diff --git a/opensearch_dashboards.json b/opensearch_dashboards.json
index 285a26cd57..f8ec4081ed 100644
--- a/opensearch_dashboards.json
+++ b/opensearch_dashboards.json
@@ -1,7 +1,7 @@
 {
   "id": "observabilityDashboards",
-  "version": "3.0.0.0",
-  "opensearchDashboardsVersion": "3.0.0",
+  "version": "2.13.0.0",
+  "opensearchDashboardsVersion": "2.13.0",
   "server": true,
   "ui": true,
   "requiredPlugins": [
diff --git a/package.json b/package.json
index 9b8e340ece..c1adf36963 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "observability-dashboards",
-  "version": "3.0.0.0",
+  "version": "2.13.0.0",
   "main": "index.ts",
   "license": "Apache-2.0",
   "scripts": {
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/aws_vpc_flow_flint-live-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/aws_vpc_flow_flint-live-1.0.0.ndjson
new file mode 100644
index 0000000000..098b03a7e8
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/aws_vpc_flow_flint-live-1.0.0.ndjson
@@ -0,0 +1,18 @@
+{"attributes":{"fields":"[{\"count\":0,\"name\":\"@message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"attributes.data_stream.dataset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"attributes.data_stream.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"attributes.data_stream.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":2,\"name\":\"aws.s3.bucket\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.copy_source\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.delete\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.key\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.part_number\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.upload_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.account-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.az-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.az-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.az-id\"}}},{\"count\":1,\"name\":\"aws.vpc.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":3,\"name\":\"aws.vpc.dstaddr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.dstport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.end\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.flow-direction\"}}},{\"count\":0,\"name\":\"aws.vpc.instance-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.instance-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.instance-id\"}}},{\"count\":0,\"name\":\"aws.vpc.interface-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.log-status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.pkt-dst-aws-service\"}}},{\"count\":1,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.pkt-src-aws-service\"}}},{\"count\":0,\"name\":\"aws.vpc.protocol\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.region\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.region.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.region\"}}},{\"count\":1,\"name\":\"aws.vpc.srcaddr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.srcport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.subnet-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.subnet-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.subnet-id\"}}},{\"count\":0,\"name\":\"aws.vpc.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.vpc-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.vpc-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.vpc-id\"}}},{\"count\":0,\"name\":\"body\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.account.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.platform\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.resource_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.destination.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.destination.address\"}}},{\"count\":0,\"name\":\"communication.destination.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.destination.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.destination.domain\"}}},{\"count\":0,\"name\":\"communication.destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.sock.family\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.source.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.source.address\"}}},{\"count\":0,\"name\":\"communication.source.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.source.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.source.domain\"}}},{\"count\":0,\"name\":\"communication.source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.exception.message\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.exception.stacktrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.exception.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.result\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.source\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"instrumentationScope.dropped_attributes_count\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"instrumentationScope.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"instrumentationScope.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"instrumentationScope.name\"}}},{\"count\":0,\"name\":\"instrumentationScope.schemaUrl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"instrumentationScope.schemaUrl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"instrumentationScope.schemaUrl\"}}},{\"count\":0,\"name\":\"instrumentationScope.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"instrumentationScope.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"instrumentationScope.version\"}}},{\"count\":0,\"name\":\"observedTimestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"observerTime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"schemaUrl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"schemaUrl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"schemaUrl\"}}},{\"count\":0,\"name\":\"severity.number\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"severity.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"severity.text.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"severity.text\"}}},{\"count\":0,\"name\":\"spanId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"traceId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"flint_zero_etl_amazons3_default_vpc_integration_week_live_mview"},"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM4NywxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Total Requests","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Total Requests\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Total Requests\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"8eedcff8-310f-4095-8d7e-4d863ebe46a4","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM4OCwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Request History","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Request History\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2023-07-19T02:48:00.000Z\",\"to\":\"2023-07-19T02:48:10.000Z\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"4f182dd9-f6a3-495c-b259-f595f306720e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM4OSwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Requests by Direction","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Requests by Direction\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.flow-direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":true}}"},"id":"3f991167-d95a-4324-b1ea-2a0bf34cc027","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzQwMSwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Bytes\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"882edbf5-ad9d-4232-a2d4-7c21409d2cc1","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5MSwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Packets","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Packets\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Packets\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Packets\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"ee27bc70-8c55-4a4f-87a4-90495397e06d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5MiwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-src-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-src-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Source AWS Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Source AWS Services\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-src-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":true}}"},"id":"de9c1a7c-96f6-4d76-8f4c-1bf8915ef199","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5MywxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-dst-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-dst-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Destination AWS Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Destination AWS Services\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-dst-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d2109719-2a70-4f1b-8ee7-b8ccc159f6d0","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5NCwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Requests by Direction Metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Requests by Direction Metric\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.flow-direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"343f80f5-a6d4-4710-af71-a62c17f9492f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5NSwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Destination Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Destination Bytes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"dcff10b9-1fe0-46c5-9795-3fd85ca074e6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5NiwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Source Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Source Bytes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"682ca65f-9611-434e-af14-cb8554c4d570","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5NywxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Sources","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Sources\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"795967a5-0b1d-44cd-a081-552e20b062b9","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5OCwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Destinations","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Destinations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"fae68953-a782-41ad-80f3-eb6bfc333359","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5OSwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"[AWS VPC Flow Logs 1.0] Flow","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Flow\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{ \\n $schema: https://vega.github.io/schema/vega/v5.json\\n  data: [\\n\\t{\\n  \\t// query OpenSearch based on the currently selected time range and filter string\\n  \\tname: rawData\\n  \\turl: {\\n    \\tindex: flint_zero_etl_amazons3_default_vpc_integration_*\\n    \\tbody: {\\n      \\tsize: 0\\n      \\taggs: {\\n        \\ttable: {\\n          \\tcomposite: {\\n            \\tsize: 10000\\n            \\tsources: [\\n              \\t{\\n                \\tstk1: {\\n                  \\tterms: {field: \\\"aws.vpc.srcaddr\\\"}\\n                \\t}\\n              \\t}\\n              \\t{\\n                \\tstk2: {\\n                  \\tterms: {field: \\\"aws.vpc.dstaddr\\\"}\\n                \\t}\\n              \\t}\\n            \\t]\\n          \\t}\\n        \\t}\\n      \\t}\\n    \\t}\\n  \\t}\\n  \\t// From the result, take just the data we are interested in\\n  \\tformat: {property: \\\"aggregations.table.buckets\\\"}\\n  \\t// Convert key.stk1 -> stk1 for simpler access below\\n  \\ttransform: [\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk1\\\", as: \\\"stk1\\\"}\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk2\\\", as: \\\"stk2\\\"}\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.doc_count\\\", as: \\\"size\\\"}\\n  \\t]\\n\\t}\\n\\t{\\n  \\tname: nodes\\n  \\tsource: rawData\\n  \\ttransform: [\\n    \\t// when a country is selected, filter out unrelated data\\n    \\t{\\n      \\ttype: filter\\n      \\texpr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n    \\t}\\n    \\t// Set new key for later lookups - identifies each node\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.stk1+datum.stk2\\\", as: \\\"key\\\"}\\n    \\t// instead of each table row, create two new rows,\\n    \\t// one for the source (stack=stk1) and one for destination node (stack=stk2).\\n    \\t// The country code stored in stk1 and stk2 fields is placed into grpId field.\\n    \\t{\\n      \\ttype: fold\\n      \\tfields: [\\\"stk1\\\", \\\"stk2\\\"]\\n      \\tas: [\\\"stack\\\", \\\"grpId\\\"]\\n    \\t}\\n    \\t// Create a sortkey, different for stk1 and stk2 stacks.