  - :netscalerAppUnitNameAppId
+  172:
+  - :uint32
+  - :netscalerDbLoginFlags
+  173:
+  - :uint8
+  - :netscalerDbReqType
+  174:
+  - :uint8
+  - :netscalerDbProtocolName
+  175:
+  - :string
+  - :netscalerDbUserName
+  176:
+  - :string
+  - :netscalerDbDatabaseName
+  177:
+  - :string
+  - :netscalerDbCltHostName
+  178:
+  - :string
+  - :netscalerDbReqString
+  179:
+  - :string
+  - :netscalerDbRespStatusString
+  180:
+  - :uint64
+  - :netscalerDbRespStatus
+  181:
+  - :uint64
+  - :netscalerDbRespLength
+  182:
+  - :uint32
+  - :netscalerClientRTT
+  183:
+  - :string
+  - :netscalerHttpContentType
+  185:
+  - :string
+  - :netscalerHttpReqAuthorization
+  186:
+  - :string
+  - :netscalerHttpReqVia
+  187:
+  - :string
+  - :netscalerHttpResLocation
+  188:
+  - :string
+  - :netscalerHttpResSetCookie
+  189:
+  - :string
+  - :netscalerHttpResSetCookie2
+  190:
+  - :string
+  - :netscalerHttpReqXForwardedFor
+  192:
+  - :octetarray
+  - :netscalerConnectionChainID
+  193:
+  - :uint8
+  - :netscalerConnectionChainHopCount
+  200:
+  - :octetarray
+  - :netscalerICASessionGuid
+  201:
+  - :string
+  - :netscaleIcaClientVersion
+  202:
+  - :uint16
+  - :netscalerIcaClientType
+  203:
+  - :ip4_addr
+  - :netscalerIcaClientIP
+  204:
+  - :string
+  - :netscalerIcaClientHostName
+  205:
+  - :string
+  - :netscalerAaaUsername
+  207:
+  - :string
+  - :netscalerIcaDomainName
+  208:
+  - :uint16
+  - :netscalerIcaClientLauncher
+  209:
+  - :uint32
+  - :netscalerIcaSessionSetupTime
+  210:
+  - :string
+  - :netscalerIcaServerName
+  214:
+  - :uint8
+  - :netscalerIcaSessionReconnects
+  215:
+  - :uint32
+  - :netscalerIcaRTT
+  216:
+  - :uint32
+  - :netscalerIcaClientsideRXBytes
+  217:
+  - :uint32
+  - :netscalerIcaClientsideTXBytes
+  219:
+  - :uint16
+  - :netscalerIcaClientsidePacketsRetransmit
+  220:
+  - :uint16
+  - :netscalerIcaServersidePacketsRetransmit
+  221:
+  - :uint32
+  - :netscalerIcaClientsideRTT
+  222:
+  - :uint32
+  - :netscalerIcaServersideRTT
+  223:
+  - :uint32
+  - :netscalerIcaSessionUpdateBeginSec
+  224:
+  - :uint32
+  - :netscalerIcaSessionUpdateEndSec
+  225:
+  - :uint32
+  - :netscalerIcaChannelId1
+  226:
+  - :uint32
+  - :netscalerIcaChannelId1Bytes
+  227:
+  - :uint32
+  - :netscalerIcaChannelId2
+  228:
+  - :uint32
+  - :netscalerIcaChannelId2Bytes
+  229:
+  - :uint32
+  - :netscalerIcaChannelId3
+  230:
+  - :uint32
+  - :netscalerIcaChannelId3Bytes
+  231:
+  - :uint32
+  - :netscalerIcaChannelId4
+  232:
+  - :uint32
+  - :netscalerIcaChannelId4Bytes
+  233:
+  - :uint32
+  - :netscalerIcaChannelId5
+  234:
+  - :uint32
+  - :netscalerIcaChannelId5Bytes
+  235:
+  - :uint16
+  - :netscalerIcaConnectionPriority
+  236:
+  - :uint32
+  - :netscalerApplicationStartupDuration
+  237:
+  - :uint16
+  - :netscalerIcaLaunchMechanism
+  238:
+  - :string
+  - :netscalerIcaApplicationName
+  239:
+  - :uint32
+  - :netscalerApplicationStartupTime
+  240:
+  - :uint16
+  - :netscalerIcaApplicationTerminationType
+  241:
+  - :uint32
+  - :netscalerIcaApplicationTerminationTime
+  242:
+  - :uint32
+  - :netscalerIcaSessionEndTime
+  243:
+  - :uint32
+  - :netscalerIcaClientsideJitter
+  244:
+  - :uint32
+  - :netscalerIcaServersideJitter
+  245:
+  - :uint32
+  - :netscalerIcaAppProcessID
+  246:
+  - :string
+  - :netscalerIcaAppModulePath
+  247:
+  - :uint32
+  - :netscalerIcaDeviceSerialNo
+  248:
+  - :octetarray
+  - :netscalerMsiClientCookie
+  249:
+  - :uint64
+  - :netscalerIcaFlags
+  250:
+  - :string
+  - :netscalerIcaUsername
+  251:
+  - :uint8
+  - :netscalerLicenseType
+  252:
+  - :uint64
+  - :netscalerMaxLicenseCount
+  253:
+  - :uint64
+  - :netscalerCurrentLicenseConsumed
+  254:
+  - :uint32
+  - :netscalerIcaNetworkUpdateStartTime
+  255:
+  - :uint32
+  - :netscalerIcaNetworkUpdateEndTime
+  256:
+  - :uint32
+  - :netscalerIcaClientsideSRTT
+  257:
+  - :uint32
+  - :netscalerIcaServersideSRTT
+  258:
+  - :uint32
+  - :netscalerIcaClientsideDelay
+  259:
+  - :uint32
+  - :netscalerIcaServersideDelay
+  260:
+  - :uint32
+  - :netscalerIcaHostDelay
+  261:
+  - :uint16
+  - :netscalerIcaClientSideWindowSize
+  262:
+  - :uint16
+  - :netscalerIcaServerSideWindowSize
+  263:
+  - :uint16
+  - :netscalerIcaClientSideRTOCount
+  264:
+  - :uint16
+  - :netscalerIcaServerSideRTOCount
+  265:
+  - :uint32
+  - :netscalerIcaL7ClientLatency
+  266:
+  - :uint32
+  - :netscalerIcaL7ServerLatency
+  267:
+  - :string
+  - :netscalerHttpDomainName
+  268:
+  - :uint32
+  - :netscalerCacheRedirClientConnectionCoreID
+  269:
+  - :uint32
+  - :netscalerCacheRedirClientConnectionTransactionID
+  270:
+  - :uint32
+  - :netscalerUnknown270
+  271:
+  - :uint32
+  - :netscalerUnknown271
+  272:
+  - :uint32
+  - :netscalerUnknown272
+  273:
+  - :uint32
+  - :netscalerUnknown273
+  274:
+  - :uint32
+  - :netscalerUnknown274
+  275:
+  - :uint32
+  - :netscalerUnknown275
+  276:
+  - :uint32
+  - :netscalerUnknown276
+  277:
+  - :uint32
+  - :netscalerUnknown277
+  278:
+  - :uint32
+  - :netscalerUnknown278
+  279:
+  - :uint32
+  - :netscalerUnknown279
+  280:
+  - :uint32
+  - :netscalerUnknown280
+  281:
+  - :uint32
+  - :netscalerUnknown281
+  282:
+  - :uint32
+  - :netscalerUnknown282
+  283:
+  - :uint32
+  - :netscalerUnknown283
+  284:
+  - :uint32
+  - :netscalerUnknown284
+  285:
+  - :uint32
+  - :netscalerUnknown285
+  286:
+  - :uint32
+  - :netscalerUnknown286
+  287:
+  - :uint32
+  - :netscalerUnknown287
+  288:
+  - :uint32
+  - :netscalerUnknown288
+  289:
+  - :uint32
+  - :netscalerUnknown289
+  290:
+  - :uint32
+  - :netscalerUnknown290
+  291:
+  - :uint32
+  - :netscalerUnknown291
+  292:
+  - :uint32
+  - :netscalerUnknown292
+  293:
+  - :uint32
+  - :netscalerUnknown293
+  294:
+  - :uint32
+  - :netscalerUnknown294
+  295:
+  - :uint32
+  - :netscalerUnknown295
+  296:
+  - :uint32
+  - :netscalerUnknown296
+  297:
+  - :uint32
+  - :netscalerUnknown297
+  298:
+  - :uint32
+  - :netscalerUnknown298
+  299:
+  - :uint32
+  - :netscalerUnknown299
+  300:
+  - :uint32
+  - :netscalerUnknown300
+  301:
+  - :uint32
+  - :netscalerUnknown301
+  302:
+  - :uint32
+  - :netscalerUnknown302
+  303:
+  - :uint32
+  - :netscalerUnknown303
+  304:
+  - :uint32
+  - :netscalerUnknown304
+  305:
+  - :uint32
+  - :netscalerUnknown305
+  306:
+  - :uint32
+  - :netscalerUnknown306
+  307:
+  - :uint32
+  - :netscalerUnknown307
+  308:
+  - :uint32
+  - :netscalerUnknown308
+  309:
+  - :uint32
+  - :netscalerUnknown309
+  310:
+  - :uint32
+  - :netscalerUnknown310
+  311:
+  - :uint32
+  - :netscalerUnknown311
+  312:
+  - :uint32
+  - :netscalerUnknown312
+  313:
+  - :uint32
+  - :netscalerUnknown313
+  314:
+  - :uint32
+  - :netscalerUnknown314
+  315:
+  - :uint32
+  - :netscalerUnknown315
+  316:
+  - :string
+  - :netscalerUnknown316
+  317:
+  - :uint32
+  - :netscalerUnknown317
+  318:
+  - :uint32
+  - :netscalerUnknown318
+  319:
+  - :string
+  - :netscalerUnknown319
+  320:
+  - :uint16
+  - :netscalerUnknown320
+  321:
+  - :uint32
+  - :netscalerUnknown321
+  322:
+  - :uint32
+  - :netscalerUnknown322
+  323:
+  - :uint16
+  - :netscalerUnknown323
+  324:
+  - :uint16
+  - :netscalerUnknown324
+  325:
+  - :uint16
+  - :netscalerUnknown325
+  326:
+  - :uint16
+  - :netscalerUnknown326
+  327:
+  - :uint32
+  - :netscalerUnknown327
+  328:
+  - :uint16
+  - :netscalerUnknown328
+  329:
+  - :uint16
+  - :netscalerUnknown329
+  330:
+  - :uint16
+  - :netscalerUnknown330
+  331:
+  - :uint16
+  - :netscalerUnknown331
+  332:
+  - :uint32
+  - :netscalerUnknown332
+  333:
+  - :string
+  - :netscalerUnknown333
+  334:
+  - :string
+  - :netscalerUnknown334
+  335:
+  - :uint32
+  - :netscalerUnknown335
+  336:
+  - :uint32
+  - :netscalerUnknown336
+  337:
+  - :uint32
+  - :netscalerUnknown337
+  338:
+  - :uint32
+  - :netscalerUnknown338
+  339:
+  - :uint32
+  - :netscalerUnknown339
+  340:
+  - :uint32
+  - :netscalerUnknown340
+  341:
+  - :uint32
+  - :netscalerUnknown341
+  342:
+  - :uint32
+  - :netscalerUnknown342
+  343:
+  - :uint32
+  - :netscalerUnknown343
+  344:
+  - :uint32
+  - :netscalerUnknown344
+  345:
+  - :uint32
+  - :netscalerUnknown345
+  346:
+  - :uint32
+  - :netscalerUnknown346
+  347:
+  - :uint32
+  - :netscalerUnknown347
+  348:
+  - :uint16
+  - :netscalerUnknown348
+  349:
+  - :string
+  - :netscalerUnknown349
+  350:
+  - :string
+  - :netscalerUnknown350
+  351:
+  - :string
+  - :netscalerUnknown351
+  352:
+  - :uint16
+  - :netscalerUnknown352
+  353:
+  - :uint32
+  - :netscalerUnknown353
+  354:
+  - :uint32
+  - :netscalerUnknown354
+  355:
+  - :uint32
+  - :netscalerUnknown355
+  356:
+  - :uint32
+  - :netscalerUnknown356
+  357:
+  - :uint32
+  - :netscalerUnknown357
+  358:
+  - :uint32
+  - :netscalerUnknown358
+  359:
+  - :uint32
+  - :netscalerUnknown359
+  360:
+  - :uint32
+  - :netscalerUnknown360
+  361:
+  - :octetarray
+  - :netscalerUnknown361
+  362:
+  - :uint32
+  - :netscalerUnknown362
+  363:
+  - :octetarray
+  - :netscalerUnknown363
+  364:
+  - :uint32
+  - :netscalerUnknown364
+  365:
+  - :uint32
+  - :netscalerUnknown365
