Can't upload content pack


#1

Hello, new to Graylog and trying to upload a .json file that was created using the built in content pack creator by a coworker and I’m just getting “Error importing content pack, please ensure it is a valid JSON file. Check your Graylog logs for more information.”

Here is the content of it. Any help?

{
"name": "AD Dashboards",
"description": "Various Useful AD Dashboards",
"category": "Dashboards",
"inputs": [],
"streams": [{
	"id": "59b7f7971fa689447fbf0141",
	"title": "Domain Admin Failed Logins",
	"description": "da_* failures",
	"disabled": false,
	"matching_type": "AND",
	"stream_rules": [{
		"type": "EXACT",
		"field": "EventID",
		"value": "4625",
		"inverted": false,
		"description": ""
	}, {
		"type": "REGEX",
		"field": "TargetUserName",
		"value": "(da_+)",
		"inverted": false,
		"description": ""
	}],
	"outputs": [],
	"default_stream": false
}, {
	"id": "59c1371a1fa689035f4bc4ce",
	"title": "Domain Admin Group Add/Remove",
	"description": "add/remove EventIDs from \"Domain Admins\" security group",
	"disabled": false,
	"matching_type": "AND",
	"stream_rules": [{
		"type": "REGEX",
		"field": "EventID",
		"value": "(4728|4729|4756|4757)",
		"inverted": false,
		"description": ""
	}, {
		"type": "REGEX",
		"field": "TargetUserName",
		"value": "(Domain Admins|Administrators|Enterprise Admins|Schema Admins|Group Policy Creator Owners)",
		"inverted": false,
		"description": ""
	}],
	"outputs": [],
	"default_stream": false
}],
"outputs": [],
"dashboards": [{
	"title": "AD Object Summary (7d)",
	"description": "Computer, DNS and Group Objects",
	"dashboard_widgets": [{
		"description": "DNS Object by User",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:5137 AND ObjectClass:dnsNode AND created AND NOT (SubjectUserName:.*$ OR SubjectUserName:SYSTEM OR SubjectUserName:\\-)",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "ObjectDN",
			"data_table_limit": 50
		},
		"col": 1,
		"row": 2,
		"height": 1,
		"width": 3
	}, {
		"description": "DNS Deleted objects source",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "dns_name",
			"query": "((EventID:5136 AND AttributeLDAPDisplayName:dNSTombstoned) OR (EventID:5141)) AND ObjectClass:dnsNode AND deleted AND NOT (SubjectUserName:.*$ OR SubjectUserName:SYSTEM)",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "",
			"data_table_limit": 50
		},
		"col": 3,
		"row": 3,
		"height": 3,
		"width": 1
	}, {
		"description": "AD Computer Objects Changed",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": false,
			"query": "EventID:4742"
		},
		"col": 1,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Group Membership Changes by User",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:4728 OR EventID:4729 OR EventID:4732 OR EventID:4733 OR EventID:4756 OR EventID:4757",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "TargetUserName",
			"data_table_limit": 50
		},
		"col": 1,
		"row": 3,
		"height": 2,
		"width": 1
	}, {
		"description": "User Accounts Created By",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:624 OR EventID:4720",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "TargetUserName",
			"data_table_limit": 50
		},
		"col": 2,
		"row": 3,
		"height": 3,
		"width": 1
	}, {
		"description": "Accounts Deleted by User",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:630 OR EventID:4726",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "TargetUserName",
			"data_table_limit": 50
		},
		"col": 4,
		"row": 4,
		"height": 2,
		"width": 1
	}, {
		"description": "Accounts Locked And Source",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "TargetUserName",
			"query": "EventID:4740",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "TargetDomainName",
			"data_table_limit": 50
		},
		"col": 5,
		"row": 1,
		"height": 3,
		"width": 1
	}, {
		"description": "Who Unlocked Accounts",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:4767",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": true,
			"sort_order": "desc",
			"stacked_fields": "TargetUserName",
			"data_table_limit": 50
		},
		"col": 4,
		"row": 1,
		"height": 3,
		"width": 1
	}]
}, {
	"title": "AD Summary Counters (7d)",
	"description": "AD Summary (7d)",
	"dashboard_widgets": [{
		"description": "Account Lockouts ",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:4740"
		},
		"col": 2,
		"row": 1,
		"height": 0,
		"width": 0
	}, {
		"description": "Account Creations",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:631 OR EventID:635 OR EventID:658 OR EventID:4727 OR EventID:4731 OR EventID:4754"
		},
		"col": 1,
		"row": 1,
		"height": 0,
		"width": 0
	}, {
		"description": "Groups Created",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:631 OR EventID:635 OR EventID:658 OR EventID:4727 OR EventID:4731 OR EventID:4754"
		},
		"col": 3,
		"row": 1,
		"height": 0,
		"width": 0
	}, {
		"description": "Account Deletions",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:630 OR EventID:4726"
		},
		"col": 1,
		"row": 2,
		"height": 0,
		"width": 0
	}, {
		"description": "Account Unlocks",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:4767"
		},
		"col": 2,
		"row": 2,
		"height": 0,
		"width": 0
	}, {
		"description": "Group Membership Changes",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:4728 OR EventID:4729 OR EventID:4732 OR EventID:4733 OR EventID:4756 OR EventID:4757"
		},
