diurnalist/kibana-dashboard

## kibana-dashboard
#!/bin/bash
set -eu -o pipefail

kibanaBaseUrl="$KIBANA_HOST/app/kibana?#/dashboard/$KIBANA_DASHBOARD"
kibanaGlobalParams="_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-1h,mode:quick,to:now))"

type="${1:-}"
shift

usage() {
  cat <<EOF
Usage: kibana <type> [terms]

Type:
  ip: get a summary URL for traffic from some IP/CIDRs
  path: get a summary URL for traffic on some path
  referer: get a summary URL for traffic from some referers
  ua: get a summary URL for traffic from some user agents

Examples:
  # See traffic from a given range
  kibana ip 10.0.0.0/8

  # See traffic from specific IPs
  kibana ip 10.0.0.1 10.0.0.10

  # See traffic on one endpoint (using wildcards)
  kibana path '/path/to/resource*'

  # See traffic from a referer (using wildcards)
  kibana referer 'https://*example.com*'

  # See traffic from a user agent (using wildcards)
  kibana ua '*Google Chrome*'
EOF
  exit 1
}

kibana_dashboard() {
  query="$1"
  echo "$kibanaBaseUrl?$kibanaGlobalParams&_a=(query:($query))"
}

create_ip_dashboard() {
  ips="$@"
  query=""
  delim="%20OR%20"
  for ip in $ips
  do
    if [[ "$ip" == *"/"* && "$ip" != *"/32" ]]; then
      # Expand CIDR
      query="${query}${delim}$(ipcalc "$ip" -b \
        | grep HostM \
        | awk 'NR==1 { printf "request_header_x_real_ip:%%5B" $2 "%%20TO%%20"; getline; print $2 "%5D" }')"
    else
      query="${query}${delim}request_header_x_real_ip:${ip%/32}"
    fi
  done
  kibana_dashboard "query_string:(query:%27$(sed 's/^%20OR%20//' <<<"$query")%27)"
}

create_referer_dashboard() {
  # Only allow passing single referer
  referer="$1"
  kibana_dashboard "wildcard:(request_header_referer:%27$referer%27)"
}

create_user_agent_dashboard() {
  # Only allow passing single user agent
  userAgent="$1"
  kibana_dashboard "wildcard:(request_header_user_agent:%27$userAgent%27)"
}

create_request_path_dashboard() {
  # Only allow passing single path
  path="$1"
  kibana_dashboard "wildcard:(http_request:%27$path%27)"
}

case $type in
  -h|--help)
  usage
  ;;
  ip)
  create_ip_dashboard "$@"
  ;;
  path)
  create_request_path_dashboard "$@"
  ;;
  referer)
  create_referer_dashboard "$@"
  ;;
  ua)
  create_user_agent_dashboard "$@"
  ;;
  *)
  usage
  ;;
esac
	#!/bin/bash
	set -eu -o pipefail

	kibanaBaseUrl="$KIBANA_HOST/app/kibana?#/dashboard/$KIBANA_DASHBOARD"
	kibanaGlobalParams="_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-1h,mode:quick,to:now))"

	type="${1:-}"
	shift

	usage() {
	cat <<EOF
	Usage: kibana <type> [terms]

	Type:
	ip: get a summary URL for traffic from some IP/CIDRs
	path: get a summary URL for traffic on some path
	referer: get a summary URL for traffic from some referers
	ua: get a summary URL for traffic from some user agents

	Examples:
	# See traffic from a given range
	kibana ip 10.0.0.0/8

	# See traffic from specific IPs
	kibana ip 10.0.0.1 10.0.0.10

	# See traffic on one endpoint (using wildcards)
	kibana path '/path/to/resource*'

	# See traffic from a referer (using wildcards)
	kibana referer 'https://example.com'

	# See traffic from a user agent (using wildcards)
	kibana ua 'Google Chrome'
	EOF
	exit 1
	}

	kibana_dashboard() {
	query="$1"
	echo "$kibanaBaseUrl?$kibanaGlobalParams&_a=(query:($query))"
	}

	create_ip_dashboard() {
	ips="$@"
	query=""
	delim="%20OR%20"
	for ip in $ips
	do
	if [[ "$ip" == "/" && "$ip" != *"/32" ]]; then
	# Expand CIDR
	query="${query}${delim}$(ipcalc "$ip" -b \
	\| grep HostM \
	\| awk 'NR==1 { printf "request_header_x_real_ip:%%5B" $2 "%%20TO%%20"; getline; print $2 "%5D" }')"
	else
	query="${query}${delim}request_header_x_real_ip:${ip%/32}"
	fi
	done
	kibana_dashboard "query_string:(query:%27$(sed 's/^%20OR%20//' <<<"$query")%27)"
	}

	create_referer_dashboard() {
	# Only allow passing single referer
	referer="$1"
	kibana_dashboard "wildcard:(request_header_referer:%27$referer%27)"
	}

	create_user_agent_dashboard() {
	# Only allow passing single user agent
	userAgent="$1"
	kibana_dashboard "wildcard:(request_header_user_agent:%27$userAgent%27)"
	}

	create_request_path_dashboard() {
	# Only allow passing single path
	path="$1"
	kibana_dashboard "wildcard:(http_request:%27$path%27)"
	}

	case $type in
	-h\|--help)
	usage
	;;
	ip)
	create_ip_dashboard "$@"
	;;
	path)
	create_request_path_dashboard "$@"
	;;
	referer)
	create_referer_dashboard "$@"
	;;
	ua)
	create_user_agent_dashboard "$@"
	;;
	*)
	usage
	;;
	esac