+  366:
+  - :uint64
+  - :netscalerUnknown366
+  367:
+  - :octetarray
+  - :netscalerUnknown367
+  377:
+  - :uint32
+  - :netscalerUnknown377
+  380:
+  - :uint8
+  - :netscalerUnknown380
+  383:
+  - :octetarray
+  - :netscalerUnknown383
+  384:
+  - :octetarray
+  - :netscalerUnknown384
+  385:
+  - :octetarray
+  - :netscalerUnknown385
+  386:
+  - :string
+  - :netscalerUnknown386
+  387:
+  - :string
+  - :netscalerUnknown387
+  388:
+  - :uint8
+  - :netscalerUnknown388
+  389:
+  - :string
+  - :netscalerUnknown389
+  391:
+  - :uint32
+  - :netscalerUnknown391
+  392:
+  - :uint16
+  - :netscalerUnknown392
+  393:
+  - :uint32
+  - :netscalerUnknown393
+  394:
+  - :uint32
+  - :netscalerUnknown394
+  398:
+  - :uint32
+  - :netscalerUnknown398
+  399:
+  - :uint32
+  - :netscalerUnknown399
+  400:
+  - :uint16
+  - :netscalerUnknown400
+  401:
+  - :uint16
+  - :netscalerUnknown401
+  402:
+  - :uint8
+  - :netscalerUnknown402
+  403:
+  - :uint8
+  - :netscalerUnknown403
+  404:
+  - :uint32
+  - :netscalerUnknown404
+  405:
+  - :uint32
+  - :netscalerUnknown405
+  408:
+  - :uint8
+  - :netscalerUnknown408
+  427:
+  - :uint64
+  - :netscalerUnknown427
+  429:
+  - :uint8
+  - :netscalerUnknown429
+  432:
+  - :uint8
+  - :netscalerUnknown432
+  433:
+  - :uint8
+  - :netscalerUnknown433
+  434:
+  - :uint8
+  - :netscalerUnknown434
+  435:
+  - :uint8
+  - :netscalerUnknown435
+  447:
+  - :uint32
+  - :netscalerUnknown447
+  448:
+  - :uint32
+  - :netscalerUnknown448
+  451:
+  - :uint64
+  - :netscalerUnknown451
+  452:
+  - :uint64
+  - :netscalerUnknown452
+  453:
+  - :uint64
+  - :netscalerUnknown453
+  455:
+  - :uint64
+  - :netscalerUnknown455
+  458:
+  - :uint32
+  - :netscalerUnknown458
+  459:
+  - :uint32
+  - :netscalerUnknown459
+  460:
+  - :uint32
+  - :netscalerUnknown460
+  461:
+  - :uint32
+  - :netscalerUnknown461
+  463:
+  - :uint32
+  - :netscalerUnknown463
+  464:
+  - :uint32
+  - :netscalerUnknown464
+  465:
+  - :uint32
+  - :netscalerUnknown465
+  466:
+  - :uint32
+  - :netscalerUnknown466
+  467:
+  - :uint64
+  - :netscalerUnknown467
+  468:
+  - :uint64
+  - :netscalerUnknown468
+  475:
+  - :string
+  - :netscalerUnknown475
+  476:
+  - :uint8
+  - :netscalerUnknown476
+  477:
+  - :uint32
+  - :netscalerUnknown477
+  478:
+  - :uint32
+  - :netscalerUnknown478
+  479:
+  - :string
+  - :netscalerUnknown479
+  480:
+  - :uint8
+  - :netscalerUnknown480
+  481:
+  - :uint8
+  - :netscalerUnknown481
+  487:
+  - :uint32
+  - :netscalerUnknown487
+  488:
+  - :uint32
+  - :netscalerUnknown488
+  489:
+  - :uint32
+  - :netscalerUnknown489
+  491:
+  - :uint32
+  - :netscalerUnknown491
+  492:
+  - :uint32
+  - :netscalerUnknown492
+  493:
+  - :uint64
+  - :netscalerUnknown493
+  494:
+  - :uint64
+  - :netscalerUnknown494
+  507:
+  - :uint32
+  - :netscalerUnknown507
+  508:
+  - :uint32
+  - :netscalerUnknown508
+  509:
+  - :uint32
+  - :netscalerUnknown509
+  510:
+  - :uint32
+  - :netscalerUnknown510
+  511:
+  - :uint32
+  - :netscalerUnknown511
+  512:
+  - :uint8
+  - :netscalerUnknown512
+  513:
+  - :uint16
+  - :netscalerUnknown513
+  514:
+  - :uint16
+  - :netscalerUnknown514
+  518:
+  - :uint64
+  - :netscalerUnknown518
+  519:
+  - :uint64
+  - :netscalerUnknown519
+  520:
+  - :uint64
+  - :netscalerUnknown520
+  521:
+  - :uint16
+  - :netscalerUnknown521
+  522:
+  - :uint32
+  - :netscalerUnknown522
+  523:
+  - :uint32
+  - :netscalerUnknown523
+  532:
+  - :uint64
+  - :netscalerUnknown532
+  533:
+  - :uint64
+  - :netscalerUnknown533
+  534:
+  - :uint64
+  - :netscalerUnknown534
+  535:
+  - :uint64
+  - :netscalerUnknown535
+  536:
+  - :uint32
+  - :netscalerUnknown536
+  537:
+  - :uint16
+  - :netscalerUnknown537
+  538:
+  - :uint15
+  - :netscalerUnknown538
+  541:
+  - :uint32
+  - :netscalerUnknown541
+6871:
+  14:
+  - :uint8
+  - :initialTCPFlags
+  15:
+  - :uint8
+  - :unionTCPFlags
+  18:
+  - :string
+  - :payload
+  21:
+  - :uint32
+  - :reverseFlowDeltaMilliseconds
+  33:
+  - :uint16
+  - :silkAppLabel
+  35:
+  - :uint8
+  - :payloadEntropy
+  36:
+  - :string
+  - :osName
+  37:
+  - :string
+  - :osVersion
+  38:
+  - :string
+  - :firstPacketBanner
+  39:
+  - :string
+  - :secondPacketBanner
+  40:
+  - :uint16
+  - :flowAttributes
+  100:
+  - :uint32
+  - :expiredFragmentCount
+  101:
+  - :uint32
+  - :assembledFragmentCount
+  102:
+  - :uint32
+  - :meanFlowRate
+  103:
+  - :uint32
+  - :meanPacketRate
+  104:
+  - :uint32
+  - :flowTableFlushEventCount
+  105:
+  - :uint32
+  - :flowTablePeakCount
+  107:
+  - :string
+  - :osFingerPrint
+  126:
+  - :string
+  - :tftpFilename
+  127:
+  - :string
+  - :tftpMode
+  174:
+  - :uint8
+  - :dnsQueryResponse
+  175:
+  - :uint16
+  - :dnsQRType
+  176:
+  - :uint8
+  - :dnsAuthoritative
+  177:
+  - :uint8
+  - :dnsNXDomain
+  178:
+  - :uint8
+  - :dnsRRSection
+  179:
+  - :string
+  - :dnsQName
+  180:
+  - :string
+  - :dnsCName
+  181:
+  - :uint16
+  - :dnsMXPreference
+  182:
+  - :string
+  - :dnsMXExchange
+  183:
+  - :string
+  - :dnsNSDName
+  184:
+  - :string
+  - :dnsPTRDName
+  185:
+  - :string
+  - :sslCipher
+  186:
+  - :uint8
+  - :sslClientVersion
+  187:
+  - :uint32
+  - :sslServerCipher
+  188:
+  - :uint8
+  - :sslCompressionMethod
+  189:
+  - :uint8
+  - :sslCertVersion
+  190:
+  - :string
+  - :sslCertSignature
+  199:
+  - :uint32
+  - :dnsTTL
+  208:
+  - :string
+  - :dnsTXTData
+  209:
+  - :uint32
+  - :dnsSOASerial
+  210:
+  - :uint32
+  - :dnsSOARefresh
+  211:
+  - :uint32
+  - :dnsSOARetry
+  212:
+  - :uint32
+  - :dnsSOAExpire
+  213:
+  - :uint32
+  - :dnsSOAMinimum
+  214:
+  - :string
+  - :dnsSOAMName
+  215:
+  - :string
+  - :dnsSOARName
+  216:
+  - :uint16
+  - :dnsSRVPriority
+  217:
+  - :uint16
+  - :dnsSRVWeight
+  218:
+  - :uint16
+  - :dnsSRVPort
+  219:
+  - :uint16
+  - :dnsSRVTarget
+  223:
+  - :uint32
+  - :tcpUrgTotalCount
+  226:
+  - :uint16
+  - :dnsID
+  244:
+  - :string
+  - :sslCertSerialNumber
+  245:
+  - :string
+  - :sslObjectType
+  246:
+  - :string
+  - :sslObjectValue
+  247:
+  - :string
+  - :sslCertValidityNotBefore
+  248:
+  - :string
+  - :sslCertValidityNotAfter
+  249:
+  - :string
+  - :sslPublicKeyAlgorithm
+  250:
+  - :string
+  - :sslPublicKeyLength
+  287:
+  - :uint8
+  - :rtpPayloadType
+  288:
+  - :uint8
+  - :reverseRtpPayloadType
+  289:
+  - :uint64
+  - :mptcpInitialDataSequenceNumber
+  290:
+  - :uint32
+  - :mptcpReceiverToken
+  291:
+  - :uint16
+  - :mptcpMaximumSegmentSize
+  292:
+  - :uint8
+  - :mptcpAddressID
+  294:
+  - :string
+  - :sslServerName
+  295:
+  - :string
+  - :sslCertificateHash
+  293:
+  - :uint8
+  - :mptcpFlags
+  500:
+  - :uint32
+  - :smallPacketCount
+  501:
+  - :uint32
+  - :nonEmptyPacketCount
+  502:
+  - :uint64
+  - :dataByteCount
+  503:
+  - :uint64
+  - :averageInterarrivalTime
+  504:
+  - :uint64
+  - :standardDeviationInterarrivalTime
+  505:
+  - :uint16
+  - :firstNonEmptyPacketSize
+  506:
+  - :uint16
+  - :maxPacketSize
+  507:
+  - :uint8
+  - :firstEightNonEmptyPacketDirections
+  508:
+  - :uint8
+  - :standardDeviationPayloadLength
+  510:
+  - :uint32
+  - :largePacketCount
+  16398:
+  - :uint8
+  - :reverseInitialTCPFlags
+  16399:
+  - :uint8
+  - :reverseUnionTCPFlags
+  16402:
+  - :string
+  - :reversePayload
+  16419:
+  - :uint8
+  - :reversePayloadEntropy
+  16420:
+  - :string
+  - :reverseOsName
+  16421:
+  - :string
+  - :reverseOsVersion
+  16422:
+  - :string
+  - :reverseFirstPacketBanner
+  16423:
+  - :string
+  - :reverseSecondPacketBanner
+  16424:
+  - :uint16
+  - :reverseFlowAttributes
+  16491:
+  - :string
+  - :reverseOsFingerPrint
+  16671:
+  - :uint8
+  - :reverseRtpPayloadType
+  16884:
+  - :uint32
+  - :reverseSmallPacketCount
+  16885:
+  - :uint32
+  - :reverseNonEmptyPacketCount
+  16886:
+  - :uint64
+  - :reverseDataByteCount
+  16887:
+  - :uint64
+  - :reverseAverageInterarrivalTime
+  16888:
+  - :uint64
+  - :reverseStandardDeviationInterarrivalTime
+  16889:
+  - :uint16
+  - :reverseFirstNonEmptyPacketSize
+  16890:
+  - :uint16
+  - :reverseMaxPacketSize
+  16892:
+  - :uint16
+  - :reverseStandardDeviationPayloadLength
+  16894:
+  - :uint32
+  - :reverseLargePacketCount
+6876:
+  880:
+  - :uint8
+  - :vmwareUnknown880
+  881:
+  - :uint32
+  - :vmwareUnknown881
+  882:
+  - :uint32
+  - :vmwareUnknown882
+  883:
+  - :string
+  - :vmwareUnknown883
+  884:
+  - :string
+  - :vmwareUnknown884
+  886:
+  - :uint16
+  - :vmwareUnknown886
+  887:
+  - :uint16
+  - :vmwareUnknown887
+  888:
+  - :uint16
+  # source: https://github.com/logstash-plugins/logstash-codec-netflow/issues/28#issuecomment-371811848
+  - :vmwareEgressInterfaceTypeID
+  889:
+  - :uint8
+  # source: https://github.com/logstash-plugins/logstash-codec-netflow/issues/28#issuecomment-371811848
+  - :vmwareObservationDomainID
+  890:
+  - :uint16
+  # source: https://github.com/logstash-plugins/logstash-codec-netflow/issues/28#issuecomment-371811848
+  - :vmwareIngressInterfaceTypeID
+29305:
+  1:
+  - :uint64
+  - :reverseOctetDeltaCount
+  2:
+  - :uint64
+  - :reversePacketDeltaCount