		"col": 3,
		"row": 2,
		"height": 0,
		"width": 0
	}, {
		"description": "Group Modifications",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "((EventID:4764 OR EventID:4735 OR EventID:4737 OR EventID:4755) AND NOT SamAccountName:\\-)"
		},
		"col": 4,
		"row": 2,
		"height": 0,
		"width": 0
	}, {
		"description": "Groups Deleted",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:634 OR EventID:638 OR EventID:662 OR EventID:4730 OR EventID:4734 OR EventID:4758"
		},
		"col": 4,
		"row": 1,
		"height": 0,
		"width": 0
	}]
}, {
	"title": "DD Windows Logins 24hr Summary ",
	"description": "Indepth look at stats pertaining Windows accounts",
	"dashboard_widgets": [{
		"description": "Windows Account Lockouts 24hr",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4740 AND Category:\"User Account Management\""
		},
		"col": 2,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Accounts Unlocked",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4767 AND Category:\"User Account Management\""
		},
		"col": 1,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Account Lockout Sources",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "source",
			"show_pie_chart": false,
			"query": "EventID:4740 AND Category:\"User Account Management\"",
			"show_data_table": true
		},
		"col": 4,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Top Sources FLA",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "source",
			"show_pie_chart": false,
			"query": "EventID:4625",
			"show_data_table": true
		},
		"col": 3,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Failed Logon Attempts - All Sources 24hr",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4625"
		},
		"col": 1,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "FLA Top Accounts",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"show_pie_chart": false,
			"query": "EventID:4625",
			"show_data_table": true
		},
		"col": 3,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Database(SQL) Failed Logins 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "(source:br\\-sql08dev.hab\\-inc.com OR source:br\\-sql2.hab\\-inc.com OR source:bos1-kfxsql.hab-inc.com OR source:bos1-sql3dev.hab-inc.com OR source:bos1-sql2008.hab-inc.com OR source:bos1-sql2008.hab-inc.com OR source:br-projectsql.hab-inc.com OR source:bos1-tmssql2.hab-inc.com OR source:bos1-mediussql.hab-inc.com OR source:bos1-crmsql2.hab-inc.com OR source:br-kfxsql.hab-inc.com)AND EventID:4625 "
		},
		"col": 2,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Top Database Sources ",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "source",
			"show_pie_chart": false,
			"query": "(source:br\\-sql08dev.hab\\-inc.com OR source:br\\-sql2.hab\\-inc.com OR source:bos1-kfxsql.hab-inc.com OR source:bos1-sql3dev.hab-inc.com OR source:bos1-sql2008.hab-inc.com OR source:bos1-sql2008.hab-inc.com OR source:br-projectsql.hab-inc.com OR source:bos1-tmssql2.hab-inc.com OR source:bos1-mediussql.hab-inc.com OR source:bos1-crmsql2.hab-inc.com OR source:br-kfxsql.hab-inc.com)AND EventID:4625 ",
			"show_data_table": true
		},
		"col": 3,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Admin Failed Logins",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 432000
			},
			"lower_is_better": true,
			"trend": true,
			"query": "TargetUserName:Administrator AND EventID:4625"
		},
		"col": 1,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Unlocked Top Users",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"show_pie_chart": false,
			"query": "EventID:4767 AND Category:\"User Account Management\"",
			"show_data_table": true
		},
		"col": 4,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Lockout Accounts",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"show_pie_chart": false,
			"query": "EventID:4740 AND Category:\"User Account Management\"",
			"show_data_table": true
		},
		"col": 4,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Admin Account Lockout",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"query": "EventID:4740 AND (TargetUserName:cstein OR TargetUserName:candress OR TargetUserName:csakasits OR TargetUserName:jramirez OR TargetUserName:psawka OR TargetUserName:dfritz OR TargetUserName:mbaker OR TargetUserName:rtalarico OR TargetUserName:rsmith)",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "",
			"data_table_limit": 50
		},
		"col": 2,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Failed DA logons",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"stream_id": "59b7f7971fa689447fbf0141",
			"query": "",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": true,
			"sort_order": "desc",
			"stacked_fields": "",
			"data_table_limit": 50
		},
		"col": 0,
		"row": 0,
		"height": 0,
		"width": 0
	}]
}, {
	"title": "AD Logon Summary (2h)",
	"description": "AD Logon Summary (2h)",
	"dashboard_widgets": [{
		"description": "Interactive Logins By User",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "TargetUserName",
			"show_pie_chart": false,
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))",
			"show_data_table": true
		},
		"col": 1,
		"row": 6,
		"height": 3,
		"width": 1
	}, {
		"description": "Interactive Logins By IP",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "IpAddress",
			"show_pie_chart": false,
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))",
			"show_data_table": true
		},
		"col": 2,