\\n    \\t{\\n      \\ttype: formula\\n      \\texpr: datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\n      \\tas: sortField\\n    \\t}\\n    \\t// Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n    \\t// independently for each stack, and ensuring they are in the proper order,\\n    \\t// alphabetical from the top (reversed on the y axis)\\n    \\t{\\n      \\ttype: stack\\n      \\tgroupby: [\\\"stack\\\"]\\n      \\tsort: {field: \\\"sortField\\\", order: \\\"descending\\\"}\\n      \\tfield: size\\n    \\t}\\n    \\t// calculate vertical center point for each node, used to draw edges\\n    \\t{type: \\\"formula\\\", expr: \\\"(datum.y0+datum.y1)/2\\\", as: \\\"yc\\\"}\\n  \\t]\\n\\t}\\n\\t{\\n  \\tname: groups\\n  \\tsource: nodes\\n  \\ttransform: [\\n    \\t// combine all nodes into country groups, summing up the doc counts\\n    \\t{\\n      \\ttype: aggregate\\n      \\tgroupby: [\\\"stack\\\", \\\"grpId\\\"]\\n      \\tfields: [\\\"size\\\"]\\n      \\tops: [\\\"sum\\\"]\\n      \\tas: [\\\"total\\\"]\\n    \\t}\\n    \\t// re-calculate the stacking y0,y1 values\\n    \\t{\\n      \\ttype: stack\\n      \\tgroupby: [\\\"stack\\\"]\\n      \\tsort: {field: \\\"grpId\\\", order: \\\"descending\\\"}\\n      \\tfield: total\\n    \\t}\\n    \\t// project y0 and y1 values to screen coordinates\\n    \\t// doing it once here instead of doing it several times in marks\\n    \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y0)\\\", as: \\\"scaledY0\\\"}\\n    \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y1)\\\", as: \\\"scaledY1\\\"}\\n    \\t// boolean flag if the label should be on the right of the stack\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.stack == 'stk1'\\\", as: \\\"rightLabel\\\"}\\n    \\t// Calculate traffic percentage for this country using \\\"y\\\" scale\\n    \\t// domain upper bound, which represents the total traffic\\n    \\t{\\n      \\ttype: formula\\n      \\texpr: datum.total/domain('y')[1]\\n      \\tas: percentage\\n    \\t}\\n  \\t]\\n\\t}\\n\\t{\\n  \\t// This is a temp lookup table with all the 'stk2' stack nodes\\n  \\tname: destinationNodes\\n  \\tsource: nodes\\n  \\ttransform: [\\n    \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk2'\\\"}\\n  \\t]\\n\\t}\\n\\t{\\n  \\tname: edges\\n  \\tsource: nodes\\n  \\ttransform: [\\n    \\t// we only want nodes from the left stack\\n    \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk1'\\\"}\\n    \\t// find corresponding node from the right stack, keep it as \\\"target\\\"\\n    \\t{\\n      \\ttype: lookup\\n      \\tfrom: destinationNodes\\n      \\tkey: key\\n      \\tfields: [\\\"key\\\"]\\n      \\tas: [\\\"target\\\"]\\n    \\t}\\n    \\t// calculate SVG link path between stk1 and stk2 stacks for the node pair\\n    \\t{\\n      \\ttype: linkpath\\n      \\torient: horizontal\\n      \\tshape: diagonal\\n      \\tsourceY: {expr: \\\"scale('y', datum.yc)\\\"}\\n      \\tsourceX: {expr: \\\"scale('x', 'stk1') + bandwidth('x')\\\"}\\n      \\ttargetY: {expr: \\\"scale('y', datum.target.yc)\\\"}\\n      \\ttargetX: {expr: \\\"scale('x', 'stk2')\\\"}\\n    \\t}\\n    \\t// A little trick to calculate the thickness of the line.\\n    \\t// The value needs to be the same as the hight of the node, but scaling\\n    \\t// size to screen's height gives inversed value because screen's Y\\n    \\t// coordinate goes from the top to the bottom, whereas the graph's Y=0\\n    \\t// is at the bottom. So subtracting scaled doc count from screen height\\n    \\t// (which is the \\\"lower\\\" bound of the \\\"y\\\" scale) gives us the right value\\n    \\t{\\n      \\ttype: formula\\n      \\texpr: range('y')[0]-scale('y', datum.size)\\n      \\tas: strokeWidth\\n    \\t}\\n    \\t// Tooltip needs individual link's percentage of all traffic\\n    \\t{\\n      \\ttype: formula\\n      \\texpr: datum.size/domain('y')[1]\\n      \\tas: percentage\\n    \\t}\\n  \\t]\\n\\t}\\n  ]\\n  scales: [\\n\\t{\\n  \\t// calculates horizontal stack positioning\\n  \\tname: x\\n  \\ttype: band\\n  \\trange: width\\n  \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n  \\tpaddingOuter: 0.05\\n  \\tpaddingInner: 0.95\\n\\t}\\n\\t{\\n  \\t// this scale goes up as high as the highest y1 value of all nodes\\n  \\tname: y\\n  \\ttype: linear\\n  \\trange: height\\n  \\tdomain: {data: \\\"nodes\\\", field: \\\"y1\\\"}\\n\\t}\\n\\t{\\n  \\t// use rawData to ensure the colors stay the same when clicking.\\n  \\tname: color\\n  \\ttype: ordinal\\n  \\trange: category\\n  \\tdomain: {data: \\\"rawData\\\", field: \\\"stk1\\\"}\\n\\t}\\n\\t{\\n  \\t// this scale is used to map internal ids (stk1, stk2) to stack names\\n  \\tname: stackNames\\n  \\ttype: ordinal\\n  \\trange: [\\\"Source\\\", \\\"Destination\\\"]\\n  \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n\\t}\\n  ]\\n  axes: [\\n\\t{\\n  \\t// x axis should use custom label formatting to print proper stack names\\n  \\torient: bottom\\n  \\tscale: x\\n  \\tencode: {\\n    \\tlabels: {\\n      \\tupdate: {\\n        \\ttext: {scale: \\\"stackNames\\\", field: \\\"value\\\"}\\n      \\t}\\n    \\t}\\n  \\t}\\n\\t}\\n\\t{orient: \\\"left\\\", scale: \\\"y\\\"}\\n  ]\\n  marks: [\\n\\t{\\n  \\t// draw the connecting line between stacks\\n  \\ttype: path\\n  \\tname: edgeMark\\n  \\tfrom: {data: \\\"edges\\\"}\\n  \\t// this prevents some autosizing issues with large strokeWidth for paths\\n  \\tclip: true\\n  \\tencode: {\\n    \\tupdate: {\\n      \\t// By default use color of the left node, except when showing traffic\\n      \\t// from just one country, in which case use destination color.\\n      \\tstroke: [\\n        \\t{\\n          \\ttest: groupSelector && groupSelector.stack=='stk1'\\n          \\tscale: color\\n          \\tfield: stk2\\n        \\t}\\n        \\t{scale: \\\"color\\\", field: \\\"stk1\\\"}\\n      \\t]\\n      \\tstrokeWidth: {field: \\\"strokeWidth\\\"}\\n      \\tpath: {field: \\\"path\\\"}\\n      \\t// when showing all traffic, and hovering over a country,\\n      \\t// highlight the traffic from that country.\\n      \\tstrokeOpacity: {\\n        \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\\n      \\t}\\n      \\t// Ensure that the hover-selected edges show on top\\n      \\tzindex: {\\n        \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\n      \\t}\\n      \\t// format tooltip string\\n      \\ttooltip: {\\n        \\tsignal: datum.stk1 + ' → ' + datum.stk2 + '\\t' + format(datum.size, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\n      \\t}\\n    \\t}\\n    \\t// Simple mouseover highlighting of a single line\\n    \\thover: {\\n      \\tstrokeOpacity: {value: 1}\\n    \\t}\\n  \\t}\\n\\t}\\n\\t{\\n  \\t// draw stack groups (countries)\\n  \\ttype: rect\\n  \\tname: groupMark\\n  \\tfrom: {data: \\\"groups\\\"}\\n  \\tencode: {\\n    \\tenter: {\\n      \\tfill: {scale: \\\"color\\\", field: \\\"grpId\\\"}\\n      \\twidth: {scale: \\\"x\\\", band: 1}\\n    \\t}\\n    \\tupdate: {\\n      \\tx: {scale: \\\"x\\\", field: \\\"stack\\\"}\\n      \\ty: {field: \\\"scaledY0\\\"}\\n      \\ty2: {field: \\\"scaledY1\\\"}\\n      \\tfillOpacity: {value: 0.6}\\n      \\ttooltip: {\\n        \\tsignal: datum.grpId + '   ' + format(datum.total, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\n      \\t}\\n    \\t}\\n    \\thover: {\\n      \\tfillOpacity: {value: 1}\\n    \\t}\\n  \\t}\\n\\t}\\n\\t{\\n  \\t// draw country code labels on the inner side of the stack\\n  \\ttype: text\\n  \\tfrom: {data: \\\"groups\\\"}\\n  \\t// don't process events for the labels - otherwise line mouseover is unclean\\n  \\tinteractive: false\\n  \\tencode: {\\n    \\tupdate: {\\n      \\t// depending on which stack it is, position x with some padding\\n      \\tx: {\\n        \\tsignal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\n      \\t}\\n      \\t// middle of the group\\n      \\tyc: {signal: \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"}\\n      \\talign: {signal: \\\"datum.rightLabel ? 'left' : 'right'\\\"}\\n      \\tbaseline: {value: \\\"middle\\\"}\\n      \\tfontWeight: {value: \\\"bold\\\"}\\n      \\t// only show text label if the group's height is large enough\\n      \\ttext: {signal: \\\"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\\\"}\\n    \\t}\\n  \\t}\\n\\t}\\n\\t{\\n  \\t// Create a \\\"show all\\\" button. Shown only when a country is selected.\\n  \\ttype: group\\n  \\tdata: [\\n    \\t// We need to make the button show only when groupSelector signal is true.\\n    \\t// Each mark is drawn as many times as there are elements in the backing data.\\n    \\t// Which means that if values list is empty, it will not be drawn.\\n    \\t// Here I create a data source with one empty object, and filter that list\\n    \\t// based on the signal value. This can only be done in a group.\\n    \\t{\\n      \\tname: dataForShowAll\\n      \\tvalues: [{}]\\n      \\ttransform: [{type: \\\"filter\\\", expr: \\\"groupSelector\\\"}]\\n    \\t}\\n  \\t]\\n  \\t// Set button size and positioning\\n  \\tencode: {\\n    \\tenter: {\\n      \\txc: {signal: \\\"width/2\\\"}\\n      \\ty: {value: 30}\\n      \\twidth: {value: 80}\\n      \\theight: {value: 30}\\n    \\t}\\n  \\t}\\n  \\tmarks: [\\n    \\t{\\n      \\t// This group is shown as a button with rounded corners.\\n      \\ttype: group\\n      \\t// mark name allows signal capturing\\n      \\tname: groupReset\\n      \\t// Only shows button if dataForShowAll has values.\\n      \\tfrom: {data: \\\"dataForShowAll\\\"}\\n      \\tencode: {\\n        \\tenter: {\\n          \\tcornerRadius: {value: 6}\\n          \\tfill: {value: \\\"#F5F7FA\\\"}\\n          \\tstroke: {value: \\\"#c1c1c1\\\"}\\n          \\tstrokeWidth: {value: 2}\\n          \\t// use parent group's size\\n          \\theight: {\\n            \\tfield: {group: \\\"height\\\"}\\n          \\t}\\n          \\twidth: {\\n            \\tfield: {group: \\\"width\\\"}\\n          \\t}\\n        \\t}\\n        \\tupdate: {\\n          \\t// groups are transparent by default\\n          \\topacity: {value: 1}\\n        \\t}\\n        \\thover: {\\n          \\topacity: {value: 0.7}\\n        \\t}\\n      \\t}\\n      \\tmarks: [\\n        \\t{\\n          \\ttype: text\\n          \\t// if true, it will prevent clicking on the button when over text.\\n          \\tinteractive: false\\n          \\tencode: {\\n            \\tenter: {\\n              \\t// center text in the paren group\\n              \\txc: {\\n                \\tfield: {group: \\\"width\\\"}\\n                \\tmult: 0.5\\n              \\t}\\n              \\tyc: {\\n                \\tfield: {group: \\\"height\\\"}\\n                \\tmult: 0.5\\n                \\toffset: 2\\n              \\t}\\n              \\talign: {value: \\\"center\\\"}\\n              \\tbaseline: {value: \\\"middle\\\"}\\n              \\tfontWeight: {value: \\\"bold\\\"}\\n              \\ttext: {value: \\\"Show All\\\"}\\n            \\t}\\n          \\t}\\n        \\t}\\n      \\t]\\n    \\t}\\n  \\t]\\n\\t}\\n  ]\\n  signals: [\\n\\t{\\n  \\t// used to highlight traffic to/from the same country\\n  \\tname: groupHover\\n  \\tvalue: {}\\n  \\ton: [\\n    \\t{\\n      \\tevents: @groupMark:mouseover\\n      \\tupdate: \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n    \\t}\\n    \\t{events: \\\"mouseout\\\", update: \\\"{}\\\"}\\n  \\t]\\n\\t}\\n\\t// used to filter only the data related to the selected country\\n\\t{\\n  \\tname: groupSelector\\n  \\tvalue: false\\n  \\ton: [\\n    \\t{\\n      \\t// Clicking groupMark sets this signal to the filter values\\n      \\tevents: @groupMark:click!\\n      \\tupdate: \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n    \\t}\\n    \\t{\\n      \\t// Clicking \\\"show all\\\" button, or double-clicking anywhere resets it\\n      \\tevents: [\\n        \\t{type: \\\"click\\\", markname: \\\"groupReset\\\"}\\n        \\t{type: \\\"dblclick\\\"}\\n      \\t]\\n      \\tupdate: \\\"false\\\"\\n    \\t}\\n  \\t]\\n\\t}\\n  ]\\n}\\n\"}}"},"id":"97d96a8a-e75d-4346-a56c-c4a75e4eb801","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzQwMCwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.dstaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.dstaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.srcaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.srcaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Heat Map","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Heat Map\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Address\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Address\"},\"schema\":\"group\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}]}}"},"id":"768b09c9-bba3-49c1-a810-68479b1a8056","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzQwMiwxXQ=="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"interval_start_time\",\"calendar_interval\":\"1d\",\"time_zone\":\"America/Vancouver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"VPC - Live Raw Search","version":1},"id":"ace5ba60-f3b9-11ee-bcb2-63941cdc5839","migrationVersion":{"search":"7.9.3"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-04-17T00:35:11.899Z","version":"WzQwMywxXQ=="}
+{"attributes":{"description":"VPC Flow Logs dashboard with basic Observability\nonly using live MV queries projection","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":11,\"h\":13,\"i\":\"ea07e9f4-6719-4c34-bfb8-ca48e9fda75b\"},\"panelIndex\":\"ea07e9f4-6719-4c34-bfb8-ca48e9fda75b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":11,\"y\":0,\"w\":25,\"h\":13,\"i\":\"9931d8df-e493-4649-9934-0a24c8b091f8\"},\"panelIndex\":\"9931d8df-e493-4649-9934-0a24c8b091f8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":36,\"y\":0,\"w\":11,\"h\":13,\"i\":\"816b48d0-7c09-42e9-97be-a19c17634fc5\"},\"panelIndex\":\"816b48d0-7c09-42e9-97be-a19c17634fc5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":13,\"w\":22,\"h\":13,\"i\":\"6b04df64-559d-4d48-b454-ddeec66690d1\"},\"panelIndex\":\"6b04df64-559d-4d48-b454-ddeec66690d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":22,\"y\":13,\"w\":25,\"h\":13,\"i\":\"fb0eb25c-f2b3-484c-9125-4bc201e97b3f\"},\"panelIndex\":\"fb0eb25c-f2b3-484c-9125-4bc201e97b3f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":15,\"h\":15,\"i\":\"79b5d7c5-7e66-4f92-b8ad-80a42167d181\"},\"panelIndex\":\"79b5d7c5-7e66-4f92-b8ad-80a42167d181\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":15,\"y\":26,\"w\":14,\"h\":15,\"i\":\"8bbe7594-e52c-4fa6-8432-f265d0db5fd8\"},\"panelIndex\":\"8bbe7594-e52c-4fa6-8432-f265d0db5fd8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":29,\"y\":26,\"w\":18,\"h\":15,\"i\":\"4ea77bab-a48b-4ccf-b8e0-6b2f5b5c337a\"},\"panelIndex\":\"4ea77bab-a48b-4ccf-b8e0-6b2f5b5c337a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":41,\"w\":12,\"h\":15,\"i\":\"d9e75376-2d8c-49f4-babb-335e73c99dee\"},\"panelIndex\":\"d9e75376-2d8c-49f4-babb-335e73c99dee\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":12,\"y\":41,\"w\":12,\"h\":15,\"i\":\"8844e89c-9c06-4141-899f-b1f6fdde901b\"},\"panelIndex\":\"8844e89c-9c06-4141-899f-b1f6fdde901b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":24,\"y\":41,\"w\":12,\"h\":15,\"i\":\"b4d94532-59cf-454e-98a2-beb15b8a752f\"},\"panelIndex\":\"b4d94532-59cf-454e-98a2-beb15b8a752f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":36,\"y\":41,\"w\":12,\"h\":15,\"i\":\"505c0278-0d96-4617-9976-7bd9a8787e3a\"},\"panelIndex\":\"505c0278-0d96-4617-9976-7bd9a8787e3a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":27,\"i\":\"fb0edb10-2e2a-4b3f-99a5-22ffe95e3250\"},\"panelIndex\":\"fb0edb10-2e2a-4b3f-99a5-22ffe95e3250\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":27,\"i\":\"5392e5cd-13cc-4904-abe7-1e183dc59478\"},\"panelIndex\":\"5392e5cd-13cc-4904-abe7-1e183dc59478\",\"embeddableConfig\":{\"vis\":null},\"panelRefName\":\"panel_13\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":83,\"w\":48,\"h\":13,\"i\":\"291bd66b-062e-4019-90e7-e2b0da7c284a\"},\"panelIndex\":\"291bd66b-062e-4019-90e7-e2b0da7c284a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"AWS VPC Flow Logs Only-Live Overview","version":1},"id":"331c7b50-fc4d-11ee-bcb2-63941cdc5839","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"8eedcff8-310f-4095-8d7e-4d863ebe46a4","name":"panel_0","type":"visualization"},{"id":"4f182dd9-f6a3-495c-b259-f595f306720e","name":"panel_1","type":"visualization"},{"id":"3f991167-d95a-4324-b1ea-2a0bf34cc027","name":"panel_2","type":"visualization"},{"id":"882edbf5-ad9d-4232-a2d4-7c21409d2cc1","name":"panel_3","type":"visualization"},{"id":"ee27bc70-8c55-4a4f-87a4-90495397e06d","name":"panel_4","type":"visualization"},{"id":"de9c1a7c-96f6-4d76-8f4c-1bf8915ef199","name":"panel_5","type":"visualization"},{"id":"d2109719-2a70-4f1b-8ee7-b8ccc159f6d0","name":"panel_6","type":"visualization"},{"id":"343f80f5-a6d4-4710-af71-a62c17f9492f","name":"panel_7","type":"visualization"},{"id":"dcff10b9-1fe0-46c5-9795-3fd85ca074e6","name":"panel_8","type":"visualization"},{"id":"682ca65f-9611-434e-af14-cb8554c4d570","name":"panel_9","type":"visualization"},{"id":"795967a5-0b1d-44cd-a081-552e20b062b9","name":"panel_10","type":"visualization"},{"id":"fae68953-a782-41ad-80f3-eb6bfc333359","name":"panel_11","type":"visualization"},{"id":"97d96a8a-e75d-4346-a56c-c4a75e4eb801","name":"panel_12","type":"visualization"},{"id":"768b09c9-bba3-49c1-a810-68479b1a8056","name":"panel_13","type":"visualization"},{"id":"ace5ba60-f3b9-11ee-bcb2-63941cdc5839","name":"panel_14","type":"search"}],"type":"dashboard","updated_at":"2024-04-17T00:46:34.443Z","version":"WzQwNSwxXQ=="}