+  3:
+  - :uint64
+  - :reverseDeltaFlowCount
+  4:
+  - :uint8
+  - :reverseProtocolIdentifier
+  5:
+  - :uint8
+  - :reverseIpClassOfService
+  6:
+  - :uint16
+  - :reverseTcpControlBits
+  7:
+  - :uint16
+  - :reverseSourceTransportPort
+  8:
+  - :ip4_addr
+  - :reverseSourceIPv4Address
+  9:
+  - :uint8
+  - :reverseSourceIPv4PrefixLength
+  10:
+  - :uint32
+  - :reverseIngressInterface
+  11:
+  - :uint16
+  - :reverseDestinationTransportPort
+  12:
+  - :ip4_addr
+  - :reverseDestinationIPv4Address
+  13:
+  - :uint8
+  - :reverseDestinationIPv4PrefixLength
+  14:
+  - :uint32
+  - :reverseEgressInterface
+  15:
+  - :ip4_addr
+  - :reverseIpNextHopIPv4Address
+  16:
+  - :uint32
+  - :reverseBgpSourceAsNumber
+  17:
+  - :uint32
+  - :reverseBgpDestinationAsNumber
+  18:
+  - :ip4_addr
+  - :reverseBgpNextHopIPv4Address
+  19:
+  - :uint64
+  - :reversePostMCastPacketDeltaCount
+  20:
+  - :uint64
+  - :reversePostMCastOctetDeltaCount
+  21:
+  - :uint32
+  - :reverseFlowEndSysUpTime
+  22:
+  - :uint32
+  - :reverseFlowStartSysUpTime
+  23:
+  - :uint64
+  - :reversePostOctetDeltaCount
+  24:
+  - :uint64
+  - :reversePostPacketDeltaCount
+  25:
+  - :uint64
+  - :reverseMinimumIpTotalLength
+  26:
+  - :uint64
+  - :reverseMaximumIpTotalLength
+  27:
+  - :ip6_addr
+  - :reverseSourceIPv6Address
+  28:
+  - :ip6_addr
+  - :reverseDestinationIPv6Address
+  29:
+  - :uint8
+  - :reverseSourceIPv6PrefixLength
+  30:
+  - :uint8
+  - :reverseDestinationIPv6PrefixLength
+  31:
+  - :uint32
+  - :reverseFlowLabelIPv6
+  32:
+  - :uint16
+  - :reverseIcmpTypeCodeIPv4
+  33:
+  - :uint8
+  - :reverseIgmpType
+  34:
+  - :uint32
+  - :reverseSamplingInterval
+  35:
+  - :uint8
+  - :reverseSamplingAlgorithm
+  36:
+  - :uint16
+  - :reverseFlowActiveTimeout
+  37:
+  - :uint16
+  - :reverseFlowIdleTimeout
+  38:
+  - :uint8
+  - :reverseEngineType
+  39:
+  - :uint8
+  - :reverseEngineId
+  43:
+  - :ip4_addr
+  - :reverseIpv4RouterSc
+  44:
+  - :ip4_addr
+  - :reverseSourceIPv4Prefix
+  45:
+  - :ip4_addr
+  - :reverseDestinationIPv4Prefix
+  46:
+  - :uint8
+  - :reverseMplsTopLabelType
+  47:
+  - :ip4_addr
+  - :reverseMplsTopLabelIPv4Address
+  48:
+  - :uint8
+  - :reverseSamplerId
+  49:
+  - :uint8
+  - :reverseSamplerMode
+  50:
+  - :uint32
+  - :reverseSamplerRandomInterval
+  51:
+  - :uint8
+  - :reverseClassId
+  52:
+  - :uint8
+  - :reverseMinimumTTL
+  53:
+  - :uint8
+  - :reverseMaximumTTL
+  54:
+  - :uint32
+  - :reverseFragmentIdentification
+  55:
+  - :uint8
+  - :reversePostIpClassOfService
+  56:
+  - :mac_addr
+  - :reverseSourceMacAddress
+  57:
+  - :mac_addr
+  - :reversePostDestinationMacAddress
+  58:
+  - :uint16
+  - :reverseVlanId
+  59:
+  - :uint16
+  - :reversePostVlanId
+  60:
+  - :uint8
+  - :reverseIpVersion
+  61:
+  - :uint8
+  - :reverseFlowDirection
+  62:
+  - :ip6_addr
+  - :reverseIpNextHopIPv6Address
+  63:
+  - :ip6_addr
+  - :reverseBgpNextHopIPv6Address
+  64:
+  - :uint32
+  - :reverseIpv6ExtensionHeaders
+  70:
+  - :string
+  - :reverseMplsTopLabelStackSection
+  71:
+  - :string
+  - :reverseMplsLabelStackSection2
+  72:
+  - :string
+  - :reverseMplsLabelStackSection3
+  73:
+  - :string
+  - :reverseMplsLabelStackSection4
+  74:
+  - :string
+  - :reverseMplsLabelStackSection5
+  75:
+  - :string
+  - :reverseMplsLabelStackSection6
+  76:
+  - :string
+  - :reverseMplsLabelStackSection7
+  77:
+  - :string
+  - :reverseMplsLabelStackSection8
+  78:
+  - :string
+  - :reverseMplsLabelStackSection9
+  79:
+  - :string
+  - :reverseMplsLabelStackSection10
+  80:
+  - :mac_addr
+  - :reverseDestinationMacAddress
+  81:
+  - :mac_addr
+  - :reversePostSourceMacAddress
+  82:
+  - :string
+  - :reverseInterfaceName
+  83:
+  - :string
+  - :reverseInterfaceDescription
+  84:
+  - :string
+  - :reverseSamplerName
+  85:
+  - :uint64
+  - :reverseOctetTotalCount
+  86:
+  - :uint64
+  - :reversePacketTotalCount
+  87:
+  - :uint32
+  - :reverseFlagsAndSamplerId
+  88:
+  - :uint16
+  - :reverseFragmentOffset
+  89:
+  - :uint32
+  - :reverseForwardingStatus
+  90:
+  - :string
+  - :reverseMplsVpnRouteDistinguisher
+  91:
+  - :uint8
+  - :reverseMplsTopLabelPrefixLength
+  92:
+  - :uint32
+  - :reverseSrcTrafficIndex
+  93:
+  - :uint32
+  - :reverseDstTrafficIndex
+  94:
+  - :string
+  - :reverseApplicationDescription
+  95:
+  - :string
+  - :reverseApplicationId
+  96:
+  - :string
+  - :reverseApplicationName
+  98:
+  - :uint8
+  - :reversePostIpDiffServCodePoint
+  99:
+  - :uint32
+  - :reverseMulticastReplicationFactor
+  100:
+  - :string
+  - :reverseClassName
+  101:
+  - :uint8
+  - :reverseClassificationEngineId
+  102:
+  - :uint16
+  - :reverseLayer2packetSectionOffset
+  103:
+  - :uint16
+  - :reverseLayer2packetSectionSize
+  104:
+  - :string
+  - :reverseLayer2packetSectionData
+  128:
+  - :uint32
+  - :reverseBgpNextAdjacentAsNumber
+  129:
+  - :uint32
+  - :reverseBgpPrevAdjacentAsNumber
+  132:
+  - :uint64
+  - :reverseDroppedOctetDeltaCount
+  133:
+  - :uint64
+  - :reverseDroppedPacketDeltaCount
+  134:
+  - :uint64
+  - :reverseDroppedOctetTotalCount
+  135:
+  - :uint64
+  - :reverseDroppedPacketTotalCount
+  136:
+  - :uint8
+  - :reverseFlowEndReason
+  138:
+  - :uint64
+  - :reverseObservationPointId
+  139:
+  - :uint16
+  - :reverseIcmpTypeCodeIPv6
+  140:
+  - :ip6_addr
+  - :reverseMplsTopLabelIPv6Address
+  141:
+  - :uint32
+  - :reverseLineCardId
+  142:
+  - :uint32
+  - :reversePortId
+  143:
+  - :uint32
+  - :reverseMeteringProcessId
+  144:
+  - :uint32
+  - :reverseExportingProcessId
+  146:
+  - :uint8
+  - :reverseWlanChannelId
+  147:
+  - :string
+  - :reverseWlanSSID
+  150:
+  - :uint32
+  - :reverseFlowStartSeconds
+  151:
+  - :uint32
+  - :reverseFlowEndSeconds
+  152:
+  - :uint64
+  - :reverseFlowStartMilliseconds
+  153:
+  - :uint64
+  - :reverseFlowEndMilliseconds
+  154:
+  - :uint64
+  - :reverseFlowStartMicroseconds
+  155:
+  - :uint64
+  - :reverseFlowEndMicroseconds
+  156:
+  - :uint64
+  - :reverseFlowStartNanoseconds
+  157:
+  - :uint64
+  - :reverseFlowEndNanoseconds
+  158:
+  - :uint32
+  - :reverseFlowStartDeltaMicroseconds
+  159:
+  - :uint32
+  - :reverseFlowEndDeltaMicroseconds
+  160:
+  - :uint64
+  - :reverseSystemInitTimeMilliseconds
+  161:
+  - :uint32
+  - :reverseFlowDurationMilliseconds
+  162:
+  - :uint32
+  - :reverseFlowDurationMicroseconds
+  169:
+  - :ip6_addr
+  - :reverseDestinationIPv6Prefix
+  170:
+  - :ip6_addr
+  - :reverseSourceIPv6Prefix
+  171:
+  - :uint64
+  - :reversePostOctetTotalCount
+  172:
+  - :uint64
+  - :reversePostPacketTotalCount
+  174:
+  - :uint64
+  - :reversePostMCastPacketTotalCount
+  175:
+  - :uint64
+  - :reversePostMCastOctetTotalCount
+  176:
+  - :uint8
+  - :reverseIcmpTypeIPv4
+  177:
+  - :uint8
+  - :reverseIcmpCodeIPv4
+  178:
+  - :uint8
+  - :reverseIcmpTypeIPv6
+  179:
+  - :uint8
+  - :reverseIcmpCodeIPv6
+  180:
+  - :uint16
+  - :reverseUdpSourcePort
+  181:
+  - :uint16
+  - :reverseUdpDestinationPort
+  182:
+  - :uint16
+  - :reverseTcpSourcePort
+  183:
+  - :uint16
+  - :reverseTcpDestinationPort
+  184:
+  - :uint32
+  - :reverseTcpSequenceNumber
+  185:
+  - :uint32
+  - :reverseTcpAcknowledgementNumber
+  186:
+  - :uint16
+  - :reverseTcpWindowSize
+  187:
+  - :uint16
+  - :reverseTcpUrgentPointer
+  188:
+  - :uint8
+  - :reverseTcpHeaderLength
+  189:
+  - :uint8
+  - :reverseIpHeaderLength
+  190:
+  - :uint16
+  - :reverseTotalLengthIPv4
+  191:
+  - :uint16
+  - :reversePayloadLengthIPv6
+  192:
+  - :uint8
+  - :reverseIpTTL
+  193:
+  - :uint8
+  - :reverseNextHeaderIPv6
+  194:
+  - :uint32
+  - :reverseMplsPayloadLength
+  195:
+  - :uint8
+  - :reverseIpDiffServCodePoint
+  196:
+  - :uint8
+  - :reverseIpPrecedence
+  197:
+  - :uint8
+  - :reverseFragmentFlags
+  198:
+  - :uint64
+  - :reverseOctetDeltaSumOfSquares
+  199:
+  - :uint64
+  - :reverseOctetTotalSumOfSquares
+  200:
+  - :uint8
+  - :reverseMplsTopLabelTTL
+  201:
+  - :uint32
+  - :reverseMplsLabelStackLength
+  202:
+  - :uint32
+  - :reverseMplsLabelStackDepth
+  203:
+  - :uint8
+  - :reverseMplsTopLabelExp
+  204:
+  - :uint32
+  - :reverseIpPayloadLength
+  205:
+  - :uint16
+  - :reverseUdpMessageLength
+  206:
+  - :uint8
+  - :reverseIsMulticast
+  207:
+  - :uint8
+  - :reverseIpv4IHL
+  208:
+  - :uint32
+  - :reverseIpv4Options
+  209:
+  - :uint64
+  - :reverseTcpOptions
+  218:
+  - :uint64
+  - :reverseTcpSynTotalCount
+  219:
+  - :uint64
+  - :reverseTcpFinTotalCount
+  220:
+  - :uint64
+  - :reverseTcpRstTotalCount
+  221:
+  - :uint64
+  - :reverseTcpPshTotalCount
+  222:
+  - :uint64
+  - :reverseTcpAckTotalCount
+  223:
+  - :uint64
+  - :reverseTcpUrgTotalCount
+  224:
+  - :uint64
+  - :reverseIpTotalLength
+  225:
+  - :ip4_addr
+  - :reversePostNATSourceIPv4Address
+  226:
+  - :ip4_addr
+  - :reversePostNATDestinationIPv4Address
+  227:
+  - :uint16
+  - :reversePostNAPTSourceTransportPort
+  228:
+  - :uint16
+  - :reversePostNAPTDestinationTransportPort
+  229:
+  - :uint8
+  - :reverseNatOriginatingAddressRealm
+  230:
+  - :uint8
+  - :reverseNatEvent
+  231:
+  - :uint64
