Can't upload content pack

wazlecracker · November 15, 2018, 7:10pm

Hello, new to Graylog and trying to upload a .json file that was created using the built in content pack creator by a coworker and I’m just getting “Error importing content pack, please ensure it is a valid JSON file. Check your Graylog logs for more information.”

Here is the content of it. Any help?

{
"name": "AD Dashboards",
"description": "Various Useful AD Dashboards",
"category": "Dashboards",
"inputs": [],
"streams": [{
	"id": "59b7f7971fa689447fbf0141",
	"title": "Domain Admin Failed Logins",
	"description": "da_* failures",
	"disabled": false,
	"matching_type": "AND",
	"stream_rules": [{
		"type": "EXACT",
		"field": "EventID",
		"value": "4625",
		"inverted": false,
		"description": ""
	}, {
		"type": "REGEX",
		"field": "TargetUserName",
		"value": "(da_+)",
		"inverted": false,
		"description": ""
	}],
	"outputs": [],
	"default_stream": false
}, {
	"id": "59c1371a1fa689035f4bc4ce",
	"title": "Domain Admin Group Add/Remove",
	"description": "add/remove EventIDs from \"Domain Admins\" security group",
	"disabled": false,
	"matching_type": "AND",
	"stream_rules": [{
		"type": "REGEX",
		"field": "EventID",
		"value": "(4728|4729|4756|4757)",
		"inverted": false,
		"description": ""
	}, {
		"type": "REGEX",
		"field": "TargetUserName",
		"value": "(Domain Admins|Administrators|Enterprise Admins|Schema Admins|Group Policy Creator Owners)",
		"inverted": false,
		"description": ""
	}],
	"outputs": [],
	"default_stream": false
}],
"outputs": [],
"dashboards": [{
	"title": "AD Object Summary (7d)",
	"description": "Computer, DNS and Group Objects",
	"dashboard_widgets": [{
		"description": "DNS Object by User",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:5137 AND ObjectClass:dnsNode AND created AND NOT (SubjectUserName:.*$ OR SubjectUserName:SYSTEM OR SubjectUserName:\\-)",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "ObjectDN",
			"data_table_limit": 50
		},
		"col": 1,
		"row": 2,
		"height": 1,
		"width": 3
	}, {
		"description": "DNS Deleted objects source",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "dns_name",
			"query": "((EventID:5136 AND AttributeLDAPDisplayName:dNSTombstoned) OR (EventID:5141)) AND ObjectClass:dnsNode AND deleted AND NOT (SubjectUserName:.*$ OR SubjectUserName:SYSTEM)",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "",
			"data_table_limit": 50
		},
		"col": 3,
		"row": 3,
		"height": 3,
		"width": 1
	}, {
		"description": "AD Computer Objects Changed",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": false,
			"query": "EventID:4742"
		},
		"col": 1,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Group Membership Changes by User",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:4728 OR EventID:4729 OR EventID:4732 OR EventID:4733 OR EventID:4756 OR EventID:4757",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "TargetUserName",
			"data_table_limit": 50
		},
		"col": 1,
		"row": 3,
		"height": 2,
		"width": 1
	}, {
		"description": "User Accounts Created By",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:624 OR EventID:4720",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "TargetUserName",
			"data_table_limit": 50
		},
		"col": 2,
		"row": 3,
		"height": 3,
		"width": 1
	}, {
		"description": "Accounts Deleted by User",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:630 OR EventID:4726",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "TargetUserName",
			"data_table_limit": 50
		},
		"col": 4,
		"row": 4,
		"height": 2,
		"width": 1
	}, {
		"description": "Accounts Locked And Source",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "TargetUserName",
			"query": "EventID:4740",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "TargetDomainName",
			"data_table_limit": 50
		},
		"col": 5,
		"row": 1,
		"height": 3,
		"width": 1
	}, {
		"description": "Who Unlocked Accounts",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "SubjectUserName",
			"query": "EventID:4767",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": true,
			"sort_order": "desc",
			"stacked_fields": "TargetUserName",
			"data_table_limit": 50
		},
		"col": 4,
		"row": 1,
		"height": 3,
		"width": 1
	}]
}, {
	"title": "AD Summary Counters (7d)",
	"description": "AD Summary (7d)",
	"dashboard_widgets": [{
		"description": "Account Lockouts ",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:4740"