+{"exportedCount":17,"missingRefCount":0,"missingReferences":[]}
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/aws_vpc_flow_flint-pre_agg-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/aws_vpc_flow_flint-pre_agg-1.0.0.ndjson
new file mode 100644
index 0000000000..a57ebb7746
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/aws_vpc_flow_flint-pre_agg-1.0.0.ndjson
@@ -0,0 +1,19 @@
+{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.account-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.activity_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.category_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.class_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_account_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_zone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.boundary\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_num\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.tcp_flags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.disposition\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.severity\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.status_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.type_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dstaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"end_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"interval_end_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"interval_start_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"start_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_connections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"interval_start_time","title":"flint_zero_etl_amazons3_default_vpc_integration_*"},"id":"82591050-f957-11ee-a76d-adfe4df99235","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-04-13T05:34:33.941Z","version":"WzMwMiwxXQ=="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"interval_start_time\",\"calendar_interval\":\"1d\",\"time_zone\":\"America/Vancouver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"VPC - Live Raw Search","version":1},"id":"ace5ba60-f3b9-11ee-bcb2-63941cdc5839","migrationVersion":{"search":"7.9.3"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-04-15T02:35:45.806Z","version":"WzM0MCwxXQ=="}
+{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.account-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.activity_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.category_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.class_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_account_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_zone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.boundary\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_num\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.tcp_flags\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.disposition\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.severity\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.status_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.type_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"end_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"start_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"start_time","title":"flint_zero_etl_amazons3_default_vpcflow_raw_live_view_mv"},"id":"576bb580-f3b9-11ee-ac0d-035f63514f06","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-04-06T01:59:45.623Z","version":"WzI0MywxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"aws.vpc.dstaddr\",\"value\":\"-\",\"params\":[\"-\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"aws.vpc.dstaddr\":\"-\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"aws.vpc.srcaddr\",\"value\":\"-\",\"params\":[\"-\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"aws.vpc.srcaddr\":\"-\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"title":"Live VPC Sankey IP Flow Graph","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Live VPC Sankey IP Flow Graph\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{ \\n $schema: https://vega.github.io/schema/vega/v5.json\\n  data: [\\n\\t{\\n  \\t// query OpenSearch based on the currently selected time range and filter string\\n  \\tname: rawData\\n  \\turl: {\\n    \\tindex: flint_zero_etl_amazons3_default_vpc_integration_*\\n    \\tbody: {\\n      \\tsize: 0\\n      \\taggs: {\\n        \\ttable: {\\n          \\tcomposite: {\\n            \\tsize: 10000\\n            \\tsources: [\\n              \\t{\\n                \\tstk1: {\\n                  \\tterms: {field: \\\"aws.vpc.srcaddr\\\"}\\n                \\t}\\n              \\t}\\n              \\t{\\n                \\tstk2: {\\n                  \\tterms: {field: \\\"aws.vpc.dstaddr\\\"}\\n                \\t}\\n              \\t}\\n            \\t]\\n          \\t}\\n        \\t}\\n      \\t}\\n    \\t}\\n  \\t}\\n  \\t// From the result, take just the data we are interested in\\n  \\tformat: {property: \\\"aggregations.table.buckets\\\"}\\n  \\t// Convert key.stk1 -> stk1 for simpler access below\\n  \\ttransform: [\\n     {\\n        \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"datum.key.stk1 !== '-' && datum.key.stk2 !== '-'\\\"\\n      },\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk1\\\", as: \\\"stk1\\\"}\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk2\\\", as: \\\"stk2\\\"}\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.doc_count\\\", as: \\\"size\\\"}\\n  \\t]\\n\\t}\\n\\t{\\n  \\tname: nodes\\n  \\tsource: rawData\\n  \\ttransform: [\\n    \\t// when a country is selected, filter out unrelated data\\n    \\t{\\n      \\ttype: filter\\n      \\texpr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n    \\t}\\n    \\t// Set new key for later lookups - identifies each node\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.stk1+datum.stk2\\\", as: \\\"key\\\"}\\n    \\t// instead of each table row, create two new rows,\\n    \\t// one for the source (stack=stk1) and one for destination node (stack=stk2).\\n    \\t// The country code stored in stk1 and stk2 fields is placed into grpId field.\\n    \\t{\\n      \\ttype: fold\\n      \\tfields: [\\\"stk1\\\", \\\"stk2\\\"]\\n      \\tas: [\\\"stack\\\", \\\"grpId\\\"]\\n    \\t}\\n    \\t// Create a sortkey, different for stk1 and stk2 stacks.\\n    \\t{\\n      \\ttype: formula\\n      \\texpr: datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\n      \\tas: sortField\\n    \\t}\\n    \\t// Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n    \\t// independently for each stack, and ensuring they are in the proper order,\\n    \\t// alphabetical from the top (reversed on the y axis)\\n    \\t{\\n      \\ttype: stack\\n      \\tgroupby: [\\\"stack\\\"]\\n      \\tsort: {field: \\\"sortField\\\", order: \\\"descending\\\"}\\n      \\tfield: size\\n    \\t}\\n    \\t// calculate vertical center point for each node, used to draw edges\\n    \\t{type: \\\"formula\\\", expr: \\\"(datum.y0+datum.y1)/2\\\", as: \\\"yc\\\"}\\n  \\t]\\n\\t}\\n\\t{\\n  \\tname: groups\\n  \\tsource: nodes\\n  \\ttransform: [\\n    \\t// combine all nodes into country groups, summing up the doc counts\\n    \\t{\\n      \\ttype: aggregate\\n      \\tgroupby: [\\\"stack\\\", \\\"grpId\\\"]\\n      \\tfields: [\\\"size\\\"]\\n      \\tops: [\\\"sum\\\"]\\n      \\tas: [\\\"total\\\"]\\n    \\t}\\n    \\t// re-calculate the stacking y0,y1 values\\n    \\t{\\n      \\ttype: stack\\n      \\tgroupby: [\\\"stack\\\"]\\n      \\tsort: {field: \\\"grpId\\\", order: \\\"descending\\\"}\\n      \\tfield: total\\n    \\t}\\n    \\t// project y0 and y1 values to screen coordinates\\n    \\t// doing it once here instead of doing it several times in marks\\n    \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y0)\\\", as: \\\"scaledY0\\\"}\\n    \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y1)\\\", as: \\\"scaledY1\\\"}\\n    \\t// boolean flag if the label should be on the right of the stack\\n    \\t{type: \\\"formula\\\", expr: \\\"datum.stack == 'stk1'\\\", as: \\\"rightLabel\\\"}\\n    \\t// Calculate traffic percentage for this country using \\\"y\\\" scale\\n    \\t// domain upper bound, which represents the total traffic\\n    \\t{\\n      \\ttype: formula\\n      \\texpr: datum.total/domain('y')[1]\\n      \\tas: percentage\\n    \\t}\\n  \\t]\\n\\t}\\n\\t{\\n  \\t// This is a temp lookup table with all the 'stk2' stack nodes\\n  \\tname: destinationNodes\\n  \\tsource: nodes\\n  \\ttransform: [\\n    \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk2'\\\"}\\n  \\t]\\n\\t}\\n\\t{\\n  \\tname: edges\\n  \\tsource: nodes\\n  \\ttransform: [\\n    \\t// we only want nodes from the left stack\\n    \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk1'\\\"}\\n    \\t// find corresponding node from the right stack, keep it as \\\"target\\\"\\n    \\t{\\n      \\ttype: lookup\\n      \\tfrom: destinationNodes\\n      \\tkey: key\\n      \\tfields: [\\\"key\\\"]\\n      \\tas: [\\\"target\\\"]\\n    \\t}\\n    \\t// calculate SVG link path between stk1 and stk2 stacks for the node pair\\n    \\t{\\n      \\ttype: linkpath\\n      \\torient: horizontal\\n      \\tshape: diagonal\\n      \\tsourceY: {expr: \\\"scale('y', datum.yc)\\\"}\\n      \\tsourceX: {expr: \\\"scale('x', 'stk1') + bandwidth('x')\\\"}\\n      \\ttargetY: {expr: \\\"scale('y', datum.target.yc)\\\"}\\n      \\ttargetX: {expr: \\\"scale('x', 'stk2')\\\"}\\n    \\t}\\n    \\t// A little trick to calculate the thickness of the line.\\n    \\t// The value needs to be the same as the hight of the node, but scaling\\n    \\t// size to screen's height gives inversed value because screen's Y\\n    \\t// coordinate goes from the top to the bottom, whereas the graph's Y=0\\n    \\t// is at the bottom. So subtracting scaled doc count from screen height\\n    \\t// (which is the \\\"lower\\\" bound of the \\\"y\\\" scale) gives us the right value\\n    \\t{\\n      \\ttype: formula\\n      \\texpr: range('y')[0]-scale('y', datum.size)\\n      \\tas: strokeWidth\\n    \\t}\\n    \\t// Tooltip needs individual link's percentage of all traffic\\n    \\t{\\n      \\ttype: formula\\n      \\texpr: datum.size/domain('y')[1]\\n      \\tas: percentage\\n    \\t}\\n  \\t]\\n\\t}\\n  ]\\n  scales: [\\n\\t{\\n  \\t// calculates horizontal stack positioning\\n  \\tname: x\\n  \\ttype: band\\n  \\trange: width\\n  \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n  \\tpaddingOuter: 0.05\\n  \\tpaddingInner: 0.95\\n\\t}\\n\\t{\\n  \\t// this scale goes up as high as the highest y1 value of all nodes\\n  \\tname: y\\n  \\ttype: linear\\n  \\trange: height\\n  \\tdomain: {data: \\\"nodes\\\", field: \\\"y1\\\"}\\n\\t}\\n\\t{\\n  \\t// use rawData to ensure the colors stay the same when clicking.\\n  \\tname: color\\n  \\ttype: ordinal\\n  \\trange: category\\n  \\tdomain: {data: \\\"rawData\\\", field: \\\"stk1\\\"}\\n\\t}\\n\\t{\\n  \\t// this scale is used to map internal ids (stk1, stk2) to stack names\\n  \\tname: stackNames\\n  \\ttype: ordinal\\n  \\trange: [\\\"Source\\\", \\\"Destination\\\"]\\n  \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n\\t}\\n  ]\\n  axes: [\\n\\t{\\n  \\t// x axis should use custom label formatting to print proper stack names\\n  \\torient: bottom\\n  \\tscale: x\\n  \\tencode: {\\n    \\tlabels: {\\n      \\tupdate: {\\n        \\ttext: {scale: \\\"stackNames\\\", field: \\\"value\\\"}\\n      \\t}\\n    \\t}\\n  \\t}\\n\\t}\\n\\t{orient: \\\"left\\\", scale: \\\"y\\\"}\\n  ]\\n  marks: [\\n\\t{\\n  \\t// draw the connecting line between stacks\\n  \\ttype: path\\n  \\tname: edgeMark\\n  \\tfrom: {data: \\\"edges\\\"}\\n  \\t// this prevents some autosizing issues with large strokeWidth for paths\\n  \\tclip: true\\n  \\tencode: {\\n    \\tupdate: {\\n      \\t// By default use color of the left node, except when showing traffic\\n      \\t// from just one country, in which case use destination color.\\n      \\tstroke: [\\n        \\t{\\n          \\ttest: groupSelector && groupSelector.stack=='stk1'\\n          \\tscale: color\\n          \\tfield: stk2\\n        \\t}\\n        \\t{scale: \\\"color\\\", field: \\\"stk1\\\"}\\n      \\t]\\n      \\tstrokeWidth: {field: \\\"strokeWidth\\\"}\\n      \\tpath: {field: \\\"path\\\"}\\n      \\t// when showing all traffic, and hovering over a country,\\n      \\t// highlight the traffic from that country.