+  - :reverseInitiatorOctets
+  232:
+  - :uint64
+  - :reverseResponderOctets
+  233:
+  - :uint8
+  - :reverseFirewallEvent
+  234:
+  - :uint32
+  - :reverseIngressVRFID
+  235:
+  - :uint32
+  - :reverseEgressVRFID
+  236:
+  - :string
+  - :reverseVRFname
+  237:
+  - :uint8
+  - :reversePostMplsTopLabelExp
+  238:
+  - :uint16
+  - :reverseTcpWindowScale
+  240:
+  - :uint8
+  - :reverseEthernetHeaderLength
+  241:
+  - :uint16
+  - :reverseEthernetPayloadLength
+  242:
+  - :uint16
+  - :reverseEthernetTotalLength
+  243:
+  - :uint16
+  - :reverseDot1qVlanId
+  244:
+  - :uint8
+  - :reverseDot1qPriority
+  245:
+  - :uint16
+  - :reverseDot1qCustomerVlanId
+  246:
+  - :uint8
+  - :reverseDot1qCustomerPriority
+  247:
+  - :string
+  - :reverseMetroEvcId
+  248:
+  - :uint8
+  - :reverseMetroEvcType
+  249:
+  - :uint32
+  - :reversePseudoWireId
+  250:
+  - :uint16
+  - :reversePseudoWireType
+  251:
+  - :uint32
+  - :reversePseudoWireControlWord
+  252:
+  - :uint32
+  - :reverseIngressPhysicalInterface
+  253:
+  - :uint32
+  - :reverseEgressPhysicalInterface
+  254:
+  - :uint16
+  - :reversePostDot1qVlanId
+  255:
+  - :uint16
+  - :reversePostDot1qCustomerVlanId
+  256:
+  - :uint16
+  - :reverseEthernetType
+  257:
+  - :uint8
+  - :reversePostIpPrecedence
+  258:
+  - :uint64
+  - :reverseCollectionTimeMilliseconds
+  259:
+  - :uint16
+  - :reverseExportSctpStreamId
+  260:
+  - :uint32
+  - :reverseMaxExportSeconds
+  261:
+  - :uint32
+  - :reverseMaxFlowEndSeconds
+  262:
+  - :string
+  - :reverseMessageMD5Checksum
+  263:
+  - :uint8
+  - :reverseMessageScope
+  264:
+  - :uint32
+  - :reverseMinExportSeconds
+  265:
+  - :uint32
+  - :reverseMinFlowStartSeconds
+  266:
+  - :string
+  - :reverseOpaqueOctets
+  267:
+  - :uint8
+  - :reverseSessionScope
+  268:
+  - :uint64
+  - :reverseMaxFlowEndMicroseconds
+  269:
+  - :uint64
+  - :reverseMaxFlowEndMilliseconds
+  270:
+  - :uint64
+  - :reverseMaxFlowEndNanoseconds
+  271:
+  - :uint64
+  - :reverseMinFlowStartMicroseconds
+  272:
+  - :uint64
+  - :reverseMinFlowStartMilliseconds
+  273:
+  - :uint64
+  - :reverseMinFlowStartNanoseconds
+  274:
+  - :string
+  - :reverseCollectorCertificate
+  275:
+  - :string
+  - :reverseExporterCertificate
+  276:
+  - :uint8
+  - :reverseDataRecordsReliability
+  277:
+  - :uint8
+  - :reverseObservationPointType
+  278:
+  - :uint32
+  - :reverseNewConnectionDeltaCount
+  279:
+  - :uint64
+  - :reverseConnectionSumDurationSeconds
+  280:
+  - :uint64
+  - :reverseConnectionTransactionId
+  281:
+  - :ip6_addr
+  - :reversePostNATSourceIPv6Address
+  282:
+  - :ip6_addr
+  - :reversePostNATDestinationIPv6Address
+  283:
+  - :uint32
+  - :reverseNatPoolId
+  284:
+  - :string
+  - :reverseNatPoolName
+  285:
+  - :uint16
+  - :reverseAnonymizationFlags
+  286:
+  - :uint16
+  - :reverseAnonymizationTechnique
+  287:
+  - :uint16
+  - :reverseInformationElementIndex
+  288:
+  - :string
+  - :reverseP2pTechnology
+  289:
+  - :string
+  - :reverseTunnelTechnology
+  290:
+  - :string
+  - :reverseEncryptedTechnology
+  291:
+  - :skip
+  292:
+  - :skip
+  293:
+  - :skip
+  294:
+  - :uint8
+  - :reverseBgpValidityState
+  295:
+  - :uint32
+  - :reverseIPSecSPI
+  296:
+  - :uint32
+  - :reverseGreKey
+  297:
+  - :uint8
+  - :reverseNatType
+  298:
+  - :uint64
+  - :reverseInitiatorPackets
+  299:
+  - :uint64
+  - :reverseResponderPackets
+  300:
+  - :string
+  - :reverseObservationDomainName
+  301:
+  - :uint64
+  - :reverseSelectionSequenceId
+  302:
+  - :uint64
+  - :reverseSelectorId
+  303:
+  - :uint16
+  - :reverseInformationElementId
+  304:
+  - :uint16
+  - :reverseSelectorAlgorithm
+  305:
+  - :uint32
+  - :reverseSamplingPacketInterval
+  306:
+  - :uint32
+  - :reverseSamplingPacketSpace
+  307:
+  - :uint32
+  - :reverseSamplingTimeInterval
+  308:
+  - :uint32
+  - :reverseSamplingTimeSpace
+  309:
+  - :uint32
+  - :reverseSamplingSize
+  310:
+  - :uint32
+  - :reverseSamplingPopulation
+  311:
+  - :double
+  - :reverseSamplingProbability
+  312:
+  - :uint16
+  - :reverseDataLinkFrameSize
+  313:
+  - :string
+  - :reverseIpHeaderPacketSection
+  314:
+  - :string
+  - :reverseIpPayloadPacketSection
+  315:
+  - :string
+  - :reverseDataLinkFrameSection
+  316:
+  - :string
+  - :reverseMplsLabelStackSection
+  317:
+  - :string
+  - :reverseMplsPayloadPacketSection
+  318:
+  - :uint64
+  - :reverseSelectorIdTotalPktsObserved
+  319:
+  - :uint64
+  - :reverseSelectorIdTotalPktsSelected
+  320:
+  - :double
+  - :reverseAbsoluteError
+  321:
+  - :double
+  - :reverseRelativeError
+  322:
+  - :uint32
+  - :reverseObservationTimeSeconds
+  323:
+  - :uint64
+  - :reverseObservationTimeMilliseconds
+  324:
+  - :uint64
+  - :reverseObservationTimeMicroseconds
+  325:
+  - :uint64
+  - :reverseObservationTimeNanoseconds
+  326:
+  - :uint64
+  - :reverseDigestHashValue
+  327:
+  - :uint64
+  - :reverseHashIPPayloadOffset
+  328:
+  - :uint64
+  - :reverseHashIPPayloadSize
+  329:
+  - :uint64
+  - :reverseHashOutputRangeMin
+  330:
+  - :uint64
+  - :reverseHashOutputRangeMax
+  331:
+  - :uint64
+  - :reverseHashSelectedRangeMin
+  332:
+  - :uint64
+  - :reverseHashSelectedRangeMax
+  333:
+  - :uint8
+  - :reverseHashDigestOutput
+  334:
+  - :uint64
+  - :reverseHashInitialiserValue
+  335:
+  - :string
+  - :reverseSelectorName
+  336:
+  - :double
+  - :reverseUpperCILimit
+  337:
+  - :double
+  - :reverseLowerCILimit
+  338:
+  - :double
+  - :reverseConfidenceLevel
+  339:
+  - :uint8
+  - :reverseInformationElementDataType
+  340:
+  - :string
+  - :reverseInformationElementDescription
+  341:
+  - :string
+  - :reverseInformationElementName
+  342:
+  - :uint64
+  - :reverseInformationElementRangeBegin
+  343:
+  - :uint64
+  - :reverseInformationElementRangeEnd
+  344:
+  - :uint8
+  - :reverseInformationElementSemantics
+  345:
+  - :uint16
+  - :reverseInformationElementUnits
+  346:
+  - :uint32
+  - :reversePrivateEnterpriseNumber
+  347:
+  - :string
+  - :reverseVirtualStationInterfaceId
+  348:
+  - :string
+  - :reverseVirtualStationInterfaceName
+  349:
+  - :string
+  - :reverseVirtualStationUUID
+  350:
+  - :string
+  - :reverseVirtualStationName
+  351:
+  - :uint64
+  - :reverseLayer2SegmentId
+  352:
+  - :uint64
+  - :reverseLayer2OctetDeltaCount
+  353:
+  - :uint64
+  - :reverseLayer2OctetTotalCount
+  354:
+  - :uint64
+  - :reverseIngressUnicastPacketTotalCount
+  355:
+  - :uint64
+  - :reverseIngressMulticastPacketTotalCount
+  356:
+  - :uint64
+  - :reverseIngressBroadcastPacketTotalCount
+  357:
+  - :uint64
+  - :reverseEgressUnicastPacketTotalCount
+  358:
+  - :uint64
+  - :reverseEgressBroadcastPacketTotalCount
+  359:
+  - :uint64
+  - :reverseMonitoringIntervalStartMilliSeconds
+  360:
+  - :uint64
+  - :reverseMonitoringIntervalEndMilliSeconds
+  361:
+  - :uint16
+  - :reversePortRangeStart
+  362:
+  - :uint16
+  - :reversePortRangeEnd
+  363:
+  - :uint16
+  - :reversePortRangeStepSize
+  364:
+  - :uint16
+  - :reversePortRangeNumPorts
+  365:
+  - :mac_addr
+  - :reverseStaMacAddress
+  366:
+  - :ip4_addr
+  - :reverseStaIPv4Address
+  367:
+  - :mac_addr
+  - :reverseWtpMacAddress
+  368:
+  - :uint32
+  - :reverseIngressInterfaceType
+  369:
+  - :uint32
+  - :reverseEgressInterfaceType
+  370:
+  - :uint16
+  - :reverseRtpSequenceNumber
+  371:
+  - :string
+  - :reverseUserName
+  372:
+  - :string
+  - :reverseApplicationCategoryName
+  373:
+  - :string
+  - :reverseApplicationSubCategoryName
+  374:
+  - :string
+  - :reverseApplicationGroupName
+  375:
+  - :uint64
+  - :reverseOriginalFlowsPresent
+  376:
+  - :uint64
+  - :reverseOriginalFlowsInitiated
+  377:
+  - :uint64
+  - :reverseOriginalFlowsCompleted
+  378:
+  - :uint64
+  - :reverseDistinctCountOfSourceIPAddress
+  379:
+  - :uint64
+  - :reverseDistinctCountOfDestinationIPAddress
+  380:
+  - :uint32
+  - :reverseDistinctCountOfSourceIPv4Address
+  381:
+  - :uint32
+  - :reverseDistinctCountOfDestinationIPv4Address
+  382:
+  - :uint64
+  - :reverseDistinctCountOfSourceIPv6Address
+  383:
+  - :uint64
+  - :reverseDistinctCountOfDestinationIPv6Address
+  384:
+  - :uint8
+  - :reverseValueDistributionMethod
+  385:
+  - :uint32
+  - :reverseRfc3550JitterMilliseconds
+  386:
+  - :uint32
+  - :reverseRfc3550JitterMicroseconds
+  387:
+  - :uint32
+  - :reverseRfc3550JitterNanoseconds
+  388:
+  - :uint8
+  - :reverseDot1qDEI
+  389:
+  - :uint8
+  - :reverseDot1qCustomerDEI
+  390:
+  - :uint16
+  - :reverseFlowSelectorAlgorithm
+  391:
+  - :uint64
+  - :reverseFlowSelectedOctetDeltaCount
+  392:
+  - :uint64
+  - :reverseFlowSelectedPacketDeltaCount
+  393:
+  - :uint64
+  - :reverseFlowSelectedFlowDeltaCount
+  394:
+  - :uint64
+  - :reverseSelectorIDTotalFlowsObserved
+  395:
+  - :uint64
+  - :reverseSelectorIDTotalFlowsSelected
+  396:
+  - :uint64
+  - :reverseSamplingFlowInterval
+  397:
+  - :uint64
+  - :reverseSamplingFlowSpacing
+  398:
+  - :uint64
+  - :reverseFlowSamplingTimeInterval
+  399:
+  - :uint64
+  - :reverseFlowSamplingTimeSpacing
+  400:
+  - :uint16
+  - :reverseHashFlowDomain
+  401:
+  - :uint64