		},
		"col": 2,
		"row": 1,
		"height": 0,
		"width": 0
	}, {
		"description": "Account Creations",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:631 OR EventID:635 OR EventID:658 OR EventID:4727 OR EventID:4731 OR EventID:4754"
		},
		"col": 1,
		"row": 1,
		"height": 0,
		"width": 0
	}, {
		"description": "Groups Created",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:631 OR EventID:635 OR EventID:658 OR EventID:4727 OR EventID:4731 OR EventID:4754"
		},
		"col": 3,
		"row": 1,
		"height": 0,
		"width": 0
	}, {
		"description": "Account Deletions",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:630 OR EventID:4726"
		},
		"col": 1,
		"row": 2,
		"height": 0,
		"width": 0
	}, {
		"description": "Account Unlocks",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:4767"
		},
		"col": 2,
		"row": 2,
		"height": 0,
		"width": 0
	}, {
		"description": "Group Membership Changes",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:4728 OR EventID:4729 OR EventID:4732 OR EventID:4733 OR EventID:4756 OR EventID:4757"
		},
		"col": 3,
		"row": 2,
		"height": 0,
		"width": 0
	}, {
		"description": "Group Modifications",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "((EventID:4764 OR EventID:4735 OR EventID:4737 OR EventID:4755) AND NOT SamAccountName:\\-)"
		},
		"col": 4,
		"row": 2,
		"height": 0,
		"width": 0
	}, {
		"description": "Groups Deleted",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 300,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"lower_is_better": false,
			"trend": true,
			"query": "EventID:634 OR EventID:638 OR EventID:662 OR EventID:4730 OR EventID:4734 OR EventID:4758"
		},
		"col": 4,
		"row": 1,
		"height": 0,
		"width": 0
	}]
}, {
	"title": "DD Windows Logins 24hr Summary ",
	"description": "Indepth look at stats pertaining Windows accounts",
	"dashboard_widgets": [{
		"description": "Windows Account Lockouts 24hr",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4740 AND Category:\"User Account Management\""
		},
		"col": 2,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Accounts Unlocked",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4767 AND Category:\"User Account Management\""
		},
		"col": 1,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Account Lockout Sources",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "source",
			"show_pie_chart": false,
			"query": "EventID:4740 AND Category:\"User Account Management\"",
			"show_data_table": true
		},
		"col": 4,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Top Sources FLA",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "source",
			"show_pie_chart": false,
			"query": "EventID:4625",
			"show_data_table": true
		},
		"col": 3,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Failed Logon Attempts - All Sources 24hr",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4625"
		},
		"col": 1,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "FLA Top Accounts",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"show_pie_chart": false,
			"query": "EventID:4625",
			"show_data_table": true
		},
		"col": 3,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Database(SQL) Failed Logins 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "(source:br\\-sql08dev.hab\\-inc.com OR source:br\\-sql2.hab\\-inc.com OR source:bos1-kfxsql.hab-inc.com OR source:bos1-sql3dev.hab-inc.com OR source:bos1-sql2008.hab-inc.com OR source:bos1-sql2008.hab-inc.com OR source:br-projectsql.hab-inc.com OR source:bos1-tmssql2.hab-inc.com OR source:bos1-mediussql.hab-inc.com OR source:bos1-crmsql2.hab-inc.com OR source:br-kfxsql.hab-inc.com)AND EventID:4625 "
		},
		"col": 2,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Top Database Sources ",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "source",
			"show_pie_chart": false,
			"query": "(source:br\\-sql08dev.hab\\-inc.com OR source:br\\-sql2.hab\\-inc.com OR source:bos1-kfxsql.hab-inc.com OR source:bos1-sql3dev.hab-inc.com OR source:bos1-sql2008.hab-inc.com OR source:bos1-sql2008.hab-inc.com OR source:br-projectsql.hab-inc.com OR source:bos1-tmssql2.hab-inc.com OR source:bos1-mediussql.hab-inc.com OR source:bos1-crmsql2.hab-inc.com OR source:br-kfxsql.hab-inc.com)AND EventID:4625 ",
			"show_data_table": true
		},
		"col": 3,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Admin Failed Logins",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 432000