\\n      \\tstrokeOpacity: {\\n        \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\\n      \\t}\\n      \\t// Ensure that the hover-selected edges show on top\\n      \\tzindex: {\\n        \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\n      \\t}\\n      \\t// format tooltip string\\n      \\ttooltip: {\\n        \\tsignal: datum.stk1 + ' → ' + datum.stk2 + '\\t' + format(datum.size, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\n      \\t}\\n    \\t}\\n    \\t// Simple mouseover highlighting of a single line\\n    \\thover: {\\n      \\tstrokeOpacity: {value: 1}\\n    \\t}\\n  \\t}\\n\\t}\\n\\t{\\n  \\t// draw stack groups (countries)\\n  \\ttype: rect\\n  \\tname: groupMark\\n  \\tfrom: {data: \\\"groups\\\"}\\n  \\tencode: {\\n    \\tenter: {\\n      \\tfill: {scale: \\\"color\\\", field: \\\"grpId\\\"}\\n      \\twidth: {scale: \\\"x\\\", band: 1}\\n    \\t}\\n    \\tupdate: {\\n      \\tx: {scale: \\\"x\\\", field: \\\"stack\\\"}\\n      \\ty: {field: \\\"scaledY0\\\"}\\n      \\ty2: {field: \\\"scaledY1\\\"}\\n      \\tfillOpacity: {value: 0.6}\\n      \\ttooltip: {\\n        \\tsignal: datum.grpId + '   ' + format(datum.total, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\n      \\t}\\n    \\t}\\n    \\thover: {\\n      \\tfillOpacity: {value: 1}\\n    \\t}\\n  \\t}\\n\\t}\\n\\t{\\n  \\t// draw country code labels on the inner side of the stack\\n  \\ttype: text\\n  \\tfrom: {data: \\\"groups\\\"}\\n  \\t// don't process events for the labels - otherwise line mouseover is unclean\\n  \\tinteractive: false\\n  \\tencode: {\\n    \\tupdate: {\\n      \\t// depending on which stack it is, position x with some padding\\n      \\tx: {\\n        \\tsignal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\n      \\t}\\n      \\t// middle of the group\\n      \\tyc: {signal: \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"}\\n      \\talign: {signal: \\\"datum.rightLabel ? 'left' : 'right'\\\"}\\n      \\tbaseline: {value: \\\"middle\\\"}\\n      \\tfontWeight: {value: \\\"bold\\\"}\\n      \\t// only show text label if the group's height is large enough\\n      \\ttext: {signal: \\\"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\\\"}\\n    \\t}\\n  \\t}\\n\\t}\\n\\t{\\n  \\t// Create a \\\"show all\\\" button. Shown only when a country is selected.\\n  \\ttype: group\\n  \\tdata: [\\n    \\t// We need to make the button show only when groupSelector signal is true.\\n    \\t// Each mark is drawn as many times as there are elements in the backing data.\\n    \\t// Which means that if values list is empty, it will not be drawn.\\n    \\t// Here I create a data source with one empty object, and filter that list\\n    \\t// based on the signal value. This can only be done in a group.\\n    \\t{\\n      \\tname: dataForShowAll\\n      \\tvalues: [{}]\\n      \\ttransform: [{type: \\\"filter\\\", expr: \\\"groupSelector\\\"}]\\n    \\t}\\n  \\t]\\n  \\t// Set button size and positioning\\n  \\tencode: {\\n    \\tenter: {\\n      \\txc: {signal: \\\"width/2\\\"}\\n      \\ty: {value: 30}\\n      \\twidth: {value: 80}\\n      \\theight: {value: 30}\\n    \\t}\\n  \\t}\\n  \\tmarks: [\\n    \\t{\\n      \\t// This group is shown as a button with rounded corners.\\n      \\ttype: group\\n      \\t// mark name allows signal capturing\\n      \\tname: groupReset\\n      \\t// Only shows button if dataForShowAll has values.\\n      \\tfrom: {data: \\\"dataForShowAll\\\"}\\n      \\tencode: {\\n        \\tenter: {\\n          \\tcornerRadius: {value: 6}\\n          \\tfill: {value: \\\"#F5F7FA\\\"}\\n          \\tstroke: {value: \\\"#c1c1c1\\\"}\\n          \\tstrokeWidth: {value: 2}\\n          \\t// use parent group's size\\n          \\theight: {\\n            \\tfield: {group: \\\"height\\\"}\\n          \\t}\\n          \\twidth: {\\n            \\tfield: {group: \\\"width\\\"}\\n          \\t}\\n        \\t}\\n        \\tupdate: {\\n          \\t// groups are transparent by default\\n          \\topacity: {value: 1}\\n        \\t}\\n        \\thover: {\\n          \\topacity: {value: 0.7}\\n        \\t}\\n      \\t}\\n      \\tmarks: [\\n        \\t{\\n          \\ttype: text\\n          \\t// if true, it will prevent clicking on the button when over text.\\n          \\tinteractive: false\\n          \\tencode: {\\n            \\tenter: {\\n              \\t// center text in the paren group\\n              \\txc: {\\n                \\tfield: {group: \\\"width\\\"}\\n                \\tmult: 0.5\\n              \\t}\\n              \\tyc: {\\n                \\tfield: {group: \\\"height\\\"}\\n                \\tmult: 0.5\\n                \\toffset: 2\\n              \\t}\\n              \\talign: {value: \\\"center\\\"}\\n              \\tbaseline: {value: \\\"middle\\\"}\\n              \\tfontWeight: {value: \\\"bold\\\"}\\n              \\ttext: {value: \\\"Show All\\\"}\\n            \\t}\\n          \\t}\\n        \\t}\\n      \\t]\\n    \\t}\\n  \\t]\\n\\t}\\n  ]\\n  signals: [\\n\\t{\\n  \\t// used to highlight traffic to/from the same country\\n  \\tname: groupHover\\n  \\tvalue: {}\\n  \\ton: [\\n    \\t{\\n      \\tevents: @groupMark:mouseover\\n      \\tupdate: \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n    \\t}\\n    \\t{events: \\\"mouseout\\\", update: \\\"{}\\\"}\\n  \\t]\\n\\t}\\n\\t// used to filter only the data related to the selected country\\n\\t{\\n  \\tname: groupSelector\\n  \\tvalue: false\\n  \\ton: [\\n    \\t{\\n      \\t// Clicking groupMark sets this signal to the filter values\\n      \\tevents: @groupMark:click!\\n      \\tupdate: \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n    \\t}\\n    \\t{\\n      \\t// Clicking \\\"show all\\\" button, or double-clicking anywhere resets it\\n      \\tevents: [\\n        \\t{type: \\\"click\\\", markname: \\\"groupReset\\\"}\\n        \\t{type: \\\"dblclick\\\"}\\n      \\t]\\n      \\tupdate: \\\"false\\\"\\n    \\t}\\n  \\t]\\n\\t}\\n  ]\\n}\\n\"}}"},"id":"69c857b0-f5e4-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"576bb580-f3b9-11ee-ac0d-035f63514f06","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"576bb580-f3b9-11ee-ac0d-035f63514f06","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:50:20.409Z","version":"WzMyOCwxXQ=="}
+{"attributes":{"description":"Total Connections using Agg projection","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Total VPC Connections ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Total VPC Connections \",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_connections\",\"customLabel\":\"total count connections\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"59059230-fac6-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:20:29.907Z","version":"WzMwMywxXQ=="}
+{"attributes":{"description":"Get sum of requests status","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Requests By Status Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Requests By Status Type\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"status\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.status_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status Code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d65de390-fac6-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:24:00.201Z","version":"WzMwNSwxXQ=="}
+{"attributes":{"description":"VPC connections hourly agg count","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC connections hourly Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC connections hourly Count\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_connections\",\"customLabel\":\"Connections\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"interval_start_time\",\"timeRange\":{\"from\":\"2023-06-05T01:12:24.910Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Connections\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"63cd5120-fac7-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:28:04.437Z","version":"WzMwOCwxXQ=="}
+{"attributes":{"description":"VPC Id pie chart","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Id Pie Chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Id Pie Chart\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC Source Id\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.src-vpc_uid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VPC - Source Id\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c992a190-fac7-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:32:36.049Z","version":"WzMxNCwxXQ=="}
+{"attributes":{"description":"VPC total connection's hourly connections bytes summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Hourly Total Connection's Byte Sum","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Hourly Total Connection's Byte Sum\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"total bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"interval_start_time\",\"timeRange\":{\"from\":\"2023-05-02T01:19:45.232Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"total bytes\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"total bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"717bb540-fac8-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:35:29.939Z","version":"WzMxNSwxXQ=="}
+{"attributes":{"description":"VPC Hourly Total Connection's Packets summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Hourly Total Connection's Packets Sum","uiStateJSON":"{\"vis\":{\"colors\":{\"Packats Sum\":\"#7ba4cb\"}}}","version":1,"visState":"{\"title\":\"VPC Hourly Total Connection's Packets Sum\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_packets\",\"customLabel\":\"Packats Sum\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"interval_start_time\",\"timeRange\":{\"from\":\"2023-06-02T01:22:26.633Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Packats Sum\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Packats Sum\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"d9b9f4f0-fac8-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:38:34.222Z","version":"WzMxOCwxXQ=="}
+{"attributes":{"description":"VPC Summary of Connection's directions","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Connections Directions Chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Connections Directions Chart\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.flow-direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection Direction\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"3d283600-fac9-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:41:15.627Z","version":"WzMyMSwxXQ=="}
+{"attributes":{"description":"VPC Top Destination Addresses  (by count agg)","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrase\",\"key\":\"dstaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"dstaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Top Destination Addresses  ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Top Destination Addresses  \",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_count\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Address\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Requests\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Requests\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"c7a9f980-fac9-11ee-bcb2-63941cdc5839","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:45:04.024Z","version":"WzMyMywxXQ=="}
+{"attributes":{"description":"VPC Top Destinations By bytes summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Top Destinations By Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Top Destinations By Bytes\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Total Bytes\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"487d40d0-faca-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:48:50.336Z","version":"WzMyNiwxXQ=="}
+{"attributes":{"description":"IP source to destination heat map aggregation","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.srcaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.srcaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.dstaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.dstaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"IP HeatMap Summary","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"IP HeatMap Summary\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"group\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}]}}"},"id":"26926ee0-facb-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:54:57.007Z","version":"WzMzMSwxXQ=="}
+{"attributes":{"description":"VPC Top Source Services Summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-src-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-src-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Source Services Chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Source Services Chart\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Services\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-src-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Services\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d5279ec0-facc-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T02:07:05.138Z","version":"WzMzNSwxXQ=="}
+{"attributes":{"description":"VPC Top Destination Services Summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-dst-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-dst-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Top Destination Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Top Destination Services\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Services\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-dst-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Services\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"27a49040-facd-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T02:09:13.539Z","version":"WzMzNywxXQ=="}
+{"attributes":{"description":"Live VPC Logs Timeline","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Live VPC Logs TimeLine","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Live VPC Logs TimeLine\",\"type\":\"timelion\",\"aggs\":[],\"params\":{\"expression\":\".opensearch(index=flint_zero_etl_amazons3_default_vpc_integration_*)\",\"interval\":\"auto\"}}"},"id":"b4307ed0-fad1-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2024-04-15T02:41:47.325Z","version":"WzM0MSwxXQ=="}