+  - :reverseTransportOctetDeltaCount
+  402:
+  - :uint64
+  - :reverseTransportPacketDeltaCount
+  403:
+  - :ip4_addr
+  - :reverseOriginalExporterIPv4Address
+  404:
+  - :ip6_addr
+  - :reverseOriginalExporterIPv6Address
+  405:
+  - :uint32
+  - :reverseOriginalObservationDomainId
+  406:
+  - :uint32
+  - :reverseIntermediateProcessId
+  407:
+  - :uint64
+  - :reverseIgnoredDataRecordTotalCount
+  408:
+  - :uint16
+  - :reverseDataLinkFrameType
+  409:
+  - :uint16
+  - :reverseSectionOffset
+  410:
+  - :uint16
+  - :reverseSectionExportedOctets
+  411:
+  - :string
+  - :reverseDot1qServiceInstanceTag
+  412:
+  - :uint32
+  - :reverseDot1qServiceInstanceId
+  413:
+  - :uint8
+  - :reverseDot1qServiceInstancePriority
+  414:
+  - :mac_addr
+  - :reverseDot1qCustomerSourceMacAddress
+  415:
+  - :mac_addr
+  - :reverseDot1qCustomerDestinationMacAddress
+  417:
+  - :uint64
+  - :reversePostLayer2OctetDeltaCount
+  418:
+  - :uint64
+  - :reversePostMCastLayer2OctetDeltaCount
+  420:
+  - :uint64
+  - :reversePostLayer2OctetTotalCount
+  421:
+  - :uint64
+  - :reversePostMCastLayer2OctetTotalCount
+  422:
+  - :uint64
+  - :reverseMinimumLayer2TotalLength
+  423:
+  - :uint64
+  - :reverseMaximumLayer2TotalLength
+  424:
+  - :uint64
+  - :reverseDroppedLayer2OctetDeltaCount
+  425:
+  - :uint64
+  - :reverseDroppedLayer2OctetTotalCount
+  426:
+  - :uint64
+  - :reverseIgnoredLayer2OctetTotalCount
+  427:
+  - :uint64
+  - :reverseNotSentLayer2OctetTotalCount
+  428:
+  - :uint64
+  - :reverseLayer2OctetDeltaSumOfSquares
+  429:
+  - :uint64
+  - :reverseLayer2OctetTotalSumOfSquares
+  430:
+  - :uint64
+  - :reverseLayer2FrameDeltaCount
+  431:
+  - :uint64
+  - :reverseLayer2FrameTotalCount
+  432:
+  - :ip4_addr
+  - :reversePseudoWireDestinationIPv4Address
+  433:
+  - :uint64
+  - :reverseIgnoredLayer2FrameTotalCount
+21373:
+  4:
+  - :uint32
+  - :mark
+  6:
+  - :uint32
+  - :conntrack_id
+9789:
+  1:
+  - :uint16
+  - :afcProtocol
+  2:
+  - :string
+  - :afcProtocolName
+  4:
+  - :uint8
+  - :flowDirection 
+41916:
+  4321:
+  - :uint64
+  - :viptelaVPNId
+# List below taken from Procera PacketLogic product guide 15.1 - Not publicly available AFAIK
+# Further updates / additional fields may be present with versions 16/17+
+15397:
+  1:
+  - :string
+  - :proceraService
+  2:
+  - :string
+  - :proceraBaseService
+  3:
+  - :uint64
+  - :proceraIncomingOctets
+  4:
+  - :uint64
+  - :proceraOutgoingOctets
+  5:
+  - :uint64
+  - :proceraIncomingPackets
+  6:
+  - :uint64
+  - :proceraOutgoingPackets
+  7:
+  - :uint16
+  - :proceraIncomingShapingLatency
+  8:
+  - :uint16
+  - :proceraOutgoingShapingLatency
+  9:
+  - :uint32
+  - :proceraIncomingShapingDrops
+  10:
+  - :uint32
+  - :proceraOutgoingShapingDrops
+  11:
+  - :int32
+  - :proceraInternalRtt
+  12:
+  - :int32
+  - :proceraExternalRtt
+  15:
+  - :string
+  - :proceraFlowBehavior
+  16:
+  - :string
+  - :proceraContentCategories
+  17:
+  - :string
+  - :proceraProperty
+  18:
+  - :string
+  - :proceraServerHostname
+  19:
+  - :string
+  - :proceraHttpRequestMethod
+  20:
+  - :string
+  - :proceraHttpUserAgent
+  21:
+  - :string
+  - :proceraHttpContentType
+  22:
+  - :string
+  - :proceraHttpUrl
+  23:
+  - :string
+  - :proceraHttpReferer
+  24:
+  - :uint16
+  - :proceraHttpResponseStatus
+  25:
+  - :uint32
+  - :proceraHttpFileLength
+  26:
+  - :string
+  - :proceraHttpLocation
+  27:
+  - :string
+  - :proceraHttpLanguage
+  28:
+  - :string
+  - :proceraSubscriberIdentifier
+  29:
+  - :uint64
+  - :proceraMsisdn
+  30:
+  - :uint64
+  - :proceraImsi
+  31:
+  - :string
+  - :proceraRat
+  32:
+  - :uint64
+  - :proceraDeviceId
+  33:
+  - :string
+  - :proceraSgsn
+  34:
+  - :uint16
+  - :proceraRnc
+  35:
+  - :string
+  - :proceraApn
+  36:
+  - :string
+  - :proceraUserLocationInformation
+  37:
+  - :string
+  - :proceraGgsn
+  38:
+  - :float32
+  - :proceraQoeIncomingInternal
+  39:
+  - :float32
+  - :proceraQoeIncomingExternal
+  40:
+  - :float32
+  - :proceraQoeOutgoingInternal
+  41:
+  - :float32
+  - :proceraQoeOutgoingExternal
+  42:
+  - :ip4_addr
+  - :proceraLocalIPv4Host
+  43:
+  - :ip6_addr
+  - :proceraLocalIPv6Host
+  44:
+  - :ip4_addr
+  - :proceraRemoteIPv4Host
+  45:
+  - :ip6_addr
+  - :proceraRemoteIPv6Host
+  46:
+  - :string
+  - :proceraHttpRequestVersion
+  47:
+  - :string
+  - :proceraTemplateName
+10704:
+  1:
+  - :uint32
+  - :Timestamp
+  2:
+  - :uint8
+  - :LogOp
+  3:
+  - :uint8
+  - TrafficType
+  4:
+  - :string
+  - :FW_Rule
+  5:
+  - :string
+  - :ServiceName
+  6:
+  - :uint32
+  - :Reason
+  7:
+  - :string
+  - :ReasonText
+  8:
+  - :ip4_addr
+  - :BindIPv4Address
+  9:
+  - :uint16
+  - :BindTransportPort
+  10:
+  - :ip4_addr
+  - :ConnIPv4Address
+  11:
+  - :uint16
+  - :ConnTransportPort
+  12:
+  - :uint32
+  - :AuditCounter
+12326:
+  1:
+  - :uint32
+  - :Timestamp
+  2:
+  - :uint8
+  - :LogOp
+  3:
+  - :uint8
+  - TrafficType
+  4:
+  - :string
+  - :FW_Rule
+  5:
+  - :string
+  - :ServiceName
+  6:
+  - :uint32
+  - :Reason
+  7:
+  - :string
+  - :ReasonText
+  8:
+  - :ip4_addr
+  - :BindIPv4Address
+  9:
+  - :uint16
+  - :BindTransportPort
+  10:
+  - :ip4_addr
+  - :ConnIPv4Address
+  11:
+  - :uint16
+  - :ConnTransportPort
+  12:
+  - :uint32
+  - :AuditCounter
diff --git a/logstash/elastiflow/definitions/netflow.yml b/logstash/elastiflow/definitions/netflow.yml
new file mode 100644
index 0000000..13fa601
--- /dev/null
+++ b/logstash/elastiflow/definitions/netflow.yml
@@ -0,0 +1,1321 @@
+---
+0:
+- :skip
+1:
+- 4
+- :in_bytes
+2:
+- 4
+- :in_pkts
+3:
+- 4
+- :flows
+4:
+- :uint8
+- :protocol
+5:
+- :uint8
+- :src_tos
+6:
+- :uint8
+- :tcp_flags
+7:
+- :uint16
+- :l4_src_port
+8:
+- :ip4_addr
+- :ipv4_src_addr
+9:
+- :uint8
+- :src_mask
+10:
+- 2
+- :input_snmp
+11:
+- :uint16
+- :l4_dst_port
+12:
+- :ip4_addr
+- :ipv4_dst_addr
+13:
+- :uint8
+- :dst_mask
+14:
+- 2
+- :output_snmp
+15:
+- :ip4_addr
+- :ipv4_next_hop
+16:
+- 2
+- :src_as
+17:
+- 2
+- :dst_as
+18:
+- :ip4_addr
+- :bgp_ipv4_next_hop
+19:
+- 4
+- :mul_dst_pkts
+20:
+- 4
+- :mul_dst_bytes
+21:
+- :uint32
+- :last_switched
+22:
+- :uint32
+- :first_switched
+23:
+- 4
+- :out_bytes
+24:
+- 4
+- :out_pkts
+25:
+- :uint16
+- :min_pkt_length
+26:
+- :uint16
+- :max_pkt_length
+27:
+- :ip6_addr
+- :ipv6_src_addr
+28:
+- :ip6_addr
+- :ipv6_dst_addr
+29:
+- :uint8
+- :ipv6_src_mask
+30:
+- :uint8
+- :ipv6_dst_mask
+31:
+- :uint24
+- :ipv6_flow_label
+32:
+- :uint16
+- :icmp_type
+33:
+- :uint8
+- :mul_igmp_type
+34:
+- :uint32
+- :sampling_interval
+35:
+- :uint8
+- :sampling_algorithm
+36:
+- :uint16
+- :flow_active_timeout
+37:
+- :uint16
+- :flow_inactive_timeout
+38:
+- :uint8
+- :engine_type
+39:
+- :uint8
+- :engine_id
+40:
+- 4
+- :total_bytes_exp
+41:
+- 4
+- :total_pkts_exp
+42:
+- 4
+- :total_flows_exp
+43:
+- :skip
+44:
+- :ip4_addr
+- :ipv4_src_prefix
+45:
+- :ip4_addr
+- :ipv4_dst_prefix
+46:
+- :uint8
+- :mpls_top_label_type
+47:
+- :uint32
+- :mpls_top_label_ip_addr
+48:
+- 4
+- :flow_sampler_id
+49:
+- :uint8
+- :flow_sampler_mode
+50:
+- :uint32
+- :flow_sampler_random_interval
+51:
+- :skip
+52:
+- :uint8
+- :min_ttl
+53:
+- :uint8
+- :max_ttl
+54:
+- :uint16
+- :ipv4_ident
+55:
+- :uint8
+- :dst_tos
+56:
+- :mac_addr
+- :in_src_mac
+57:
+- :mac_addr
+- :out_dst_mac
+58:
+- :uint16
+- :src_vlan
+59:
+- :uint16
+- :dst_vlan
+60:
+- :uint8
+- :ip_protocol_version
+61:
+- :uint8
+- :direction
+62:
+- :ip6_addr
+- :ipv6_next_hop
+63:
+- :ip6_addr
+- :bgp_ipv6_next_hop
+64:
+- :uint32
+- :ipv6_option_headers
+65:
+- :skip
+66:
+- :skip
+67:
+- :skip
+68:
+- :skip
+69:
+- :skip
+80:
+- :mac_addr
+- :in_dst_mac
+81:
+- :mac_addr
+- :out_src_mac
+82:
+- :string
+- :if_name
+83:
+- :string
+- :if_desc
+84:
+- :string
+- :sampler_name
+85:
+- :uint32
+- :in_permanent_bytes
+86:
+- :uint32
+- :in_permanent_pkts
+89:
+- :forwarding_status
+- :forwarding_status
+92:
+- :uint32
+- :src_traffic_index
+93:
+- :uint32
+- :dst_traffic_index
+94:
+- :string
+- :application_description
+95:
+- :application_id
+- :application_id
+96:
+- :string
+- :application_name
+98:
+- :uint8
+- :postIpDiffServCodePoint
+100:
+- :uint8
+- :rb_passthru_reason
+101:
+- :uint8
+- :rb_wan_visibility
+102:
+- :ip4_addr
+- :rb_cfe_inpath_addr
+103:
+- :ip4_addr
+- :rb_sfe_inpath_addr
+104:
+- :uint16
+- :rb_cfe_tcp_port
+105:
+- :uint16
+- :rb_sfe_tcp_port
+106:
+- :ip4_addr
+- :rb_outer_inpath_addr
+107:
+- :uint16
+- :rb_outer_tcp_port
+108:
+- :uint32
+- :rb_retrans_pkts
+109:
+- :uint32
+- :rb_retrans_bytes
+110:
+- :uint32
+- :rb_tcp_conn_rtt
+111:
+- :uint8
+- :rb_fe_type
+128:
+- :uint32
+- :bgpNextAdjacentAsNumber
+129:
+- :uint32
+- :bgpPrevAdjacentAsNumber
+130:
+- :ip4_addr
+- :exporterIPv4Address
+131:
+- :ip6_addr
+- :exporterIPv6Address
+132:
+- :uint64
+- :droppedOctetDeltaCount
+133:
+- :uint64
+- :droppedPacketDeltaCount
+134:
+- :uint64
+- :droppedOctetTotalCount
+135:
+- :uint64
+- :droppedPacketTotalCount
+136:
+- :uint8
+- :flow_end_reason
+137:
+- :uint64
+- :commonPropertiesId
+138:
+- :uint64
+- :observationPointId
+139:
+- :uint16
+- :icmpTypeCodeIPv6
+140:
+- :ip6_addr
+- :mplsTopLabelIPv6Address