		"row": 6,
		"height": 3,
		"width": 1
	}, {
		"description": "Interactive Logins By Destination",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "WorkstationName",
			"show_pie_chart": false,
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))",
			"show_data_table": true
		},
		"col": 3,
		"row": 6,
		"height": 3,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts By User IP",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "IpAddress",
			"show_pie_chart": false,
			"query": "EventID:4625",
			"show_data_table": true
		},
		"col": 2,
		"row": 2,
		"height": 3,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts By Source",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "source",
			"show_pie_chart": false,
			"query": "EventID:4625",
			"show_data_table": true
		},
		"col": 3,
		"row": 2,
		"height": 3,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts",
		"type": "SEARCH_RESULT_CHART",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"interval": "minute",
			"query": "EventID:4625"
		},
		"col": 1,
		"row": 1,
		"height": 1,
		"width": 2
	}, {
		"description": "Interactive Logons",
		"type": "SEARCH_RESULT_CHART",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"interval": "minute",
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))"
		},
		"col": 1,
		"row": 5,
		"height": 1,
		"width": 2
	}, {
		"description": "Interactive Logins",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"lower_is_better": false,
			"trend": false,
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))"
		},
		"col": 3,
		"row": 5,
		"height": 1,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts By User",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "TargetUserName",
			"query": "EventID:4625 AND NOT TargetUserName:\"John DeRemer\" AND NOT TargetUserName:\"MAAS360cloud1@berkheimeronesource.onmicrosoft.com\"",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"data_table_limit": 20
		},
		"col": 1,
		"row": 2,
		"height": 3,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4625 AND NOT TargetUserName:\"John DeRemer\" AND NOT TargetUserName:\"MAAS360cloud1@berkheimeronesource.onmicrosoft.com\" AND NOT WorkstationName:\"BR-EX2010\""
		},
		"col": 3,
		"row": 1,
		"height": 1,
		"width": 1
	}]
}, {
	"title": "DD Windows Accounts 24hr Summary",
	"description": "Indepth look at modifcations, creations, and deletions of Windows Accounts",
	"dashboard_widgets": [{
		"description": "Accounts Deleted 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4743"
		},
		"col": 1,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Groups Changed 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "((EventID:4764 OR EventID:4735 OR EventID:4737 OR EventID:4755) AND NOT SamAccountName:\\-) "
		},
		"col": 2,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Groups Created 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "(EventID:631 OR EventID:635 OR EventID:658 OR EventID:4727 OR EventID:4731 OR EventID:4754)"
		},
		"col": 2,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Accounts Changed 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4742"
		},
		"col": 1,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Accounts Created 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4741"
		},
		"col": 1,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Groups Deleted 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "(EventID:634 OR EventID:638 OR EventID:662 OR EventID:4730 OR EventID:4734 OR EventID:4758 )"
		},
		"col": 2,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Admin Account Events",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "Category",
			"query": "(EventID:4672) OR (Category:\"User Account Management\") OR (EventID:4740 AND Category:\"User Account Management\")",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "SubjectUserName",
			"data_table_limit": 50
		},
		"col": 3,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Attempt to Change Password",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "SubjectUserName",
			"query": "EventID:4723",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "EventType",
			"data_table_limit": 50
		},
		"col": 3,
		"row": 2,
		"height": 2,
		"width": 1
	}, {
		"description": "Admin Accounts Added",
		"type": "STREAM_SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": false,
			"stream_id": "59c1371a1fa689035f4bc4ce",
			"trend": false,
			"query": ""
		},
		"col": 4,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Password Resets",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "TargetUserName",
			"query": "EventID:4724",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "SubjectUserName",
			"data_table_limit": 50
		},
		"col": 4,
		"row": 2,
		"height": 2,
		"width": 1
	}]
}],
"grok_patterns": [],
"lookup_tables": [],
"lookup_caches": [],
"lookup_data_adapters": []

}


(Jan Doberstein) #2

the above is not valid RFC - you might want to check the content of the content pack in a json validator like https://jsonformatter.curiousconcept.com/


#3

That site, and others I checked, say it’s valid.


(Jan Doberstein) #4

What does the Graylog server.log tell you at the moment you try to upload?


#5

I can’t find anything in the server.log that’s relevant when I try to upload. What is a term I can grep to narrow it down?


(system) #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.