+{"attributes":{"description":"VPC Flow Logs dashboard with basic Observability\n- using pre-aggregated auto sync MV's\n- using one week live vpc stream data","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"2.11.0\",\"gridData\":{\"h\":15,\"i\":\"5273b8b5-d2f3-4b60-9470-0602312dc7b0\",\"w\":48,\"x\":0,\"y\":94},\"panelIndex\":\"5273b8b5-d2f3-4b60-9470-0602312dc7b0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":30,\"i\":\"734bfb96-97b9-4b73-be67-ca2ea5e9f6c9\",\"w\":24,\"x\":0,\"y\":51},\"panelIndex\":\"734bfb96-97b9-4b73-be67-ca2ea5e9f6c9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":8,\"i\":\"ea6955a9-7954-4b25-86bb-9fd3d72505d7\",\"w\":11,\"x\":0,\"y\":0},\"panelIndex\":\"ea6955a9-7954-4b25-86bb-9fd3d72505d7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":10,\"i\":\"9b53600a-5b6b-4d73-a251-a9cd22ba74de\",\"w\":11,\"x\":0,\"y\":8},\"panelIndex\":\"9b53600a-5b6b-4d73-a251-a9cd22ba74de\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":18,\"i\":\"b964f5f7-7ee9-4127-90d7-bc305e1cb844\",\"w\":24,\"x\":11,\"y\":0},\"panelIndex\":\"b964f5f7-7ee9-4127-90d7-bc305e1cb844\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":18,\"i\":\"48598628-3542-4a1a-af34-80e6d2158fa3\",\"w\":13,\"x\":35,\"y\":0},\"panelIndex\":\"48598628-3542-4a1a-af34-80e6d2158fa3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":17,\"i\":\"5cf2eebd-f3c9-43c6-9b64-7b7ec8bbc5d9\",\"w\":24,\"x\":0,\"y\":18},\"panelIndex\":\"5cf2eebd-f3c9-43c6-9b64-7b7ec8bbc5d9\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"total bytes\":\"#a87691\"}}},\"panelRefName\":\"panel_6\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":17,\"i\":\"10f10c13-633b-4933-a653-0f0303b32f75\",\"w\":24,\"x\":24,\"y\":18},\"panelIndex\":\"10f10c13-633b-4933-a653-0f0303b32f75\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":16,\"i\":\"df9f5173-31a7-4cb3-b1b7-790e7f0c9deb\",\"w\":12,\"x\":0,\"y\":35},\"panelIndex\":\"df9f5173-31a7-4cb3-b1b7-790e7f0c9deb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":16,\"i\":\"e11f3a05-a229-408a-a6b5-cb935dc41442\",\"w\":17,\"x\":12,\"y\":35},\"panelIndex\":\"e11f3a05-a229-408a-a6b5-cb935dc41442\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"Requests\":\"#ca8eae\"}}},\"panelRefName\":\"panel_9\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":16,\"i\":\"6e7015b3-f04e-4ff4-884f-4698c60dff33\",\"w\":19,\"x\":29,\"y\":35},\"panelIndex\":\"6e7015b3-f04e-4ff4-884f-4698c60dff33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":15,\"i\":\"3f3f74b4-b151-43a3-a820-978712b8f7d1\",\"w\":24,\"x\":24,\"y\":51},\"panelIndex\":\"3f3f74b4-b151-43a3-a820-978712b8f7d1\",\"embeddableConfig\":{\"vis\":null},\"panelRefName\":\"panel_11\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":24,\"y\":66,\"w\":12,\"h\":15,\"i\":\"41210c02-f7c2-4ae9-8c6c-7f7323068896\"},\"panelIndex\":\"41210c02-f7c2-4ae9-8c6c-7f7323068896\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":36,\"y\":66,\"w\":12,\"h\":15,\"i\":\"749bf6dc-4ef1-4e95-916b-260baaff8c4a\"},\"panelIndex\":\"749bf6dc-4ef1-4e95-916b-260baaff8c4a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":81,\"w\":48,\"h\":13,\"i\":\"51896973-ef3d-4a2d-a811-4834abbdf829\"},\"panelIndex\":\"51896973-ef3d-4a2d-a811-4834abbdf829\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"AWS VPC Flow Logs Overview Flint Aligned","version":1},"id":"44ef8120-f954-11ee-ac0d-035f63514f06","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"ace5ba60-f3b9-11ee-bcb2-63941cdc5839","name":"panel_0","type":"search"},{"id":"69c857b0-f5e4-11ee-ac0d-035f63514f06","name":"panel_1","type":"visualization"},{"id":"59059230-fac6-11ee-a76d-adfe4df99235","name":"panel_2","type":"visualization"},{"id":"d65de390-fac6-11ee-a76d-adfe4df99235","name":"panel_3","type":"visualization"},{"id":"63cd5120-fac7-11ee-ac0d-035f63514f06","name":"panel_4","type":"visualization"},{"id":"c992a190-fac7-11ee-ac0d-035f63514f06","name":"panel_5","type":"visualization"},{"id":"717bb540-fac8-11ee-a76d-adfe4df99235","name":"panel_6","type":"visualization"},{"id":"d9b9f4f0-fac8-11ee-a76d-adfe4df99235","name":"panel_7","type":"visualization"},{"id":"3d283600-fac9-11ee-ac0d-035f63514f06","name":"panel_8","type":"visualization"},{"id":"c7a9f980-fac9-11ee-bcb2-63941cdc5839","name":"panel_9","type":"visualization"},{"id":"487d40d0-faca-11ee-ac0d-035f63514f06","name":"panel_10","type":"visualization"},{"id":"26926ee0-facb-11ee-a76d-adfe4df99235","name":"panel_11","type":"visualization"},{"id":"d5279ec0-facc-11ee-ac0d-035f63514f06","name":"panel_12","type":"visualization"},{"id":"27a49040-facd-11ee-ac0d-035f63514f06","name":"panel_13","type":"visualization"},{"id":"b4307ed0-fad1-11ee-a76d-adfe4df99235","name":"panel_14","type":"visualization"}],"type":"dashboard","updated_at":"2024-04-15T02:42:17.764Z","version":"WzM0MiwxXQ=="}
+{"exportedCount":18,"missingRefCount":0,"missingReferences":[]}
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/create_mv_vpc-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/create_mv_vpc-1.0.0.sql
index 9395663853..e69de29bb2 100644
--- a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/create_mv_vpc-1.0.0.sql
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/create_mv_vpc-1.0.0.sql
@@ -1,30 +0,0 @@
-CREATE MATERIALIZED VIEW {table_name}__mview AS
-    SELECT
-        CAST(FROM_UNIXTIME(start) AS TIMESTAMP) as `@timestamp`,
-        version as `aws.vpc.version`,
-        account_id as `aws.vpc.account-id`,
-        interface_id as `aws.vpc.interface-id`,
-        srcaddr as `aws.vpc.srcaddr`,
-        dstaddr as `aws.vpc.dstaddr`,
-        CAST(srcport AS LONG) as `aws.vpc.srcport`,
-        CAST(dstport AS LONG) as `aws.vpc.dstport`,
-        protocol as `aws.vpc.protocol`,
-        CAST(packets AS LONG) as `aws.vpc.packets`,
-        CAST(bytes AS LONG) as `aws.vpc.bytes`,
-        CAST(FROM_UNIXTIME(start) AS TIMESTAMP) as `aws.vpc.start`,
-        CAST(FROM_UNIXTIME(end) AS TIMESTAMP) as `aws.vpc.end`,
-        action as `aws.vpc.action`,
-        log_status as `aws.vpc.log-status`,
-        CASE
-          WHEN regexp(dstaddr, '(10\\..*)|(192\\.168\\..*)|(172\\.1[6-9]\\..*)|(172\\.2[0-9]\\..*)|(172\\.3[0-1]\\.*)')
-            THEN 'ingress'
-          ELSE 'egress'
-        END AS `aws.vpc.flow-direction`
-FROM
-    {table_name}
-WITH (
-    auto_refresh = 'true',
-    checkpoint_location = '{s3_checkpoint_location}',
-    watermark_delay = '1 Minute',
-    extra_options = '{ "{table_name}": { "maxFilesPerTrigger": "10" }}'
-)
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/create_table_parquet_vpc-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/create_table_parquet_vpc-1.0.0.sql
new file mode 100644
index 0000000000..30e5091314
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/create_table_parquet_vpc-1.0.0.sql
@@ -0,0 +1,62 @@
+CREATE EXTERNAL TABLE IF NOT EXISTS {table_name} (
+  cloud STRUCT<
+    account_uid: STRING,
+    region: STRING,
+    zone: STRING,
+    provider: STRING
+  >,
+  src_endpoint STRUCT<
+    port: INT,
+    svc_name: STRING,
+    ip: STRING,
+    intermediate_ips: ARRAY<STRING>,
+    interface_uid: STRING,
+    vpc_uid: STRING,
+    instance_uid: STRING,
+    subnet_uid: STRING
+  >,
+  dst_endpoint STRUCT<
+    port: INT,
+    svc_name: STRING,
+    ip: STRING,
+    intermediate_ips: ARRAY<STRING>,
+    interface_uid: STRING,
+    vpc_uid: STRING,
+    instance_uid: STRING,
+    subnet_uid: STRING
+  >,
+  connection_info STRUCT<
+    protocol_num: INT,
+    tcp_flags: INT,
+    protocol_ver: STRING,
+    boundary_id: INT,
+    boundary: STRING,
+    direction_id: INT,
+    direction: STRING
+  >,
+  traffic STRUCT<
+    packets: BIGINT,
+    bytes: BIGINT
+  >,
+  time BIGINT,
+  start_time BIGINT,
+  end_time BIGINT,
+  status_code STRING,
+  severity_id INT,
+  severity STRING,
+  class_name STRING,
+  class_uid INT,
+  category_name STRING,
+  category_uid INT,
+  activity_name STRING,
+  activity_id INT,
+  disposition STRING,
+  disposition_id INT,
+  type_uid INT,
+  type_name STRING,
+  region STRING,
+  accountid STRING,
+  eventday STRING
+)
+USING json
+LOCATION '{s3_bucket_location}'
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_30min_connections_mv-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_30min_connections_mv-1.0.0.sql
new file mode 100644
index 0000000000..d1033782e1
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_30min_connections_mv-1.0.0.sql
@@ -0,0 +1,32 @@
+CREATE MATERIALIZED VIEW IF NOT EXISTS {table_name}__agg_30_min_connections_mview AS
+  SELECT
+    CAST(from_unixtime(CAST((start_time / 1000) AS BIGINT) DIV 1800 * 1800) AS TIMESTAMP) AS interval_start_time,
+    CAST(from_unixtime((CAST((start_time / 1000) AS BIGINT) DIV 1800 * 1800) + 1799) AS TIMESTAMP) AS interval_end_time,
+
+    status_code as `aws.vpc.status_code`,
+    CAST(IFNULL(connection_info['direction'], 'Unknown') AS STRING) AS `aws.vpc.connection.direction`,
+    CAST(IFNULL(src_endpoint.svc_name, 'Unknown') AS STRING) AS `aws.vpc.pkt-src-aws-service`,
+    CAST(IFNULL(dst_endpoint.svc_name, 'Unknown') AS STRING) AS `aws.vpc.pkt-dst-aws-service`,
+
+    accountid as `aws.vpc.account-id`,
+    region as `aws.vpc.region`,
+
+    COUNT(*) AS total_connections,
+    SUM(CAST(IFNULL(traffic.bytes, 0) AS LONG)) AS total_bytes,
+    SUM(CAST(IFNULL(traffic.packets, 0) AS LONG)) AS total_packets
+  FROM
+    {table_name}
+  GROUP BY
+    CAST((start_time / 1000) AS BIGINT) DIV 1800 * 1800,
+    region,
+    accountid,
+    status_code,
+    src_endpoint.svc_name,
+    dst_endpoint.svc_name,
+    connection_info['direction']
+  ORDER BY
+    interval_start_time
+WITH (
+  auto_refresh = false
+)
+
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_30min_connections_refresh-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_30min_connections_refresh-1.0.0.sql
new file mode 100644
index 0000000000..fd1a0c7c29
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_30min_connections_refresh-1.0.0.sql
@@ -0,0 +1 @@
+REFRESH MATERIALIZED VIEW {table_name}__agg_30_min_connections_mview
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_60min_connections_mv-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_60min_connections_mv-1.0.0.sql
new file mode 100644
index 0000000000..e7a30dc159
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_60min_connections_mv-1.0.0.sql
@@ -0,0 +1,32 @@
+CREATE MATERIALIZED VIEW IF NOT EXISTS {table_name}__agg_60_min_connections_mview AS
+  SELECT
+    date_trunc('hour', from_unixtime(start_time / 1000)) AS interval_start_time,
+    date_trunc('hour', from_unixtime(start_time / 1000)) + INTERVAL 1 HOUR AS interval_end_time,
+
+    status_code as `aws.vpc.status_code`,
+    CAST(IFNULL(connection_info['direction'], 'Unknown') AS STRING)  AS `aws.vpc.connection.direction`,
+    CAST(IFNULL(src_endpoint.svc_name, 'Unknown') AS STRING)  AS `aws.vpc.pkt-src-aws-service`,
+    CAST(IFNULL(dst_endpoint.svc_name, 'Unknown') AS STRING) AS `aws.vpc.pkt-dst-aws-service`,
+
+    accountid as `aws.vpc.account-id`,
+    region as `aws.vpc.region`,
+
+    COUNT(*) AS total_connections,
+    SUM(CAST(IFNULL(traffic.bytes, 0) AS LONG)) AS total_bytes,
+    SUM(CAST(IFNULL(traffic.packets, 0) AS LONG)) AS total_packets
+  FROM
+    {table_name}
+  GROUP BY
+    date_trunc('hour', from_unixtime(start_time / 1000)),
+    region,
+    accountid,
+    status_code,
+    src_endpoint.svc_name,
+    dst_endpoint.svc_name,
+    connection_info['direction']
+  ORDER BY
+    interval_start_time
+WITH (
+  auto_refresh = false
+)
+
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_60min_connections_refresh-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_60min_connections_refresh-1.0.0.sql
new file mode 100644
index 0000000000..81c56a63d7
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_agg_60min_connections_refresh-1.0.0.sql
@@ -0,0 +1 @@
+REFRESH MATERIALIZED VIEW {table_name}__agg_60_min_connections_mview
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_live_all_mv-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_live_all_mv-1.0.0.sql
new file mode 100644
index 0000000000..2fef3dba36
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_live_all_mv-1.0.0.sql
@@ -0,0 +1,62 @@
+CREATE MATERIALIZED VIEW {table_name}__week_live_mview AS
+  SELECT
+    cloud.account_uid AS `aws.vpc.cloud_account_uid`,
+    cloud.region AS `aws.vpc.cloud_region`,
+    cloud.zone AS `aws.vpc.cloud_zone`,
+    cloud.provider AS `aws.vpc.cloud_provider`,
+
+    CAST(IFNULL(src_endpoint.port, 0) AS LONG) AS `aws.vpc.srcport`,
+    CAST(IFNULL(src_endpoint.svc_name, 'Unknown') AS STRING)  AS `aws.vpc.pkt-src-aws-service`,
+    CAST(IFNULL(src_endpoint.ip, '0.0.0.0') AS STRING)  AS `aws.vpc.srcaddr`,
+    CAST(IFNULL(src_endpoint.interface_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-interface_uid`,
+    CAST(IFNULL(src_endpoint.vpc_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-vpc_uid`,
+    CAST(IFNULL(src_endpoint.instance_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-instance_uid`,
+    CAST(IFNULL(src_endpoint.subnet_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-subnet_uid`,
+
+    CAST(IFNULL(dst_endpoint.port, 0) AS LONG) AS `aws.vpc.dstport`,
+    CAST(IFNULL(dst_endpoint.svc_name, 'Unknown') AS STRING) AS `aws.vpc.pkt-dst-aws-service`,
+    CAST(IFNULL(dst_endpoint.ip, '0.0.0.0') AS STRING)  AS `aws.vpc.dstaddr`,
+    CAST(IFNULL(dst_endpoint.interface_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-interface_uid`,
+    CAST(IFNULL(dst_endpoint.vpc_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-vpc_uid`,
+    CAST(IFNULL(dst_endpoint.instance_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-instance_uid`,
+    CAST(IFNULL(dst_endpoint.subnet_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-subnet_uid`,
+    CASE
+      WHEN regexp(dst_endpoint.ip, '(10\\..*)|(192\\.168\\..*)|(172\\.1[6-9]\\..*)|(172\\.2[0-9]\\..*)|(172\\.3[0-1]\\.*)')
+        THEN 'ingress'
+      ELSE 'egress'
+      END AS `aws.vpc.flow-direction`,
+