+141:
+- :uint32
+- :lineCardId
+142:
+- :uint32
+- :portId
+143:
+- :uint32
+- :meteringProcessId
+144:
+- :uint32
+- :exportingProcessId
+145:
+- :uint16
+- :templateId
+146:
+- :uint8
+- :wlanChannelId
+147:
+- :string
+- :wlanSSID
+148:
+- :uint32
+- :conn_id
+149:
+- :uint32
+- :observationDomainId
+150:
+- :uint32
+- :flowStartSeconds
+151:
+- :uint32
+- :flowEndSeconds
+152:
+- 8
+- :flow_start_msec
+153:
+- 8
+- :flow_end_msec
+154:
+- :uint64
+- :flowStartMicroseconds
+155:
+- :uint64
+- :flowEndMicroseconds
+156:
+- :uint64
+- :flowStartNanoseconds
+157:
+- :uint64
+- :flowEndNanoseconds
+158:
+- :uint32
+- :flowStartDeltaMicroseconds
+159:
+- :uint32
+- :flowEndDeltaMicroseconds
+160:
+- :uint64
+- :systemInitTimeMilliseconds
+161:
+- :uint32
+- :flowDurationMilliseconds
+162:
+- :uint32
+- :flowDurationMicroseconds
+163:
+- :uint64
+- :observedFlowTotalCount
+164:
+- :uint64
+- :ignoredPacketTotalCount
+165:
+- :uint64
+- :ignoredOctetTotalCount
+166:
+- :uint64
+- :notSentFlowTotalCount
+167:
+- :uint64
+- :notSentPacketTotalCount
+168:
+- :uint64
+- :notSentOctetTotalCount
+169:
+- :ip6_addr
+- :destinationIPv6Prefix
+170:
+- :ip6_addr
+- :sourceIPv6Prefix
+171:
+- :uint64
+- :postOctetTotalCount
+172:
+- :uint64
+- :postPacketTotalCount
+173:
+- :uint64
+- :flowKeyIndicator
+174:
+- :uint64
+- :postMCastPacketTotalCount
+175:
+- :uint64
+- :postMCastOctetTotalCount
+176:
+- :uint8
+- :icmp_type
+177:
+- :uint8
+- :icmp_code
+178:
+- :uint8
+- :icmp_type_ipv6
+179:
+- :uint8
+- :icmp_code_ipv6
+180:
+- :uint16
+- :udp_src_port
+181:
+- :uint16
+- :udp_dst_port
+182:
+- :uint16
+- :tcp_src_port
+183:
+- :uint16
+- :tcp_dst_port
+183:
+- :uint16
+- :tcpDestinationPort
+184:
+- :uint32
+- :tcpSequenceNumber
+185:
+- :uint32
+- :tcpAcknowledgementNumber
+186:
+- :uint16
+- :tcpWindowSize
+187:
+- :uint16
+- :tcpUrgentPointer
+188:
+- :uint8
+- :tcpHeaderLength
+189:
+- :uint8
+- :ipHeaderLength
+190:
+- :uint16
+- :totalLengthIPv4
+191:
+- :uint16
+- :payloadLengthIPv6
+192:
+- :uint8
+- :ipTTL
+193:
+- :uint8
+- :nextHeaderIPv6
+194:
+- :uint8
+- :ip_tos
+195:
+- :uint8
+- :ip_dscp
+196:
+- :uint8
+- :ipPrecedence
+197:
+- :uint8
+- :fragmentFlags
+198:
+- :uint64
+- :octetDeltaSumOfSquares
+199:
+- :uint64
+- :octetTotalSumOfSquares
+200:
+- :uint8
+- :mplsTopLabelTTL
+201:
+- mpls_label_stack_octets
+- mpls_label_stack_octets
+202:
+- :uint32
+- :mplsLabelStackDepth
+203:
+- :uint8
+- :mplsTopLabelExp
+204:
+- :uint32
+- :ipPayloadLength
+205:
+- :uint16
+- :udpMessageLength
+206:
+- :uint8
+- :isMulticast
+207:
+- :uint8
+- :ipv4IHL
+208:
+- :uint32
+- :ipv4Options
+209:
+- :uint64
+- :tcpOptions
+210:
+- :skip
+211:
+- :ip4_addr
+- :collectorIPv4Address
+212:
+- :ip6_addr
+- :collectorIPv6Address
+213:
+- :uint32
+- :exportInterface
+214:
+- :uint8
+- :exportProtocolVersion
+215:
+- :uint8
+- :exportTransportProtocol
+216:
+- :uint16
+- :collectorTransportPort
+217:
+- :uint16
+- :exporterTransportPort
+218:
+- :uint64
+- :tcpSynTotalCount
+219:
+- :uint64
+- :tcpFinTotalCount
+220:
+- :uint64
+- :tcpRstTotalCount
+221:
+- :uint64
+- :tcpPshTotalCount
+222:
+- :uint64
+- :tcpAckTotalCount
+223:
+- :uint64
+- :tcpUrgTotalCount
+224:
+- :uint64
+- :ipTotalLength
+225:
+- :ip4_addr
+- :xlate_src_addr_ipv4
+226:
+- :ip4_addr
+- :xlate_dst_addr_ipv4
+227:
+- :uint16
+- :xlate_src_port
+228:
+- :uint16
+- :xlate_dst_port
+229:
+- :uint8
+- :natOriginatingAddressRealm
+230:
+- :uint8
+- :natEvent
+231:
+- :uint64
+- :fwd_flow_delta_bytes
+232:
+- :uint64
+- :rev_flow_delta_bytes
+233:
+- :uint8
+- :fw_event
+234:
+- :uint32
+- :ingressVRFID
+235:
+- :uint32
+- :egressVRFID
+236:
+- :string
+- :VRFname
+237:
+- :uint8
+- :postMplsTopLabelExp
+238:
+- :uint16
+- :tcpWindowScale
+239:
+- :uint8
+- :biflowDirection
+240:
+- :uint8
+- :ethernetHeaderLength
+241:
+- :uint16
+- :ethernetPayloadLength
+242:
+- :uint16
+- :ethernetTotalLength
+243:
+- :uint16
+- :dot1qVlanId
+244:
+- :uint8
+- :dot1qPriority
+245:
+- :uint16
+- :dot1qCustomerVlanId
+246:
+- :uint8
+- :dot1qCustomerPriority
+247:
+- :string
+- :metroEvcId
+248:
+- :uint8
+- :metroEvcType
+249:
+- :uint32
+- :pseudoWireId
+250:
+- :uint16
+- :pseudoWireType
+251:
+- :uint32
+- :pseudoWireControlWord
+252:
+- :uint32
+- :ingressPhysicalInterface
+253:
+- :uint32
+- :egressPhysicalInterface
+254:
+- :uint16
+- :postDot1qVlanId
+255:
+- :uint16
+- :postDot1qCustomerVlanId
+256:
+- :uint16
+- :ethernetType
+257:
+- :uint8
+- :postIpPrecedence
+258:
+- :uint64
+- :collectionTimeMilliseconds
+259:
+- :uint16
+- :exportSctpStreamId
+260:
+- :uint32
+- :maxExportSeconds
+261:
+- :uint32
+- :maxFlowEndSeconds
+262:
+- :string
+- :messageMD5Checksum
+263:
+- :uint8
+- :messageScope
+264:
+- :uint32
+- :minExportSeconds
+265:
+- :uint32
+- :minFlowStartSeconds
+266:
+- :string
+- :opaqueOctets
+267:
+- :uint8
+- :sessionScope
+268:
+- :uint64
+- :maxFlowEndMicroseconds
+269:
+- :uint64
+- :maxFlowEndMilliseconds
+270:
+- :uint64
+- :maxFlowEndNanoseconds
+271:
+- :uint64
+- :minFlowStartMicroseconds
+272:
+- :uint64
+- :minFlowStartMilliseconds
+273:
+- :uint64
+- :minFlowStartNanoseconds
+274:
+- :string
+- :collectorCertificate
+275:
+- :string
+- :exporterCertificate
+276:
+- :uint8
+- :dataRecordsReliability
+277:
+- :uint8
+- :observationPointType
+278:
+- :uint32
+- :newConnectionDeltaCount
+279:
+- :uint64
+- :connectionSumDurationSeconds
+280:
+- :uint64
+- :connectionTransactionId
+281:
+- :ip6_addr
+- :xlate_src_addr_ipv6
+282:
+- :ip6_addr
+- :xlate_dst_addr_ipv6
+283:
+- :uint32
+- :natPoolId
+284:
+- :string
+- :natPoolName
+285:
+- :uint16
+- :anonymizationFlags
+286:
+- :uint16
+- :anonymizationTechnique
+287:
+- :uint16
+- :informationElementIndex
+288:
+- :string
+- :p2pTechnology
+289:
+- :string
+- :tunnelTechnology
+290:
+- :string
+- :encryptedTechnology
+291:
+- :skip
+292:
+- :skip
+293:
+- :skip
+294:
+- :uint8
+- :bgpValidityState
+295:
+- :uint32
+- :IPSecSPI
+296:
+- :uint32
+- :greKey
+297:
+- :uint8
+- :natType
+298:
+- :uint64
+- :initiatorPackets
+299:
+- :uint64
+- :responderPackets
+300:
+- :string
+- :observationDomainName
+301:
+- :uint64
+- :selectionSequenceId
+302:
+- :uint64
+- :selectorId
+303:
+- :uint16
+- :informationElementId
+304:
+- :uint16
+- :selectorAlgorithm
+305:
+- :uint32
+- :samplingPacketInterval
+306:
+- :uint32
+- :samplingPacketSpace
+307:
+- :uint32
+- :samplingTimeInterval
+308:
+- :uint32
+- :samplingTimeSpace
+309:
+- :uint32
+- :samplingSize
+310:
+- :uint32
+- :samplingPopulation
+311:
+- :double
+- :samplingProbability
+312:
+- :uint16
+- :dataLinkFrameSize
+313:
+- :string
+- :ipHeaderPacketSection
+314:
+- :string
+- :ipPayloadPacketSection
+315:
+- :string
+- :dataLinkFrameSection
+316:
+- :string
+- :mplsLabelStackSection
+317:
+- :string
+- :mplsPayloadPacketSection
+318:
+- :uint64
+- :selectorIdTotalPktsObserved
+319:
+- :uint64
+- :selectorIdTotalPktsSelected
+320:
+- :double
+- :absoluteError
+321:
+- :double
+- :relativeError
+322:
+- :uint32
+- :observationTimeSeconds
+323:
+- 8
+- :event_time_msec
+324:
+- :uint64
+- :observationTimeMicroseconds
+325:
+- :uint64
+- :observationTimeNanoseconds
+326:
+- :uint64
+- :digestHashValue
+327:
+- :uint64
+- :hashIPPayloadOffset
+328:
+- :uint64
+- :hashIPPayloadSize
+329:
+- :uint64
+- :hashOutputRangeMin
+330:
+- :uint64
+- :hashOutputRangeMax
+331:
+- :uint64
+- :hashSelectedRangeMin
+332:
+- :uint64
+- :hashSelectedRangeMax
+333:
+- :uint8
+- :hashDigestOutput
+334:
+- :uint64
+- :hashInitialiserValue
+335:
+- :string
+- :selectorName
+336:
+- :double
+- :upperCILimit
+337:
+- :double
+- :lowerCILimit
+338:
+- :double
+- :confidenceLevel
+339:
+- :uint8
+- :informationElementDataType
+340:
+- :string
+- :informationElementDescription
+341:
+- :string
+- :informationElementName
+342:
+- :uint64
+- :informationElementRangeBegin
+343:
+- :uint64
+- :informationElementRangeEnd
+344:
+- :uint8
+- :informationElementSemantics
+345:
+- :uint16
+- :informationElementUnits
+346:
+- :uint32
+- :privateEnterpriseNumber
+347:
+- :string
+- :virtualStationInterfaceId
+348:
+- :string
+- :virtualStationInterfaceName
+349:
+- :string
+- :virtualStationUUID
+350:
+- :string
+- :virtualStationName
+351:
+- :uint64
+- :layer2SegmentId
+352:
+- :uint64
+- :layer2OctetDeltaCount
+353:
+- :uint64
+- :layer2OctetTotalCount
+354:
+- :uint64
+- :ingressUnicastPacketTotalCount
+355:
+- :uint64
+- :ingressMulticastPacketTotalCount
+356:
+- :uint64
+- :ingressBroadcastPacketTotalCount
+357:
+- :uint64
+- :egressUnicastPacketTotalCount
+358:
+- :uint64
+- :egressBroadcastPacketTotalCount
+359:
+- :uint64
+- :monitoringIntervalStartMilliSeconds
+360:
+- :uint64
+- :monitoringIntervalEndMilliSeconds
+361:
+- :uint16
+- :postNATPortBlockStart
+362:
+- :uint16
+- :postNATPortBlockEnd
+363:
+- :uint16
+- :portRangeStepSize
+364:
+- :uint16
+- :portRangeNumPorts
+365:
+- :mac_addr
+- :staMacAddress
+366:
+- :ip4_addr
+- :staIPv4Address
+367:
+- :mac_addr
+- :wtpMacAddress
+368:
+- :uint32
+- :ingressInterfaceType
+369:
+- :uint32
+- :egressInterfaceType
+370:
+- :uint16
+- :rtpSequenceNumber
+371:
+- :string
+- :userName
+372:
+- :string