			},
			"lower_is_better": true,
			"trend": true,
			"query": "TargetUserName:Administrator AND EventID:4625"
		},
		"col": 1,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Unlocked Top Users",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"show_pie_chart": false,
			"query": "EventID:4767 AND Category:\"User Account Management\"",
			"show_data_table": true
		},
		"col": 4,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Lockout Accounts",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"show_pie_chart": false,
			"query": "EventID:4740 AND Category:\"User Account Management\"",
			"show_data_table": true
		},
		"col": 4,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Admin Account Lockout",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"query": "EventID:4740 AND (TargetUserName:cstein OR TargetUserName:candress OR TargetUserName:csakasits OR TargetUserName:jramirez OR TargetUserName:psawka OR TargetUserName:dfritz OR TargetUserName:mbaker OR TargetUserName:rtalarico OR TargetUserName:rsmith)",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "",
			"data_table_limit": 50
		},
		"col": 2,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Failed DA logons",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "TargetUserName",
			"stream_id": "59b7f7971fa689447fbf0141",
			"query": "",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": true,
			"sort_order": "desc",
			"stacked_fields": "",
			"data_table_limit": 50
		},
		"col": 0,
		"row": 0,
		"height": 0,
		"width": 0
	}]
}, {
	"title": "AD Logon Summary (2h)",
	"description": "AD Logon Summary (2h)",
	"dashboard_widgets": [{
		"description": "Interactive Logins By User",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "TargetUserName",
			"show_pie_chart": false,
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))",
			"show_data_table": true
		},
		"col": 1,
		"row": 6,
		"height": 3,
		"width": 1
	}, {
		"description": "Interactive Logins By IP",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "IpAddress",
			"show_pie_chart": false,
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))",
			"show_data_table": true
		},
		"col": 2,
		"row": 6,
		"height": 3,
		"width": 1
	}, {
		"description": "Interactive Logins By Destination",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "WorkstationName",
			"show_pie_chart": false,
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))",
			"show_data_table": true
		},
		"col": 3,
		"row": 6,
		"height": 3,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts By User IP",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "IpAddress",
			"show_pie_chart": false,
			"query": "EventID:4625",
			"show_data_table": true
		},
		"col": 2,
		"row": 2,
		"height": 3,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts By Source",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "source",
			"show_pie_chart": false,
			"query": "EventID:4625",
			"show_data_table": true
		},
		"col": 3,
		"row": 2,
		"height": 3,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts",
		"type": "SEARCH_RESULT_CHART",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"interval": "minute",
			"query": "EventID:4625"
		},
		"col": 1,
		"row": 1,
		"height": 1,
		"width": 2
	}, {
		"description": "Interactive Logons",
		"type": "SEARCH_RESULT_CHART",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"interval": "minute",
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))"
		},
		"col": 1,
		"row": 5,
		"height": 1,
		"width": 2
	}, {
		"description": "Interactive Logins",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"lower_is_better": false,
			"trend": false,
			"query": "(EventID:4624 AND (LogonType:2 OR LogonType:10 OR LogonType:11))"
		},
		"col": 3,
		"row": 5,
		"height": 1,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts By User",
		"type": "QUICKVALUES",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"field": "TargetUserName",
			"query": "EventID:4625 AND NOT TargetUserName:\"John DeRemer\" AND NOT TargetUserName:\"MAAS360cloud1@berkheimeronesource.onmicrosoft.com\"",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"data_table_limit": 20
		},
		"col": 1,
		"row": 2,
		"height": 3,
		"width": 1
	}, {
		"description": "Failed Authentication Attempts",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 60,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 7200
