{
  "version": "Notebook/1.0",
  "items": [
    {
      "type": 1,
      "content": {
        "json": "## New workbook\n---\n\nWelcome to your new workbook.  This area will display text formatted as markdown.\n\n\nWe've included a basic analytics query to get you started. Use the `Edit` button below each section to configure it or add more sections."
      },
      "name": "text - 2"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "barracuda_CL\n| where DeviceVendor_s contains \"barracuda\" and LogType_s == \"WF\"\n| sort by TimeGenerated | summarize count() by Action_s",
        "size": 3,
        "title": "Action Summary",
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Device Action",
      "styleSettings": {
        "margin": "10",
        "showBorder": true
      }
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "barracuda_CL\n| where DeviceVendor_s contains \"barracuda\" and LogType_s  == \"TR\"\n| sort by TimeGenerated | summarize count() by Protocol_s,host ",
        "size": 3,
        "title": "Application Protocol Summary",
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Device Action",
      "styleSettings": {
        "margin": "10",
        "showBorder": true
      }
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "barracuda_CL​\n| where LogType_s == \"WF\"\n| where AttackGroup_s contains \"bot\"\n| sort by TimeGenerated | summarize count() by ClientIP_s ",
        "size": 3,
        "title": "Bot Mitigation",
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Device Action",
      "styleSettings": {
        "margin": "10",
        "showBorder": true
      }
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "Usage | where TimeGenerated > ago(32d) | where StartTime >= startofday(ago(31d)) and EndTime < startofday(now()) | where IsBillable == true | summarize BillableDataGB = sum(Quantity) / 1000. by bin(StartTime, 1d), DataType | render barchart",
        "size": 3,
        "title": "Usage Summary",
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces"
      },
      "customWidth": "50",
      "name": "Device Action",
      "styleSettings": {
        "margin": "10",
        "showBorder": true
      }
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "union withsource=barracuda_CL *\n| summarize Count=count() by barracuda_CL\n| render barchart",
        "size": 1,
        "title": "Log Types",
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces"
      },
      "customWidth": "50",
      "name": "Log Types",
      "styleSettings": {
        "margin": "10",
        "showBorder": true
      }
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "barracuda_CL\n| where DeviceVendor_s contains \"barracuda\"\n| where TimeGenerated > ago(14d) | summarize count() by bin(TimeGenerated, 1d) | extend Week = iff(TimeGenerated>ago(7d), TimeGenerated, TimeGenerated + 7d) | render areachart",
        "size": 0,
        "title": "Security Logs",
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces"
      },
      "customWidth": "50",
      "name": "Security Logs",
      "styleSettings": {
        "margin": "10",
        "showBorder": true
      }
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "Perf | where ObjectName == \"Memory\"",
        "size": 0,
        "title": "Memory Usage",
        "timeContext": {
          "durationMs": 1800000
        },
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "timechart",
        "chartSettings": {
          "seriesLabelSettings": [
            {
              "seriesName": "CounterValue",
              "label": "Connections"
            }
          ]
        }
      },
      "name": "Perf"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "union Perf | where InstanceName == \"total\" | where ObjectName == \"Processor\"",
        "size": 0,
        "title": "Processor Usage",
        "timeContext": {
          "durationMs": 1800000
        },
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "timechart",
        "chartSettings": {
          "seriesLabelSettings": [
            {
              "seriesName": "CounterValue",
              "label": "Connections"
            }
          ]
        }
      },
      "name": "Perf"
    }
  ],
  "fallbackResourceIds": [
    "/subscriptions/dc0a59b7-9162-4b6d-94ed-62dfb866f5d6/resourceGroups/heena_waf/providers/Microsoft.OperationalInsights/workspaces/ama11juneunit"
  ],
  "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}