+- :applicationCategoryName
+373:
+- :string
+- :applicationSubCategoryName
+374:
+- :string
+- :applicationGroupName
+375:
+- :uint64
+- :originalFlowsPresent
+376:
+- :uint64
+- :originalFlowsInitiated
+377:
+- :uint64
+- :originalFlowsCompleted
+378:
+- :uint64
+- :distinctCountOfSourceIPAddress
+379:
+- :uint64
+- :distinctCountOfDestinationIPAddress
+380:
+- :uint32
+- :distinctCountOfSourceIPv4Address
+381:
+- :uint32
+- :distinctCountOfDestinationIPv4Address
+382:
+- :uint64
+- :distinctCountOfSourceIPv6Address
+383:
+- :uint64
+- :distinctCountOfDestinationIPv6Address
+384:
+- :uint8
+- :valueDistributionMethod
+385:
+- :uint32
+- :rfc3550JitterMilliseconds
+386:
+- :uint32
+- :rfc3550JitterMicroseconds
+387:
+- :uint32
+- :rfc3550JitterNanoseconds
+388:
+- :uint8
+- :dot1qDEI
+389:
+- :uint8
+- :dot1qCustomerDEI
+390:
+- :uint16
+- :flowSelectorAlgorithm
+391:
+- :uint64
+- :flowSelectedOctetDeltaCount
+392:
+- :uint64
+- :flowSelectedPacketDeltaCount
+393:
+- :uint64
+- :flowSelectedFlowDeltaCount
+394:
+- :uint64
+- :selectorIDTotalFlowsObserved
+395:
+- :uint64
+- :selectorIDTotalFlowsSelected
+396:
+- :uint64
+- :samplingFlowInterval
+397:
+- :uint64
+- :samplingFlowSpacing
+398:
+- :uint64
+- :flowSamplingTimeInterval
+399:
+- :uint64
+- :flowSamplingTimeSpacing
+400:
+- :uint16
+- :hashFlowDomain
+401:
+- :uint64
+- :transportOctetDeltaCount
+402:
+- :uint64
+- :transportPacketDeltaCount
+403:
+- :ip4_addr
+- :originalExporterIPv4Address
+404:
+- :ip6_addr
+- :originalExporterIPv6Address
+405:
+- :uint32
+- :originalObservationDomainId
+406:
+- :uint32
+- :intermediateProcessId
+407:
+- :uint64
+- :ignoredDataRecordTotalCount
+408:
+- :uint16
+- :dataLinkFrameType
+409:
+- :uint16
+- :sectionOffset
+410:
+- :uint16
+- :sectionExportedOctets
+411:
+- :string
+- :dot1qServiceInstanceTag
+412:
+- :uint32
+- :dot1qServiceInstanceId
+413:
+- :uint8
+- :dot1qServiceInstancePriority
+414:
+- :mac_addr
+- :dot1qCustomerSourceMacAddress
+415:
+- :mac_addr
+- :dot1qCustomerDestinationMacAddress
+417:
+- :uint64
+- :postLayer2OctetDeltaCount
+418:
+- :uint64
+- :postMCastLayer2OctetDeltaCount
+420:
+- :uint64
+- :postLayer2OctetTotalCount
+421:
+- :uint64
+- :postMCastLayer2OctetTotalCount
+422:
+- :uint64
+- :minimumLayer2TotalLength
+423:
+- :uint64
+- :maximumLayer2TotalLength
+424:
+- :uint64
+- :droppedLayer2OctetDeltaCount
+425:
+- :uint64
+- :droppedLayer2OctetTotalCount
+426:
+- :uint64
+- :ignoredLayer2OctetTotalCount
+427:
+- :uint64
+- :notSentLayer2OctetTotalCount
+428:
+- :uint64
+- :layer2OctetDeltaSumOfSquares
+429:
+- :uint64
+- :layer2OctetTotalSumOfSquares
+430:
+- :uint64
+- :layer2FrameDeltaCount
+431:
+- :uint64
+- :layer2FrameTotalCount
+432:
+- :ip4_addr
+- :pseudoWireDestinationIPv4Address
+433:
+- :uint64
+- :ignoredLayer2FrameTotalCount
+8192:
+- :uint32
+- :streamcore_wan_rtt
+8193:
+- :uint32
+- :streamcore_net_app_resp_time
+8194:
+- :uint32
+- :streamcore_total_app_resp_time
+8195:
+- :uint16
+- :streamcore_tcp_retrans_rate
+8196:
+- :uint8
+- :streamcore_call_direction
+8256:
+- :string
+- :streamcore_hostname
+8257:
+- :string
+- :streamcore_url
+8258:
+- :string
+- :streamcore_ssl_cn
+8259:
+- :string
+- :streamcore_ssl_org
+8320:
+- :uint16
+- :streamcore_mos_lq
+8321:
+- :uint16
+- :streamcore_net_delay
+8322:
+- :uint16
+- :streamcore_net_loss
+8323:
+- :uint16
+- :streamcore_net_jitter
+8324:
+- :uint16
+- :streamcore_net_discard
+8325:
+- :uint8
+- :streamcore_rtp_clockrate_in
+8326:
+- :uint8
+- :streamcore_rtp_clockrate_out
+8327:
+- :uint8
+- :streamcore_codec_in
+8328:
+- :uint8
+- :streamcore_codec_out
+8384:
+- :uint32
+- :streamcore_id_rule_1
+8385:
+- :uint32
+- :streamcore_id_rule_2
+8386:
+- :uint32
+- :streamcore_id_rule_3
+8387:
+- :uint32
+- :streamcore_id_rule_4
+8388:
+- :uint32
+- :streamcore_id_rule_5
+8389:
+- :uint32
+- :streamcore_id_rule_6
+8390:
+- :uint32
+- :streamcore_id_rule_7
+8391:
+- :uint32
+- :streamcore_id_rule_8
+8392:
+- :uint32
+- :streamcore_id_rule_9
+8393:
+- :uint32
+- :streamcore_id_rule_10
+20000:
+- :uint16
+- :wlan_id
+33000:
+- :acl_id_asa
+- :ingress_acl_id
+33001:
+- :acl_id_asa
+- egress_acl_id
+33002:
+- :uint16
+- :fw_ext_event
+40000:
+- :string
+- :username
+40001:
+- :ip4_addr
+- :xlate_src_addr_ipv4
+40002:
+- :ip4_addr
+- :xlate_dst_addr_ipv4
+40003:
+- :uint16
+- :xlate_src_port
+40004:
+- :uint16
+- :xlate_dst_port
+40005:
+- :uint8
+- :fw_event
+51130:
+- :uint8
+- :rb_unk_51130
+56701:
+- :string
+- :app_id
+56702:
+- :string
+- :user_id
+57590:
+- :uint16
+- :nprobe_proto
+57591:
+- :string
+- :nprobe_proto_name
diff --git a/logstash/elastiflow/dictionaries/app_id.yml b/logstash/elastiflow/dictionaries/app_id.yml
index 7423bc0..f691e42 100644
--- a/logstash/elastiflow/dictionaries/app_id.yml
+++ b/logstash/elastiflow/dictionaries/app_id.yml
@@ -145,6 +145,8 @@
 "cisco_nbar2__1..96": "Semaphore Communications Sec. Pro."
 "cisco_nbar2__1..97": "Ethernet-within-IP Encapsulation"
 "cisco_nbar2__1..98": "Encapsulation Header"
+"cisco_nbar2__13..0": "Unclassified Traffic"
+"cisco_nbar2__13..1": "Unknown Traffic"
 "cisco_nbar2__13..100": "VNC"
 "cisco_nbar2__13..1007": "iPass"
 "cisco_nbar2__13..1017": "Avast Antivirus"
@@ -338,7 +340,6 @@
 "cisco_nbar2__13..472": "Steam"
 "cisco_nbar2__13..473": "Active Directory"
 "cisco_nbar2__13..475": "IP Messenger"
-"cisco_nbar2__13..475": "IP Messenger"
 "cisco_nbar2__13..476": "Vmware View"
 "cisco_nbar2__13..479": "Ping"
 "cisco_nbar2__13..480": "LiveStation"
@@ -708,8 +709,7 @@
 "cisco_nbar2__13..84": "SAP"
 "cisco_nbar2__13..9": "Internet Protocol Security"
 "cisco_nbar2__3..10000": "Network Data Management Protocol"
-#"cisco_nbar2__3..10080": "AMANDA"
-"cisco_nbar2__3..10080": "Hamachi VPN Application"
+"cisco_nbar2__3..10080": "AMANDA"
 "cisco_nbar2__3..101": "NIC Internet Hostname Server"
 "cisco_nbar2__3..1010": "Speeded Up Robust Feature"
 "cisco_nbar2__3..102": "ISO Transport Service Access Point"
diff --git a/logstash/elastiflow/dictionaries/ifName.yml b/logstash/elastiflow/dictionaries/ifName.yml
new file mode 100644
index 0000000..d00006b
--- /dev/null
+++ b/logstash/elastiflow/dictionaries/ifName.yml
@@ -0,0 +1,19 @@
+#------------------------------------------------------------------------------
+# Copyright (C)2018 Robert Cowart
+# 
+# The contents of this file and/or repository are subject to the Robert Cowart
+# Public License (the "License") and may not be used or distributed except in
+# compliance with the License. You may obtain a copy of the License at:
+# 
+# http://www.koiossian.com/public/robert_cowart_public_license.txt
+# 
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
+# the specific language governing rights and limitations under the License.
+# 
+# The Original Source Code was developed by Robert Cowart. Portions created by
+# Robert Cowart are Copyright (C)2018 Robert Cowart. All Rights Reserved.
+#------------------------------------------------------------------------------
+
+# Example
+"192.0.2.11::ifName.2": "eth0"
diff --git a/logstash/elastiflow/dictionaries/riverbed_fe_type.yml b/logstash/elastiflow/dictionaries/riverbed_fe_type.yml
new file mode 100644
index 0000000..cee6d55
--- /dev/null
+++ b/logstash/elastiflow/dictionaries/riverbed_fe_type.yml
@@ -0,0 +1,23 @@
+#------------------------------------------------------------------------------
+# Copyright (C)2018 Robert Cowart
+# 
+# The contents of this file and/or repository are subject to the Robert Cowart
+# Public License (the "License") and may not be used or distributed except in
+# compliance with the License. You may obtain a copy of the License at:
+# 
+# http://www.koiossian.com/public/robert_cowart_public_license.txt
+# 
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
+# the specific language governing rights and limitations under the License.
+# 
+# The Original Source Code was developed by Robert Cowart. Portions created by
+# Robert Cowart are Copyright (C)2018 Robert Cowart. All Rights Reserved.
+#------------------------------------------------------------------------------
+
+# client-side SteelHead
+"1": "CFE"
+# mid SteelHead
+"2": "MFE"
+# server-side SteelHead
+"3": "SFE"
diff --git a/logstash/elastiflow/dictionaries/riverbed_passthru_reason.yml b/logstash/elastiflow/dictionaries/riverbed_passthru_reason.yml
new file mode 100644
index 0000000..199555b
--- /dev/null
+++ b/logstash/elastiflow/dictionaries/riverbed_passthru_reason.yml
@@ -0,0 +1,72 @@
+#------------------------------------------------------------------------------
+# Copyright (C)2018 Robert Cowart
+# 
+# The contents of this file and/or repository are subject to the Robert Cowart
+# Public License (the "License") and may Not be used or distributed except in
+# compliance with the License. You may obtain a copy of the License at:
+# 
+# http://www.koiossian.com/public/robert_cowart_public_license.txt
+# 
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
+# the specific language governing rights and limitations under the License.
+# 
+# The Original Source Code was developed by Robert Cowart. Portions created by
+# Robert Cowart are Copyright (C)2018 Robert Cowart. All Rights Reserved.