+    CAST(IFNULL(connection_info['protocol_num'], 0) AS INT) AS `aws.vpc.connection.protocol_num`,
+    CAST(IFNULL(connection_info['tcp_flags'], '0') AS STRING)  AS `aws.vpc.connection.tcp_flags`,
+    CAST(IFNULL(connection_info['protocol_ver'], '0') AS STRING)  AS `aws.vpc.connection.protocol_ver`,
+    CAST(IFNULL(connection_info['boundary'], 'Unknown') AS STRING)  AS `aws.vpc.connection.boundary`,
+    CAST(IFNULL(connection_info['direction'], 'Unknown') AS STRING)  AS `aws.vpc.connection.direction`,
+
+    CAST(IFNULL(traffic.packets, 0) AS LONG) AS `aws.vpc.packets`,
+    CAST(IFNULL(traffic.bytes, 0) AS LONG) AS `aws.vpc.bytes`,
+
+    CAST(FROM_UNIXTIME(time / 1000) AS TIMESTAMP) AS `@timestamp`,
+    CAST(FROM_UNIXTIME(start_time / 1000) AS TIMESTAMP) AS `start_time`,
+    CAST(FROM_UNIXTIME(start_time / 1000) AS TIMESTAMP) AS `interval_start_time`,
+    CAST(FROM_UNIXTIME(end_time / 1000) AS TIMESTAMP) AS `end_time`,
+    status_code AS `aws.vpc.status_code`,
+
+    severity AS `aws.vpc.severity`,
+    class_name AS `aws.vpc.class_name`,
+    category_name AS `aws.vpc.category_name`,
+    activity_name AS `aws.vpc.activity_name`,
+    disposition AS `aws.vpc.disposition`,
+    type_name AS `aws.vpc.type_name`,
+
+    region AS `aws.vpc.region`,
+    accountid AS `aws.vpc.account-id`
+  FROM
+    {table_name}
+WITH (
+  auto_refresh = true,
+  refresh_interval = '1 Minute',
+  checkpoint_location = '{s3_checkpoint_location}',
+  watermark_delay = '10 Second',
+  extra_options = '{ "{table_name}": { "maxFilesPerTrigger": "10" }}'
+)
+
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_live_week_mv-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_live_week_mv-1.0.0.sql
new file mode 100644
index 0000000000..170a9b1276
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_live_week_mv-1.0.0.sql
@@ -0,0 +1,61 @@
+CREATE MATERIALIZED VIEW {table_name}__week_live_mview AS
+  SELECT
+    cloud.account_uid AS `aws.vpc.cloud_account_uid`,
+    cloud.region AS `aws.vpc.cloud_region`,
+    cloud.zone AS `aws.vpc.cloud_zone`,
+    cloud.provider AS `aws.vpc.cloud_provider`,
+
+    CAST(IFNULL(src_endpoint.port, 0) AS LONG) AS `aws.vpc.srcport`,
+    CAST(IFNULL(src_endpoint.svc_name, 'Unknown') AS STRING)  AS `aws.vpc.pkt-src-aws-service`,
+    CAST(IFNULL(src_endpoint.ip, '0.0.0.0') AS STRING)  AS `aws.vpc.srcaddr`,
+    CAST(IFNULL(src_endpoint.interface_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-interface_uid`,
+    CAST(IFNULL(src_endpoint.vpc_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-vpc_uid`,
+    CAST(IFNULL(src_endpoint.instance_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-instance_uid`,
+    CAST(IFNULL(src_endpoint.subnet_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-subnet_uid`,
+
+    CAST(IFNULL(dst_endpoint.port, 0) AS LONG) AS `aws.vpc.dstport`,
+    CAST(IFNULL(dst_endpoint.svc_name, 'Unknown') AS STRING) AS `aws.vpc.pkt-dst-aws-service`,
+    CAST(IFNULL(dst_endpoint.ip, '0.0.0.0') AS STRING)  AS `aws.vpc.dstaddr`,
+    CAST(IFNULL(dst_endpoint.interface_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-interface_uid`,
+    CAST(IFNULL(dst_endpoint.vpc_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-vpc_uid`,
+    CAST(IFNULL(dst_endpoint.instance_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-instance_uid`,
+    CAST(IFNULL(dst_endpoint.subnet_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-subnet_uid`,
+    CASE
+      WHEN regexp(dst_endpoint.ip, '(10\\..*)|(192\\.168\\..*)|(172\\.1[6-9]\\..*)|(172\\.2[0-9]\\..*)|(172\\.3[0-1]\\.*)')
+        THEN 'ingress'
+      ELSE 'egress'
+      END AS `aws.vpc.flow-direction`,
+
+    CAST(IFNULL(connection_info['protocol_num'], 0) AS INT) AS `aws.vpc.connection.protocol_num`,
+    CAST(IFNULL(connection_info['tcp_flags'], '0') AS STRING)  AS `aws.vpc.connection.tcp_flags`,
+    CAST(IFNULL(connection_info['protocol_ver'], '0') AS STRING)  AS `aws.vpc.connection.protocol_ver`,
+    CAST(IFNULL(connection_info['boundary'], 'Unknown') AS STRING)  AS `aws.vpc.connection.boundary`,
+    CAST(IFNULL(connection_info['direction'], 'Unknown') AS STRING)  AS `aws.vpc.connection.direction`,
+
+    CAST(IFNULL(traffic.packets, 0) AS LONG) AS `aws.vpc.packets`,
+    CAST(IFNULL(traffic.bytes, 0) AS LONG) AS `aws.vpc.bytes`,
+
+    CAST(FROM_UNIXTIME(time / 1000) AS TIMESTAMP) AS `@timestamp`,
+    CAST(FROM_UNIXTIME(start_time / 1000) AS TIMESTAMP) AS `start_time`,
+    CAST(FROM_UNIXTIME(start_time / 1000) AS TIMESTAMP) AS `interval_start_time`,
+    CAST(FROM_UNIXTIME(end_time / 1000) AS TIMESTAMP) AS `end_time`,
+    status_code AS `aws.vpc.status_code`,
+
+    severity AS `aws.vpc.severity`,
+    class_name AS `aws.vpc.class_name`,
+    category_name AS `aws.vpc.category_name`,
+    activity_name AS `aws.vpc.activity_name`,
+    disposition AS `aws.vpc.disposition`,
+    type_name AS `aws.vpc.type_name`,
+
+    region AS `aws.vpc.region`,
+    accountid AS `aws.vpc.account-id`
+  FROM
+    {table_name},
+    (SELECT MAX(CAST(FROM_UNIXTIME(start_time / 1000) AS TIMESTAMP)) AS max_start_time FROM {table_name}) AS latest
+  WHERE
+      CAST(FROM_UNIXTIME(start_time / 1000) AS TIMESTAMP) >= DATE_SUB(latest.max_start_time, 7)
+WITH (
+  auto_refresh = false
+)
+
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_live_week_refresh-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_live_week_refresh-1.0.0.sql
new file mode 100644
index 0000000000..dd0580eaa8
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_live_week_refresh-1.0.0.sql
@@ -0,0 +1 @@
+REFRESH MATERIALIZED VIEW {table_name}__week_live_mview
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_cardinality_mv-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_cardinality_mv-1.0.0.sql
new file mode 100644
index 0000000000..24d3519dc9
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_cardinality_mv-1.0.0.sql
@@ -0,0 +1,36 @@
+CREATE MATERIALIZED VIEW IF NOT EXISTS {table_name}__window_agg_60_min_network_ip_bytes_mview AS
+WITH hourly_buckets AS (
+  SELECT
+    date_trunc('hour', from_unixtime(start_time / 1000)) AS interval_start_time,
+    CAST(IFNULL(dst_endpoint.ip, '0.0.0.0') AS STRING)  AS dstaddr,
+    SUM(CAST(IFNULL(traffic.bytes, 0) AS LONG)) AS total_bytes
+  FROM
+    {table_name}
+  GROUP BY
+    interval_start_time,
+    dstaddr
+),
+ranked_addresses AS (
+  SELECT
+    CAST(interval_start_time  AS TIMESTAMP),
+    dstaddr,
+    total_bytes,
+    RANK() OVER (PARTITION BY interval_start_time ORDER BY total_bytes DESC) AS bytes_rank
+  FROM
+    hourly_buckets
+)
+SELECT
+  CAST(interval_start_time  AS TIMESTAMP),
+  dstaddr,
+  total_bytes
+FROM
+  ranked_addresses
+WHERE
+    bytes_rank <= 50
+ORDER BY
+  interval_start_time ASC,
+  bytes_rank ASC
+WITH (
+  auto_refresh = false
+)
+
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_cardinality_refresh-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_cardinality_refresh-1.0.0.sql
new file mode 100644
index 0000000000..5f2eca3b6a
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_cardinality_refresh-1.0.0.sql
@@ -0,0 +1 @@
+REFRESH MATERIALIZED VIEW {table_name}__window_agg_60_min_network_ip_bytes_mview
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_total-bytes_mv-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_total-bytes_mv-1.0.0.sql
new file mode 100644
index 0000000000..f68d09c371
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_total-bytes_mv-1.0.0.sql
@@ -0,0 +1,36 @@
+CREATE MATERIALIZED VIEW IF NOT EXISTS {table_name}__window_agg_60_min_network_ip_cardinality_mview AS
+WITH hourly_buckets AS (
+    SELECT
+      date_trunc('hour', from_unixtime(start_time / 1000)) AS interval_start_time,
+      CAST(IFNULL(dst_endpoint.ip, '0.0.0.0') AS STRING)  AS dstaddr,
+      COUNT(*) AS total_count
+   FROM
+      {table_name}
+    GROUP BY
+      interval_start_time,
+      dstaddr
+  ),
+  ranked_addresses AS (
+    SELECT
+      CAST(interval_start_time  AS TIMESTAMP),
+      dstaddr,
+      total_count,
+      RANK() OVER (PARTITION BY interval_start_time ORDER BY total_count DESC) AS addr_rank
+    FROM
+      hourly_buckets
+  )
+  SELECT
+    CAST(interval_start_time  AS TIMESTAMP),
+    dstaddr,
+    total_count
+  FROM
+    ranked_addresses
+  WHERE
+      addr_rank <= 50
+  ORDER BY
+    interval_start_time ASC,
+    addr_rank ASC
+WITH (
+  auto_refresh = false
+)
+
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_total-bytes_refresh-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_total-bytes_refresh-1.0.0.sql
new file mode 100644
index 0000000000..8d640058af
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/assets/vpc_window-agg_60min_dest_ip_total-bytes_refresh-1.0.0.sql
@@ -0,0 +1 @@
+REFRESH MATERIALIZED VIEW {table_name}__window_agg_60_min_network_ip_cardinality_mview
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/aws_vpc_flow-1.0.0.json b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/aws_vpc_flow-1.0.0.json
index 11f5132931..5862571ce5 100644
--- a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/aws_vpc_flow-1.0.0.json
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/aws_vpc_flow-1.0.0.json
@@ -20,6 +20,24 @@
       "label": "Dashboards & Visualizations",
       "description": "Dashboards and indices that enable you to easily visualize important metrics.",
       "enabled_by_default": false
+    },
+    {
+      "name": "flint-live-dashboards",
+      "label": "Dashboards & Visualizations For Flint Integrations using live queries",
+      "description": "Dashboards and visualizations aligned with Flint S3 datasource ",
+      "enabled_by_default": false
+    },
+    {
+      "name": "flint-pre-agg-dashboards",
+      "label": "Dashboards & Visualizations For Flint Integrations using pre-aggregated queries",
+      "description": "This step creates the MV pre-aggregated queries without running them, in order to actually update their data select the following `flint-pre-agg-refresh` workflow option ",
+      "enabled_by_default": false
+    },
+    {
+      "name": "flint-pre-agg-refresh",
+      "label": "Refreshing and populate the pre-aggregated projections ",
+      "description": "This step populate the pre-aggregated projections by enabling the REFRESH command to run, this step depends on selection of the previous `flint-pre-agg-dashboards` step",
+      "enabled_by_default": false
     }
   ],
   "statics": {
@@ -65,17 +83,90 @@
       "workflows": ["dashboards"]
     },
     {
-      "name": "create_table_vpc",
+      "name": "aws_vpc_flow_flint-live",
+      "version": "1.0.0",
+      "extension": "ndjson",
+      "type": "savedObjectBundle",
+      "workflows": ["flint-live-dashboards"]
+    },
+    {
+      "name": "aws_vpc_flow_flint-pre_agg",
+      "version": "1.0.0",
+      "extension": "ndjson",
+      "type": "savedObjectBundle",
+      "workflows": ["flint-pre-agg-dashboards"]
+    },
+
+    {
+      "name": "create_table_parquet_vpc",
       "version": "1.0.0",
       "extension": "sql",
-      "type": "query"
+      "type": "query",
+      "workflows": ["flint-live-dashboards","flint-pre-agg-dashboards"]
     },
     {
-      "name": "create_mv_vpc",
+      "name": "vpc_live_all_mv",
       "version": "1.0.0",
       "extension": "sql",
       "type": "query",
-      "workflows": ["dashboards"]
+      "workflows": ["flint-live-dashboards"]
+    },
+    {
+      "name": "vpc_live_week_mv",
+      "version": "1.0.0",
+      "extension": "sql",
+      "type": "query",
+      "workflows": ["flint-pre-agg-dashboards"]
+    },
+    {
+      "name": "vpc_agg_60min_connections_mv",
+      "version": "1.0.0",
+      "extension": "sql",
+      "type": "query",
+      "workflows": ["flint-pre-agg-dashboards"]
+    },
+    {
+      "name": "vpc_window-agg_60min_dest_ip_cardinality_mv",
+      "version": "1.0.0",
+      "extension": "sql",
+      "type": "query",
+      "workflows": ["flint-pre-agg-dashboards"]
+    },
+    {
+      "name": "vpc_window-agg_60min_dest_ip_total-bytes_mv",
+      "version": "1.0.0",
+      "extension": "sql",
+      "type": "query",
+      "workflows": ["flint-pre-agg-dashboards"]
+    },
+
+    {
+      "name": "vpc_live_week_refresh",
+      "version": "1.0.0",
+      "extension": "sql",
+      "type": "query",
+      "workflows": ["flint-pre-agg-refresh"]
+    },
+    {
+      "name": "vpc_agg_60min_connections_refresh",
+      "version": "1.0.0",
+      "extension": "sql",
+      "type": "query",
+      "workflows": ["flint-pre-agg-refresh"]
+    },
+    {
+      "name": "vpc_window-agg_60min_dest_ip_cardinality_refresh",
+      "version": "1.0.0",
+      "extension": "sql",
+      "type": "query",
+      "workflows": ["flint-pre-agg-refresh"]
+    },
+    {
+      "name": "vpc_window-agg_60min_dest_ip_total-bytes_refresh",
+      "version": "1.0.0",
+      "extension": "sql",
+      "type": "query",
+      "workflows": ["flint-pre-agg-refresh"]
     }
   ],
   "sampleData": {
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/info/Flint-Integration.md b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/info/Flint-Integration.md
new file mode 100644
index 0000000000..c1db1c4b8f
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/info/Flint-Integration.md
@@ -0,0 +1,648 @@
+# VPC Flow Integration
+
+Amazon Virtual Private Cloud flow logs capture information about the IP traffic going to and from network interfaces in a VPC. Use the logs to investigate network traffic patterns and identify threats and risks across your VPC network.
+
+OpenSearch integrations offers a schematic support for AWS VPC flow based on the OpenTelemetry specifications.
+
+*`The following steps describe the entire procedure for publishing, ingestion, transformation and projection of the data into a meaningful and insightful manner.`*
+
+## Ingestion
+
+#### Publish flow logs to Amazon S3
+
+Flow logs can publish flow log data to Amazon S3.
+When publishing to Amazon S3, flow log data is published to an existing Amazon S3 bucket that you specify. Flow log records for all of the monitored network interfaces are published to a series of log file objects that are stored in the bucket. If the flow log captures data for a VPC, the flow log publishes flow log records for all of the network interfaces in the selected VPC.