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4625 AND NOT TargetUserName:\"John DeRemer\" AND NOT TargetUserName:\"MAAS360cloud1@berkheimeronesource.onmicrosoft.com\" AND NOT WorkstationName:\"BR-EX2010\""
		},
		"col": 3,
		"row": 1,
		"height": 1,
		"width": 1
	}]
}, {
	"title": "DD Windows Accounts 24hr Summary",
	"description": "Indepth look at modifcations, creations, and deletions of Windows Accounts",
	"dashboard_widgets": [{
		"description": "Accounts Deleted 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4743"
		},
		"col": 1,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Groups Changed 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "((EventID:4764 OR EventID:4735 OR EventID:4737 OR EventID:4755) AND NOT SamAccountName:\\-) "
		},
		"col": 2,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Groups Created 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "(EventID:631 OR EventID:635 OR EventID:658 OR EventID:4727 OR EventID:4731 OR EventID:4754)"
		},
		"col": 2,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Accounts Changed 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4742"
		},
		"col": 1,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Accounts Created 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "EventID:4741"
		},
		"col": 1,
		"row": 3,
		"height": 1,
		"width": 1
	}, {
		"description": "Groups Deleted 24hrs",
		"type": "SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": true,
			"trend": true,
			"query": "(EventID:634 OR EventID:638 OR EventID:662 OR EventID:4730 OR EventID:4734 OR EventID:4758 )"
		},
		"col": 2,
		"row": 2,
		"height": 1,
		"width": 1
	}, {
		"description": "Admin Account Events",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "Category",
			"query": "(EventID:4672) OR (Category:\"User Account Management\") OR (EventID:4740 AND Category:\"User Account Management\")",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "SubjectUserName",
			"data_table_limit": 50
		},
		"col": 3,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Attempt to Change Password",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"field": "SubjectUserName",
			"query": "EventID:4723",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "EventType",
			"data_table_limit": 50
		},
		"col": 3,
		"row": 2,
		"height": 2,
		"width": 1
	}, {
		"description": "Admin Accounts Added",
		"type": "STREAM_SEARCH_RESULT_COUNT",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 86400
			},
			"lower_is_better": false,
			"stream_id": "59c1371a1fa689035f4bc4ce",
			"trend": false,
			"query": ""
		},
		"col": 4,
		"row": 1,
		"height": 1,
		"width": 1
	}, {
		"description": "Password Resets",
		"type": "QUICKVALUES",
		"cache_time": 10,
		"configuration": {
			"timerange": {
				"type": "relative",
				"range": 604800
			},
			"field": "TargetUserName",
			"query": "EventID:4724",
			"show_data_table": true,
			"limit": 5,
			"show_pie_chart": false,
			"sort_order": "desc",
			"stacked_fields": "SubjectUserName",
			"data_table_limit": 50
		},
		"col": 4,
		"row": 2,
		"height": 2,
		"width": 1
	}]
}],
"grok_patterns": [],
"lookup_tables": [],
"lookup_caches": [],
"lookup_data_adapters": []

}

jan · November 16, 2018, 9:10am

the above is not valid RFC - you might want to check the content of the content pack in a json validator like https://jsonformatter.curiousconcept.com/

wazlecracker · November 16, 2018, 2:11pm

That site, and others I checked, say it’s valid.

jan · November 17, 2018, 9:05am

What does the Graylog server.log tell you at the moment you try to upload?

wazlecracker · November 20, 2018, 2:59pm

I can’t find anything in the server.log that’s relevant when I try to upload. What is a term I can grep to narrow it down?

system · December 4, 2018, 2:59pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to import content packs downloaded from marketplace Graylog Add-ons	5	4298	February 21, 2019
Error importing content pack, please ensure it is a valid JSON file. Check your Graylog logs for more information Graylog Add-ons	4	2549	January 3, 2019
Could not import content pack. Invalid JSON Graylog Central (peer support)	4	1573	September 14, 2021
Graylog-contentpack-heroku Graylog Central (peer support)	5	601	February 6, 2019
Unable to import content pack Graylog Central (peer support)	7	1599	May 31, 2021

Can't upload content pack

Related topics