+#------------------------------------------------------------------------------
+
+"0": "None"
+"1": "Preexisting Connection"
+"2": "Connection Paused"
+"3": "SYN on WAN Side"
+"4": "In-Path Rule"
+"5": "Peering Rule"
+"6": "Inner Failed to Establish"
+"7": "Peer in Fixed-Target Rule Down"
+"8": "No SteelHead on Path to Server"
+"9": "No Route for Probe Response"
+"10": "Out of Memory"
+"11": "No Room for more TCP Options"
+"12": "No Proxy Port for Probe Response"
+"13": "RX Probe from Failover Buddy"
+"14": "Asymmetric Routing"
+"15": "Middle SteelHead"
+"16": "Error Connecting to Server"
+"17": "Half Open Connections Above Limit"
+"18": "Connection Count Above QoS Limit"
+"19": "Reached Maximum TTL"
+"20": "Incompatible Probe Version"
+"21": "Too Many Retransmitted SYNs"
+"22": "Connection Initiated by Neighbor"
+"23": "Connection for Local Host"
+"24": "Unknown Reason"
+"25": "Connection from Proxy Target"
+"26": "SYN before SFE Outer Completes"
+"27": "Transparent Inner on Wrong VLAN"
+"28": "Transparent Inner Not for this Host"
+"29": "Error on Neighbor Side"
+"30": "SYN/ACK, but No SYN"
+"31": "Transparency Packet from Self"
+"32": "System Heavily Loaded"
+"33": "SYN/ACK at MFE Not SFE"
+"34": "Windows Branch Mode Detected"
+"35": "Transparent RST to Reset Firewall State"
+"36": "Error on SSL Inner Channel"
+"37": "Ricochet Packet of Optimized Connection"
+"38": "MAPI Admission Control"
+"39": "SYN or RST Packet Contains Data"
+"40": "Failed to Discover SCPS Device"
+"41": "No Matching Client/Server IPv6 Scope"
+"42": "Failed to Create SPort Outer Channel"
+"43": "Flows Not Matching In-Path Rule"
+"44": "Packet Mode Channel Setup Pending"
+"45": "Peer Does Not Support Packet-Mode Optimization"
+"46": "Generic Flow Error"
+"47": "Failed to Cache Sock Pointer"
+"48": "Packet Mode Optimization Disabled"
+"49": "Optimizing Local Connections Only"
+"50": "Probe Packet of Optimized Connection"
+"51": "IPv6 Connection Forwarding Requires Multi-Interface Support"
+"52": "Neighbor Does Not Support IPv6"
+"53": "Reached the Hard Limit for Number of Entries"
+"54": "Connection or Flow from GRE IPv4 Tunnel"
diff --git a/logstash/elastiflow/dictionaries/riverbed_wan_visibility.yml b/logstash/elastiflow/dictionaries/riverbed_wan_visibility.yml
new file mode 100644
index 0000000..a497d35
--- /dev/null
+++ b/logstash/elastiflow/dictionaries/riverbed_wan_visibility.yml
@@ -0,0 +1,20 @@
+#------------------------------------------------------------------------------
+# Copyright (C)2018 Robert Cowart
+# 
+# The contents of this file and/or repository are subject to the Robert Cowart
+# Public License (the "License") and may not be used or distributed except in
+# compliance with the License. You may obtain a copy of the License at:
+# 
+# http://www.koiossian.com/public/robert_cowart_public_license.txt
+# 
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
+# the specific language governing rights and limitations under the License.
+# 
+# The Original Source Code was developed by Robert Cowart. Portions created by
+# Robert Cowart are Copyright (C)2018 Robert Cowart. All Rights Reserved.
+#------------------------------------------------------------------------------
+
+"0": "Correct Addressing"
+"1": "Port Transparency"
+"2": "Full Transparency"
diff --git a/logstash/elastiflow/geoipdbs/GeoLite2-ASN.mmdb b/logstash/elastiflow/geoipdbs/GeoLite2-ASN.mmdb
index b323678..d8fc335 100644
Binary files a/logstash/elastiflow/geoipdbs/GeoLite2-ASN.mmdb and b/logstash/elastiflow/geoipdbs/GeoLite2-ASN.mmdb differ
diff --git a/logstash/elastiflow/geoipdbs/GeoLite2-City.mmdb b/logstash/elastiflow/geoipdbs/GeoLite2-City.mmdb
index db71460..6de839a 100644
Binary files a/logstash/elastiflow/geoipdbs/GeoLite2-City.mmdb and b/logstash/elastiflow/geoipdbs/GeoLite2-City.mmdb differ
diff --git a/logstash/elastiflow/templates/elastiflow.template.json b/logstash/elastiflow/templates/elastiflow.template.json
index 975f8a1..8c3620c 100755
--- a/logstash/elastiflow/templates/elastiflow.template.json
+++ b/logstash/elastiflow/templates/elastiflow.template.json
@@ -1,7 +1,7 @@
 {
   "order": 0,
-  "version": 30100,
-  "index_patterns": "elastiflow-3.1.0-*",
+  "version": 30200,
+  "index_patterns": "elastiflow-3.2.0-*",
   "settings": {
     "index": {
       "number_of_shards": 3,
@@ -10512,6 +10512,134 @@
             }
           }
         },
+        {
+          "netflow.rb_cfe_inpath_addr": {
+            "path_match": "netflow.rb_cfe_inpath_addr",
+            "mapping": {
+              "type": "ip"
+            }
+          }
+        },
+        {
+          "netflow.rb_cfe_tcp_port": {
+            "path_match": "netflow.rb_cfe_tcp_port",
+            "mapping": {
+              "type": "long"
+            }
+          }
+        },
+        {
+          "netflow.rb_cfe_tcp_port_name": {
+            "path_match": "netflow.rb_cfe_tcp_port_name",
+            "mapping": {
+              "type": "keyword"
+            }
+          }
+        },
+        {
+          "netflow.rb_fe_type": {
+            "path_match": "netflow.rb_fe_type",
+            "mapping": {
+              "type": "keyword"
+            }
+          }
+        },
+        {
+          "netflow.rb_outer_inpath_addr": {
+            "path_match": "netflow.rb_outer_inpath_addr",
+            "mapping": {
+              "type": "ip"
+            }
+          }
+        },
+        {
+          "netflow.rb_outer_tcp_port": {
+            "path_match": "netflow.rb_outer_tcp_port",
+            "mapping": {
+              "type": "long"
+            }
+          }
+        },
+        {
+          "netflow.rb_outer_tcp_port_name": {
+            "path_match": "netflow.rb_outer_tcp_port_name",
+            "mapping": {
+              "type": "keyword"
+            }
+          }
+        },
+        {
+          "netflow.rb_passthru_reason": {
+            "path_match": "netflow.rb_passthru_reason",
+            "mapping": {
+              "type": "keyword"
+            }
+          }
+        },
+        {
+          "netflow.rb_retrans_bytes": {
+            "path_match": "netflow.rb_retrans_bytes",
+            "mapping": {
+              "type": "long"
+            }
+          }
+        },
+        {
+          "netflow.rb_retrans_pkts": {
+            "path_match": "netflow.rb_retrans_pkts",
+            "mapping": {
+              "type": "long"
+            }
+          }
+        },
+        {
+          "netflow.rb_sfe_inpath_addr": {
+            "path_match": "netflow.rb_sfe_inpath_addr",
+            "mapping": {
+              "type": "ip"
+            }
+          }
+        },
+        {
+          "netflow.rb_sfe_tcp_port": {
+            "path_match": "netflow.rb_sfe_tcp_port",
+            "mapping": {
+              "type": "long"
+            }
+          }
+        },
+        {
+          "netflow.rb_sfe_tcp_port_name": {
+            "path_match": "netflow.rb_sfe_tcp_port_name",
+            "mapping": {
+              "type": "keyword"
+            }
+          }
+        },
+        {
+          "netflow.rb_tcp_conn_rtt": {
+            "path_match": "netflow.rb_tcp_conn_rtt",
+            "mapping": {
+              "type": "long"
+            }
+          }
+        },
+        {
+          "netflow.rb_unk_51130": {
+            "path_match": "netflow.rb_unk_51130",
+            "mapping": {
+              "type": "long"
+            }
+          }
+        },
+        {
+          "netflow.rb_wan_visibility": {
+            "path_match": "netflow.rb_wan_visibility",
+            "mapping": {
+              "type": "keyword"
+            }
+          }
+        },
         {
           "netflow.relativeError": {
             "path_match": "netflow.relativeError",
@@ -12149,6 +12277,9 @@
             "dst_rep_tags": {
               "type": "keyword"
             },
+            "input_ifname": {
+              "type": "keyword"
+            },
             "input_snmp": {
               "type": "keyword"
             },
@@ -12161,6 +12292,9 @@
             "next_hop": {
               "type": "ip"
             },
+            "output_ifname": {
+              "type": "keyword"
+            },
             "output_snmp": {
               "type": "keyword"
             },
diff --git a/profile.d/elastiflow.sh b/profile.d/elastiflow.sh
index 781db6b..5ddf02f 100644
--- a/profile.d/elastiflow.sh
+++ b/profile.d/elastiflow.sh
@@ -17,6 +17,7 @@
 
 # ElastiFlow global configuration
 export ELASTIFLOW_DICT_PATH=/etc/logstash/elastiflow/dictionaries
+export ELASTIFLOW_DEFINITION_PATH=/etc/logstash/elastiflow/definitions
 export ELASTIFLOW_TEMPLATE_PATH=/etc/logstash/elastiflow/templates
 export ELASTIFLOW_GEOIP_DB_PATH=/etc/logstash/elastiflow/geoipdbs
 export ELASTIFLOW_GEOIP_CACHE_SIZE=8192
@@ -25,6 +26,7 @@ export ELASTIFLOW_ASN_LOOKUP=true
 export ELASTIFLOW_KEEP_ORIG_DATA=true
 export ELASTIFLOW_DEFAULT_APPID_SRCTYPE=__UNKNOWN
 
+
 # Name resolution option
 export ELASTIFLOW_RESOLVE_IP2HOST=false
 export ELASTIFLOW_NAMESERVER=127.0.0.1
@@ -33,14 +35,24 @@ export ELASTIFLOW_DNS_HIT_CACHE_TTL=900
 export ELASTIFLOW_DNS_FAILED_CACHE_SIZE=75000
 export ELASTIFLOW_DNS_FAILED_CACHE_TTL=3600
 
+
 # Elasticsearch connection settings
-#   - If you need Logstash to connect to one of an array of servers, you must edit the output directly.
-#   - If ELASTIFLOW_ES_SSL_VERIFY is true then you must edit the output and set the path where the cacert can be found.
+export ELASTIFLOW_ES_USER=elastic
+export ELASTIFLOW_ES_PASSWD=changeme
+
+# If you need Logstash to connect to only one Elasticsearch server, use the following environment variable.
 export ELASTIFLOW_ES_HOST=127.0.0.1:9200
+
+# If you need Logstash to connect to one of an array of three Elasticsearch servers, use the following environment variables.
+# It is also necessary to rename the output files to disable single node output, and enable multi-node.
+export ELASTIFLOW_ES_HOST_1=127.0.0.1:9200
+export ELASTIFLOW_ES_HOST_2=127.0.0.2:9200
+export ELASTIFLOW_ES_HOST_3=127.0.0.3:9200
+
+# If ELASTIFLOW_ES_SSL_VERIFY is true then you must edit the output and set the path where the cacert can be found.
 export ELASTIFLOW_ES_SSL_ENABLE=false
 export ELASTIFLOW_ES_SSL_VERIFY=false
-export ELASTIFLOW_ES_USER=elastic
-export ELASTIFLOW_ES_PASSWD=changeme
+
 
 # Netflow - IPv4
 export ELASTIFLOW_NETFLOW_IPV4_HOST=0.0.0.0
@@ -51,10 +63,12 @@ export ELASTIFLOW_NETFLOW_IPV6_PORT=52055
 # Netflow - UDP input options
 export ELASTIFLOW_NETFLOW_UDP_WORKERS=4
 export ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE=4096
+export ELASTIFLOW_NETFLOW_UDP_RCV_BUFF=33554432
 # Netflow timestamp options
 export ELASTIFLOW_NETFLOW_LASTSW_TIMESTAMP=false
 export ELASTIFLOW_NETFLOW_TZ=UTC
 
+
 # sFlow - IPv4
 export ELASTIFLOW_SFLOW_IPV4_HOST=0.0.0.0
 export ELASTIFLOW_SFLOW_IPV4_PORT=6343
@@ -64,6 +78,8 @@ export ELASTIFLOW_SFLOW_IPV6_PORT=56343
 # sFlow - UDP input options
 export ELASTIFLOW_SFLOW_UDP_WORKERS=4
 export ELASTIFLOW_SFLOW_UDP_QUEUE_SIZE=4096
+export ELASTIFLOW_SFLOW_UDP_RCV_BUFF=33554432
+
 
 # IPFIX - IPv4
 export ELASTIFLOW_IPFIX_TCP_IPV4_HOST=0.0.0.0
@@ -78,3 +94,4 @@ export ELASTIFLOW_IPFIX_UDP_IPV6_PORT=54739
 # IPFIX - UDP input options
 export ELASTIFLOW_IPFIX_UDP_WORKERS=4
 export ELASTIFLOW_IPFIX_UDP_QUEUE_SIZE=4096
+export ELASTIFLOW_IPFIX_UDP_RCV_BUFF=33554432