+
+#### Files Format
+
+VPC Flow Logs collects flow log records, consolidates them into log files, and then publishes the log files to the Amazon S3 bucket at 5-minute intervals. Each log file contains flow log records for the IP traffic recorded in the previous five minutes.
+The maximum file size for a log file is 75 MB. If the log file reaches the file size limit within the 5-minute period, the flow log stops adding flow log records to it. Then it publishes the flow log to the Amazon S3 bucket, and creates a new log file.
+In Amazon S3, the **Last modified** field for the flow log file indicates the date and time at which the file was uploaded to the Amazon S3 bucket. This is later than the timestamp in the file name, and differs by the amount of time taken to upload the file to the Amazon S3 bucket.
+
+**Log file format**
+
+* **Text** – Plain text. This is the default format.
+* **Parquet** – Apache Parquet is a columnar data format. Queries on data in Parquet format are 10 to 100 times faster compared to queries on data in plain text. Data in Parquet format with Gzip compression takes 20 percent less storage space than plain text with Gzip compression.
+
+
+**Log file options:**
+
+**Hive-compatible S3 prefixes** – Enable Hive-compatible prefixes instead of importing partitions into your Hive-compatible tools. Before you run queries, use the **MSCK REPAIR TABLE** command.
+
+**Hourly partitions** – If you have a large volume of logs and typically target queries to a specific hour, you can get faster results and save on query costs by partitioning logs on an hourly basis.
+
+By default, the files are delivered to the following location.
+
+```
+bucket-and-optional-prefix/AWSLogs/account_id/vpcflowlogs/region/year/month/day/
+```
+
+If you enable Hive-compatible S3 prefixes, the files are delivered to the following location.
+
+```
+bucket-and-optional-prefix/AWSLogs/aws-account-id=account_id/aws-service=vpcflowlogs/aws-region=region/year=year/month=month/day=day/
+```
+
+If you enable hourly partitions, the files are delivered to the following location.
+
+```
+bucket-and-optional-prefix/AWSLogs/account_id/vpcflowlogs/region/year/month/day/hour/
+```
+
+If you enable Hive-compatible partitions and partition the flow log per hour, the files are delivered to the following location.
+
+```
+bucket-and-optional-prefix/AWSLogs/aws-account-id=account_id/aws-service=vpcflowlogs/aws-region=region/year=year/month=month/day=day/hour=hour/
+```
+
+**Log file names**
+The file name of a log file is based on the flow log ID, Region, and creation date and time. File names use the following format.
+
+```
+aws_account_id_vpcflowlogs_region_flow_log_id_YYYYMMDDTHHmmZ_hash.log.gz
+```
+
+* * *
+
+## Table Definition
+
+#### Create Table VPC flow logs
+
+The following statement creates an Amazon VPC table definition for Amazon VPC flow logs.
+When you create a flow log with a custom format, you create a table with fields that match the fields that you specified when you created the flow log in the same order that you specified them.
+
+Enter a DDL statement like the following into the OpenSearch workbench query editor:
+
+The next statement creates a table that has the columns for Amazon VPC flow logs versions 2 through 5 as documented in [Flow log records](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records). If you use a different set of columns or order of columns, modify the statement accordingly.
+
+```
+CREATE EXTERNAL TABLE IF NOT EXISTS `vpc_flow_logs` (
+  version int,
+  account_id string,
+  interface_id string,
+  srcaddr string,
+  dstaddr string,
+  srcport int,
+  dstport int,
+  protocol bigint,
+  packets bigint,
+  bytes bigint,
+  start bigint,
+  `end` bigint,
+  action string,
+  log_status string,
+  vpc_id string,
+  subnet_id string,
+  instance_id string,
+  tcp_flags int,
+  type string,
+  pkt_srcaddr string,
+  pkt_dstaddr string,
+  region string,
+  az_id string,
+  sublocation_type string,
+  sublocation_id string,
+  pkt_src_aws_service string,
+  pkt_dst_aws_service string,
+  flow_direction string,
+  traffic_path int
+)
+PARTITIONED BY (`date` date)
+ROW FORMAT DELIMITED
+FIELDS TERMINATED BY ' '
+LOCATION 's3://DOC-EXAMPLE-BUCKET/prefix/AWSLogs/{account_id}/vpcflowlogs/{region_code}/'
+TBLPROPERTIES ("skip.header.line.count"="1");
+```
+
+
+
+* The `PARTITIONED BY` clause uses the `date` type. This makes it possible to use mathematical operators in queries to select what's older or newer than a certain date.
+* For a VPC flow log with a different custom format, modify the fields to match the fields that you specified when you created the flow log.
+* Modify the `LOCATION 's3://DOC-EXAMPLE-BUCKET/prefix/AWSLogs/`*`{`*`account_id}/vpcflowlogs/`*`{`*`region_code}/'` to point to the Amazon S3 bucket that contains your log data.
+* Run the DDL statement in OpenSearch Query Workbench console under the specific `datasource`. After the query completes, GLUE registers the `vpc_flow_logs` table, making the data in it ready for you to issue queries.
+
+
+### Creating tables for flow logs in Apache Parquet format
+
+The following procedure creates an Amazon VPC table for Amazon VPC flow logs in Apache Parquet format.
+
+1. Enter the next DDL statement into the OpenSearch workbench query editor, following the guidelines in the [Common considerations](https://docs.aws.amazon.com/athena/latest/ug/vpc-flow-logs.html#vpc-flow-logs-common-considerations) section. This will creates a table that has the columns for Amazon VPC flow logs versions 2 through 5 as documented in [Flow log records](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records) in Parquet format, Hive partitioned hourly.
+2. If you do not have hourly partitions, remove `hour` from the `PARTITIONED BY` clause.
+
+```
+CREATE EXTERNAL TABLE IF NOT EXISTS vpc_flow_logs_parquet (
+  version int,
+  account_id string,
+  interface_id string,
+  srcaddr string,
+  dstaddr string,
+  srcport int,
+  dstport int,
+  protocol bigint,
+  packets bigint,
+  bytes bigint,
+  start bigint,
+  `end` bigint,
+  action string,
+  log_status string,
+  vpc_id string,
+  subnet_id string,
+  instance_id string,
+  tcp_flags int,
+  type string,
+  pkt_srcaddr string,
+  pkt_dstaddr string,
+  region string,
+  az_id string,
+  sublocation_type string,
+  sublocation_id string,
+  pkt_src_aws_service string,
+  pkt_dst_aws_service string,
+  flow_direction string,
+  traffic_path int
+)
+USING json
+LOCATION 's3://DOC-EXAMPLE-BUCKET/prefix/AWSLogs/'
+```
+
+* Modify the sample `LOCATION 's3://`DOC-EXAMPLE-BUCKET`/`prefix`/AWSLogs/'` to point to the Amazon S3 path that contains your log data.
+* Run the DDL statement in OpenSearch Query Workbench under the specific `datasource`. After the query completes, GLUE registers the `vpc_flow_logs` table, making the data in it ready for you to issue queries.
+
+
+*If your data is in Hive-compatible format, run the following command in the OpenSearch Query Workbench to update and load the Hive partitions in the metastore (GLUE Catalot).*
+
+*After the query completes, you can query the data in the `vpc_flow_logs_parquet` table.*
+
+```
+MSCK REPAIR TABLE vpc_flow_logs_parquet
+```
+
+* * *
+
+## Projection Views Creation
+
+The following statements creates a set of views (Materialized View, Covering Index, Skipping Index) that help the acceleration of queries using the flint based capability.
+The outcome of creating these acceleration tables is the synchronization of data being stored within opensearch index.
+
+This data can be one of the following
+- use as internal cache for fast VPC based sql query performance
+- use for visualization of information as part of VPC dashboards
+
+***Attention***
+An important note is that data cant be copied as-is from S3 into opensearch due to volume and cost considerations.
+The user must design in advance the time frame by-which the MV would be used and to align the entire working strategy to support that notion.
+
+This is done using the next `WHERE` statement that zooms the designated time scope
+
+```
+WHERE 
+    ((`year` = 'StartYear' AND `month` >= 'StartMonth' AND `day` >= 'StartDay') OR
+     (`year` = 'EndYear' AND `month` <= 'EndMonth' AND `day` <= 'EndDay'))
+```
+
+* * *
+
+### VPC Queries
+
+The following queries are used for data projection :
+
+
+#### 1) VPC Raw Data
+
+The first query shows the basic parsing from vpc raw format into OTEL specifications based on the simple schema for observability as shown [here](https://github.com/opensearch-project/opensearch-catalog/blob/main/schema/observability/logs/aws/aws_vpc_flow-1.0.0.mapping)
+Its based on a limited time window (one week) and bring the most up-to-date logs
+
+```
+-- limited live view based on a week's worth of data
+CREATE MATERIALIZED VIEW IF NOT EXISTS vpcflow_live_limited_week_view_mv AS
+SELECT
+  cloud.account_uid AS `aws.vpc.cloud_account_uid`,
+  cloud.region AS `aws.vpc.cloud_region`,
+  cloud.zone AS `aws.vpc.cloud_zone`,
+  cloud.provider AS `aws.vpc.cloud_provider`,
+
+  CAST(IFNULL(src_endpoint.port, 0) AS LONG) AS `aws.vpc.srcport`,
+  CAST(IFNULL(src_endpoint.svc_name, 'Unknown') AS STRING)  AS `aws.vpc.pkt-src-aws-service`,
+  CAST(IFNULL(src_endpoint.ip, '0.0.0.0') AS STRING)  AS `aws.vpc.srcaddr`,
+  CAST(IFNULL(src_endpoint.interface_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-interface_uid`,
+  CAST(IFNULL(src_endpoint.vpc_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-vpc_uid`,
+  CAST(IFNULL(src_endpoint.instance_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-instance_uid`,
+  CAST(IFNULL(src_endpoint.subnet_uid, 'Unknown') AS STRING)  AS `aws.vpc.src-subnet_uid`,
+
+  CAST(IFNULL(dst_endpoint.port, 0) AS LONG) AS `aws.vpc.dstport`,
+  CAST(IFNULL(dst_endpoint.svc_name, 'Unknown') AS STRING) AS `aws.vpc.pkt-dst-aws-service`,
+  CAST(IFNULL(dst_endpoint.ip, '0.0.0.0') AS STRING)  AS `aws.vpc.dstaddr`,
+  CAST(IFNULL(dst_endpoint.interface_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-interface_uid`,
+  CAST(IFNULL(dst_endpoint.vpc_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-vpc_uid`,
+  CAST(IFNULL(dst_endpoint.instance_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-instance_uid`,
+  CAST(IFNULL(dst_endpoint.subnet_uid, 'Unknown') AS STRING)  AS `aws.vpc.dst-subnet_uid`,
+  CASE
+      WHEN regexp(dst_endpoint.ip, '(10\\..*)|(192\\.168\\..*)|(172\\.1[6-9]\\..*)|(172\\.2[0-9]\\..*)|(172\\.3[0-1]\\.*)')
+      THEN 'ingress'
+      ELSE 'egress'
+  END AS `aws.vpc.flow-direction`,
+
+  CAST(IFNULL(connection_info['protocol_num'], 0) AS INT) AS `aws.vpc.connection.protocol_num`,
+  CAST(IFNULL(connection_info['tcp_flags'], '0') AS STRING)  AS `aws.vpc.connection.tcp_flags`,
+  CAST(IFNULL(connection_info['protocol_ver'], '0') AS STRING)  AS `aws.vpc.connection.protocol_ver`,
+  CAST(IFNULL(connection_info['boundary'], 'Unknown') AS STRING)  AS `aws.vpc.connection.boundary`,
+  CAST(IFNULL(connection_info['direction'], 'Unknown') AS STRING)  AS `aws.vpc.connection.direction`,
+
+  CAST(IFNULL(traffic.packets, 0) AS LONG) AS `aws.vpc.packets`,
+  CAST(IFNULL(traffic.bytes, 0) AS LONG) AS `aws.vpc.bytes`,
+
+  CAST(FROM_UNIXTIME(time / 1000) AS TIMESTAMP) AS `@timestamp`,
+  CAST(FROM_UNIXTIME(start_time / 1000) AS TIMESTAMP) AS `start_time`,
+  CAST(FROM_UNIXTIME(end_time / 1000) AS TIMESTAMP) AS `end_time`,
+  status_code AS `aws.vpc.status_code`,
+
+  severity AS `aws.vpc.severity`,
+  class_name AS `aws.vpc.class_name`,
+  category_name AS `aws.vpc.category_name`, 
+  activity_name AS `aws.vpc.activity_name`,
+  disposition AS `aws.vpc.disposition`,
+  type_name AS `aws.vpc.type_name`,
+
+  region AS `aws.vpc.region`,
+  accountid AS `aws.vpc.account-id`
+FROM
+  {table_name},
+  (SELECT MAX(CAST(FROM_UNIXTIME(start_time / 1000) AS TIMESTAMP)) AS max_start_time FROM {table_name}) AS latest
+WHERE
+  CAST(FROM_UNIXTIME(start_time / 1000) AS TIMESTAMP) >= DATE_SUB(latest.max_start_time, 7)
+WITH (
+  auto_refresh = false
+)
+-- refresh MV
+REFRESH MATERIALIZED VIEW vpcflow_live_limited_week_view_mv
+```
+
+The outcome of this query is an index that has raw data which is parsed according to the OTEL schema mapping.
+Once this index exists, it can be used to present dashboards which reflect the above fields in one of the following ways:
+- present the fields directly in a table / filter / cloud map and such
+- present the aggregation on top of fields shown here (numeric or terms aggregation)
+
+_***Attention** *_
+Since this query is fetching raw data it may grow very quickly therefor it is important to pay attention for the size of this index and allow life cycles management for the index to be considered.
+
+* * *
+
+#### 2) `VPC Requests Aggregation Data`
+
+The next queries shows the hourly / 30 minutes requests summary with additional list of several dimensions that can be used to filter by (or event group by for additional composition aggregations).
+
+```
+-- One Hour Aggregation MV of VPC connections / bytes / packets
+CREATE MATERIALIZED VIEW IF NOT EXISTS vpcflow_mview_60_min_connections AS
+SELECT
+date_trunc('hour', from_unixtime(start_time / 1000)) AS start_time,
+date_trunc('hour', from_unixtime(start_time / 1000)) + INTERVAL 1 HOUR AS end_time,
+
+        status_code as `aws.vpc.status_code`,
+        -- action as `aws.vpc.action`, (add to groupBy)
+
+        connection_info.direction AS `aws.vpc.connection.direction`,
+        src_endpoint.svc_name as `aws.vpc.pkt-src-aws-service`,
+        dst_endpoint.svc_name as `aws.vpc.pkt-dst-aws-service`,
+                
+        accountid as `aws.vpc.account-id`,    
+        vpc_id as `aws.vpc.dst-vpc_uid`,
+        region as `aws.vpc.region`,
+         
+        COUNT(*) AS total_connections,
+        SUM(CAST(IFNULL(traffic.bytes, 0) AS LONG)) AS total_bytes,
+        SUM(CAST(IFNULL(traffic.packets, 0) AS LONG)) AS total_packets
+    FROM
+        {table_name}
+    WHERE 
+        ((`year` = 'StartYear' AND `month` >= 'StartMonth' AND `day` >= 'StartDay') OR
+         (`year` = 'EndYear' AND `month` <= 'EndMonth' AND `day` <= 'EndDay'))
+    GROUP BY
+        date_trunc('hour', from_unixtime(start_time / 1000)), region, accountid,vpc_id, status_code,src_endpoint.svc_name, dst_endpoint.svc_name, connection_info.direction
+    ORDER BY
+        start_time
+WITH (
+  auto_refresh = false
+)
+-- refresh MV
+REFRESH MATERIALIZED VIEW vpcflow_mview_60_min_connections
+```
+
+* * *
+
+```
+-- 30 minutes Aggregation of VPC connections / bytes / packets
+CREATE MATERIALIZED VIEW IF NOT EXISTS vpcflow_mview_30_min_connections AS
+SELECT
+  CAST(from_unixtime(CAST((start_time / 1000) AS BIGINT) DIV 1800 * 1800) AS TIMESTAMP) AS start_time,
+  CAST(from_unixtime((CAST((start_time / 1000) AS BIGINT) DIV 1800 * 1800) + 1800) AS TIMESTAMP) AS end_time,
+  
+      status_code as `aws.vpc.status_code`,
+      -- action as `aws.vpc.action`, (add to groupBy)
+  
+      connection_info.direction AS `aws.vpc.connection.direction`, 
+      src_endpoint.svc_name as `aws.vpc.pkt-src-aws-service`,
+      dst_endpoint.svc_name as `aws.vpc.pkt-dst-aws-service`,
+              
+      accountid as `aws.vpc.account-id`,    
+      vpc_id as `aws.vpc.dst-vpc_uid`,
+      region as `aws.vpc.region`,
+          
+       COUNT(*) AS total_connections,
+       SUM(CAST(IFNULL(traffic.bytes, 0) AS LONG)) AS total_bytes,
+       SUM(CAST(IFNULL(traffic.packets, 0) AS LONG)) AS total_packets
+  FROM
+    {table_name}
+  WHERE 
+      ((`year` = 'StartYear' AND `month` >= 'StartMonth' AND `day` >= 'StartDay') OR
+       (`year` = 'EndYear' AND `month` <= 'EndMonth' AND `day` <= 'EndDay'))
+  GROUP BY
+    date_trunc('hour', from_unixtime(start_time / 1000)), region, accountid,vpc_id, status_code,src_endpoint.svc_name, dst_endpoint.svc_name, connection_info.direction
+  ORDER BY
+    start_time
+WITH (
+  auto_refresh = false
+)
+
+-- refresh MV
+REFRESH MATERIALIZED VIEW vpcflow_mview_30_min_connections
+```
+
+* * *
+
+The `WHERE` clause should include conditions to filter data for the specific timeframe you're interested in.
+The placeholders for the start and end dates (`StartYear`, `StartMonth`, `StartDay`, `EndYear`, `EndMonth`, `EndDay`) need to be replaced with the actual values representing the past week or any other period of interest.
+
+* * *
+3.) `VPC Requests By VPC ID using Aggregation Data`
+The next queries shows the hourly (time-window) network aggregation summary grouped by Network IP ordered by requests unique address or bytes size.
+
+```
+-- One Hour Aggregation time window  of top IP dest by bytes sum group by hourly 
+CREATE MATERIALIZED VIEW IF NOT EXISTS vpcflow_mview_60_min_network_ip_bytes_window AS
+WITH hourly_buckets AS (
+  SELECT
+    date_trunc('hour', from_unixtime(start_time / 1000)) AS hour_bucket,
+    CAST(IFNULL(dst_endpoint.ip, '0.0.0.0') AS STRING)  AS dstaddr,
+    SUM(CAST(IFNULL(traffic.bytes, 0) AS LONG)) AS total_bytes
+  FROM
+    {table_name}
+  GROUP BY
+    hour_bucket,
+    dstaddr
+),
+ranked_addresses AS (
+  SELECT
+    CAST(hour_bucket  AS TIMESTAMP),
+    dstaddr,
+    total_bytes,
+    RANK() OVER (PARTITION BY hour_bucket ORDER BY total_bytes DESC) AS bytes_rank
+  FROM
+    hourly_buckets
+)
+SELECT
+  CAST(hour_bucket  AS TIMESTAMP),
+  dstaddr,
+  total_bytes
+FROM
+  ranked_addresses
+WHERE
+  bytes_rank <= 50
+ORDER BY
+  hour_bucket ASC,
+  bytes_rank ASC
+WITH (
+  auto_refresh = false
+);
+-- refresh MV
+REFRESH MATERIALIZED VIEW vpcflow_mview_60_min_network_ip_bytes_window
+```
+* * *
+
+```
+-- One Hour Aggregation time window of top IP dest by cardinality group by hourly
+ CREATE MATERIALIZED VIEW IF NOT EXISTS vpcflow_mview_60_min_network_ip_time_window AS
+WITH hourly_buckets AS (
+  SELECT
+    date_trunc('hour', from_unixtime(start_time / 1000)) AS hour_bucket,
+    CAST(IFNULL(dst_endpoint.ip, '0.0.0.0') AS STRING)  AS dstaddr,
+    COUNT(*) AS total_count
+  FROM
+    {table_name}
+  GROUP BY
+    hour_bucket,
+    dstaddr
+),
+ranked_addresses AS (
+  SELECT
+    CAST(hour_bucket  AS TIMESTAMP),
+    dstaddr,
+    total_count,
+    RANK() OVER (PARTITION BY hour_bucket ORDER BY total_count DESC) AS addr_rank
+  FROM
+    hourly_buckets
+)
+SELECT
+  CAST(hour_bucket  AS TIMESTAMP),
+  dstaddr,
+  total_count
+FROM
+  ranked_addresses
+WHERE
+  addr_rank <= 50
+ORDER BY
+  hour_bucket ASC,
+  addr_rank ASC
+WITH (
+  auto_refresh = false
+)
+-- refresh MV
+REFRESH MATERIALIZED VIEW vpcflow_mview_60_min_network_ip_time_window
+```
+
+* * *
+
+
+As shown before a `WHERE` clause can be included conditions to filter data for the specific timeframe you're interested in.
+The placeholders for the start and end dates (`StartYear`, `StartMonth`, `StartDay`, `EndYear`, `EndMonth`, `EndDay`) need to be replaced with the actual values representing the past week or any other period of interest.
+
+* * *
+
+## Appendix
+
+
+### JSON Format Based VPC Table definition
+
+```
+--- DDL VPC statement definition
+EXTERNAL TABLE IF NOT EXISTS vpc_flow_logs_parquet (
+  cloud STRUCT<
+    account_uid: STRING, 
+    region: STRING, 
+    zone: STRING, 
+    provider: STRING
+  >,
+  src_endpoint STRUCT<
+    port: INT, 
+    svc_name: STRING, 
+    ip: STRING, 
+    intermediate_ips: ARRAY<STRING>, 
+    interface_uid: STRING, 
+    vpc_uid: STRING, 
+    instance_uid: STRING, 
+    subnet_uid: STRING
+  >,
+  dst_endpoint STRUCT<
+    port: INT, 
+    svc_name: STRING, 
+    ip: STRING, 
+    intermediate_ips: ARRAY<STRING>, 
+    interface_uid: STRING, 
+    vpc_uid: STRING, 
+    instance_uid: STRING, 
+    subnet_uid: STRING
+  >,
+  connection_info STRUCT<
+    protocol_num: INT, 
+    tcp_flags: INT, 
+    protocol_ver: STRING, 
+    boundary_id: INT, 
+    boundary: STRING, 
+    direction_id: INT, 
+    direction: STRING
+  >,
+  traffic STRUCT<
+    packets: BIGINT, 
+    bytes: BIGINT
+  >,
+  time BIGINT,
+  start_time BIGINT,
+  end_time BIGINT,
+  status_code STRING,
+  severity_id INT,
+  severity STRING,
+  class_name STRING,
+  class_uid INT,
+  category_name STRING,
+  category_uid INT,
+  activity_name STRING,
+  activity_id INT,
+  disposition STRING,
+  disposition_id INT,
+  type_uid INT,
+  type_name STRING,
+  region STRING,
+  accountid STRING,
+  eventday STRING
+)
+USING json
+LOCATION
+  's3://DOC-EXAMPLE-BUCKET/prefix/AWSLogs/'
+
+```
+
+* * *
+
+### Hive Based VPC Table definition
+
+**Provider: hive**
+Table Properties:
+Glue Crawler:
+
+*[CrawlerSchemaDeserializerVersion=1.0, CrawlerSchemaSerializerVersion=1.0, UPDATED_BY_CRAWLER=vpcflowlog-crawler, averageRecordSize=21, classification=parquet, compressionType=none, objectCount=129758, partition_filtering.enabled=true, recordCount=55779414, sizeKey=3062579049, typeOfData=file]*
+
+Serde Library:
+*org.apache.hadoop.hive.ql.io.parquet.serde.ParquetHiveSerDe*
+
+InputFormat:
+*org.apache.hadoop.hive.ql.io.parquet.MapredParquetInputFormat*
+* * *
+
+```
+--- DDL VPC statement definition
+EXTERNAL TABLE IF NOT EXISTS vpc_flow_logs_parquet (
+  cloud STRUCT<
+    account_uid: STRING, 
+    region: STRING, 
+    zone: STRING, 
+    provider: STRING
+  >,
+  src_endpoint STRUCT<
+    port: INT, 
+    svc_name: STRING, 
+    ip: STRING, 
+    intermediate_ips: ARRAY<STRING>, 
+    interface_uid: STRING, 
+    vpc_uid: STRING, 
+    instance_uid: STRING, 
+    subnet_uid: STRING
+  >,
+  dst_endpoint STRUCT<
+    port: INT, 
+    svc_name: STRING, 
+    ip: STRING, 
+    intermediate_ips: ARRAY<STRING>, 
+    interface_uid: STRING, 
+    vpc_uid: STRING, 
+    instance_uid: STRING, 
+    subnet_uid: STRING
+  >,
+  connection_info STRUCT<
+    protocol_num: INT, 
+    tcp_flags: INT, 
+    protocol_ver: STRING, 
+    boundary_id: INT, 
+    boundary: STRING, 
+    direction_id: INT, 
+    direction: STRING
+  >,
+  traffic STRUCT<
+    packets: BIGINT, 
+    bytes: BIGINT
+  >,
+  time BIGINT,
+  start_time BIGINT,
+  end_time BIGINT,
+  status_code STRING,
+  severity_id INT,
+  severity STRING,
+  class_name STRING,
+  class_uid INT,
+  category_name STRING,
+  category_uid INT,
+  activity_name STRING,
+  activity_id INT,
+  disposition STRING,
+  disposition_id INT,
+  type_uid INT,
+  type_name STRING,
+  region STRING,
+  accountid STRING,
+  eventday STRING
+)
+PARTITIONED BY (
+  `year` string, 
+  `month` string, 
+  `day` string,
+  `hour` string
+)ROW FORMAT SERDE 
+  'org.apache.hadoop.hive.ql.io.parquet.serde.ParquetHiveSerDe'
+STORED AS INPUTFORMAT 
+  'org.apache.hadoop.hive.ql.io.parquet.MapredParquetInputFormat' 
+OUTPUTFORMAT 
+  'org.apache.hadoop.hive.ql.io.parquet.MapredParquetOutputFormat'
+LOCATION
+  's3://DOC-EXAMPLE-BUCKET/prefix/AWSLogs/'
+TBLPROPERTIES (
+  'EXTERNAL'='true', 
+  'skip.header.line.count'='1'
+  )
+```
+
+* * *
+
+### Additional Resources
+
+VPC logs fields  - https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
+
+Flint integration Adaptation Tutorial - https://github.com/opensearch-project/opensearch-catalog/issues/144
\ No newline at end of file
diff --git a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/info/README.md b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/info/README.md
index 7997141e3d..cc381b73ab 100644
--- a/server/adaptors/integrations/__data__/repository/aws_vpc_flow/info/README.md
+++ b/server/adaptors/integrations/__data__/repository/aws_vpc_flow/info/README.md
@@ -14,7 +14,8 @@ Flow logs can help you with a number of tasks, such as:
 
 Flow log data is collected outside of the path of your network traffic, and therefore does not affect network throughput or latency. You can create or delete flow logs without any risk of impact to network performance.
 
-See additional details [here](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html).
+- See additional AWS Logs Info details [Here](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html).
+- Flint S3 VPC integration [Readme](Flint-Integration.md)
 
 ## What is AWS VPC FLow Logs Integration ?